Esempio n. 1
0
        }//end event

        protected void btnSubmit_Click(object sender, EventArgs e)
        {
            string username = TextBox1.Text;
            string password = TextBox2.Text;
            string newPassword = TextBox3.Text;
            string firstName = TextBox5.Text;
            string lastName = TextBox6.Text;
            string DOB = TextBox7.Text;
            string streetAddress = TextBox8.Text;
            string city = TextBox9.Text;
            string state = txtState.Text;
            string zipCode = TextBox10.Text;
            string country = txtCountry.Text;
            string phone = TextBox11.Text;

            username = username.Trim();

            password = password.Trim();

            Validate validationObject = new Validate();

            newPassword = validationObject.Truncate(newPassword, 100);
            firstName = validationObject.Truncate(firstName, 100);
            lastName = validationObject.Truncate(lastName, 100);
            DOB = validationObject.Truncate(DOB, 100);
            streetAddress = validationObject.Truncate(streetAddress, 100);
            city = validationObject.Truncate(city, 100);
            state = validationObject.Truncate(state, 100);
            zipCode = validationObject.Truncate(zipCode, 100);
            country = validationObject.Truncate(country, 100);
            phone = validationObject.Truncate(phone, 100);

            if (PasswordPolicy.IsValid(newPassword) == false)
            {
                MsgBox("Invalid new password. New password must be a strong password.");

            }//end if

            else
            {
                bool authenticated;

                string errorMessage;

                Select selectObject = new Select();

                authenticated = Select.Authenticate_User(username, password);

                errorMessage = selectObject.getErrorMessage();

                if (errorMessage != null)
                {
                    lblError.Text = errorMessage;
                    lblError.Visible = true;

                    ErrorMessage message = new ErrorMessage();

                    MsgBox(message.SQLServerErrorMessage);

                }//end if

                else if (authenticated == false)
                {
                    MsgBox("Invalid credentials. Please try again.");

                }//end else if

                else if (authenticated == true)
                {
                    bool clientExists;
                    
                    string _errorMessage;

                    Select _selectObject = new Select();

                    clientExists = Select.Client_Exists(username);

                    _errorMessage = _selectObject.getErrorMessage();

                    if (_errorMessage != null)
                    {
                        lblError.Text = errorMessage;
                        lblError.Visible = true;

                        ErrorMessage message = new ErrorMessage();

                        MsgBox(message.SQLServerErrorMessage);

                    }//end if

                    else if (clientExists == true)
                    {
                        MsgBox("Invalid username. The client with the username you provided has already registered. If the username provided is correct, you may now login using your username and the password you created when you registered previously. Otherwise, please register with your correct username and password.");

                    }//end else if

                    else if (clientExists == false)
                    {
                        Aes encryptionObject = Aes.Create();

                        byte[] AesKey = encryptionObject.Key;

                        byte[] AesIV = encryptionObject.IV;

                        string AesKeyString = Convert.ToBase64String(AesKey);

                        string AesIVString = Convert.ToBase64String(AesIV);

                        byte[] MasterKey = Encryption.GetMasterKey();

                        byte[] MasterIV = Encryption.GetMasterIV();

                        ArrayList roleData = new ArrayList();

                        roleData = Select.Select_Role_Data(username);

                        string encryptedKey = roleData[1].ToString();

                        string encryptedIV = roleData[2].ToString();

                        byte[] encryptedKeyArray = Convert.FromBase64String(encryptedKey);

                        byte[] encryptedIVArray = Convert.FromBase64String(encryptedIV);

                        string decryptedKey = Encryption.Decrypt_AES(encryptedKeyArray, MasterKey, MasterIV);

                        string decryptedIV = Encryption.Decrypt_AES(encryptedIVArray, MasterKey, MasterIV);

                        byte[] decryptedKeyArray = Convert.FromBase64String(decryptedKey);

                        byte[] decryptedIVArray = Convert.FromBase64String(decryptedIV);

                        byte[] encryptedPassword = Encryption.Encrypt_AES(newPassword, decryptedKeyArray, decryptedIVArray);

                        string encryptedPasswordString = Convert.ToBase64String(encryptedPassword);

                        byte[] encryptedAesKey = Encryption.Encrypt_AES(AesKeyString, MasterKey, MasterIV);

                        byte[] encryptedAesIV = Encryption.Encrypt_AES(AesIVString, MasterKey, MasterIV);

