public static void InitializeSecurity(SRPUser u, int TID, string newPassword) {
var MTID = Core.Utilities.Tenant.GetMasterID();
u.TenID = TID;
u.MustResetPassword = true;
u.Insert();
var g = new SRPGroup();
g.GID = 0;
g.GroupName = "Superuser group";
g.GroupDescription = "All permissions enabled.";
g.TenID = TID;
g.Insert();
var PermissionID_LIST = "1000,2000,2100,2200,3000,4000,4100,4200,4300,4400,4500,4600,4700,4800,4900,5000,5100,5200,5300,8000";
SRPGroup.UpdatePermissions(g.GID, PermissionID_LIST, ((SRPUser)HttpContext.Current.Session[SessionData.UserProfile.ToString()]).Username);
SRPGroup.UpdateMemberUsers(g.GID, u.Uid.ToString(), ((SRPUser)HttpContext.Current.Session[SessionData.UserProfile.ToString()]).Username);
var Message = "Summer Reading Program - Your account has been created";
// TODO security - this should not email the password in cleartext
string baseUrl = WebTools.GetBaseUrl(HttpContext.Current.Request);
var EmailBody =
"<h1>Dear " + u.FirstName + ",</h1><br><br>Your account has been created and has full administrative access to your organization's reading rogram. <br>This is your current account information. Please make sure you reset your password as soon as you are able to log back in.<br><br>" +
"Username: "******"<br>Password: "******"<br><br>If you have any questions regarding your account please contact " + SRPSettings.GetSettingValue("ContactName") +
" at " + SRPSettings.GetSettingValue("ContactEmail") + "." +
"<br><br><br><a href='" + baseUrl + "'>" + baseUrl + "</a> <br> ";
new EmailService().SendEmail(u.EmailAddress, Message, EmailBody);
}
protected void uvButton_Click(object sender, EventArgs e) {
SRPUser user = new SRPUser((int)((SRPUser)Session[SessionData.UserProfile.ToString()]).Uid);
var valid = SRPUser.VerifyPassword(user.Username, uxCPass.Text);
if(!valid) {
MasterPage.PageError = String.Format(SRPResources.ApplicationError1, "Your current password is invalid.");
return;
}
user.LastPasswordReset = DateTime.Now;
user.MustResetPassword = false;
user.NewPassword = uxPassword.Text;
try {
user.ClearErrorCodes();
if(user.Update()) {
Session[SessionData.UserProfile.ToString()] = user;
MasterPage.PageMessage = String.Format("Password has been changed.");
} else {
string message = String.Format(SRPResources.ApplicationError1, "<ul>");
foreach(BusinessRulesValidationMessage m in user.ErrorCodes) {
message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage);
}
message = string.Format("{0}</ul>", message);
MasterPage.PageError = message;
}
} catch(Exception ex) {
MasterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message);
}
}
protected void Page_Load(object sender, EventArgs e)
{
MasterPage.IsSecure = true;
MasterPage.PageTitle = "User Login History";
lblUID.Text = Session["UID"] == null ? "" : Session["UID"].ToString(); //Session["UID"]= string.Empty;
if (lblUID.Text == "") Response.Redirect("~/ControlRoom/");
if (!IsPostBack)
{
//lblUID.Text = Request["UID"].ToString();
var user = new SRPUser(int.Parse(lblUID.Text));
lblUsername.Text = user.Username;
lblName.Text = user.FirstName + " " + user.LastName;
lblUsername.Visible = lblName.Visible = true;
}
ControlRoomAccessPermission.CheckControlRoomAccessPermission(1000); // User Security;
if (!IsPostBack)
{
List<RibbonPanel> moduleRibbonPanels = StandardModuleRibbons.SecurityRibbon();
foreach (var moduleRibbonPanel in moduleRibbonPanels)
{
MasterPage.PageRibbon.Add(moduleRibbonPanel);
}
MasterPage.PageRibbon.DataBind();
}
_mStrSortExp = String.Empty;
if (!IsPostBack)
{
_mStrSortExp = String.Empty;
}
else
{
if (null != ViewState["_SortExp_"])
{
_mStrSortExp = ViewState["_SortExp_"] as String;
}
if (null != ViewState["_Direction_"])
{
_mSortDirection = (SortDirection)ViewState["_Direction_"];
}
}
if (!IsPostBack)
{
LoadData();
}
}
protected void DvItemCommand(object sender, DetailsViewCommandEventArgs e)
{
string returnURL = "~/ControlRoom/Modules/Tenant/TenantList.aspx";
if (e.CommandName.ToLower() == "back")
{
Response.Redirect(returnURL);
}
if (e.CommandName.ToLower() == "refresh")
{
try
{
odsData.DataBind();
dv.DataBind();
dv.ChangeMode(DetailsViewMode.Edit);
var masterPage = (IControlRoomMaster)Master;
if (masterPage != null) masterPage.PageMessage = SRPResources.RefreshOK;
