public ActionResult AnswerQuestions(AnswerQuestionsModel model) { EventLogHandler Logger = new EventLogHandler(); ErrorController ErrorFinder = new ErrorController(); var sessionUser = Session["Username"] as string; var sessionEmail = Session["Email"] as string; List <CreateUser> user; using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { user = db.Query <CreateUser>("Select * from dbo.UserTable where Username = @Username AND Email = @Email;", new { Username = sessionUser, Email = sessionEmail }).ToList(); } ViewBag.Question_1 = user[0].SecurityQuestion1; ViewBag.Question_2 = user[0].SecurityQuestion2; //Database1Entities5 db = new Database1Entities5(); //var userDetails = db.CreateUsers.Where(validUser => validUser.Username == sessionUser && validUser.Email == sessionEmail).FirstOrDefault(); //ViewBag.Question_1 = userDetails.Security_Question1; //ViewBag.Question_2 = userDetails.Security_Question2; if (model.Answer_1 == user[0].Answer1 && model.Answer_2 == user[0].Answer2) { using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { string sql = $"Update dbo.UserTable set AccountLocked = @AccountLocked where Username = @Username;"; db.Execute(sql, new { AccountLocked = false, Username = user[0].Username }); } //user[0].Account_Locked = false; //db.SaveChanges(); Logger.LogAccountRecovered(user[0].ID, user[0].Username); //Database1Entities6 db2 = new Database1Entities6(); //var events = db2.EventLogs.ToList(); ViewBag.Message = "Account Unlocked Successfully."; } else { ViewBag.Error = ErrorFinder.GetErrorMessage(37); } //if (model.Answer_1 == userDetails.Answer_1 && model.Answer_2 == userDetails.Answer_2) { // userDetails.Account_Locked = false; // db.SaveChanges(); // Logger.LogAccountRecovered(userDetails.ID, userDetails.Username); // Database1Entities6 db2 = new Database1Entities6(); // var events = db2.EventLogs.ToList(); // ViewBag.Message = "Account Unlocked Successfully."; //} //else //{ // ViewBag.Error = ErrorFinder.GetErrorMessage(37); //} return(View()); }
public ActionResult ResetPassword(ResetPasswordModel model) { EventLogHandler Logger = new EventLogHandler(); var message = ""; if (ModelState.IsValid) { List <CreateUser> validatePasswordCode; using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { validatePasswordCode = db.Query <CreateUser>($"Select * from dbo.Usertable Where ResetPasswordCode = @ResetCode", new { ResetCode = model.ResetCode }).ToList(); } if (validatePasswordCode.Count > 0) { OldPasswordHandler PassHand = new OldPasswordHandler(); PassHand.AdjustOldPasswords(validatePasswordCode[0].Password, validatePasswordCode[0].ID); using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { string sql = $"Update dbo.UserTable set Password = @Password, ResetPasswordCode = NULL where Username = @Username"; db.Execute(sql, new { Password = model.Password, Username = validatePasswordCode[0].Username }); message = "Password updated successfully."; Logger.LogPasswordReset(validatePasswordCode[0].ID, validatePasswordCode[0].Username); ViewBag.Message = message; } } } return(View(model)); //if (ModelState.IsValid) //{ // using (Database1Entities5 dc = new Database1Entities5()) // { // var user = dc.CreateUsers.Where(a => a.ResetPasswordCode == model.ResetCode).FirstOrDefault(); // if (user != null) // { // OldPasswordHandler PassHand = new OldPasswordHandler(); // PassHand.AdjustOldPasswords(user.Password, user.ID); // user.Password = model.Password; // user.ResetPasswordCode = ""; // dc.SaveChanges(); // Logger.LogPasswordReset(user.ID, user.Username); // Database1Entities6 db2 = new Database1Entities6(); // var events = db2.EventLogs.ToList(); // var message = "Password updated successfully."; // ViewBag.Message = message; // } // } //} //return View(model); }
