public void ChangePassword(GreyFoxUser user, string newPassword)
{
string ipAddress = "No Web Server";
string clientDetails = "No Web Server";
if (System.Web.HttpContext.Current != null)
{
ipAddress = System.Web.HttpContext.Current.Request.UserHostAddress;
clientDetails = System.Web.HttpContext.Current.Request.UserAgent;
}
// Log an event
Amns.GreyFox.EventLog.GreyFoxEvent e =
new Amns.GreyFox.EventLog.GreyFoxEvent("sysGlobal_Events");
e.Category = "Login";
e.Description = "Lost password; username '" +
user.UserName + "'.<BR>" +
// "Old Password: "******"<BR>" +
// "New Password: "******"<BR>" +
"IP Address: " + ipAddress + "<BR>" +
"Client: " + clientDetails;
e.EventDate = DateTime.Now;
e.EventID = 25201;
e.Source = "AUDITOR";
e.Type = 105;
e.User = user;
e.Save();
user.LoginPassword = newPassword;
user.Encrypt();
user.Save();
}
/// <summary>
/// Logs in a user to the system and optionally logs success and failures to the audit log.
/// </summary>
/// <returns>Returns associated user if one exists, or returns null if no user exists.</returns>
public GreyFoxUser Login(string username, string password, string ipAddress,
string clientDetails, bool logSuccess, bool logFailure)
{
GreyFoxUser user = null;
try
{
user = GetByUsername(username);
}
catch
{
if (logFailure)
{
Amns.GreyFox.EventLog.GreyFoxEvent e =
new Amns.GreyFox.EventLog.GreyFoxEvent("sysGlobal_Events");
e.Category = "Login";
e.Description = "Login failure; invalid username '" +
username + "'.<BR>" +
"IP Address: " + ipAddress + "<BR>" +
"Client: " + clientDetails;
e.EventDate = DateTime.Now;
e.EventID = 25104;
e.Source = "AUDITOR";
e.Type = 105;
e.User = null;
e.Save();
}
throw(new Exception("Login failure; invalid username."));
}
if (GreyFoxPassword.DecodePassword(user.loginPassword).ToLower() !=
password.ToLower())
{
if (logFailure)
{
Amns.GreyFox.EventLog.GreyFoxEvent e =
new Amns.GreyFox.EventLog.GreyFoxEvent("sysGlobal_Events");
e.Category = "Login";
e.Description = "Login failure; incorrect password for '" + username + "'.<BR>" +
"Password used '" + password + "'.<BR>" +
"IP Address: " + ipAddress + "<BR>" +
"Client: " + clientDetails;
e.EventDate = DateTime.Now;
e.EventID = 25105;
e.Source = "AUDITOR";
e.Type = 105;
e.User = user;
e.Save();
user.LoginCount++;
user.Save();
// Delay the user 15 seconds if he's tried in the last 24 hours
if (user.LoginCount == 4)
{
System.Threading.Thread.Sleep(15 * 1000);
}
// Delay the user 15 seconds + 5 second increments
else if (user.LoginCount > 5 & user.LoginCount <= 11)
{
System.Threading.Thread.Sleep(5 * 1000 * user.LoginCount + 15 * 1000);
}
// Delay the user 15 seconds + 10 second increments
else if (user.LoginCount > 11)
{
System.Threading.Thread.Sleep(15 * 1000 * user.LoginCount + 15 * 1000);
}
}
throw(new Exception("Login failure; incorrect password."));
}
if (user.isDisabled)
{
if (logFailure)
{
Amns.GreyFox.EventLog.GreyFoxEvent e =
new Amns.GreyFox.EventLog.GreyFoxEvent("sysGlobal_Events");
e.Category = "Login";
e.Description = "Login failure; '" + username + "' disabled.<BR>" +
"IP Address: " + ipAddress + "<BR>" +
"Client: " + clientDetails;
e.EventDate = DateTime.Now;
e.EventID = 25110;
e.Source = "AUDITOR";
e.Type = 105;
e.User = user;
e.Save();
}
throw(new Exception("Login failure; user disabled."));
}
if (logSuccess)
{
Amns.GreyFox.EventLog.GreyFoxEvent e =
new Amns.GreyFox.EventLog.GreyFoxEvent("sysGlobal_Events");
e.Category = "Login";
e.Description = "Login success; '" + username + "'.<BR>" +
"IP Address: " + ipAddress + "<BR>" +
"Client: " + clientDetails;
e.EventDate = DateTime.Now;
e.EventID = 25001;
e.Source = "AUDITOR";
e.Type = 100;
e.User = user;
e.Save();
// Delay the user 15 seconds if he's tried in the last 24 hours
if (user.LoginCount == 4)
{
System.Threading.Thread.Sleep(15 * 1000);
}
// Delay the user 15 seconds + 5 second increments
else if (user.LoginCount > 5 & user.LoginCount <= 11)
{
System.Threading.Thread.Sleep(5 * 1000 * user.LoginCount + 15 * 1000);
}
// Delay the user 15 seconds + 10 second increments
else if (user.LoginCount > 11)
{
System.Threading.Thread.Sleep(15 * 1000 * user.LoginCount + 15 * 1000);
}
}
user.loginCount = 1;
user.loginDate = DateTime.Now;
user.isSynced = false;
user.Save();
return(user);
}
