//=============================================================== // Function: VerifyLogin //=============================================================== public loginResults VerifyLogin(string emailAddress, string testPassword, Boolean passwordIsEncrypted, Boolean recordInLoginHistory, string source) { loginResults returnValue = loginResults.loginFailed; DbConnection conn = new SqlConnection(GlobalSettings.connectionString); try { conn.Open(); // Get contact info DbCommand cmd = conn.CreateCommand(); cmd.CommandType = CommandType.StoredProcedure; cmd.CommandText = "spVerifyUserLogin"; DbParameter param = cmd.CreateParameter(); param.ParameterName = "@EmailAddress"; param.Value = emailAddress.Trim(); cmd.Parameters.Add(param); DbDataReader rdr = cmd.ExecuteReader(); if (rdr.HasRows == false) { // Update the DB with a failed login attempt (email address not recognised) UpdateLoginHistory(-1, "U", source); // Unknown user returnValue = loginResults.loginFailed; } else { // Email address exists, now check the password is OK int userID; Boolean loginEnabled = false; string userPassword = ""; int failedLoginCount = 0; DateTime passwordExpiryDate = DateTime.MinValue; rdr.Read(); userID = (int)rdr["UserID"]; if (!rdr.IsDBNull(rdr.GetOrdinal("LoginEnabled"))) { loginEnabled = (Boolean)rdr["LoginEnabled"]; } if (!rdr.IsDBNull(rdr.GetOrdinal("UserPassword"))) { userPassword = (string)rdr["UserPassword"]; } if (!rdr.IsDBNull(rdr.GetOrdinal("FailedLoginCount"))) { failedLoginCount = (int)rdr["FailedLoginCount"]; } if (!rdr.IsDBNull(rdr.GetOrdinal("PasswordExpiryDate"))) { passwordExpiryDate = (DateTime)rdr["PasswordExpiryDate"]; } rdr.Close(); if (DateTime.Compare(passwordExpiryDate, DateTime.Now) > 0) { // Update the DB with a failed login attempt (password expired) if (recordInLoginHistory == true) { UpdateLoginHistory(userID, "E", source); // Password expired } returnValue = loginResults.passwordExpired; m_userID = userID; ReadUserDetails(); } PasswordEncrypt pe = new PasswordEncrypt(); string encryptedTestPassword = ""; if (passwordIsEncrypted == false) { encryptedTestPassword = pe.EncryptPassword(testPassword); } else { encryptedTestPassword = testPassword; } if ((userPassword != encryptedTestPassword) || (loginEnabled == false)) { // Update the DB with a failed login attempt (invalid password) UpdateLoginHistory(userID, "P", source); // Invalid Password if (loginEnabled == false) { returnValue = loginResults.loginNotActivated; } else { returnValue = loginResults.loginFailed; } } else { // Update the DB with a successful login attempt if (recordInLoginHistory == true) { UpdateLoginHistory(userID, "S", source); // Success } returnValue = loginResults.loginSuccess; m_userID = userID; ReadUserDetails(); } } } catch (Exception ex) { ErrorLog errorLog = new ErrorLog(); errorLog.WriteLog("SedogoUser", "VerifyLogin", ex.Message, logMessageLevel.errorMessage); throw ex; } finally { conn.Close(); } return returnValue; }
//=============================================================== // Function: VerifyPassword //=============================================================== public Boolean VerifyPassword(string testPassword) { Boolean returnStatus = false; DbConnection conn = new SqlConnection(GlobalSettings.connectionString); try { conn.Open(); DbCommand cmd = conn.CreateCommand(); cmd.CommandType = CommandType.StoredProcedure; cmd.CommandText = "spSelectUserPassword"; DbParameter param = cmd.CreateParameter(); param.ParameterName = "@UserID"; param.Value = m_userID; cmd.Parameters.Add(param); DbDataReader rdr = cmd.ExecuteReader(); if (rdr.HasRows != false) { string userPassword; rdr.Read(); userPassword = (string)rdr["UserPassword"]; rdr.Close(); PasswordEncrypt pe = new PasswordEncrypt(); string encryptedTestPassword = pe.EncryptPassword(testPassword); // note that passwords are case sensitive if (userPassword == encryptedTestPassword) { returnStatus = true; } } } catch (Exception ex) { ErrorLog errorLog = new ErrorLog(); errorLog.WriteLog("SedogoUser", "VerifyPassword", ex.Message, logMessageLevel.errorMessage); throw ex; } finally { conn.Close(); } return returnStatus; }
//=============================================================== // Function: UpdatePassword //=============================================================== public void UpdatePassword(string newPassword) { PasswordEncrypt pe = new PasswordEncrypt(); string encryptedPassword = pe.EncryptPassword(newPassword); SqlConnection conn = new SqlConnection(GlobalSettings.connectionString); try { conn.Open(); // Update users password SqlCommand cmd = new SqlCommand("spUpdateUserPassword", conn); cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.Add("@UserID", SqlDbType.Int).Value = m_userID; cmd.Parameters.Add("@UserPassword", SqlDbType.NVarChar, 50).Value = encryptedPassword; cmd.Parameters.Add("@LastUpdatedDate", SqlDbType.DateTime).Value = DateTime.Now; cmd.Parameters.Add("@LastUpdatedByFullName", SqlDbType.NVarChar, 200).Value = m_loggedInUser; cmd.ExecuteNonQuery(); } catch (Exception ex) { ErrorLog errorLog = new ErrorLog(); errorLog.WriteLog("SedogoUser", "UpdatePassword", ex.Message, logMessageLevel.errorMessage); throw ex; } finally { conn.Close(); } }