public void ForgotPassword(ForgotPasswordModel ForgotPass, string Email) { string Em = Email; EventLogHandler Logger = new EventLogHandler(); List <CreateUser> validateEmail; using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { validateEmail = db.Query <CreateUser>("Select * from dbo.Usertable Where Email = @Email", new { Email = Em }).ToList(); } if (validateEmail.Count > 0) { //send email string resetCode = Guid.NewGuid().ToString(); SendEmail(Em, resetCode); validateEmail[0].ResetPasswordCode = resetCode; using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { string sql = "Update dbo.UserTable set ResetPasswordCode = @resetCode where Username = @Username"; db.Execute(sql, new { resetCode = resetCode, Username = validateEmail[0].Username }); } Logger.LogForgotPassword(Em); System.Diagnostics.Debug.WriteLine("Email was sent"); } else { System.Diagnostics.Debug.WriteLine("Fail, no email sent"); } //using (Database1Entities5 dc = new Database1Entities5()) //{ // var account = dc.CreateUsers.Where(a => a.Email == Em).FirstOrDefault(); // if (account != null) // { // //send email // string resetCode = Guid.NewGuid().ToString(); // SendEmail(Em, resetCode); // account.ResetPasswordCode = resetCode; // dc.SaveChanges(); // Logger.LogForgotPassword(Em); // Database1Entities6 db2 = new Database1Entities6(); // var events = db2.EventLogs.ToList(); // System.Diagnostics.Debug.WriteLine("Email was sent"); // } // else { // System.Diagnostics.Debug.WriteLine("Fail, no email sent"); // } //} }
public ActionResult EditAccount(EditAccountModel model) { EventLogHandler Logger = new EventLogHandler(); var sessionUser = Session["Username"] as string; if (ModelState.IsValid) { List <ChartOfAcc> accountsList; List <string> AccountDetails = new List <string>(); List <string> NewAccountDetails = new List <string>(); using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { accountsList = db.Query <ChartOfAcc>($"Select * From dbo.ChartOfAccounts Where AccountNumber = @ID", new { ID = model.AccountNumber }).ToList(); } AccountDetails.Add("Name:" + accountsList[0].AccountName); AccountDetails.Add("Active: " + accountsList[0].Active); AccountDetails.Add("Type: " + accountsList[0].AccountType); AccountDetails.Add("Description:" + accountsList[0].AccountDescription); string DetailedFrom = String.Join("|^|", AccountDetails); using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { string sql = "Update dbo.ChartOfAccounts set AccountName = @AccountName, " + "AccountType = @AccountType, AccountDescription = @AccountDescription," + "Active = @Active Where AccountNumber = @AccountNumber"; db.Execute(sql, new { AccountNumber = model.AccountNumber, AccountName = model.AccountName, AccountType = model.AccountType, AccountDescription = model.AccountDescription, Active = model.Active }); } NewAccountDetails.Add("Name:" + model.AccountName); NewAccountDetails.Add("Active: " + model.Active); NewAccountDetails.Add("Type: " + model.AccountType); NewAccountDetails.Add("Description:" + model.AccountDescription); string DetailedTo = String.Join("|^|", NewAccountDetails); TempData["Message"] = "Your entry was successfully updated!"; Logger.LogAdminEditAccount(sessionUser, model.AccountName, DetailedFrom, DetailedTo); return(RedirectToAction("ChartOfAccounts")); } return(View(model)); }