}
catch (Exception ex)
{
var masterPage = (IControlRoomMaster)Master;
masterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message);
}
}
if (e.CommandName.ToLower() == "add" || e.CommandName.ToLower() == "addandback")
{
try
{
var obj = new Core.Utilities.Tenant();
obj.Name = ((TextBox)((DetailsView)sender).FindControl("Name")).Text;
obj.LandingName = ((TextBox)((DetailsView)sender).FindControl("LandingName")).Text;
obj.AdminName = ((TextBox)((DetailsView)sender).FindControl("AdminName")).Text;
obj.isActiveFlag = ((CheckBox)((DetailsView)sender).FindControl("isActiveFlag")).Checked;
obj.isMasterFlag = ((CheckBox)((DetailsView)sender).FindControl("isMasterFlag")).Checked;
obj.Description = ((HtmlTextArea)((DetailsView)sender).FindControl("Description")).InnerHtml;
obj.DomainName = ((TextBox)((DetailsView)sender).FindControl("DomainName")).Text;
try
{
obj.showNotifications = ((CheckBox)((DetailsView)sender).FindControl("showNotifications")).Checked;
obj.showOffers = ((CheckBox)((DetailsView)sender).FindControl("showOffers")).Checked;
obj.showBadges = ((CheckBox)((DetailsView)sender).FindControl("showBadges")).Checked;
obj.showEvents = ((CheckBox)((DetailsView)sender).FindControl("showEvents")).Checked;
obj.NotificationsMenuText = ((TextBox)((DetailsView)sender).FindControl("NotificationsMenuText")).Text;
obj.OffersMenuText = ((TextBox)((DetailsView)sender).FindControl("OffersMenuText")).Text;
obj.BadgesMenuText = ((TextBox)((DetailsView)sender).FindControl("BadgesMenuText")).Text;
obj.EventsMenuText = ((TextBox)((DetailsView)sender).FindControl("EventsMenuText")).Text;
obj.FldInt1 = ((TextBox)((DetailsView)sender).FindControl("FldInt1")).Text.SafeToInt();
}
catch (Exception exc) {
this.Log().Error("Error parsing new tenant information: {0}", exc.Message);
}
/*
obj.FldInt2 = ((TextBox)((DetailsView)sender).FindControl("FldInt2")).Text.SafeToInt();
obj.FldInt3 = ((TextBox)((DetailsView)sender).FindControl("FldInt3")).Text.SafeToInt();
obj.FldBit1 = ((CheckBox)((DetailsView)sender).FindControl("FldBit1")).Checked;
obj.FldBit2 = ((CheckBox)((DetailsView)sender).FindControl("FldBit2")).Checked;
obj.FldBit3 = ((CheckBox)((DetailsView)sender).FindControl("FldBit3")).Checked;
obj.FldText1 = ((HtmlTextArea)((DetailsView)sender).FindControl("FldText1")).Text;
obj.FldText2 = ((HtmlTextArea)((DetailsView)sender).FindControl("FldText2")).Text;
obj.FldText3 = ((HtmlTextArea)((DetailsView)sender).FindControl("FldText3")).Text;
*/
// TODO security - don't give all new tenants the same password
string newPassword = "******";
obj.AddedDate = DateTime.Now;
obj.AddedUser = ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username; //"N/A"; // Get from session
obj.LastModDate = obj.AddedDate;
obj.LastModUser = obj.AddedUser;
var sysadmin = new SRPUser();
sysadmin.Username = ((TextBox)((DetailsView)sender).FindControl("sysadmin")).Text;
sysadmin.NewPassword = newPassword;
sysadmin.FirstName = ((TextBox)((DetailsView)sender).FindControl("fname")).Text;
sysadmin.LastName = ((TextBox)((DetailsView)sender).FindControl("lname")).Text;
sysadmin.EmailAddress = ((TextBox)((DetailsView)sender).FindControl("email")).Text;
sysadmin.Division = ((TextBox)((DetailsView)sender).FindControl("Name")).Text;
sysadmin.Department = sysadmin.Title= string.Empty;
sysadmin.AddedDate = DateTime.Now;
sysadmin.AddedUser = ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username; //"N/A"; // Get from session
sysadmin.LastModDate = sysadmin.AddedDate;
sysadmin.LastModUser = sysadmin.AddedUser;
sysadmin.IsActive = true;
if (sysadmin.IsValid(BusinessRulesValidationMode.INSERT))
{
if (obj.IsValid(BusinessRulesValidationMode.INSERT))
{
obj.Insert();
var TID = obj.TenID;
TenantInitialize.InitializeSecurity(sysadmin, TID, newPassword);
TenantInitialize.InitializeData(TID);
if (e.CommandName.ToLower() == "addandback")
{
Response.Redirect(returnURL);
}
lblPK.Text = obj.TenID.ToString();
odsData.DataBind();
dv.DataBind();
dv.ChangeMode(DetailsViewMode.Edit);
var masterPage = (IControlRoomMaster)Master;
masterPage.PageMessage = SRPResources.AddedOK;
}
else
{
var masterPage = (IControlRoomMaster)Master;
string message = String.Format(SRPResources.ApplicationError1, "<ul>");
