protected void ButtonLogin_Click(object sender, EventArgs e) { string sql = "SELECT email, nombre, apellidos, tipo " + "FROM Usuarios " + "WHERE email = @email " + "AND pass = @password"; byte[] hashedPass = AppSecurity.GenerateHash(textBoxPassword.Text); Dictionary <string, object> parameters = new Dictionary <string, object> { { "@email", textBoxEmail.Text }, { "@password", hashedPass } }; try { QueryResult queryResult = DataAccess.Query(sql, parameters); if (queryResult.Rows.Count != 1) { Debug.WriteLine("Wrong credentials"); } else { Session["IsLogged"] = true; string email = Convert.ToString(queryResult.Rows[0]["email"]); Session["Email"] = email; Session["Name"] = queryResult.Rows[0]["nombre"]; Session["LastName"] = queryResult.Rows[0]["apellidos"]; string tipo = Convert.ToString(queryResult.Rows[0]["tipo"]); Session["UserType"] = GetUserTypeName(email, tipo); FormsAuthentication.SetAuthCookie(Session["UserType"].ToString(), true); AddConnectedUsers(Session["UserType"].ToString(), email); Response.Redirect(AppConfig.WebSite.MainPage); } } catch (Exception ex) { Debug.WriteLine("Exception caught: " + ex.Message); NotificationData data = new NotificationData { Title = "Exception caught", Body = $"Could not perform the login correctly.", Level = AlertLevel.Danger, Dismissible = true }; Master.UserNotification.ShowNotification(data); } }
// TODO: Check MailDefinition. https://stackoverflow.com/a/886750/4134376 protected void ButtonCreateAccount_Click(object sender, EventArgs e) { bool isEnrolled = false; NotificationData data = new NotificationData(); try { isEnrolled = IsEnrolledUser(textBoxEmail.Text); if (!isEnrolled) { data.Body = "The user is not enrolled."; data.Level = AlertLevel.Warning; data.Dismissible = true; } } catch (WebException) { data.Body = "Could not perform the enrollment check."; data.Level = AlertLevel.Danger; data.Dismissible = true; } EnrolledEmailValidator.IsValid = isEnrolled; if (!isEnrolled) { Master.UserNotification.ShowNotification(data); return; } Random generator = new Random(); int code = (int)(generator.Next(0, 999999) + 1000000); ParametizedUrl parametizedUrl = new ParametizedUrl($"{UrlUtils.UrlRoot}{Page.ResolveUrl(@"~/Confirmar")}") { { "email", textBoxEmail.Text }, { "code", code.ToString() } }; string displayName = "HADS"; string address = "*****@*****.**"; string subject = "Confirm Account"; string emailTemplate = File.ReadAllText(HttpContext.Current.Server.MapPath("~/MailTemplates/AccountVerification.html")); /* * Email Fields: * 0 LogoImgUrl * 1 Name * 2 LastName * 3 VerificationUrl * 4 HelpWebsiteUrl * 5 WebsiteUrl * 6 FooterLogoImgUrl */ string[] emailFields = { "", textBoxName.Text, textBoxLastName.Text, parametizedUrl, "", UrlUtils.UrlRoot, "" }; string emailHtml = String.Format(emailTemplate, emailFields); MailMessage mail = new MailMessage(); mail.From = new MailAddress(address, displayName); mail.To.Add(new MailAddress(textBoxEmail.Text)); mail.Subject = subject; mail.AlternateViews.Add(AlternateView.CreateAlternateViewFromString(emailHtml, null, MediaTypeNames.Text.Html)); mail.IsBodyHtml = true; try { string sql = "INSERT INTO Usuarios(email, nombre, apellidos, numconfir, tipo, pass) VALUES(@email, @nombre, @apellidos, @numconfir, @tipo, @pass)"; Dictionary <string, object> parameters = new Dictionary <string, object> { { "@email", textBoxEmail.Text }, { "@nombre", textBoxName.Text }, { "@apellidos", textBoxLastName.Text }, { "@numconfir", code }, { "@tipo", dropDownRol.SelectedValue }, { "@pass", AppSecurity.GenerateHash(textBoxPassword.Text) } }; int affectedRows = DataAccess.NonQuery(sql, parameters); if (affectedRows == 1) { this.EmailService.SendEmail(mail); Session["NotificationData"] = new NotificationData() { Title = "Confirm Email", Body = $"Confirmation email sent to <span class=\"font-weight-bold font-italic\">{textBoxEmail.Text}</span>. Please verify your account email.", Level = AlertLevel.Info }; //Session["NotificationData"] as NotificationData).Body += $"<br><br><strong><small><a href=\"{parametizedUrl}\">Ir a Pagina de Confirmacion de forma Directa</a></small></strong>"; Response.RedirectToRoute("WebNotification"); } else { throw new Exception($"Unexpected number of rows affected.\nExpected: 1\nObtained: {affectedRows}"); } } catch (Exception ex) { Debug.WriteLine("Exception caught: " + ex.Message); NotificationData exceptionData = new NotificationData() { Title = "Exception Trown", Body = ex.Message, Level = AlertLevel.Danger, Dismissible = true }; Master.UserNotification.ShowNotification(exceptionData); } }