public ActionResult ChangePassword(ChangePasswordModel model) { //have to add code to replace password still //use old passsword handler EventLogHandler Logger = new EventLogHandler(); List <CreateUser> user; using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { var sessionUser = Session["Username"] as string; user = db.Query <CreateUser>("Select * from dbo.UserTable where Username = @Username;", new { Username = sessionUser }).ToList(); } if (user.Count() > 0) { OldPasswordHandler PassHand = new OldPasswordHandler(); PassHand.AdjustOldPasswords(model.CurrentPassword, user[0].ID); using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { string sql = $"Update dbo.UserTable set Password = @Password where Username = @Username;"; db.Execute(sql, new { Password = user[0].Password, Username = user[0].Username }); } Logger.LogPasswordChange(); var message = "Password updated successfully."; ViewBag.Message = message; } // using (Database1Entities5 dc = new Database1Entities5()) //{ // EventLogHandler Logger = new EventLogHandler(); // var sessionUser = Session["Username"] as string; // var user = dc.CreateUsers.Where(a => a.Username == sessionUser).FirstOrDefault(); // if (user != null) // { // OldPasswordHandler PassHand = new OldPasswordHandler(); // PassHand.AdjustOldPasswords(model.CurrentPassword, user.ID); // user.Password = model.NewPassword; // dc.SaveChanges(); // Logger.LogPasswordChange(); // Database1Entities6 db2 = new Database1Entities6(); // var events = db2.EventLogs.ToList(); // var message = "Password updated successfully."; // ViewBag.Message = message; // } //} return(View(model)); }
public ActionResult NewAccount(NewAccountModel model) { EventLogHandler Logger = new EventLogHandler(); var sessionUser = Session["Username"] as string; string Normal = ""; if (model.AccountType == "Asset" || model.AccountType == "Liability") { Normal = "Debit"; } else { Normal = "Credit"; } if (ModelState.IsValid) { using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { string sql = $"Insert into dbo.ChartOfAccounts (AccountNumber, AccountName, " + "AccountType, NormalSide, OriginalBalance, CurrentBalance, AccountDescription, CreatedBy, Active, DateCreated)" + "values(@AccountNumber, @AccountName, @AccountType,@NormalSide,@OriginalBalance," + "@CurrentBalance,@AccountDescription,@CreatedBy,@Active,@Date)"; db.Execute(sql, new { AccountNumber = model.AccountNumber, AccountName = model.AccountName, AccountType = model.AccountType, NormalSide = Normal, OriginalBalance = model.OriginalBalance, CurrentBalance = 0, AccountDescription = model.AccountDescription, CreatedBy = sessionUser, Active = model.Active, Date = DateTime.Now }); } TempData["Message"] = "A new account was successfully created!"; Logger.LogAdminCreateAccount(sessionUser, model.AccountName); return(RedirectToAction("ChartOfAccounts")); } return(View("NewAccount", new NewAccountModel())); }
public ActionResult NewUser(NewUserModel model) { EventLogHandler Logger = new EventLogHandler(); CreateUser tbl = new CreateUser(); tbl.FirstName = model.FirstName; tbl.LastName = model.LastName; tbl.Username = model.Username; tbl.Password = model.Password; tbl.Role = model.Role; tbl.Phone = model.Phone; tbl.Email = model.Email; tbl.Date = model.Date_Created; tbl.Active = model.Active; tbl.Address = model.Address; tbl.City = model.City; tbl.State = model.State; tbl.ZIP_Code = model.ZIP_Code; tbl.AccountLocked = false; tbl.LoginAttempts = 10; tbl.LoginAmount = 0; tbl.LoginFails = 0; if (ModelState.IsValid) { using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { string sql = $"Insert into dbo.UserTable (FirstName, LastName, " + "Username, Password, Role, Phone, Email, Date, Active, Address, City, State, ZIP_Code," + "AccountLocked, LoginAttempts, LoginAmount, LoginFails)" + "values(@FirstName,@LastName,@Username,@Password,@Role," + "@Phone,@Email,@Date,@Active,@Address,@City,@State,@ZIP_Code," + "@AccountLocked, @LoginAttempts, @LoginAmount, @LoginFails)"; db.Execute(sql, new { FirstName = tbl.FirstName, LastName = tbl.LastName, Username = tbl.Username, Password = tbl.Password, Role = tbl.Role, Phone = tbl.Phone, Email = tbl.Email, Date = tbl.Date, Active = tbl.Active, Address = tbl.Address, City = tbl.City, State = tbl.State, ZIP_Code = tbl.ZIP_Code, AccountLocked = tbl.AccountLocked, LoginAttempts = tbl.LoginAttempts, LoginAmount = tbl.LoginAmount, LoginFails = tbl.LoginFails }); } TempData["Message"] = "Your entry was successfully added!"; Logger.LogNewUser(model.Username); return(RedirectToAction("AllUsers")); } return(View("NewUser", new NewUserModel())); }