foreach (BusinessRulesValidationMessage m in obj.ErrorCodes)
{
message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage);
}
message = string.Format("{0}</ul>", message);
masterPage.PageError = message;
}
}
else
{
var masterPage = (IControlRoomMaster)Master;
string message = String.Format(SRPResources.ApplicationError1, "<ul>");
foreach (BusinessRulesValidationMessage m in sysadmin.ErrorCodes)
{
message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage);
}
message = string.Format("{0}</ul>", message);
masterPage.PageError = message;
}
}
catch (Exception ex)
{
var masterPage = (IControlRoomMaster)Master;
masterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message);
this.Log().Error("Error adding tenant: {0}", ex.Message);
}
}
if (e.CommandName.ToLower() == "save" || e.CommandName.ToLower() == "saveandback")
{
try
{
var obj = new GRA.SRP.Core.Utilities.Tenant();
int pk = int.Parse(lblPK.Text);
obj.Fetch(pk);
obj.Name = ((TextBox)((DetailsView)sender).FindControl("Name")).Text;
obj.LandingName = ((TextBox)((DetailsView)sender).FindControl("LandingName")).Text;
obj.AdminName = ((TextBox)((DetailsView)sender).FindControl("AdminName")).Text;
obj.isActiveFlag = ((CheckBox)((DetailsView)sender).FindControl("isActiveFlag")).Checked;
obj.isMasterFlag = ((CheckBox)((DetailsView)sender).FindControl("isMasterFlag")).Checked;
obj.Description = ((HtmlTextArea)((DetailsView)sender).FindControl("Description")).InnerHtml;
obj.DomainName = ((TextBox)((DetailsView)sender).FindControl("DomainName")).Text;
try
{
obj.showNotifications = ((CheckBox)((DetailsView)sender).FindControl("showNotifications")).Checked;
obj.showOffers = ((CheckBox)((DetailsView)sender).FindControl("showOffers")).Checked;
obj.showBadges = ((CheckBox)((DetailsView)sender).FindControl("showBadges")).Checked;
obj.showEvents = ((CheckBox)((DetailsView)sender).FindControl("showEvents")).Checked;
obj.NotificationsMenuText = ((TextBox)((DetailsView)sender).FindControl("NotificationsMenuText")).Text;
obj.OffersMenuText = ((TextBox)((DetailsView)sender).FindControl("OffersMenuText")).Text;
obj.BadgesMenuText = ((TextBox)((DetailsView)sender).FindControl("BadgesMenuText")).Text;
obj.EventsMenuText = ((TextBox)((DetailsView)sender).FindControl("EventsMenuText")).Text;
obj.FldInt1 = ((TextBox)((DetailsView)sender).FindControl("FldInt1")).Text.SafeToInt();
}
catch(Exception exc) {
this.Log().Error("Error in tenant save: {0}", exc.Message);
}
/*
obj.FldInt2 = ((TextBox)((DetailsView)sender).FindControl("FldInt2")).Text.SafeToInt();
obj.FldInt3 = ((TextBox)((DetailsView)sender).FindControl("FldInt3")).Text.SafeToInt();
obj.FldBit1 = ((CheckBox)((DetailsView)sender).FindControl("FldBit1")).Checked;
obj.FldBit2 = ((CheckBox)((DetailsView)sender).FindControl("FldBit2")).Checked;
obj.FldBit3 = ((CheckBox)((DetailsView)sender).FindControl("FldBit3")).Checked;
obj.FldText1 = ((HtmlTextArea)((DetailsView)sender).FindControl("FldText1")).Text;
obj.FldText2 = ((HtmlTextArea)((DetailsView)sender).FindControl("FldText2")).Text;
obj.FldText3 = ((HtmlTextArea)((DetailsView)sender).FindControl("FldText3")).Text;
*/
obj.LastModDate = DateTime.Now;
obj.LastModUser = ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username; //"N/A"; // Get from session
if (obj.IsValid(BusinessRulesValidationMode.UPDATE))
{
obj.Update();
if (e.CommandName.ToLower() == "saveandback")
{
Response.Redirect(returnURL);
}
odsData.DataBind();
dv.DataBind();
dv.ChangeMode(DetailsViewMode.Edit);
var masterPage = (IControlRoomMaster)Master;
masterPage.PageMessage = SRPResources.SaveOK;
}
else
{
var masterPage = (IControlRoomMaster)Master;
string message = String.Format(SRPResources.ApplicationError1, "<ul>");
foreach (BusinessRulesValidationMessage m in obj.ErrorCodes)
{
message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage);
}
message = string.Format("{0}</ul>", message);
masterPage.PageError = message;
}
}
catch (Exception ex)
{
var masterPage = (IControlRoomMaster)Master;
masterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message);
}
}
}
protected void GvRowCommand(object sender, GridViewCommandEventArgs e) {
string editpage = "~/ControlRoom/Modules/Security/UserAddEdit.aspx";
if(e.CommandName.ToLower() == "addrecord") {
