public ActionResult SaveProfile(List <ProfileFieldInfo> FieldInfo, string TimeZoneID) { System.Threading.Thread.Sleep(1000); RequestResultModel _model = new RequestResultModel(); _model.InfoType = RequestResultInfoType.ErrorOrDanger; _model.Message = ""; // Check mandatory fields foreach (ProfileFieldInfo Field in FieldInfo) { ProfileField profileField = ProfileFields.GetBy(int.Parse(Field.ID)); if (profileField.IsMandatory == 1 && (Field.Value == null || Field.Value.Trim().Length == 0)) { _model.Message += String.Format("<li>{0}</li>", String.Format(GetLabel("Account.CreateAccount.Mandatory"), profileField.FieldName)); } if (profileField.IsMandatory == 1 && profileField.FieldTypeID == ProfileFieldTypeEnum.CheckBox && Field.Value != null && Field.Value.ToLower() == "false") { _model.Message += String.Format("<li>{0}</li>", String.Format(GetLabel("Account.CreateAccount.Mandatory"), profileField.FieldName)); } } if (_model.Message.Length > 0) { _model.Message = String.Format("<ul class=\"error-message-list\">{0}</ul>", _model.Message); return(Json(new { Status = RequestResultInfoType.ErrorOrDanger, NotifyType = NotifyType.DialogInline, Message = HttpUtility.HtmlDecode(this.RenderPartialView(@"_RequestResultPageInLine", _model)) }, JsonRequestBehavior.AllowGet)); } if (Profile.Member.TimeZoneID != TimeZoneID) { AuditEvent.AppEventInfo(AppSession.Profile.Member.Email, String.Format("Member updated time zone to: \"{0}\" ", Profile.Member.TimeZoneID)); } Profile.Member.TimeZoneID = TimeZoneID; Profile.Member.UpdateTimeZone(); String FieldValues = ""; List <MemberProfileField> memberProfileFields = MemberProfileFields.GetByMember(Profile.Member.MemberID); foreach (ProfileFieldInfo Field in FieldInfo) { String Value = Field.Value != null?Field.Value.Trim() : Field.Value; ProfileField profileField = ProfileFields.GetBy(int.Parse(Field.ID)); MemberProfileField memberProfileField = MemberProfileFields.GetField(memberProfileFields, int.Parse(Field.ID)); if (profileField.Encrypted == 1 && memberProfileField.FieldValue != null && memberProfileField.FieldValue.Length > 0) { memberProfileField.FieldValue = Encryptor.DecryptStringAES(memberProfileField.FieldValue, AppSession.EncryptionKey); } if (Value != memberProfileField.FieldValue) { FieldValues += String.Format("<b>Name</b>: {0} <b>Before:</b> \"{1}\" <b>Now:</b> \"{2}\"<br/>", profileField.FieldName, memberProfileField.FieldValue, Value); } memberProfileField.MemberID = Profile.Member.MemberID; memberProfileField.FieldID = int.Parse(Field.ID); memberProfileField.FieldValue = Value; if (profileField.Encrypted == 1 && memberProfileField.FieldValue != null && memberProfileField.FieldValue.Length > 0) { memberProfileField.FieldValue = Encryptor.EncryptStringAES(memberProfileField.FieldValue, AppSession.EncryptionKey); } memberProfileField.Save(); } memberProfileFields = MemberProfileFields.GetByMember(Profile.Member.MemberID); List <MemberFieldNameValue> MemberFieldNameValues = new List <MemberFieldNameValue>(); foreach (MemberProfileField memberField in memberProfileFields) { MemberFieldNameValues.Add(new MemberFieldNameValue { Name = memberField.ProfileFieldID.ToString(), Value = memberField.FieldValue, Type = (int)ProfileFields.GetBy(memberField.FieldID).FieldTypeID }); } _model.Message = "Your profile has been updated successfully."; _model.InfoType = RequestResultInfoType.Success; AuditEvent.AppEventInfo(AppSession.Profile.Member.Email, String.Format("Profile of \"{0}\" {1} member has been updated successfully.", AppSession.Profile.Member.Name, AppSession.Profile.Member.Email), AuditEvent.GetSessionDetails(FieldValues)); return(Json(new { Status = RequestResultInfoType.Success, NotifyType = NotifyType.DialogInline, Message = HttpUtility.HtmlDecode(this.RenderPartialView(@"_RequestResultPageInLine", _model)), MemberFields = MemberFieldNameValues, TimeZoneID = Profile.Member.TimeZoneID != null && Profile.Member.TimeZoneID.Length > 0 ? Profile.Member.TimeZoneID : "" }, JsonRequestBehavior.AllowGet)); }
public bool Authenticate(ref String Email, String Password) { bool LDAPAuthSuccess = false; bool IsClassicAuth = AppSession.Parameters.LDAPUseOnly.Value == "false"; bool IsLDAPAuth = AppSession.Parameters.LDAPEnabled.Value == "true"; //LDAP Auth if (AppSession.Parameters.LDAPEnabled.Value == "true" && Email.IndexOf("@" + AppSession.Parameters.LDAPDomain.Value) > 0) { LDAPTools ldapTools = new LDAPTools(); ldapTools.UserName = Email; ldapTools.Password = Password; ldapTools.DirectoryPath = AppSession.Parameters.LDAPPath.Value; if (ldapTools.Authenticate()) { LDAPAuthSuccess = true; string memberName = ldapTools.MemberInfo.DisplayName; string memberAllGroups = ldapTools.GetGroups(); /////////////////////////////////////////////////////////////////////////////////////////////////////////// // The member email will be changed because the first part of e-mail can be different with user network id. /////////////////////////////////////////////////////////////////////////////////////////////////////////// Email = ldapTools.MemberInfo.Email; Member memberNew = Members.GetByEmail(Email); if (memberNew.MemberID <= 0) { memberNew.Name = memberName; memberNew.Email = Email; memberNew.Password = StringTool.RandomString(80); memberNew.IsBuiltIn = false; memberNew.Created = DateTime.UtcNow; memberNew.Save(); string Message = String.Format("LDAP member added: {0} {1}", memberName, Email); AuditEvent.AppEventInfo(AppSession.Parameters.GeneralAdminEmail.Value, Message, null, true); // Add signin/sign up domain. Domain _domain = Domains.GetByName(AppSession.SignUpDomain); if (_domain.DomainID > 0) { MemberDomain _memberDomain = new MemberDomain(); _memberDomain.DomainID = _domain.DomainID; _memberDomain.MemberID = memberNew.MemberID; _memberDomain.Save(); } // Create LDAP settings roles if (AppSession.Parameters.LDAPAddToRoles.Value != null && AppSession.Parameters.LDAPAddToRoles.Value.Length > 0) { string[] memberRoles = AppSession.Parameters.LDAPAddToRoles.Value.Split(new string[] { ";" }, StringSplitOptions.RemoveEmptyEntries); foreach (string memberRole in memberRoles) { Web.Admin.Logic.Objects.Role _role = Web.Admin.Logic.Collections.Roles.GetBy(memberRole); if (_role.RoleID > 0) { MemberRole _memberRole = new MemberRole(); _memberRole.MemberID = memberNew.MemberID; _memberRole.RoleID = _role.RoleID; _memberRole.Save(); } } } } // Create LDAP specific roles if (memberAllGroups != null && memberAllGroups.Length > 0 && AppSession.Parameters.LDAPAddRoleGroup.Value == "true") { string[] memberGroups = memberAllGroups.Split(new string[] { "|" }, StringSplitOptions.RemoveEmptyEntries); foreach (string memberGroup in memberGroups) { Web.Admin.Logic.Objects.Role _role = Web.Admin.Logic.Collections.Roles.GetBy(memberGroup); if (_role.RoleID <= 0) { _role.Name = memberGroup; _role.Settings = "LDAP role reflection. Keep key word: [LDAP-Auto-Role] to be synchronized."; _role.BackColor = "6bbb54"; _role.ForeColor = "ffffff"; _role.Save(); string Message = String.Format("LDAP role added: {0}", _role.Name); AuditEvent.AppEventInfo(AppSession.Parameters.GeneralAdminEmail.Value, Message, null, true); } ; if (_role.RoleID > 0) { MemberRole _memberRole = new MemberRole(); _memberRole.MemberID = memberNew.MemberID; _memberRole.RoleID = _role.RoleID; _memberRole.Save(); } } } // Synchronize members roles with LDAP [LDAP-Auto-Role] key words. List <Role> _roles = Web.Admin.Logic.Collections.Roles.GetByMemberKeyWordInDescription(memberNew.MemberID, "[LDAP-Auto-Role]"); string[] _groups = memberAllGroups.Split(new string[] { "|" }, StringSplitOptions.RemoveEmptyEntries); foreach (Web.Admin.Logic.Objects.Role _role in _roles) { if (_groups != null && _groups.Length > 0) { if (_groups.Where(t => t.Trim().ToLower() == _role.Name.Trim().ToLower()).FirstOrDefault() == default(String)) { Web.Admin.Logic.Objects.Role removeRoleFromUser = Web.Admin.Logic.Collections.Roles.GetBy(_role.Name); MemberRole _memberRole = new MemberRole(); _memberRole.MemberID = memberNew.MemberID; _memberRole.RoleID = removeRoleFromUser.RoleID; _memberRole.Delete(); } } else { MemberRole _memberRole = new MemberRole(); _memberRole.MemberID = memberNew.MemberID; _memberRole.RoleID = _role.RoleID; _memberRole.Delete(); } } } } //Classic Auth Member member = Members.GetByEmail(Email); if (member.MemberID > 0) { if ((IsLDAPAuth && LDAPAuthSuccess) || (IsClassicAuth && Member.ComputePasswordHash(Password) == member.Password) ) { MemberAttempt Attempt = MemberAttempts.GetTodayLoginPasswordFail(member.MemberID); if (Attempt.AttemptID > 0) { Attempt.IsAttemptValid = 0; Attempt.Save(); } // Add signin/sign up domain. Domain _domain = Domains.GetByName(AppSession.SignUpDomain); if (_domain.DomainID > 0) { MemberDomain _memberDomain = new MemberDomain(); _memberDomain.DomainID = _domain.DomainID; _memberDomain.MemberID = member.MemberID; _memberDomain.Save(); } member.UpdateLoginTime(); return(true); } else { MemberAttempt Attempt = MemberAttempts.GetTodayLoginPasswordFail(member.MemberID); if (Attempt.MemberID <= 0) { Attempt.MemberID = member.MemberID; Attempt.AttemptType = MemberAttemptTypes.LoginPasswordFailed; Attempt.IsAttemptValid = 1; } if (Attempt.Attempts > 0) { Attempt.Attempts++; } else { Attempt.Attempts = 1; } Attempt.Save(); if (AppSession.Parameters.RulesPasswordFailedRoles.Value != null && AppSession.Parameters.RulesPasswordFailedRoles.Value.Length > 0 && !AppSession.IsMemberInAdminRole) { Parameter Param = AppSession.Parameters.RulesPasswordFailedAttempts; long value = -1; bool result = long.TryParse(Param.Value, out value); if (result && value > 0 && Attempt.Attempts >= value) { string[] RoleNames = AppSession.Parameters.RulesPasswordFailedRoles.Value.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries); foreach (String RoleName in RoleNames) { Role role = Web.Admin.Logic.Collections.Roles.GetBy(RoleName); if (role.RoleID > 0) { MemberRole memberrole = new MemberRole(); memberrole.MemberID = member.MemberID; memberrole.RoleID = role.RoleID; memberrole.Save(); } } } } return(false); } } else { return(false); } }