public ActionResult EditUser(EditUserModel value) { EventLogHandler Logger = new EventLogHandler(); List <CreateUser> CurrentUser; using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { CurrentUser = db.Query <CreateUser>($"Select * from dbo.Usertable Where ID = @ID", new { ID = value.ID }).ToList(); } string CurrentPassword = CurrentUser[0].Password.ToString(); int id = CurrentUser[0].ID; var Original = new List <string>(); var Updated = new List <string>(); string OriginalModel = ""; string UpdatedModel = ""; if (CurrentUser[0].DateModified != value.Date_Modified) { Original.Add("Date Modified: " + CurrentUser[0].DateModified); Updated.Add("Date Modified: " + value.Date_Modified); } if (CurrentUser[0].FirstName != value.FirstName) { Original.Add("First Name: " + CurrentUser[0].FirstName); Updated.Add("First Name: " + value.FirstName); } if (CurrentUser[0].LastName != value.LastName) { Original.Add("Last Name: " + CurrentUser[0].LastName); Updated.Add("Last Name: " + value.LastName); } if (CurrentUser[0].Email != value.Email) { Original.Add("Email: " + CurrentUser[0].Email); Updated.Add("Email: " + value.Email); } if (CurrentUser[0].Role != value.Role) { Original.Add("Role: " + CurrentUser[0].Role); Updated.Add("Role: " + value.Role); } if (CurrentUser[0].Phone != value.Phone) { Original.Add("Phone: " + CurrentUser[0].Phone); Updated.Add("Phone: " + value.Phone); } if (CurrentUser[0].Active != value.Active) { Original.Add("Active: " + CurrentUser[0].Active); Updated.Add("Active: " + value.Active); } if (CurrentUser[0].Address != value.Address) { Original.Add("Address: " + CurrentUser[0].Address); Updated.Add("Address: " + value.Address); } if (CurrentUser[0].City != value.City) { Original.Add("City: " + CurrentUser[0].City); Updated.Add("City: " + value.City); } if (CurrentUser[0].State != value.State) { Original.Add("State: " + CurrentUser[0].State); Updated.Add("State: " + value.State); } if (CurrentUser[0].ZIP_Code != value.ZIP_Code) { Original.Add("ZIP Code: " + CurrentUser[0].ZIP_Code); Updated.Add("ZIP Code: " + value.ZIP_Code); } OriginalModel = String.Join("|^|", Original); UpdatedModel = String.Join("|^|", Updated); if (OriginalModel != "") { //A change has been done Logger.LogEditUser(CurrentUser[0].ID, CurrentUser[0].Username, OriginalModel, UpdatedModel); } Original.Clear(); Updated.Clear(); CurrentUser[0].DateModified = value.Date_Modified; CurrentUser[0].FirstName = value.FirstName; CurrentUser[0].LastName = value.LastName; CurrentUser[0].Email = value.Email; CurrentUser[0].Role = value.Role; CurrentUser[0].Phone = value.Phone; CurrentUser[0].Active = value.Active; CurrentUser[0].Address = value.Address; CurrentUser[0].City = value.City; CurrentUser[0].State = value.State; CurrentUser[0].ZIP_Code = value.ZIP_Code; using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { string sql = "Update dbo.UserTable set FirstName = @FirstName, LastName = @LastName, " + "Username = @Username, Password = @Password, Role = @Role, Phone = @Phone, " + "Email = @Email, DateModified = @Date_Modified, Active = @Active, Address = @Address, " + "City = @City, State = @State, ZIP_Code = @ZIP_Code Where ID = @ID;"; db.Execute(sql, new { FirstName = CurrentUser[0].FirstName, LastName = CurrentUser[0].LastName, Username = CurrentUser[0].Username, Password = CurrentUser[0].Password, Role = CurrentUser[0].Role, Phone = CurrentUser[0].Phone, Email = CurrentUser[0].Email, Date_Modified = CurrentUser[0].DateModified, Active = CurrentUser[0].Active, Address = CurrentUser[0].Address, City = CurrentUser[0].City, State = CurrentUser[0].State, ZIP_Code = CurrentUser[0].ZIP_Code, ID = CurrentUser[0].ID }); } TempData["Message"] = "Your entry was successfully updated!"; return(RedirectToAction("AllUsers")); }