Session["UID"]= string.Empty;
Response.Redirect(editpage);
}
if(e.CommandName.ToLower() == "editrecord") {
int key = Convert.ToInt32(e.CommandArgument);
Session["UID"] = key;
Response.Redirect(editpage);
//Response.Redirect(String.Format("{0}?PK={1}", editpage, key));
}
if(e.CommandName.ToLower() == "audituser") {
int key = Convert.ToInt32(e.CommandArgument);
Session["UID"] = key;
Response.Redirect("~/ControlRoom/Modules/Security/UserAudit.aspx");
//Response.Redirect(String.Format("{0}?UID={1}", "~/ControlRoom/Modules/Security/UserAudit.aspx", key));
}
if(e.CommandName.ToLower() == "loginhistory") {
int key = Convert.ToInt32(e.CommandArgument);
Session["UID"] = key;
Response.Redirect("~/ControlRoom/Modules/Security/LoginHistory.aspx");
//Response.Redirect(String.Format("{0}?UID={1}", "~/ControlRoom/Modules/Security/LoginHistory.aspx", key));
}
if(e.CommandName.ToLower() == "deleterecord") {
int key = Convert.ToInt32(e.CommandArgument);
try {
var obj = new SRPUser(key);
if(obj.IsValid(BusinessRulesValidationMode.DELETE)) {
SRPUser.Delete(key);
LoadData();
var masterPage = (IControlRoomMaster)Master;
if(masterPage != null)
masterPage.PageMessage = SRPResources.DeleteOK;
} else {
var masterPage = (IControlRoomMaster)Master;
string message = String.Format(SRPResources.ApplicationError1, "<ul>");
foreach(BusinessRulesValidationMessage m in obj.ErrorCodes) {
message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage);
}
message = string.Format("{0}</ul>", message);
if(masterPage != null)
masterPage.PageError = message;
}
} catch(Exception ex) {
var masterPage = (IControlRoomMaster)Master;
if(masterPage != null)
masterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message);
}
}
}
protected void DvItemCommand(object sender, DetailsViewCommandEventArgs e) {
string returnURL = "~/ControlRoom/Modules/Security/Default.aspx";
if(e.CommandName.ToLower() == "back") {
Response.Redirect(returnURL);
}
if(e.CommandName.ToLower() == "refresh") {
try {
odsSRPUser.DataBind();
dv.DataBind();
dv.ChangeMode(DetailsViewMode.Edit);
MasterPage.PageMessage = SRPResources.RefreshOK;
} catch(Exception ex) {
MasterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message);
}
}
if(e.CommandName.ToLower() == "add" || e.CommandName.ToLower() == "addandback") {
try {
SRPUser obj = new SRPUser();
obj.Username = ((TextBox)((DetailsView)sender).FindControl("Username")).Text;
obj.NewPassword = ((TextBox)((DetailsView)sender).FindControl("Password")).Text;
obj.FirstName = ((TextBox)((DetailsView)sender).FindControl("FirstName")).Text;
obj.LastName = ((TextBox)((DetailsView)sender).FindControl("LastName")).Text;
obj.EmailAddress = ((TextBox)((DetailsView)sender).FindControl("EmailAddress")).Text;
obj.Division = ((TextBox)((DetailsView)sender).FindControl("Division")).Text;
obj.Department = ((TextBox)((DetailsView)sender).FindControl("Department")).Text;
obj.Title = ((TextBox)((DetailsView)sender).FindControl("Title")).Text;
//((TextBox)((DetailsView)sender).FindControl("Password")).Attributes["value"] = obj.Password;
obj.IsActive = true;
obj.MustResetPassword = true;
obj.IsDeleted = false;
obj.AddedDate = DateTime.Now;
obj.AddedUser = ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username; //"N/A"; // Get from session
obj.LastModDate = obj.AddedDate;
obj.LastModUser = obj.AddedUser;
obj.TenID = (int)CRTenantID;
if(obj.IsValid(BusinessRulesValidationMode.INSERT)) {
obj.Insert();
if(e.CommandName.ToLower() == "addandback") {
Response.Redirect(returnURL);
}
lblUID.Text = obj.Uid.ToString();
odsSRPUser.DataBind();
dv.DataBind();
dv.ChangeMode(DetailsViewMode.Edit);
MasterPage.PageMessage = SRPResources.AddedOK;
} else {
string message = String.Format(SRPResources.ApplicationError1, "<ul>");
foreach(BusinessRulesValidationMessage m in obj.ErrorCodes) {
message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage);
}
message = string.Format("{0}</ul>", message);
MasterPage.PageError = message;
}
} catch(Exception ex) {
MasterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message);
}
}
if(e.CommandName.ToLower() == "save" || e.CommandName.ToLower() == "saveandback") {
try {
int pk = int.Parse(((DetailsView)sender).Rows[0].Cells[1].Text);
SRPUser obj = new SRPUser(pk);
