Esempio n. 1
0
        private void cmdUpdate_Click(Object sender, EventArgs e)
        {
            if (IsUserOrAdmin == false)
            {
                return;
            }
            //1. Check New Password and Confirm are the same
            if (txtNewPassword.Text != txtNewConfirm.Text)
            {
                OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordMismatch));
                return;
            }
			
			//2. Check New Password is Valid
            if (!UserController.ValidatePassword(txtNewPassword.Text))
            {
                OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordInvalid));
                return;
            }
			
			//3. Check old Password is Provided
            if (!IsAdmin && String.IsNullOrEmpty(txtOldPassword.Text))
            {
                OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordMissing));
                return;
            }
			
			//4. Check New Password is ddifferent
            if (!IsAdmin && txtNewPassword.Text == txtOldPassword.Text)
            {
                OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordNotDifferent));
                return;
            }
            //5. Check New Password is not same as username or banned
            var settings = new MembershipPasswordSettings(User.PortalID);

            if (settings.EnableBannedList)
            {
                var m = new MembershipPasswordController();
                if (m.FoundBannedPassword(txtNewPassword.Text) || User.Username == txtNewPassword.Text)
                {
                    OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.BannedPasswordUsed));
                    return;
                }

            }
            if (!IsAdmin && txtNewPassword.Text == txtOldPassword.Text)
            {
                OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordNotDifferent));
                return;
            }
            if (!IsAdmin)
            {
                try
                {
                    OnPasswordUpdated(UserController.ChangePassword(User, txtOldPassword.Text, txtNewPassword.Text)
                                          ? new PasswordUpdatedEventArgs(PasswordUpdateStatus.Success)
                                          : new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed));
                }
                catch (MembershipPasswordException exc)
                {
                    //Password Answer missing
                    Logger.Error(exc);

                    OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.InvalidPasswordAnswer));
                }
                catch (ThreadAbortException)
                {
                    //Do nothing we are not logging ThreadAbortxceptions caused by redirects    
                }
                catch (Exception exc)
                {
                    //Fail
                    Logger.Error(exc);

                    OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed));
                }
            }
            else
            {
                try
                {
                    OnPasswordUpdated(UserController.ResetAndChangePassword(User, txtNewPassword.Text)
                                          ? new PasswordUpdatedEventArgs(PasswordUpdateStatus.Success)
                                          : new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed));
                }
                catch (MembershipPasswordException exc)
                {
                    //Password Answer missing
                    Logger.Error(exc);

                    OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.InvalidPasswordAnswer));
                }
                catch (ThreadAbortException)
                {
                    //Do nothing we are not logging ThreadAbortxceptions caused by redirects    
                }
                catch (Exception exc)
                {
                    //Fail
                    Logger.Error(exc);

                    OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed));
                }
            }
           
        }
Esempio n. 2
0
        private void cmdChangePassword_Click(object sender, EventArgs e)
        {
            //1. Check New Password and Confirm are the same
            if (txtPassword.Text != txtConfirmPassword.Text)
            {
                resetMessages.Visible = true;
                var failed = Localization.GetString("PasswordMismatch");
                LogFailure(failed);
                lblHelp.Text = failed;
                return;
            }

            if (UserController.ValidatePassword(txtPassword.Text)==false)
            {
                resetMessages.Visible = true;
                var failed = Localization.GetString("PasswordResetFailed");
                LogFailure(failed);
                lblHelp.Text = failed;
                return;    
            }

            //Check New Password is not same as username or banned
            var settings = new MembershipPasswordSettings(User.PortalID);

            if (settings.EnableBannedList)
            {
                var m = new MembershipPasswordController();
                if (m.FoundBannedPassword(txtPassword.Text) || txtUsername.Text == txtPassword.Text)
                {
                    resetMessages.Visible = true;
                    var failed = Localization.GetString("PasswordResetFailed");
                    LogFailure(failed);
                    lblHelp.Text = failed;
                    return;  
                }

            }

            string username = txtUsername.Text;
            if (PortalController.GetPortalSettingAsBoolean("Registration_UseEmailAsUserName", PortalId, false))
            {
                var testUser = UserController.GetUserByEmail(PortalId, username); // one additonal call to db to see if an account with that email actually exists
                if (testUser != null)
                {
                    username = testUser.Username; //we need the username of the account in order to change the password in the next step
                }
            }

            if (UserController.ChangePasswordByToken(PortalSettings.PortalId, username, txtPassword.Text, ResetToken) == false)
            {
                resetMessages.Visible = true;
                var failed = Localization.GetString("PasswordResetFailed", LocalResourceFile);
                LogFailure(failed);
                lblHelp.Text = failed;
            }
            else
            {
                //Log user in to site
                LogSuccess();
                var loginStatus = UserLoginStatus.LOGIN_FAILURE;
                UserController.UserLogin(PortalSettings.PortalId, username, txtPassword.Text, "", "", "", ref loginStatus, false);
                RedirectAfterLogin();
            }           
        }
Esempio n. 3
0
        private void cmdChangePassword_Click(object sender, EventArgs e)
        {
            string username = txtUsername.Text;

            if (MembershipProviderConfig.RequiresQuestionAndAnswer && String.IsNullOrEmpty(txtAnswer.Text))
            {
                var user = UserController.GetUserByName(username);
                if (user != null)
                {
                    lblQuestion.Text = user.Membership.PasswordQuestion;
                }
                divQA.Visible = true;
                return;
            }

