private void butOK_Click(object sender, System.EventArgs e)
{
if (!IsInSecurityWindow &&
Userods.EncryptPassword(textCurrent.Text) != Security.CurUser.Password)
{
MsgBox.Show(this, "Current password incorrect.");
return;
}
if (PrefC.GetBool(PrefName.PasswordsMustBeStrong))
{
string explanation = Userods.IsPasswordStrong(textPassword.Text);
if (explanation != "")
{
MessageBox.Show(explanation);
return;
}
}
if (textPassword.Text == "")
{
hashedResult = "";
}
else
{
hashedResult = Userods.EncryptPassword(textPassword.Text);
}
//MessageBox.Show(hashedResult);
DialogResult = DialogResult.OK;
}
private void butOK_Click(object sender, System.EventArgs e)
{
if (_isPasswordReset)
{
if (textPassword.Text != textCurrent.Text || string.IsNullOrWhiteSpace(textPassword.Text))
{
MsgBox.Show(this, "Passwords much match and not be empty.");
return;
}
}
else if (!IsInSecurityWindow &&
Userods.HashPassword(textCurrent.Text) != Security.CurUser.Password)
{
MsgBox.Show(this, "Current password incorrect.");
return;
}
string explanation = Userods.IsPasswordStrong(textPassword.Text);
if (PrefC.GetBool(PrefName.PasswordsMustBeStrong))
{
if (explanation != "")
{
MessageBox.Show(explanation);
return;
}
}
//If the PasswordsMustBeStrong preference is off, still store whether or not the password is strong in case the preference is turned on later
PasswordIsStrong = string.IsNullOrEmpty(explanation);
if (textPassword.Text == "")
{
HashedResult = "";
}
else
{
HashedResult = Userods.HashPassword(textPassword.Text);
}
PasswordTyped = textPassword.Text; //update the stored typed password for middle tier refresh
//MessageBox.Show(hashedResult);
DialogResult = DialogResult.OK;
}
private void butOK_Click(object sender, System.EventArgs e)
{
if (_isPasswordReset)
{
if (textPassword.Text != textCurrent.Text || string.IsNullOrWhiteSpace(textPassword.Text))
{
MsgBox.Show(this, "Passwords must match and not be empty.");
return;
}
}
else if (!IsInSecurityWindow &&
!Authentication.CheckPassword(Security.CurUser, textCurrent.Text))
{
MsgBox.Show(this, "Current password incorrect.");
return;
}
string explanation = Userods.IsPasswordStrong(textPassword.Text);
if (PrefC.GetBool(PrefName.PasswordsMustBeStrong))
{
if (explanation != "")
{
MessageBox.Show(explanation);
return;
}
}
//If the PasswordsMustBeStrong preference is off, still store whether or not the password is strong in case the preference is turned on later
PasswordIsStrong = string.IsNullOrEmpty(explanation);
if (Programs.UsingEcwTightOrFullMode()) //Same check as FormLogOn
{
LoginDetails = Authentication.GenerateLoginDetails(textPassword.Text, HashTypes.MD5_ECW);
}
else
{
LoginDetails = Authentication.GenerateLoginDetailsSHA512(textPassword.Text);
}
PasswordTyped = textPassword.Text; //update the stored typed password for middle tier refresh
DialogResult = DialogResult.OK;
}
private void butOK_Click(object sender, System.EventArgs e)
{
bool usingEcw = Programs.UsingEcwTightOrFullMode();
Userod selectedUser = null;
if (PrefC.GetBool(PrefName.UserNameManualEntry))
{
for (int i = 0; i < listUser.Items.Count; i++)
{
//Check the user name typed in using ToLower and Trim because Open Dental is case insensitive and does not allow white-space in regards to user names.
if (textUser.Text.Trim().ToLower() == listUser.Items[i].ToString().Trim().ToLower())
{
selectedUser = (Userod)listUser.Items[i]; //Found the typed username
break;
}
}
if (selectedUser == null)
{
MsgBox.Show(this, "Login failed");
return;
}
}
else
{
selectedUser = (Userod)listUser.SelectedItem;
}
string password = textPassword.Text;
if (usingEcw) //ecw requires hash, but non-ecw requires actual password
{
password = Userods.HashPassword(password, true);
}
if (selectedUser.UserName == "Stay Open" && IsSimpleSwitch && PrefC.IsODHQ)
{
// No need to check password when changing task users at HQ to user "Stay Open".