obj.Username = ((TextBox)((DetailsView)sender).FindControl("Username")).Text;
obj.FirstName = ((TextBox)((DetailsView)sender).FindControl("FirstName")).Text;
obj.LastName = ((TextBox)((DetailsView)sender).FindControl("LastName")).Text;
obj.EmailAddress = ((TextBox)((DetailsView)sender).FindControl("EmailAddress")).Text;
obj.Division = ((TextBox)((DetailsView)sender).FindControl("Division")).Text;
obj.Department = ((TextBox)((DetailsView)sender).FindControl("Department")).Text;
obj.Title = ((TextBox)((DetailsView)sender).FindControl("Title")).Text;
obj.IsActive = ((CheckBox)((DetailsView)sender).FindControl("IsActive")).Checked;
obj.MustResetPassword = ((CheckBox)((DetailsView)sender).FindControl("MustResetPassword")).Checked;
//((TextBox)((DetailsView)sender).FindControl("Password")).Attributes.Add("value", obj.Password);
//obj.IsDeleted = ((TextBox)((DetailsView)sender).FindControl("IsDeleted")).Text;
//obj.LastPasswordReset = ((TextBox)((DetailsView)sender).FindControl("LastPasswordReset")).Text;
//obj.DeletedDate = ((TextBox)((DetailsView)sender).FindControl("DeletedDate")).Text;
//obj.LastModDate = ((TextBox)((DetailsView)sender).FindControl("LastModDate")).Text;
//obj.LastModUser = ((TextBox)((DetailsView)sender).FindControl("LastModUser")).Text;
//obj.AddedDate = ((TextBox)((DetailsView)sender).FindControl("AddedDate")).Text;
//obj.AddedUser = ((TextBox)((DetailsView)sender).FindControl("AddedUser")).Text;
obj.LastModDate = DateTime.Now;
obj.LastModUser = ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username; //"N/A"; // Get from session
if(obj.IsValid(BusinessRulesValidationMode.UPDATE)) {
obj.Update();
SaveGroups((DetailsView)sender, obj);
//SavePermissions((DetailsView)sender, obj);
//SaveFolders((DetailsView)sender, obj);
if(e.CommandName.ToLower() == "saveandback") {
Response.Redirect(returnURL);
}
odsSRPUser.DataBind();
dv.DataBind();
dv.ChangeMode(DetailsViewMode.Edit);
MasterPage.PageMessage = SRPResources.SaveOK;
} else {
string message = String.Format(SRPResources.ApplicationError1, "<ul>");
foreach(BusinessRulesValidationMessage m in obj.ErrorCodes) {
message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage);
}
message = string.Format("{0}</ul>", message);
MasterPage.PageError = message;
}
} catch(Exception ex) {
MasterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message);
}
}
if(e.CommandName.ToLower() == "loginhistory") {
int key = Convert.ToInt32(lblUID.Text);
Session["UID"] = key;
Response.Redirect("~/ControlRoom/Modules/Security/LoginHistory.aspx");
//Response.Redirect(String.Format("{0}?UID={1}", "~/ControlRoom/Modules/Security/LoginHistory.aspx", key));
}
//if (e.CommandName.ToLower() == "audituser")
//{
// int key = Convert.ToInt32(lblUID.Text);
// Response.Redirect(String.Format("{0}?UID={1}", "~/ControlRoom/Modules/Security/UserAudit.aspx", key));
//}
}
protected void SavePermissions(DetailsView dv, SRPUser obj) {
GridView gv = (GridView)dv.FindControl("gvUserPermissions");
string groupPermissions= string.Empty;
foreach(GridViewRow row in gv.Rows) {
if(((CheckBox)row.FindControl("isChecked")).Checked) {
groupPermissions = string.Format("{0},{1}", groupPermissions, ((Label)row.FindControl("PermissionID")).Text);
}
}
if(groupPermissions.Length > 0)
groupPermissions = groupPermissions.Substring(1, groupPermissions.Length - 1);
SRPUser.UpdatePermissions((int)obj.Uid, groupPermissions, ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username);
}
protected void SaveGroups(DetailsView dv, SRPUser obj) {
GridView gv = (GridView)dv.FindControl("gvUserGroups");
string memberGroups= string.Empty;
foreach(GridViewRow row in gv.Rows) {
if(((CheckBox)row.FindControl("isMember")).Checked) {
memberGroups = string.Format("{0},{1}", memberGroups, ((Label)row.FindControl("GID")).Text);
}
}
if(memberGroups.Length > 0)
memberGroups = memberGroups.Substring(1, memberGroups.Length - 1);
SRPUser.UpdateMemberGroups((int)obj.Uid, memberGroups, ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username);
}
protected void Button1_Click(object sender, EventArgs e) {
string userId = new SRPUser().GetUsernameByEmail(uxEmailaddress.Text);
string remoteAddress = Request.UserHostAddress;
if(string.IsNullOrEmpty(userId)) {