                        string encryptedAesKeyString = Convert.ToBase64String(encryptedAesKey);

                        string encryptedAesIVString = Convert.ToBase64String(encryptedAesIV);

                        byte[] encryptedFirstName = Encryption.Encrypt_AES(firstName, AesKey, AesIV);

                        string encryptedFirstNameString = Convert.ToBase64String(encryptedFirstName);

                        byte[] encryptedLastName = Encryption.Encrypt_AES(lastName, AesKey, AesIV);

                        string encryptedLastNameString = Convert.ToBase64String(encryptedLastName);

                        byte[] encryptedDOB = Encryption.Encrypt_AES(DOB, AesKey, AesIV);

                        string encryptedDOBString = Convert.ToBase64String(encryptedDOB);

                        byte[] encryptedStreetAddress = Encryption.Encrypt_AES(streetAddress, AesKey, AesIV);

                        string encryptedStreetAddressString = Convert.ToBase64String(encryptedStreetAddress);

                        byte[] encryptedCity = Encryption.Encrypt_AES(city, AesKey, AesIV);

                        string encryptedCityString = Convert.ToBase64String(encryptedCity);

                        byte[] encryptedState = Encryption.Encrypt_AES(state, AesKey, AesIV);

                        string encryptedStateString = Convert.ToBase64String(encryptedState);

                        byte[] encryptedZipCode = Encryption.Encrypt_AES(zipCode, AesKey, AesIV);

                        string encryptedZipCodeString = Convert.ToBase64String(encryptedZipCode);

                        byte[] encryptedCountry = Encryption.Encrypt_AES(country, AesKey, AesIV);

                        string encryptedCountryString = Convert.ToBase64String(encryptedCountry);

                        byte[] encryptedPhone = Encryption.Encrypt_AES(phone, AesKey, AesIV);

                        string encryptedPhoneString = Convert.ToBase64String(encryptedPhone);

                        string errorMessage2;

                        Insert insertObject = new Insert();

                        errorMessage2 = Insert.Insert_CLIENT(username, encryptedFirstNameString, encryptedLastNameString, encryptedDOBString, encryptedStreetAddressString, encryptedCityString, encryptedStateString, encryptedZipCodeString, encryptedCountryString, encryptedPhoneString, encryptedAesKeyString, encryptedAesIVString);

                        if (errorMessage2 != null)
                        {
                            lblError.Text = errorMessage2;
                            lblError.Visible = true;

                            ErrorMessage message = new ErrorMessage();

                            MsgBox(message.SQLServerErrorMessage);

                        }//end if

                        else
                        {
                            string errorMessage3;

                            Update updateObject = new Update();

                            errorMessage3 = Update.Update_Password(username, encryptedPasswordString);

                            if (errorMessage3 != null)
                            {
                                lblError.Text = errorMessage3;
                                lblError.Visible = true;

                                ErrorMessage message = new ErrorMessage();

                                MsgBox(message.SQLServerErrorMessage);

                            }//end if

                            else
                            {
                                string errorMessage4;

                                errorMessage4 = Update.Update_Verify_New_User(username);

                                errorMessage4 = selectObject.getErrorMessage();

                                if (errorMessage4 != null)
                                {
                                    lblError.Text = errorMessage4;
                                    lblError.Visible = true;

                                    ErrorMessage message = new ErrorMessage();

                                    MsgBox(message.SQLServerErrorMessage);

                                }//end if

                                else
                                {
                                    Session["JustRegistered"] = "true";

                                    Response.Redirect("~/PL/Membership/Login.aspx");

                                }//end else

                            }//end else

                        }//end else

                    }//end else if

                }//end else

            }//end else
          
        }//end event
Esempio n. 2
0
        }//end event

        protected void btnSubmit_Click(object sender, EventArgs e)
        {
            if (PasswordPolicy.IsValid(txtPassword.Text) == false)
            {
                MsgBox("Invalid password. Password must be a strong password.");