}
else
{
try {
Userods.CheckUserAndPassword(selectedUser.UserName, password, usingEcw);
}
catch (Exception ex) {
MessageBox.Show(ex.Message);
return;
}
}
if (RemotingClient.RemotingRole == RemotingRole.ClientWeb && selectedUser.Password == "" && textPassword.Text == "")
{
MsgBox.Show(this, "When using the web service, not allowed to log in with no password. A password should be added for this user.");
return;
}
//successful login.
if (!IsSimpleSwitch)
{
Security.CurUser = selectedUser.Copy();
Security.IsUserLoggedIn = true;
//Jason approved always storing the cleartext password that the user typed in
//since this is necessary for Reporting Servers over middle tier and was already happening when a user logged in over middle tier.
Security.PasswordTyped = password;
if (PrefC.GetBool(PrefName.PasswordsMustBeStrong) && PrefC.GetBool(PrefName.PasswordsWeakChangeToStrong))
{
if (Userods.IsPasswordStrong(textPassword.Text) != "") //Password is not strong
{
MsgBox.Show(this, "You must change your password to a strong password due to the current Security settings.");
FormOpenDental FormOD = Application.OpenForms.OfType <FormOpenDental>().ToList()[0]; //There always should be exactly 1.
if (!FormOD.ChangePassword(true)) //Failed password update.
{
return;
}
}
}
}
else
{
CurUserSimpleSwitch = selectedUser.Copy();
}
if (!IsSimpleSwitch)
{
SecurityLogs.MakeLogEntry(Permissions.UserLogOnOff, 0, "User: "******" has logged on.");
}
Plugins.HookAddCode(this, "FormLogOn.butOK_Click_end");
DialogResult = DialogResult.OK;
}
private void butOK_Click(object sender, EventArgs e)
{
bool isEcw = Programs.UsingEcwTightOrFullMode();
string userName = "";
if (PrefC.GetBool(PrefName.UserNameManualEntry))
{
//Check the user name using ToLower and Trim because Open Dental is case insensitive and does not allow white-space in regards to user names.
userName = listUser.Items.Cast <string>().FirstOrDefault(x => x.Trim().ToLower() == textUser.Text.Trim().ToLower());
}
else
{
userName = listUser.SelectedItem?.ToString();
}
if (string.IsNullOrEmpty(userName))
{
MsgBox.Show(this, "Login failed");
return;
}
string passwordTyped = textPassword.Text;
if (RemotingClient.RemotingRole == RemotingRole.ClientWeb && string.IsNullOrEmpty(passwordTyped))
{
MsgBox.Show(this, "When using the web service, not allowed to log in with no password. A password should be added for this user.");
return;
}
Userod userCur = null;
if (isEcw) //ecw requires hash, but non-ecw requires actual password
{
passwordTyped = Authentication.HashPasswordMD5(passwordTyped, true);
}
if (userName == "Stay Open" && _isSimpleSwitch && PrefC.IsODHQ)
{
// No need to check password when changing task users at HQ to user "Stay Open".
userCur = Userods.GetUserByNameNoCache(userName);
}
else //Not HQ (most common scenario)
//Middle Tier sessions should not fire the CheckUserAndPasswordFailed exception code in FormLogOn.
//That event would cause a second login window to pop with strange behavior.
//Invoke the overload for CheckUserAndPassword that does not throw exceptions and give the user a generic error message if necessary.
{
if (RemotingClient.RemotingRole == RemotingRole.ClientWeb)
{
userCur = Userods.CheckUserAndPassword(userName, passwordTyped, isEcw, false);
if (userCur == null)
{
MsgBox.Show("Userods", "Invalid username, password, or the account has been locked due to failed log in attempts.");
return;
}
}
else //Directly connected to the database. This code will give a more accurate error message to the user when failing to log in.