// user requested a password for an email address that is not in the database
// if account doesn't exist, send an email saying so
var values = new {
SystemName = SRPSettings.GetSettingValue("SysName", 1),
ControlRoomLink = string.Format("{0}{1}",
BaseUrl,
"/ControlRoom/LoginRecovery.aspx"),
ContactName = SRPSettings.GetSettingValue("ContactName", 1),
ContactEmail = SRPSettings.GetSettingValue("ContactEmail", 1),
RemoteAddress = remoteAddress,
UserEmail = uxEmailaddress.Text,
PasswordResetSubject = SRPResources.PasswordEmailSubject
};
this.Log().Info("User at {0} requested password reset for nonexistent email {1}",
values.RemoteAddress,
values.UserEmail);
// TODO email - move this template out to the database
StringBuilder body = new StringBuilder();
body.Append("<p>A password reset request was received by {SystemName} for your ");
body.Append("address. Unfortunately no account could be found associated with ");
body.Append("this email address.</p>");
body.Append("<p>If you initiated this request, feel free to ");
body.Append("<a href=\"{ControlRoomLink}\">try requesting the password</a> ");
body.Append("for any other email address you might have used.</p>");
body.Append("<p>If you have any comments or questions, please contact ");
body.Append("{ContactName} at <a href=\"mailto:{ContactEmail}\">{ContactEmail}");
body.Append("</a>.</p>");
body.Append("<p style=\"font-size: smaller;\"><em>This password request was ");
body.Append("submitted from: {RemoteAddress}.</em></p>");
new EmailService().SendEmail(uxEmailaddress.Text,
"{SystemName} - {PasswordResetSubject}".FormatWith(values),
body.ToString().FormatWith(values));
} else {
SRPUser lookupUser = SRPUser.FetchByUsername(userId);
string passwordResetToken = lookupUser.GeneratePasswordResetToken();
if(string.IsNullOrEmpty(passwordResetToken)) {
lblMessage.Text = "Unable to initiate password reset process.";
return;
}
var values = new {
SystemName = SRPSettings.GetSettingValue("SysName", lookupUser.TenID),
PasswordResetLink = string.Format("{0}{1}?token={2}",
BaseUrl,
"/ControlRoom/PasswordRecovery.aspx",
passwordResetToken),
ContactName = SRPSettings.GetSettingValue("ContactName", lookupUser.TenID),
ContactEmail = SRPSettings.GetSettingValue("ContactEmail", lookupUser.TenID),
RemoteAddress = remoteAddress,
UserEmail = uxEmailaddress.Text,
PasswordResetSubject = SRPResources.PasswordEmailSubject,
};
this.Log().Info("User at {0} requested password reset for email {1}",
values.RemoteAddress,
values.UserEmail);
// TODO email - move this template out to the database
StringBuilder body = new StringBuilder();
body.Append("<p>A password reset request was received by {SystemName} for your ");
body.Append("address.</p>");
body.Append("<p>Please <a href=\"{PasswordResetLink}\">click here</a> ");
body.Append("to create a new password for your account.</p>");
body.Append("<p>If you did not initiate this request, take no action and your ");
body.Append("password will not be changed.</p>");
body.Append("<p>If you have any comments or questions, please contact ");
body.Append("{ContactName} at <a href=\"mailto:{ContactEmail}\">{ContactEmail}");
body.Append("</a>.</p>");
body.Append("<p style=\"font-size: smaller;\"><em>This password request was ");
body.Append("submitted from: {RemoteAddress}.</em></p>");
new EmailService().SendEmail(uxEmailaddress.Text,
"{SystemName} - {PasswordResetSubject}".FormatWith(values),
body.ToString().FormatWith(values));
}
lblMessage.Text = "Processing your password reset request, you should receive an email soon.";
}
protected override void OnPreLoad(EventArgs e)
{
MasterPage = (IControlRoomMaster)Master;
if(MasterPage != null)
MasterPage.IsSecure = true;
SRPUser = (SRPUser)Session[SessionData.UserProfile.ToString()];
//UserPermissions = (List<SRPPermission>)Session[SessionData.PermissionList.ToString()];
UserPermissionList = (string)Session[SessionData.StringPermissionList.ToString()];
base.OnPreLoad(e);
}
public static List<SRPUser> FetchAll(bool forCurrentTenantOnly = true) {
var arrParams = new SqlParameter[1];
if(forCurrentTenantOnly) {
arrParams[0] = new SqlParameter("@TenID",
(HttpContext.Current.Session["TenantID"] == null || HttpContext.Current.Session["TenantID"].ToString() == "" ?