            }//end if

            else
            {
                string username = txtUsername.Text;
                string password = txtPassword.Text;
                string firstName = txtFirstName.Text;
                string lastName = txtLastName.Text;
                string age = txtAge.Text;
                string streetAddress = txtStreetAddress.Text;
                string city = txtCity.Text;
                string state = txtState.Text;
                string zipCode = txtZipCode.Text;
                string country = txtCountry.Text;
                string phoneNumber = txtPhoneNumber.Text;
                string securityQuestion = ddlSecurityQuestion.SelectedValue;
                string securityAnswer = txtSecurityAnswer.Text;
                string referralSource = ddlReferralSource.SelectedValue;
                string referralName = txtReferralName.Text;
                string RUGAPCEmailAddress = txtRUGAPCEmailAddress.Text;

                string role = "Client";
                string verified = "N";
                string counselor = "*****@*****.**";
                int numberOfLogins = 0;
                DateTime dateCreated = DateTime.Today;

                if (RUGAPCEmailAddress != "")
                {
                    counselor = RUGAPCEmailAddress;

                    bool isRUGAPC;

                    string errorMessage30;

                    Select selectObject30 = new Select();

                    isRUGAPC = Select.Is_User_RUG_APC(RUGAPCEmailAddress);

                    errorMessage30 = selectObject30.getErrorMessage();

                    if(errorMessage30 != null)
                    {
                        lblError.Text = errorMessage30;
                        lblError.Visible = true;

                        ErrorMessage message = new ErrorMessage();

                        MsgBox(message.SQLServerErrorMessage);

                    }//end if

                    else if(isRUGAPC == false)
                    {
                        MsgBox("Invalid. User specified for RUG APC is not a RUG APC in the system. Please confer with Jim Davis, founder.");

                        return;

                    }//end else if

                }//end if

                Validate validationObject = new Validate();

                username = validationObject.Truncate(username, 100);
                password = validationObject.Truncate(password, 100);
                firstName = validationObject.Truncate(firstName, 100);
                lastName = validationObject.Truncate(lastName, 100);
                age = validationObject.Truncate(age, 100);
                streetAddress = validationObject.Truncate(streetAddress, 100);
                city = validationObject.Truncate(city, 100);
                state = validationObject.Truncate(state, 100);
                zipCode = validationObject.Truncate(zipCode, 100);
                country = validationObject.Truncate(country, 100);
                phoneNumber = validationObject.Truncate(phoneNumber, 100);
                securityQuestion = validationObject.Truncate(securityQuestion, 100);
                securityAnswer = validationObject.Truncate(securityAnswer, 100);
                referralSource = validationObject.Truncate(referralSource, 900);
                referralName = validationObject.Truncate(referralName, 900);
                RUGAPCEmailAddress = validationObject.Truncate(RUGAPCEmailAddress, 900);

                bool CLIENT_Exists_Counselor;

                string errorMessage20;

                Select selectObject20 = new Select();

                CLIENT_Exists_Counselor = Select.Client_Exists(counselor);

                errorMessage20 = selectObject20.getErrorMessage();

                if (errorMessage20 != null)
                {
                    lblError.Text = errorMessage20;
                    lblError.Visible = true;

                    ErrorMessage message = new ErrorMessage();

                    MsgBox(message.SQLServerErrorMessage);

                }//end if

                else if (CLIENT_Exists_Counselor == false)
                {
                    MsgBox("Invalid. The RUG Authorized Personal Counselor (APC) email address does not exist in the system. Please check the spelling of that email address. Thank you.");

                }//end else if

                else if (CLIENT_Exists_Counselor == true)
                {
                    bool BESTPATH_USER_Exists_Counselor;

                    string errorMessage21;

                    Select selectObject21 = new Select();

                    BESTPATH_USER_Exists_Counselor = Select.User_Exists(counselor);

                    errorMessage21 = selectObject21.getErrorMessage();

                    if (errorMessage21 != null)
                    {
                        lblError.Text = errorMessage21;
                        lblError.Visible = true;

                        ErrorMessage message = new ErrorMessage();

                        MsgBox(message.SQLServerErrorMessage);

                    }//end if

                    else if (BESTPATH_USER_Exists_Counselor == false)
                    {
                        MsgBox("Invalid. The RUG Authorized Personal Counselor (APC) email address does not exist in the system. Please check the spelling of that email address. Thank you.");

                    }//end else if

                    else if (BESTPATH_USER_Exists_Counselor == true)
                    {
                        string errorMessage;

                        Select selectObject = new Select();

                        ArrayList counselorData = new ArrayList();

                        counselorData = Select.Select_Counselor_Data(counselor);

                        errorMessage = selectObject.getErrorMessage();

                        if (errorMessage != null)
                        {
                            lblError.Text = errorMessage;
                            lblError.Visible = true;

                            ErrorMessage message = new ErrorMessage();

