public void ChangePassword(GreyFoxUser user, string newPassword) { string ipAddress = "No Web Server"; string clientDetails = "No Web Server"; if (System.Web.HttpContext.Current != null) { ipAddress = System.Web.HttpContext.Current.Request.UserHostAddress; clientDetails = System.Web.HttpContext.Current.Request.UserAgent; } // Log an event Amns.GreyFox.EventLog.GreyFoxEvent e = new Amns.GreyFox.EventLog.GreyFoxEvent("sysGlobal_Events"); e.Category = "Login"; e.Description = "Lost password; username '" + user.UserName + "'.<BR>" + // "Old Password: "******"<BR>" + // "New Password: "******"<BR>" + "IP Address: " + ipAddress + "<BR>" + "Client: " + clientDetails; e.EventDate = DateTime.Now; e.EventID = 25201; e.Source = "AUDITOR"; e.Type = 105; e.User = user; e.Save(); user.LoginPassword = newPassword; user.Encrypt(); user.Save(); }
/// <summary> /// Logs in a user to the system and optionally logs success and failures to the audit log. /// </summary> /// <returns>Returns associated user if one exists, or returns null if no user exists.</returns> public GreyFoxUser Login(string username, string password, string ipAddress, string clientDetails, bool logSuccess, bool logFailure) { GreyFoxUser user = null; try { user = GetByUsername(username); } catch { if (logFailure) { Amns.GreyFox.EventLog.GreyFoxEvent e = new Amns.GreyFox.EventLog.GreyFoxEvent("sysGlobal_Events"); e.Category = "Login"; e.Description = "Login failure; invalid username '" + username + "'.<BR>" + "IP Address: " + ipAddress + "<BR>" + "Client: " + clientDetails; e.EventDate = DateTime.Now; e.EventID = 25104; e.Source = "AUDITOR"; e.Type = 105; e.User = null; e.Save(); } throw(new Exception("Login failure; invalid username.")); } if (GreyFoxPassword.DecodePassword(user.loginPassword).ToLower() != password.ToLower()) { if (logFailure) { Amns.GreyFox.EventLog.GreyFoxEvent e = new Amns.GreyFox.EventLog.GreyFoxEvent("sysGlobal_Events"); e.Category = "Login"; e.Description = "Login failure; incorrect password for '" + username + "'.<BR>" + "Password used '" + password + "'.<BR>" + "IP Address: " + ipAddress + "<BR>" + "Client: " + clientDetails; e.EventDate = DateTime.Now; e.EventID = 25105; e.Source = "AUDITOR"; e.Type = 105; e.User = user; e.Save(); user.LoginCount++; user.Save(); // Delay the user 15 seconds if he's tried in the last 24 hours if (user.LoginCount == 4) { System.Threading.Thread.Sleep(15 * 1000); } // Delay the user 15 seconds + 5 second increments else if (user.LoginCount > 5 & user.LoginCount <= 11) { System.Threading.Thread.Sleep(5 * 1000 * user.LoginCount + 15 * 1000); } // Delay the user 15 seconds + 10 second increments else if (user.LoginCount > 11) { System.Threading.Thread.Sleep(15 * 1000 * user.LoginCount + 15 * 1000); } } throw(new Exception("Login failure; incorrect password.")); } if (user.isDisabled) { if (logFailure) { Amns.GreyFox.EventLog.GreyFoxEvent e = new Amns.GreyFox.EventLog.GreyFoxEvent("sysGlobal_Events"); e.Category = "Login"; e.Description = "Login failure; '" + username + "' disabled.<BR>" + "IP Address: " + ipAddress + "<BR>" + "Client: " + clientDetails; e.EventDate = DateTime.Now; e.EventID = 25110; e.Source = "AUDITOR"; e.Type = 105; e.User = user; e.Save(); } throw(new Exception("Login failure; user disabled.")); } if (logSuccess) { Amns.GreyFox.EventLog.GreyFoxEvent e = new Amns.GreyFox.EventLog.GreyFoxEvent("sysGlobal_Events"); e.Category = "Login"; e.Description = "Login success; '" + username + "'.<BR>" + "IP Address: " + ipAddress + "<BR>" + "Client: " + clientDetails; e.EventDate = DateTime.Now; e.EventID = 25001; e.Source = "AUDITOR"; e.Type = 100; e.User = user; e.Save(); // Delay the user 15 seconds if he's tried in the last 24 hours if (user.LoginCount == 4) { System.Threading.Thread.Sleep(15 * 1000); } // Delay the user 15 seconds + 5 second increments else if (user.LoginCount > 5 & user.LoginCount <= 11) { System.Threading.Thread.Sleep(5 * 1000 * user.LoginCount + 15 * 1000); } // Delay the user 15 seconds + 10 second increments else if (user.LoginCount > 11) { System.Threading.Thread.Sleep(15 * 1000 * user.LoginCount + 15 * 1000); } } user.loginCount = 1; user.loginDate = DateTime.Now; user.isSynced = false; user.Save(); return(user); }