-1 :
(int)HttpContext.Current.Session["TenantID"])
);
} else {
arrParams[0] = new SqlParameter("@TenID", DBNull.Value);
}
var reader = SqlHelper.ExecuteReader(conn, CommandType.StoredProcedure, "cbspSRPUser_GetAll", arrParams);
List<SRPUser> retValue = new List<SRPUser>();
while(reader.Read()) {
SRPUser aUser = new SRPUser();
aUser.Uid = (int)reader["UID"];
aUser.Username = (string)reader["Username"];
aUser.FirstName = (string)reader["FirstName"];
aUser.LastName = (string)reader["LastName"];
aUser.EmailAddress = (string)reader["EmailAddress"];
aUser.Division = (string)reader["Division"];
aUser.Department = (string)reader["Department"];
aUser.Title = (string)reader["Title"];
aUser.IsActive = (bool)reader["IsActive"];
aUser.MustResetPassword = (bool)reader["MustResetPassword"];
aUser.IsDeleted = (bool)reader["IsDeleted"];
aUser.LastPasswordReset = reader.IsDBNull(reader.GetOrdinal("LastPasswordReset"))
? null
: (DateTime?)reader["LastPasswordReset"];
aUser.DeletedDate = reader.IsDBNull(reader.GetOrdinal("DeletedDate"))
? null
: (DateTime?)reader["DeletedDate"];
aUser.LastModDate = reader.IsDBNull(reader.GetOrdinal("LastModDate"))
? null
: (DateTime?)reader["LastModDate"];
aUser.AddedDate = reader.IsDBNull(reader.GetOrdinal("AddedDate"))
? null
: (DateTime?)reader["AddedDate"];
aUser.LastModUser = (string)reader["LastModUser"];
aUser.AddedUser = (string)reader["AddedUser"];
aUser.TenID = (int)reader["TenID"];
aUser.FldInt1 = (int)reader["FldInt1"];
aUser.FldInt2 = (int)reader["FldInt2"];
aUser.FldInt3 = (int)reader["FldInt3"];
aUser.FldBit1 = (bool)reader["FldBit1"];
aUser.FldBit2 = (bool)reader["FldBit2"];
aUser.FldBit3 = (bool)reader["FldBit3"];
aUser.FldText1 = reader["FldText1"].ToString();
aUser.FldText2 = reader["FldText2"].ToString();
aUser.FldText3 = reader["FldText3"].ToString();
retValue.Add(aUser);
}
return retValue;
}
public static SRPUser GetFromReader(SqlDataReader reader) {
SRPUser returnVal = null;
if(reader.Read()) {
returnVal = new SRPUser();
returnVal.Uid = (int)reader["UID"];
returnVal.Username = reader["Username"].ToString();
returnVal.FirstName = reader["FirstName"].ToString();
returnVal.LastName = reader["LastName"].ToString();
returnVal.EmailAddress = reader["EmailAddress"].ToString();
returnVal.Division = reader["Division"].ToString();
returnVal.Department = reader["Department"].ToString();
returnVal.Title = reader["Title"].ToString();
returnVal.IsActive = (bool)reader["IsActive"];
returnVal.MustResetPassword = (bool)reader["MustResetPassword"];
returnVal.IsDeleted = (bool)reader["IsDeleted"];
returnVal.LastPasswordReset = reader.IsDBNull(reader.GetOrdinal("LastPasswordReset")) ? null : (DateTime?)reader["LastPasswordReset"];
returnVal.DeletedDate = reader.IsDBNull(reader.GetOrdinal("DeletedDate")) ? null : (DateTime?)reader["DeletedDate"];
returnVal.LastModDate = reader.IsDBNull(reader.GetOrdinal("LastModDate")) ? null : (DateTime?)reader["LastModDate"];
returnVal.AddedDate = reader.IsDBNull(reader.GetOrdinal("AddedDate")) ? null : (DateTime?)reader["AddedDate"];
returnVal.LastModUser = reader["LastModUser"].ToString();
returnVal.AddedUser = reader["AddedUser"].ToString();
returnVal.TenID = (int)reader["TenID"];
returnVal.FldInt1 = (int)reader["FldInt1"];
returnVal.FldInt2 = (int)reader["FldInt2"];
returnVal.FldInt3 = (int)reader["FldInt3"];
returnVal.FldBit1 = (bool)reader["FldBit1"];
returnVal.FldBit2 = (bool)reader["FldBit2"];
returnVal.FldBit3 = (bool)reader["FldBit3"];
returnVal.FldText1 = reader["FldText1"].ToString();
returnVal.FldText2 = reader["FldText2"].ToString();
returnVal.FldText3 = reader["FldText3"].ToString();
}
reader.Close();
return returnVal;
}
public void OnAuthenticate(object sender, AuthenticateEventArgs e)
{
if (Page.IsValid)
{
SRPUser user = new SRPUser();
bool auth = SRPUser.Login(uxLogin.UserName,
uxLogin.Password, Session.SessionID,
Request.UserHostAddress == "::1" ? "127.0.0.1" : Request.UserHostAddress,
Request.UserHostName == "::1" ? "localhost" : Request.UserHostName,
Request.Browser.Browser + " - v" + Request.Browser.MajorVersion + Request.Browser.MinorVersionString);
if (!auth)
{
uxMessageBox.Visible = true;
FailureText.Text = SRPResources.BadUserPass;
//Account Inactive
//
e.Authenticated = false;
}
else {
e.Authenticated = true;
}
if (e.Authenticated)
{
// handle remember me
if (uxLogin.RememberMeSet == true)
{
var rememberMe = new HttpCookie("ControlRoomUsername", uxLogin.UserName);
rememberMe.Expires = DateTime.Now.AddDays(14);
Response.Cookies.Set(rememberMe);
}
else {
var rememberMe = new HttpCookie("ControlRoomUsername", string.Empty);
rememberMe.Expires = DateTime.Now.AddDays(-1);
Response.Cookies.Set(rememberMe);
}
// Put User Profile into Session.