            //1. Check New Password and Confirm are the same
            if (txtPassword.Text != txtConfirmPassword.Text)
            {
                resetMessages.Visible = true;
                var failed = Localization.GetString("PasswordMismatch");
                LogFailure(failed);
                lblHelp.Text = failed;
                return;
            }

            if (UserController.ValidatePassword(txtPassword.Text)==false)
            {
                resetMessages.Visible = true;
                var failed = Localization.GetString("PasswordResetFailed");
                LogFailure(failed);
                lblHelp.Text = failed;
                return;
            }

            //Check New Password is not same as username or banned
            var settings = new MembershipPasswordSettings(User.PortalID);

            if (settings.EnableBannedList)
            {
                var m = new MembershipPasswordController();
                if (m.FoundBannedPassword(txtPassword.Text) || txtUsername.Text == txtPassword.Text)
                {
                    resetMessages.Visible = true;
                    var failed = Localization.GetString("PasswordResetFailed");
                    LogFailure(failed);
                    lblHelp.Text = failed;
                    return;
                }
            }

            if (PortalController.GetPortalSettingAsBoolean("Registration_UseEmailAsUserName", PortalId, false))
            {
                var testUser = UserController.GetUserByEmail(PortalId, username); // one additonal call to db to see if an account with that email actually exists
                if (testUser != null)
                {
                    username = testUser.Username; //we need the username of the account in order to change the password in the next step
                }
            }
            string errorMessage;

            string answer = String.Empty;
            if (MembershipProviderConfig.RequiresQuestionAndAnswer)
            {
                answer = txtAnswer.Text;
            }

            if (UserController.ChangePasswordByToken(PortalSettings.PortalId, username, txtPassword.Text, answer, ResetToken, out errorMessage) == false)
            {
                resetMessages.Visible = true;
                var failed = errorMessage;
                LogFailure(failed);
                lblHelp.Text = failed;
            }
            else
            {
                //check user has a valid profile
                var user = UserController.GetUserByName(PortalSettings.PortalId, username);
                var validStatus = UserController.ValidateUser(user, PortalSettings.PortalId, false);
                if (validStatus == UserValidStatus.UPDATEPROFILE)
                {
                    LogSuccess();
                    ViewState.Add("PageNo", 3);
                    Response.Redirect(Globals.NavigateURL(PortalSettings.ActiveTab.TabID, "Login"));
                }
                else
                {
                    //Log user in to site
                    LogSuccess();
                    var loginStatus = UserLoginStatus.LOGIN_FAILURE;
                    UserController.UserLogin(PortalSettings.PortalId, username, txtPassword.Text, "", "", "", ref loginStatus, false);
                    RedirectAfterLogin();
                }
            }
        }
Esempio n. 4
0
        private void cmdChangePassword_Click(object sender, EventArgs e)
        {
            //1. Check New Password and Confirm are the same
            if (txtPassword.Text != txtConfirmPassword.Text)
            {
                resetMessages.Visible = true;
                var failed = Localization.GetString("PasswordMismatch");
                LogFailure(failed);
                lblHelp.Text = failed;
                return;
            }

            if (UserController.ValidatePassword(txtPassword.Text)==false)
            {
                resetMessages.Visible = true;
                var failed = Localization.GetString("PasswordResetFailed");
                LogFailure(failed);
                lblHelp.Text = failed;
                return;    
            }

            //Check New Password is not same as username or banned
            var settings = new MembershipPasswordSettings(User.PortalID);

            if (settings.EnableBannedList)
            {
                var m = new MembershipPasswordController();
                if (m.FoundBannedPassword(txtPassword.Text) || txtUsername.Text == txtPassword.Text)
                {
                    resetMessages.Visible = true;
                    var failed = Localization.GetString("PasswordResetFailed");
                    LogFailure(failed);
                    lblHelp.Text = failed;
                    return;  
                }

            }

            if (UserController.ChangePasswordByToken(PortalSettings.PortalId, txtUsername.Text, txtPassword.Text, ResetToken) == false)
            {
                resetMessages.Visible = true;
                var failed = Localization.GetString("PasswordResetFailed", LocalResourceFile);
                LogFailure(failed);
                lblHelp.Text = failed;
            }
            else
            {
                //Log user in to site
                LogSuccess();
                var loginStatus = UserLoginStatus.LOGIN_FAILURE;
                UserController.UserLogin(PortalSettings.PortalId, txtUsername.Text, txtPassword.Text, "", "", "", ref loginStatus, false);
                RedirectAfterLogin();
            }           
        }
Esempio n. 5
0
        private bool Validate()
        {
            CreateStatus = UserCreateStatus.AddUser;
            var portalSecurity = new PortalSecurity();

