// Login functions public static bool AttemptLogin(string userID, string password) { try { int entityID; string databaseLogin = DbUserPrefix + userID; if (HasSingleSignon(userID)) { changeDatabasePassword(userID, password); } // Changes only the back-end password, to set a new temp password for SSO or reset to the stored one for non-SSO ProjectTileSqlDatabase userPtDb = SqlServerConnection.UserPtDbConnection(databaseLogin, password); using (userPtDb) { Staff thisUser = userPtDb.Staff.First(s => s.UserID == userID); entityID = (int)thisUser.DefaultEntity; Entities currentEntity = userPtDb.Entities.Find(entityID); if (thisUser.FirstName != "") { if (!thisUser.Active) { MessageFunctions.InvalidMessage("User is not active. Please contact your system administrator.", "Inactive User"); } else if (thisUser.LeaveDate < DateTime.Now) { MessageFunctions.InvalidMessage("User has left. Please contact your system administrator.", "Not Current User"); } else if (thisUser.StartDate > DateTime.Now) { MessageFunctions.InvalidMessage("User has not yet started. Please contact your system administrator.", "Not Current User"); } else { LogIn(thisUser, currentEntity); } } return(true); } } catch (SqlException sqlException) { MessageFunctions.Error("Error accessing the database", sqlException); return(false); } catch (Exception generalException) { MessageFunctions.Error("Error logging in", generalException); return(false); } }
public static bool ChangeLoginDetails(int staffID, string userID, string newPassword, string confirmPassword) { bool passwordChange = (newPassword != ""); bool userIDChange = false; if (userID == "") { MessageFunctions.Error("UserID has not been passed to this function.", null); // UserID is required to check complexity so that userID cannot equal password return(false); } if (passwordChange && newPassword != confirmPassword) { MessageFunctions.InvalidMessage("New password does not match confirmation. Please check both fields and try again.", "Password Mismatch"); return(false); } else if (passwordChange && !PasswordComplexityOK(userID, newPassword)) { return(false); } else { try { // Log in as the administration user to allow the change to be made ProjectTileSqlDatabase defaultPtDb = SqlServerConnection.DefaultPtDbConnection(); using (defaultPtDb) { try { Staff thisUser = defaultPtDb.Staff.FirstOrDefault(s => s.ID == staffID); if (thisUser == null) { MessageFunctions.Error("Error amending login details in the database: user with ID " + staffID.ToString() + " not found.", null); return(false); } if (passwordChange) { thisUser.Passwd = newPassword; } if (thisUser.UserID == null || thisUser.UserID != userID) { Staff checkUserID = defaultPtDb.Staff.FirstOrDefault(s => s.UserID == userID && s.ID != staffID); if (checkUserID != null) { MessageFunctions.InvalidMessage("A different staff member with UserID '" + userID + "' already exists. Please try a different one.", "Duplicate UserID"); return(false); } userIDChange = true; thisUser.UserID = userID; } defaultPtDb.SaveChanges(); // Now amend any history records, to show that the user effectively made this change DateTime timeFrom = System.DateTime.Now.AddMinutes(-5); int[] auditEntryIDs = defaultPtDb.AuditEntries .Where(ae => ae.TableName == "Staff" && ae.ChangeTime >= timeFrom && ae.ActionType == "Updated" && ae.PrimaryValue == staffID.ToString() && ae.UserName.Substring(0, 5) != DbUserPrefix && ((passwordChange && ae.ChangeColumn == "PasswordHash") || (userIDChange && ae.ChangeColumn == "UserID")) ) .OrderByDescending(ae => ae.ChangeTime) .Select(ae => (int)ae.ID) .ToArray(); foreach (int entry in auditEntryIDs) { AuditEntries lastAuditEntry = defaultPtDb.AuditEntries.Find(entry); lastAuditEntry.UserName = DbUserPrefix + MyUserID; defaultPtDb.SaveChanges(); } if (staffID == MyStaffID) { string databaseLogin = DbUserPrefix + userID; ProjectTileSqlDatabase userPtDb = SqlServerConnection.UserPtDbConnection(databaseLogin, newPassword); // Log in again so that future database calls have the new password } return(true); } catch (SqlException sqlException) { MessageFunctions.Error("Error amending login details in the database", sqlException); return(false); } catch (Exception generalException) { MessageFunctions.Error("Error amending login details", generalException); return(false); } } } catch (SqlException sqlException) { MessageFunctions.Error("Error accessing the database", sqlException); return(false); } catch (Exception generalException) { MessageFunctions.Error("Error checking existing login", generalException); return(false); } } }