{
try {
userCur = Userods.CheckUserAndPassword(userName, passwordTyped, isEcw);
}
catch (Exception ex) {
MessageBox.Show(ex.Message);
return;
}
}
}
//successful login.
if (_isSimpleSwitch)
{
CurUserSimpleSwitch = userCur;
}
else //Not a temporary login.
{
Security.CurUser = userCur; //Need to set for SecurityL.ChangePassword and calls.
if (PrefC.GetBool(PrefName.PasswordsMustBeStrong) && PrefC.GetBool(PrefName.PasswordsWeakChangeToStrong))
{
if (Userods.IsPasswordStrong(passwordTyped) != "") //Password is not strong
{
MsgBox.Show(this, "You must change your password to a strong password due to the current Security settings.");
if (!SecurityL.ChangePassword(true, _doRefreshSecurityCache))
{
return; //Failed password update.
}
_refreshSecurityCache = true; //Indicate to calling method that they should manually refresh the Security cache.
}
}
Security.IsUserLoggedIn = true;
//Jason approved always storing the cleartext password that the user typed in
//since this is necessary for Reporting Servers over middle tier and was already happening when a user logged in over middle tier.
Security.PasswordTyped = passwordTyped;
SecurityLogs.MakeLogEntry(Permissions.UserLogOnOff, 0, Lan.g(this, "User:"******" " + Security.CurUser.UserName + " " + Lan.g(this, "has logged on."));
UserOdPrefs.SetThemeForUserIfNeeded();
}
Plugins.HookAddCode(this, "FormLogOn.butOK_Click_end");
DialogResult = DialogResult.OK;
}
private void butLogin_Click(object sender, EventArgs e)
{
Userod userEntered;
string password;
try {
bool useEcwAlgorithm = Programs.UsingEcwTightOrFullMode();
//ecw requires hash, but non-ecw requires actual password
password = textPassword.Text;
if (useEcwAlgorithm)
{
//Userods.HashPassword explicitly goes over to middle tier in order to use it's MD5 algorithm.
//It doesn't matter what Security.CurUser is when it is null because we are technically trying to set it for the first time.
//It cannot be null before invoking HashPassword because middle needs it to NOT be null when creating the credentials for DtoGetString.
if (Security.CurUser == null)
{
Security.CurUser = new Userod();
}
password = Userods.HashPassword(password, true);
}
string username = textUser.Text;
#if DEBUG
if (username == "")
{
username = "******";
password = "******";
}
#endif
userEntered = Userods.CheckUserAndPassword(username, password, useEcwAlgorithm);
}
catch (Exception ex) {
MessageBox.Show(ex.Message);
return;
}
//successful login.
Security.CurUser = userEntered;
Security.PasswordTyped = password;
Security.IsUserLoggedIn = true;
RemotingClient.HasLoginFailed = false;
if (RemotingClient.RemotingRole == RemotingRole.ClientWeb &&
string.IsNullOrEmpty(userEntered.Password) &&
string.IsNullOrEmpty(textPassword.Text))
{
MsgBox.Show(this, "When using the web service, not allowed to log in with no password. A password should be added for this user.");
FormOpenDental FormOD = Application.OpenForms.OfType <FormOpenDental>().ToList()[0]; //There always should be exactly 1.
if (!FormOD.ChangePassword(true)) //Failed password update.
{
return;
}
}
if (PrefC.GetBool(PrefName.PasswordsMustBeStrong) &&
PrefC.GetBool(PrefName.PasswordsWeakChangeToStrong) &&
Userods.IsPasswordStrong(textPassword.Text) != "") //Password is not strong
{
MsgBox.Show(this, "You must change your password to a strong password due to the current Security settings.");
FormOpenDental FormOD = Application.OpenForms.OfType <FormOpenDental>().ToList()[0]; //There always should be exactly 1.
if (!FormOD.ChangePassword(true)) //Failed password update.
{
return;
}
}
SecurityLogs.MakeLogEntry(Permissions.UserLogOnOff, 0, "User: "******" has logged on.");
DialogResult = DialogResult.OK;
}