public ActionResult Authenticate(LoginModel userLoggingIn) { EventLogHandler Logger = new EventLogHandler(); ErrorController GetErr = new ErrorController(); string inv = GetErr.GetErrorMessage(19); string denied = GetErr.GetErrorMessage(21); string locked = GetErr.GetErrorMessage(30); string attempts = GetErr.GetErrorMessage(31); //var db = new Database1Entities5(); //checks username and password both exists for an account, left for reference //var userDetails = db.CreateUsers.Where(validUser => validUser.Username == userLoggingIn.Username && validUser.Password == userLoggingIn.Password).FirstOrDefault(); //var userDetails = db.CreateUsers.Where(validUser => validUser.Username == userLoggingIn.Username).FirstOrDefault(); //get the account for the typed username //List<CreateUser> validateLogin; List <UserModel> userDetails; using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { userDetails = db.Query <UserModel>("Select * from dbo.UserTable Where Username = @Username", new { Username = userLoggingIn.Username }).ToList(); } try { if (userDetails == null) { throw new Exception(inv); //the username does not exist } else if (userDetails.Count == 0) { throw new Exception(inv); } else if (userDetails[0].Active == false) { throw new Exception(denied); } else if (userDetails[0].AccountLocked == true) { throw new Exception(locked); } if (userLoggingIn.Password != userDetails[0].Password) { //usernames exists, but password is wrong if (userDetails[0].LoginAttempts == 1) { //Adjust fails and login attempts for last attempt using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { string sql = "Update dbo.UserTable set LoginFails = @fails, LoginAttempts = @attempts Where Username = @name;"; db.Execute(sql, new { fails = userDetails[0].LoginFails + 1, attempts = userDetails[0].LoginAttempts - 1, name = userDetails[0].Username }); } //Lock account for too many invalid login attempts; bool NewLock = true; using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { string sql = "Update dbo.UserTable set AccountLocked = @Lock Where Username = @name;"; db.Execute(sql, new { Lock = NewLock, name = userDetails[0].Username }); } Logger.LogAccountLocked(userDetails[0].ID, userDetails[0].Username); throw new Exception(locked); } using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { string sql = "Update dbo.UserTable set LoginFails = @fails, LoginAttempts = @attempts Where Username = @name;"; db.Execute(sql, new { fails = userDetails[0].LoginFails + 1, attempts = userDetails[0].LoginAttempts - 1, name = userDetails[0].Username }); } int AmountRemaining = (int)userDetails[0].LoginAttempts - 1; throw new Exception(attempts + " " + AmountRemaining.ToString()); //throw new Exception(attempts + " " + validateLogin[0].Login_Attempts.ToString()); } else if (userDetails[0].SecurityQuestion1 == null) { System.Web.HttpContext.Current.Session["FirstNameofUser"] = userDetails[0].FirstName; System.Web.HttpContext.Current.Session["Username"] = userDetails[0].Username; System.Web.HttpContext.Current.Session["UserRole"] = userDetails[0].Role; using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { string sql = "Update dbo.UserTable set LoginAmount = @amount Where Username = @name;"; db.Execute(sql, new { amount = userDetails[0].LoginAmount + 1, name = userDetails[0].Username }); } return(Redirect("~/Account/SecurityQuestions")); } else { //The account is allowed System.Web.HttpContext.Current.Session["FirstNameofUser"] = userDetails[0].FirstName; System.Web.HttpContext.Current.Session["Username"] = userDetails[0].Username; System.Web.HttpContext.Current.Session["UserRole"] = userDetails[0].Role; //UserRole