private static loginResult ValidateLogin(string userName, string password, DbConnection conn, int timeout, bool logon, string host, out string sessionid) { sessionid = null; object[] user = new object[2] { userName, host }; loginResult flag = loginResult.logNotFound; string falsepwd = "0", sulogon = "0", surevoke = "0", lastfalsecount = "0"; conn.ExecReader(Q_VWLOGIN, user, timeout); if (!conn.hasRow()) { flag = loginResult.logNotFound; } else { surevoke = conn.GetFieldValue("SU_REVOKE"); sulogon = conn.GetFieldValue("SU_LOGON"); lastfalsecount = conn.GetFieldValue("SU_FALSEPWDCOUNT"); Encryption.SimpleEncryption enc = new Encryption.SimpleEncryption(); if (logon) // If already logon { flag = loginResult.logSuccess; } //else if (FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1") == conn.GetFieldValue("SU_PWD")) else if (enc.Encrypt(password, true) == conn.GetFieldValue("SU_PWD")) { // If password is correct //if (conn.GetFieldValue("SU_PWD") == FormsAuthentication.HashPasswordForStoringInConfigFile(conn.GetFieldValue("CHECKDEFPWD").Trim(), "sha1")) if (conn.GetFieldValue("SU_PWD") == enc.Encrypt(conn.GetFieldValue("CHECKDEFPWD").Trim(), true)) { flag = loginResult.logPwdDefault; } else if (conn.GetFieldValue("DEFPWD") == "1") { flag = loginResult.logPwdDefault; } else if (conn.GetFieldValue("SU_LOGON") == "1") // Check if user currently logs in... { flag = loginResult.logHasLogon; } else if (conn.GetFieldValue("SU_PWDEXPIRED") == "1") { flag = loginResult.logPwdExpired; } else { flag = loginResult.logSuccess; } } else { // If incorrect password falsepwd = "1"; flag = loginResult.logPwdInvalid; if (password == string.Empty) { falsepwd = "0"; flag = loginResult.logPwdEmpty; } } if (flag != loginResult.logPwdEmpty) { Guid rand_sessionid = Guid.NewGuid(); object[] actiparam = new object[7] { userName, conn.GetNativeFieldValue("GROUPID"), falsepwd, surevoke, host, sulogon, rand_sessionid.ToString() }; conn.ExecuteNonQuery(SP_USERACTIVITY, actiparam, timeout); sessionid = rand_sessionid.ToString(); } } //check revoke conn.ExecReader(Q_CHECKREVOKE, user, timeout); if (conn.hasRow()) { flag = loginResult.logLocked; if (surevoke == "0" && conn.GetFieldValue("SU_REVOKE") != "0") { flag = loginResult.logJustLocked; } } return(flag); }
protected void BTN_CHANGE_Click(object sender, EventArgs e) { if (TXT_NEW.Text.Trim() != TXT_VERIFY.Text.Trim()) { LBL_MESSAGE.Text = "Password mismatch!"; Clear(); return; } int dbtimeout = int.Parse(ConfigurationSettings.AppSettings["dbTimeOut"]); DbConnection conn = new DbConnection(Session["ConnStringLogin"].ToString()); string newPassword = "", oldPassword = "", dbPassword = ""; object[] user = new object[1] { Session["UserID"] }; Encryption.SimpleEncryption enc = new Encryption.SimpleEncryption(); if (TXT_OLD.Enabled) { //oldPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(TXT_OLD.Text.Trim(), "sha1"); oldPassword = enc.Encrypt(TXT_OLD.Text.Trim(), true); conn.ExecReader(Q_OLDPWD, user, dbtimeout); if (conn.hasRow()) { dbPassword = conn.GetFieldValue(0); } } if (!TXT_OLD.Enabled || oldPassword == dbPassword) { //newPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(TXT_NEW.Text, "sha1"); newPassword = enc.Encrypt(TXT_NEW.Text, true); object[] parnew = new object[3] { Session["UserID"], TXT_NEW.Text, newPassword }; conn.ExecReader(Q_VALIDATEPOLICY, parnew, dbtimeout); if (conn.hasRow()) { if (conn.GetFieldValue(0) == "") { parnew = new object[2] { Session["UserID"].ToString(), newPassword }; conn.ExecuteNonQuery(SP_USRPWDALL, parnew, dbtimeout); conn.ExecReader(Q_MODULEDB, user, dbtimeout); while (conn.hasRow()) { string connectionString = "Data Source=" + conn.GetFieldValue(0) + //dbip ";Initial Catalog=" + conn.GetFieldValue(1) + //dbnama ";uid=" + conn.GetFieldValue(2) + //db_loginid ";pwd=" + conn.GetFieldValue(3) + ";Pooling=true"; //db_loginpwd using (DbConnection lclConn = new DbConnection(connectionString)) { lclConn.ExecuteNonQuery(SP_USRPWD, parnew, dbtimeout); } } LBL_MESSAGE.Text = ""; Clear(); Response.Write("<script for=window event=onload language=javascript>\n" + "alert('Password Updated!');\nform1.IMG_BACK.click();</script>"); } else { LBL_MESSAGE.Text = conn.GetFieldValue(0); Clear(); } } } else { LBL_MESSAGE.Text = "Old Password invalid!"; Clear(); } conn.Dispose(); }
protected void BTN_SAVE_Click(object sender, System.EventArgs e) { if (TXT_USERID.Text == string.Empty || TXT_SU_FULLNAME.Text == string.Empty || DDL_GROUPID.SelectedValue == string.Empty) { LBL_RESULT.Text = "Mandatory field cannot blank... "; LBL_RESULT.ForeColor = System.Drawing.Color.Red; return; } if (TXT_SU_PWD.Text.Trim() != TXT_VERIFYPWD.Text.Trim()) { LBL_RESULT.Text = "Password mismatch... "; LBL_RESULT.ForeColor = System.Drawing.Color.Red; return; } if (TXT_SU_EMAIL.Text != string.Empty && emailValidation(TXT_SU_EMAIL.Text) == false) { LBL_RESULT.Text = "Invalid email address... "; LBL_RESULT.ForeColor = System.Drawing.Color.Red; return; } using (conn = new DbConnection(ConnString)) { //Validasi if (LBL_SAVEMODE.Text == "1") //insert new user { object[] par = new object[1] { TXT_USERID.Text }; conn.ExecReader(Q_CEKUSER, par, dbtimeout); if (conn.hasRow()) { if (conn.GetFieldValue(0) == "1") { LBL_RESULT.Text = "UserID exists in existing system."; LBL_RESULT.ForeColor = System.Drawing.Color.Red; return; } else if (conn.GetFieldValue(1) == "2") { LBL_RESULT.Text = "UserID is in the pending list."; LBL_RESULT.ForeColor = System.Drawing.Color.Red; return; } } } string password = ""; conn.ExecReader(Q_LOGINPARAM, null, dbtimeout); if (conn.hasRow()) { if ((TXT_SU_PWD.Text.Trim().Length < (int)conn.GetNativeFieldValue(0) && TXT_SU_PWD.Text.Trim().Length > (int)conn.GetNativeFieldValue(1))) { LBL_RESULT.Text = "Password must be between " + conn.GetFieldValue(0) + " and " + conn.GetFieldValue(1) + " characters!"; LBL_RESULT.ForeColor = System.Drawing.Color.Red; return; } } bool isnew = LBL_SAVEMODE.Text == "1"; string revoke = "0", suActive = "0"; if (cb_revoke.Checked) { revoke = "1"; } if (CHK_SU_ACTIVE.Checked) { suActive = "1"; } if (cb_resetpwd.Checked) { password = conn.GetFieldValue("def_pwd"); } else { password = TXT_SU_PWD.Text.Trim(); } if (isnew && password == "" & ddl_JenisUser.SelectedValue == "2") { password = conn.GetFieldValue("def_pwd"); } if (password != "") { // blank means using old pwd //password = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1"); Encryption.SimpleEncryption enc = new Encryption.SimpleEncryption(); password = enc.Encrypt(password, true); } try { object[] pardata = new object[19] { TXT_USERID.Text, DDL_GROUPID.SelectedValue, TXT_SU_FULLNAME.Text, password, TXT_SU_HPNUM.Text, TXT_SU_EMAIL.Text, DBNull.Value, Session["UserID"], LBL_SAVEMODE.Text, revoke, suActive, uREF_UPLINER.SelectedValue, uREF_BRANCHID.SelectedValue, uREF_AREAID.SelectedValue, ddl_JenisUser.SelectedValue, uREF_UPLINER2.SelectedValue, uREF_UPLINER3.SelectedValue, uREF_UPLINER4.SelectedValue, uREF_UPLINER5.SelectedValue }; conn.ExecuteNonQuery(SP_SAVE, pardata, dbtimeout); LBL_RESULT.Text = "Request Submitted! Awaiting Approval ... "; LBL_RESULT.ForeColor = System.Drawing.Color.Green; } catch (Exception ex) { if (ex.Message.IndexOf("Last Query:") > 0) { LBL_RESULT.Text = ex.Message.Substring(0, ex.Message.IndexOf("Last Query:")); } else { LBL_RESULT.Text = ex.Message; } LBL_RESULT.ForeColor = System.Drawing.Color.Red; return; } DatGrd.CurrentPageIndex = 0; BindData(); ClearEntries(); ClearSearch(); } }