Esempio n. 1
0
        public RESTStatus ChangeUser(SQLLib sql, UserDetailsPassword User, NetworkConnectionInfo ni)
        {
            if (ni.HasAcl(ACLFlags.ChangeServerSettings) == false)
            {
                ni.Error   = "Access denied";
                ni.ErrorID = ErrorFlags.AccessDenied;
                return(RESTStatus.Fail);
            }

            if (Convert.ToInt32(sql.ExecSQLScalar("SELECT COUNT(*) FROM Users WHERE Username=@u",
                                                  new SQLParam("@u", User.Username))) == 0)
            {
                ni.Error   = "Invalid User";
                ni.ErrorID = ErrorFlags.InvalidID;
                return(RESTStatus.Fail);
            }

            if (string.IsNullOrWhiteSpace(User.NewPassword) == false)
            {
                if (MeetPasswordPolicy(User.NewPassword) == false)
                {
                    ni.Error   = "Password policy not met";
                    ni.ErrorID = ErrorFlags.PWPolicyNotMet;
                    return(RESTStatus.Fail);
                }
                string PWMD5REQ = Convert.ToBase64String(Encoding.Unicode.GetBytes(User.NewPassword));
                sql.ExecSQL("UPDATE Users SET Password=@p WHERE Username=@u",
                            new SQLParam("@u", User.Username),
                            new SQLParam("@p", PWMD5REQ));
            }

            if (User.Username.ToLower().Trim() == "root")
            {
                User.Permissions = SQLTest.AllPermissions;
            }

            sql.ExecSQL("UPDATE Users SET Name=@n, Permissions=@p, MustChangePassword=@mchg,EMail=@email,UseLDAP=@UseLDAP,LDAPUsername=@LDAPUsername WHERE Username=@u",
                        new SQLParam("@u", User.Username),
                        new SQLParam("@n", User.Name),
                        new SQLParam("@p", User.Permissions),
                        new SQLParam("@mchg", User.MustChangePassword),
                        new SQLParam("@email", User.EMail),
                        new SQLParam("@useldap", User.UseLDAP),
                        new SQLParam("@LDAPUsername", User.LDAPUsername));

            return(RESTStatus.Success);
        }
Esempio n. 2
0
        private void cmdChangeUser_Click(object sender, EventArgs e)
        {
            UserDetailsPassword ud = new UserDetailsPassword();

            ud.EMail              = txtEMail.Text.Trim();
            ud.LDAPUsername       = txtLDAP.Text.Trim();
            ud.MustChangePassword = chkMustChangePassword.Checked;
            ud.Name        = txtName.Text.Trim();
            ud.NewPassword = txtPassword.Text;
            ud.Permissions = GetPermission();
            ud.UseLDAP     = chkLDAP.Checked;
            ud.Username    = lstUsers.Text;
            if (Program.net.ChangeUser(ud) == false)
            {
                MessageBox.Show(this, "Saving user failed: " + Program.net.GetLastError(), Program.Title, MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
                return;
            }
        }