                            MsgBox(message.SQLServerErrorMessage);

                        }//end if

                        else
                        {
                            string counselorName = counselorData[0].ToString();

                            string counselorPhoneNumber = counselorData[1].ToString();

                            bool CLIENT_Exists;

                            string errorMessage4;

                            Select selectObject4 = new Select();

                            CLIENT_Exists = Select.Client_Exists(username);

                            errorMessage4 = selectObject4.getErrorMessage();

                            if (errorMessage4 != null)
                            {
                                lblError.Text = errorMessage4;
                                lblError.Visible = true;

                                ErrorMessage message = new ErrorMessage();

                                MsgBox(message.SQLServerErrorMessage);

                            }//end if

                            else if (CLIENT_Exists == true)
                            {
                                MsgBox("Invalid. You have already registered. You may now login with your username and password that you created on this page previously.");

                            }//end else if

                            else if (CLIENT_Exists == false)
                            {
                                bool BESTPATH_USER_Exists;

                                string errorMessage5;

                                Select selectObject5 = new Select();

                                BESTPATH_USER_Exists = Select.User_Exists(username);

                                errorMessage5 = selectObject5.getErrorMessage();

                                if (errorMessage5 != null)
                                {
                                    lblError.Text = errorMessage5;
                                    lblError.Visible = true;

                                    ErrorMessage message = new ErrorMessage();

                                    MsgBox(message.SQLServerErrorMessage);

                                }//end if

                                else if (BESTPATH_USER_Exists == true)
                                {
                                    MsgBox("Invalid. You have already registered. You may now login with your username and password that you created on this page previously.");

                                }//end else if

                                else if (BESTPATH_USER_Exists == false)
                                {
                                    Aes encryptionObject = Aes.Create();

                                    byte[] AesKey = encryptionObject.Key;

                                    byte[] AesIV = encryptionObject.IV;

                                    string AesKeyString = Convert.ToBase64String(AesKey);

                                    string AesIVString = Convert.ToBase64String(AesIV);

                                    byte[] MasterKey = Encryption.GetMasterKey();

                                    byte[] MasterIV = Encryption.GetMasterIV();

                                    byte[] encryptedAesKey = Encryption.Encrypt_AES(AesKeyString, MasterKey, MasterIV);

                                    byte[] encryptedAesIV = Encryption.Encrypt_AES(AesIVString, MasterKey, MasterIV);

                                    string encryptedAesKeyString = Convert.ToBase64String(encryptedAesKey);

                                    string encryptedAesIVString = Convert.ToBase64String(encryptedAesIV);

                                    byte[] encryptedPassword = Encryption.Encrypt_AES(password, AesKey, AesIV);

                                    string encryptedPasswordString = Convert.ToBase64String(encryptedPassword);

                                    byte[] encryptedFirstName = Encryption.Encrypt_AES(firstName, AesKey, AesIV);

                                    string encryptedFirstNameString = Convert.ToBase64String(encryptedFirstName);

                                    byte[] encryptedLastName = Encryption.Encrypt_AES(lastName, AesKey, AesIV);

                                    string encryptedLastNameString = Convert.ToBase64String(encryptedLastName);

                                    byte[] encryptedAge = Encryption.Encrypt_AES(age, AesKey, AesIV);

                                    string encryptedAgeString = Convert.ToBase64String(encryptedAge);

                                    byte[] encryptedStreetAddress = Encryption.Encrypt_AES(streetAddress, AesKey, AesIV);

                                    string encryptedStreetAddressString = Convert.ToBase64String(encryptedStreetAddress);

                                    byte[] encryptedCity = Encryption.Encrypt_AES(city, AesKey, AesIV);

                                    string encryptedCityString = Convert.ToBase64String(encryptedCity);

                                    byte[] encryptedState = Encryption.Encrypt_AES(state, AesKey, AesIV);

                                    string encryptedStateString = Convert.ToBase64String(encryptedState);

                                    byte[] encryptedZipCode = Encryption.Encrypt_AES(zipCode, AesKey, AesIV);

                                    string encryptedZipCodeString = Convert.ToBase64String(encryptedZipCode);

                                    byte[] encryptedCountry = Encryption.Encrypt_AES(country, AesKey, AesIV);

                                    string encryptedCountryString = Convert.ToBase64String(encryptedCountry);

                                    byte[] encryptedPhoneNumber = Encryption.Encrypt_AES(phoneNumber, AesKey, AesIV);