// Put Security roles into session
// = ConfigurationManager.AppSettings["ApplicationName"];
user = SRPUser.FetchByUsername(uxLogin.UserName);
Session[SessionData.IsLoggedIn.ToString()] = true;
Session[SessionData.UserProfile.ToString()] = user;
List<SRPPermission> perms = user.EffectiveUserPermissions();
//Session[SessionData.PermissionList.ToString()] = perms;
string permList = string.Empty;
foreach (SRPPermission perm in perms)
permList += String.Format("#{0}", perm.Permission);
Session[SessionData.StringPermissionList.ToString()] = permList;
Session["TenantID"] = user.TenID;
Session[CRSessionKey.TenantID] = user.TenID;
var tenant = Tenant.FetchObject(user.TenID);
Session[CRSessionKey.IsMaster] = tenant.isMasterFlag;
if (user.MustResetPassword)
{
this.Log().Info("Redirecting {0} to mandatory password reset.",
user.Username);
Response.Redirect("~/ControlRoom/PasswordReset.aspx");
}
//List<CMSFolder> folders = user.EffectiveUserFolders();
//Session[SessionData.FoldersList.ToString()] = folders;
//string foldersList= string.Empty;
//foreach (CMSFolder folder in folders)
// foldersList += string.Format("#{0}", folder.Folder);
//Session[SessionData.StringFoldersList.ToString()] = foldersList;
////// to do - make sure these are in the settings module/ complete the settings module
////string[] HideFolders = new string[] { ".svn", "CVS", "app_data", "properties", "bin", "obj", "controls", "core", "controlroom", "app_themes" };
////CMSSettings.SetSetting("HideFolders", HideFolders, ",");
////string[] HideFiles = new string[] { ".*" };
////CMSSettings.SetSetting("HideFiles", HideFiles, ",");
////string[] AllowedExtensions = new string[] { };
////CMSSettings.SetSetting("AllowedExtensions", AllowedExtensions, ",");
////string[] DeniedExtensions = new string[] { };
////CMSSettings.SetSetting("DeniedExtensions", DeniedExtensions, ",");
////// end to do
FormsAuthentication.RedirectFromLoginPage(uxLogin.UserName, false);
}
}
else {
uxMessageBox.Visible = true;
}
}
protected void DvItemCommand(object sender, DetailsViewCommandEventArgs e)
{
string returnURL = "~/ControlRoom/";
if (e.CommandName.ToLower() == "back")
{
Response.Redirect(returnURL);
}
if (e.CommandName.ToLower() == "password")
{
Response.Redirect("~/ControlRoom/Modules/PortalUser/PasswordReset.aspx");
}
if (e.CommandName.ToLower() == "refresh")
{
try
{
odsCMSUser.DataBind();
dv.DataBind();
dv.ChangeMode(DetailsViewMode.Edit);
//ICMSMasterPage masterPage = (ICMSMasterPage)Master;
//masterPage.
PageMessage = SRPResources.RefreshOK;
}
catch (Exception ex)
{
//ICMSMasterPage masterPage = (ICMSMasterPage)Master;
//masterPage.
PageError = String.Format(SRPResources.ApplicationError1, ex.Message);
}
}
if (e.CommandName.ToLower() == "save" || e.CommandName.ToLower() == "saveandback")
{
try
{
SRPUser updateSrpUser = new SRPUser();
int pk = (int)SRPUser.Uid;
updateSrpUser = SRPUser.Fetch(pk);
updateSrpUser.FirstName = ((TextBox)((DetailsView)sender).FindControl("FirstName")).Text;
updateSrpUser.LastName = ((TextBox)((DetailsView)sender).FindControl("Lastname")).Text;
updateSrpUser.LastName = ((TextBox)((DetailsView)sender).FindControl("Lastname")).Text;
updateSrpUser.EmailAddress = ((TextBox)((DetailsView)sender).FindControl("Emailaddress")).Text;
updateSrpUser.Title = ((TextBox)((DetailsView)sender).FindControl("Title")).Text;
updateSrpUser.Department = ((TextBox)((DetailsView)sender).FindControl("Department")).Text;
updateSrpUser.Division = ((TextBox)((DetailsView)sender).FindControl("Division")).Text;
updateSrpUser.LastModDate = DateTime.Now;
updateSrpUser.LastModUser = "******"; // Get from session
string signature = ((TextBox)((DetailsView)sender).FindControl("MailSignature")).Text;
if(!string.IsNullOrWhiteSpace(signature.Trim()))
{
updateSrpUser.MailSignature = signature.Trim();
}
if (updateSrpUser.IsValid(BusinessRulesValidationMode.UPDATE))
{
updateSrpUser.Update();
SRPUser = updateSrpUser;
Session[SessionData.UserProfile.ToString()] = updateSrpUser;
if (e.CommandName.ToLower() == "saveandback")
{
Response.Redirect(returnURL);
}
odsCMSUser.DataBind();
dv.DataBind();
dv.ChangeMode(DetailsViewMode.Edit);
//ICMSMasterPage masterPage = (ICMSMasterPage)Master;
//masterPage.
PageMessage = SRPResources.SaveOK;
}
else
{
//ICMSMasterPage masterPage = (ICMSMasterPage)Master;
string message = String.Format(SRPResources.ApplicationError1, "<ul>");
foreach (BusinessRulesValidationMessage m in updateSrpUser.ErrorCodes)
{
message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage);
}
message = string.Format("{0}</ul>", message);
//masterPage.
PageError = message;
}
}
catch (Exception ex)
{
//ICMSMasterPage masterPage = (ICMSMasterPage)Master;
//masterPage.
PageError = String.Format(SRPResources.ApplicationError1, ex.Message);
}
}
}