            //Check User Editor
            bool _IsValid = userForm.IsValid;

            if (RegistrationFormType == 0)
            {
                //Update UserName
                if (UseEmailAsUserName)
                {
                    User.Username = User.Email;
                    if (String.IsNullOrEmpty(User.DisplayName))
                    {
                        User.DisplayName = User.Email.Substring(0, User.Email.IndexOf("@", StringComparison.Ordinal));
                    }
                }

                //Check Password is valid
                if (!RandomPassword)
                {
                    //Check Password is Valid
                    if (CreateStatus == UserCreateStatus.AddUser && !UserController.ValidatePassword(User.Membership.Password))
                    {
                        CreateStatus = UserCreateStatus.InvalidPassword;
                    }

                    if (RequirePasswordConfirm && String.IsNullOrEmpty(AuthenticationType))
                    {
                        if (User.Membership.Password != User.Membership.PasswordConfirm)
                        {
                            CreateStatus = UserCreateStatus.PasswordMismatch;
                        }
                    }
                }
                else
                {
                    //Generate a random password for the user
                    User.Membership.Password = UserController.GeneratePassword();
                    User.Membership.PasswordConfirm = User.Membership.Password;
                }

            }
            else
            {
                //Set Username to Email
                if (String.IsNullOrEmpty(User.Username))
                {
                    User.Username = User.Email;
                }

                //Set DisplayName
                if (String.IsNullOrEmpty(User.DisplayName))
                {
                    User.DisplayName = String.IsNullOrEmpty(User.FirstName + " " + User.LastName)
                                           ? User.Email.Substring(0, User.Email.IndexOf("@", StringComparison.Ordinal))
                                           : User.FirstName + " " + User.LastName;
                }
                
                //Random Password
                if (String.IsNullOrEmpty(User.Membership.Password))
                {
                    //Generate a random password for the user
                    User.Membership.Password = UserController.GeneratePassword();
                }

                //Password Confirm
                if (!String.IsNullOrEmpty(User.Membership.PasswordConfirm))
                {
                    if (User.Membership.Password != User.Membership.PasswordConfirm)
                    {
                        CreateStatus = UserCreateStatus.PasswordMismatch;
                    }
                }
            }

            //Validate banned password
            var settings = new MembershipPasswordSettings(User.PortalID);

            if (settings.EnableBannedList)
            {
                var m = new MembershipPasswordController();
                if (m.FoundBannedPassword(User.Membership.Password) || User.Username==User.Membership.Password)
                {
                    CreateStatus = UserCreateStatus.BannedPasswordUsed;
                }

            }
            //Validate Profanity
            if (UseProfanityFilter)
            {
                if (!portalSecurity.ValidateInput(User.Username, PortalSecurity.FilterFlag.NoProfanity))
                {
                    CreateStatus = UserCreateStatus.InvalidUserName;
                }
                if (!String.IsNullOrEmpty(User.DisplayName))
                {
                    if (!portalSecurity.ValidateInput(User.DisplayName, PortalSecurity.FilterFlag.NoProfanity))
                    {
                        CreateStatus = UserCreateStatus.InvalidDisplayName;
                    }
                }
            }

            //Validate Unique User Name
            UserInfo user = UserController.GetUserByName(PortalId, User.Username);
            if (user != null)
            {
                if(UseEmailAsUserName)
                {
                    CreateStatus = UserCreateStatus.DuplicateEmail;
                }
                else
                {
                CreateStatus = UserCreateStatus.DuplicateUserName;
                int i = 1;
                string userName = null;
                while (user != null)
                {
                    userName = User.Username + "0" + i.ToString(CultureInfo.InvariantCulture);
                    user = UserController.GetUserByName(PortalId, userName);
                    i++;
                }
                User.Username = userName;
                }
            }

            //Validate Unique Display Name
            if (CreateStatus == UserCreateStatus.AddUser && RequireUniqueDisplayName)
            {
                user = UserController.Instance.GetUserByDisplayname(PortalId, User.DisplayName);
                if (user != null)
                {
                    CreateStatus = UserCreateStatus.DuplicateDisplayName;
                    int i = 1;
                    string displayName = null;
                    while (user != null)
                    {
                        displayName = User.DisplayName + " 0" + i.ToString(CultureInfo.InvariantCulture);
                        user = UserController.Instance.GetUserByDisplayname(PortalId, displayName);
                        i++;
                    }
                    User.DisplayName = displayName;
                }
            }

            //Check Question/Answer
            if (CreateStatus == UserCreateStatus.AddUser && MembershipProviderConfig.RequiresQuestionAndAnswer)
            {
                if (string.IsNullOrEmpty(User.Membership.PasswordQuestion))
                {
                    //Invalid Question
                    CreateStatus = UserCreateStatus.InvalidQuestion;
                }
                if (CreateStatus == UserCreateStatus.AddUser)
                {
                    if (string.IsNullOrEmpty(User.Membership.PasswordAnswer))
                    {
                        //Invalid Question
                        CreateStatus = UserCreateStatus.InvalidAnswer;
                    }
                }
            }

            if (CreateStatus != UserCreateStatus.AddUser)
            {
                _IsValid = false;
            }
            return _IsValid;
        }