                                    string encryptedPhoneNumberString = Convert.ToBase64String(encryptedPhoneNumber);

                                    byte[] encryptedSecurityQuestion = Encryption.Encrypt_AES(securityQuestion, AesKey, AesIV);

                                    string encryptedSecurityQuestionString = Convert.ToBase64String(encryptedSecurityQuestion);

                                    byte[] encryptedSecurityAnswer = Encryption.Encrypt_AES(securityAnswer, AesKey, AesIV);

                                    string encryptedSecurityAnswerString = Convert.ToBase64String(encryptedSecurityAnswer);

                                    byte[] encryptedRole = Encryption.Encrypt_AES(role, AesKey, AesIV);

                                    string encryptedRoleString = Convert.ToBase64String(encryptedRole);

                                    byte[] encryptedCounselorName = Encryption.Encrypt_AES(counselorName, AesKey, AesIV);

                                    string encryptedCounselorNameString = Convert.ToBase64String(encryptedCounselorName);

                                    string errorMessage7;

                                    errorMessage7 = Insert.Insert_Registration_Transaction(username, encryptedPasswordString, encryptedFirstNameString, encryptedLastNameString, encryptedAgeString, encryptedStreetAddressString, encryptedCityString, encryptedStateString, encryptedZipCodeString, encryptedCountryString, encryptedPhoneNumberString, encryptedAesKeyString, encryptedAesIVString, encryptedRoleString, verified, counselor, encryptedCounselorNameString, dateCreated, numberOfLogins, encryptedSecurityQuestionString, encryptedSecurityAnswerString, referralSource, referralName, RUGAPCEmailAddress);

                                    if (errorMessage7 != null)
                                    {
                                        lblError.Text = errorMessage7;
                                        lblError.Visible = true;

                                        ErrorMessage message = new ErrorMessage();

                                        MsgBox(message.SQLServerErrorMessage);

                                    }//end if

                                    else
                                    {
                                        string urlBase = Request.Url.GetLeftPart(UriPartial.Authority) + Request.ApplicationPath;

                                        string verificationUrl = "PL/Membership/VerifyNewUser.aspx";

                                        string queryString = "?username="******"SA/Email_Templates/Verification.txt");

                                        string errorMessage8;

                                        errorMessage8 = Email.Email_Verification(username, firstName, fullPath, sr);

                                        if (errorMessage8 != null)
                                        {
                                            lblError.Text = errorMessage8;
                                            lblError.Visible = true;

                                            ErrorMessage message = new ErrorMessage();

                                            MsgBox(message.SQLServerErrorMessage);

                                        }//end if

                                        else
                                        {
                                            StreamReader sr2 = new StreamReader(appPath + "SA/Email_Templates/NewClient.txt");

                                            string date = String.Format(System.DateTime.Today.ToShortDateString());

                                            string errorMessage9;

                                            errorMessage9 = Email.Email_New_Client(date, username, firstName, lastName, phoneNumber, sr2, counselor, counselorName, counselorPhoneNumber);

                                            if (errorMessage9 != null)
                                            {
                                                lblError.Text = errorMessage9;
                                                lblError.Visible = true;

                                                ErrorMessage message = new ErrorMessage();

                                                MsgBox(message.SQLServerErrorMessage);

                                            }//end if

                                            else if(RUGAPCEmailAddress != "")
                                            {
                                                StreamReader sr3 = new StreamReader(appPath + "SA/Email_Templates/PayAPC.txt");

                                                string dateToday = String.Format(System.DateTime.Today.ToShortDateString());

                                                DateTime dateToPay = DateTime.Now.AddDays(4);

                                                string errorMessage40;

                                                errorMessage40 = Email.Email_Pay_APC(dateToday, username, firstName, lastName, phoneNumber, sr3, counselor, counselorName, counselorPhoneNumber, dateToPay);

                                                if (errorMessage40 != null)
                                                {
                                                    lblError.Text = errorMessage40;
                                                    lblError.Visible = true;

                                                    ErrorMessage message = new ErrorMessage();

                                                    MsgBox(message.SQLServerErrorMessage);

                                                }//end if

                                            }//end else

                                            MsgBox("Please check your email to complete the registration process.");

                                        }//end else

                                    }//end else

                                }//end else

                            }//end else

                        }//end else

                    }//end else

                }//end else if

            }//end else if

        }//end event