is stored in session ID, helpful link https://code.msdn.microsoft.com/How-to-create-and-access-447ada98 int x = 10; using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString())) { string sql = "Update dbo.UserTable set LoginAmount = @amount, LoginAttempts = @attempts, LastLogin = @time Where Username = @name;"; db.Execute(sql, new { amount = userDetails[0].LoginAmount + 1, attempts = x, time = DateTime.Now, name = userDetails[0].Username }); } Logger.LogUserLogin(userDetails[0].Username); if (userDetails[0].Role == "Admin") { return(Redirect("~/Admin/Dashboard")); //takes user to Admin view } else if (userDetails[0].Role == "Accountant") { return(Redirect("~/Accountant/Dashboard")); //takes user to Accountant view } else if (userDetails[0].Role == "Manager") //takes user to Manager view { return(Redirect("~/Manager/ManagerIndex")); } } } //try //{ // if (userDetails == null) // { // throw new Exception(inv); //the username does not exist // } // else if (userLoggingIn.Password != userDetails.Password) // { // //usernames exists, but password is wrong // if (userDetails.Login_Attempts == 1) // { // userDetails.Account_Locked = true; // db.SaveChanges(); // Logger.LogAccountLocked(userDetails.ID, userDetails.Username); // Database1Entities6 db2 = new Database1Entities6(); // var events = db2.EventLogs.ToList(); // throw new Exception(locked); // } // userDetails.Login_Fails++; // userDetails.Login_Attempts--; // db.SaveChanges(); // throw new Exception(attempts + " " + userDetails.Login_Attempts.ToString()); // } // else if (userDetails.Active == false) // throw new Exception(denied); // else if (userDetails.Account_Locked == true) // throw new Exception(locked); // else if (userDetails.Security_Question1 == null) { // //Not answered security questions // System.Web.HttpContext.Current.Session["FirstNameofUser"] = userDetails.FirstName; // System.Web.HttpContext.Current.Session["Username"] = userDetails.Username; // System.Web.HttpContext.Current.Session["UserRole"] = userDetails.Role; // userDetails.Login_Amount++; // db.SaveChanges(); // System.Diagnostics.Debug.WriteLine("Went to security questions."); // return Redirect("~/Account/SecurityQuestions"); // } // else // { // //The account is allowed // System.Web.HttpContext.Current.Session["UserID"] = userDetails.ID; // System.Web.HttpContext.Current.Session["FirstNameofUser"] = userDetails.FirstName; // System.Web.HttpContext.Current.Session["Username"] = userDetails.Username; // System.Web.HttpContext.Current.Session["UserRole"] = userDetails.Role; //UserRole is stored in session ID, helpful link https://code.msdn.microsoft.com/How-to-create-and-access-447ada98 // userDetails.Login_Attempts = 10; // userDetails.Login_Amount++; // db.SaveChanges(); // if (userDetails.Role == "Admin") // { // return Redirect("~/Admin/AdminIndex"); //takes user to admin page // //return View("~/Views/Admin/AdminIndex.cshtml"); //takes user to admin page // } // else if (userDetails.Role == "Manager") // { // return Redirect("~/Manager/ManagerIndex"); // } // else if (userDetails.Role == "Accountant") // { // return Redirect("~/Accountant/AccountantIndex"); //takes user to accountant page, probably should make this one go to a manager page // //return View("~/Views/Home/Index.cshtml"); //takes user to accountant page, probably should make this one go to a manager page // } // } //} catch (Exception exception) { Response.Write("<script language=javascript>alert('" + exception.Message + "'); window.location = 'Login';</script>"); } //return Redirect("~/Admin/AdminIndex"); //just a default page to end up at if neither option above was used, probably should make this an accountant return(new EmptyResult());//just a default page to end up at if neither option above was used, probably should make this an accountant }