private void butOK_Click(object sender, EventArgs e) { bool isEcw = Programs.UsingEcwTightOrFullMode(); string userName = ""; if (PrefC.GetBool(PrefName.UserNameManualEntry)) { //Check the user name using ToLower and Trim because Open Dental is case insensitive and does not allow white-space in regards to user names. userName = listUser.Items.Cast <string>().FirstOrDefault(x => x.Trim().ToLower() == textUser.Text.Trim().ToLower()); } else { userName = listUser.SelectedItem?.ToString(); } if (string.IsNullOrEmpty(userName)) { MsgBox.Show(this, "Login failed"); return; } string passwordTyped = textPassword.Text; if (RemotingClient.RemotingRole == RemotingRole.ClientWeb && string.IsNullOrEmpty(passwordTyped)) { MsgBox.Show(this, "When using the web service, not allowed to log in with no password. A password should be added for this user."); return; } Userod userCur = null; if (isEcw) //ecw requires hash, but non-ecw requires actual password { passwordTyped = Authentication.HashPasswordMD5(passwordTyped, true); } if (userName == "Stay Open" && _isSimpleSwitch && PrefC.IsODHQ) { // No need to check password when changing task users at HQ to user "Stay Open". userCur = Userods.GetUserByNameNoCache(userName); } else //Not HQ (most common scenario) //Middle Tier sessions should not fire the CheckUserAndPasswordFailed exception code in FormLogOn. //That event would cause a second login window to pop with strange behavior. //Invoke the overload for CheckUserAndPassword that does not throw exceptions and give the user a generic error message if necessary. { if (RemotingClient.RemotingRole == RemotingRole.ClientWeb) { userCur = Userods.CheckUserAndPassword(userName, passwordTyped, isEcw, false); if (userCur == null) { MsgBox.Show("Userods", "Invalid username, password, or the account has been locked due to failed log in attempts."); return; } } else //Directly connected to the database. This code will give a more accurate error message to the user when failing to log in. { try { userCur = Userods.CheckUserAndPassword(userName, passwordTyped, isEcw); } catch (Exception ex) { MessageBox.Show(ex.Message); return; } } } //successful login. if (_isSimpleSwitch) { CurUserSimpleSwitch = userCur; } else //Not a temporary login. { Security.CurUser = userCur; //Need to set for SecurityL.ChangePassword and calls. if (PrefC.GetBool(PrefName.PasswordsMustBeStrong) && PrefC.GetBool(PrefName.PasswordsWeakChangeToStrong)) { if (Userods.IsPasswordStrong(passwordTyped) != "") //Password is not strong { MsgBox.Show(this, "You must change your password to a strong password due to the current Security settings."); if (!SecurityL.ChangePassword(true, _doRefreshSecurityCache)) { return; //Failed password update. } _refreshSecurityCache = true; //Indicate to calling method that they should manually refresh the Security cache. } } Security.IsUserLoggedIn = true; //Jason approved always storing the cleartext password that the user typed in //since this is necessary for Reporting Servers over middle tier and was already happening when a user logged in over middle tier. Security.PasswordTyped = passwordTyped; SecurityLogs.MakeLogEntry(Permissions.UserLogOnOff, 0, Lan.g(this, "User:"******" " + Security.CurUser.UserName + " " + Lan.g(this, "has logged on.")); UserOdPrefs.SetThemeForUserIfNeeded(); } Plugins.HookAddCode(this, "FormLogOn.butOK_Click_end"); DialogResult = DialogResult.OK; }