public ActionResult SaveProfile(List <ProfileFieldInfo> FieldInfo, string TimeZoneID)
{
System.Threading.Thread.Sleep(1000);
RequestResultModel _model = new RequestResultModel();
_model.InfoType = RequestResultInfoType.ErrorOrDanger;
_model.Message = "";
// Check mandatory fields
foreach (ProfileFieldInfo Field in FieldInfo)
{
ProfileField profileField = ProfileFields.GetBy(int.Parse(Field.ID));
if (profileField.IsMandatory == 1 && (Field.Value == null || Field.Value.Trim().Length == 0))
{
_model.Message += String.Format("<li>{0}</li>", String.Format(GetLabel("Account.CreateAccount.Mandatory"), profileField.FieldName));
}
if (profileField.IsMandatory == 1 && profileField.FieldTypeID == ProfileFieldTypeEnum.CheckBox && Field.Value != null && Field.Value.ToLower() == "false")
{
_model.Message += String.Format("<li>{0}</li>", String.Format(GetLabel("Account.CreateAccount.Mandatory"), profileField.FieldName));
}
}
if (_model.Message.Length > 0)
{
_model.Message = String.Format("<ul class=\"error-message-list\">{0}</ul>", _model.Message);
return(Json(new
{
Status = RequestResultInfoType.ErrorOrDanger,
NotifyType = NotifyType.DialogInline,
Message = HttpUtility.HtmlDecode(this.RenderPartialView(@"_RequestResultPageInLine", _model))
}, JsonRequestBehavior.AllowGet));
}
if (Profile.Member.TimeZoneID != TimeZoneID)
{
AuditEvent.AppEventInfo(AppSession.Profile.Member.Email, String.Format("Member updated time zone to: \"{0}\" ", Profile.Member.TimeZoneID));
}
Profile.Member.TimeZoneID = TimeZoneID;
Profile.Member.UpdateTimeZone();
String FieldValues = "";
List <MemberProfileField> memberProfileFields = MemberProfileFields.GetByMember(Profile.Member.MemberID);
foreach (ProfileFieldInfo Field in FieldInfo)
{
String Value = Field.Value != null?Field.Value.Trim() : Field.Value;
ProfileField profileField = ProfileFields.GetBy(int.Parse(Field.ID));
MemberProfileField memberProfileField = MemberProfileFields.GetField(memberProfileFields, int.Parse(Field.ID));
if (profileField.Encrypted == 1 && memberProfileField.FieldValue != null && memberProfileField.FieldValue.Length > 0)
{
memberProfileField.FieldValue = Encryptor.DecryptStringAES(memberProfileField.FieldValue, AppSession.EncryptionKey);
}
if (Value != memberProfileField.FieldValue)
{
FieldValues += String.Format("<b>Name</b>: {0} <b>Before:</b> \"{1}\" <b>Now:</b> \"{2}\"<br/>", profileField.FieldName, memberProfileField.FieldValue, Value);
}
memberProfileField.MemberID = Profile.Member.MemberID;
memberProfileField.FieldID = int.Parse(Field.ID);
memberProfileField.FieldValue = Value;
if (profileField.Encrypted == 1 && memberProfileField.FieldValue != null && memberProfileField.FieldValue.Length > 0)
{
memberProfileField.FieldValue = Encryptor.EncryptStringAES(memberProfileField.FieldValue, AppSession.EncryptionKey);
}
memberProfileField.Save();
}
memberProfileFields = MemberProfileFields.GetByMember(Profile.Member.MemberID);
List <MemberFieldNameValue> MemberFieldNameValues = new List <MemberFieldNameValue>();
foreach (MemberProfileField memberField in memberProfileFields)
{
MemberFieldNameValues.Add(new MemberFieldNameValue {
Name = memberField.ProfileFieldID.ToString(), Value = memberField.FieldValue, Type = (int)ProfileFields.GetBy(memberField.FieldID).FieldTypeID
});
}
_model.Message = "Your profile has been updated successfully.";
_model.InfoType = RequestResultInfoType.Success;
AuditEvent.AppEventInfo(AppSession.Profile.Member.Email, String.Format("Profile of \"{0}\" {1} member has been updated successfully.", AppSession.Profile.Member.Name, AppSession.Profile.Member.Email), AuditEvent.GetSessionDetails(FieldValues));
return(Json(new
{
Status = RequestResultInfoType.Success,
NotifyType = NotifyType.DialogInline,
Message = HttpUtility.HtmlDecode(this.RenderPartialView(@"_RequestResultPageInLine", _model)),
MemberFields = MemberFieldNameValues,
TimeZoneID = Profile.Member.TimeZoneID != null && Profile.Member.TimeZoneID.Length > 0 ? Profile.Member.TimeZoneID : ""
}, JsonRequestBehavior.AllowGet));
}
public bool Authenticate(ref String Email, String Password)
{
bool LDAPAuthSuccess = false;
bool IsClassicAuth = AppSession.Parameters.LDAPUseOnly.Value == "false";
bool IsLDAPAuth = AppSession.Parameters.LDAPEnabled.Value == "true";
//LDAP Auth
if (AppSession.Parameters.LDAPEnabled.Value == "true" && Email.IndexOf("@" + AppSession.Parameters.LDAPDomain.Value) > 0)
{
LDAPTools ldapTools = new LDAPTools();
ldapTools.UserName = Email;
ldapTools.Password = Password;
ldapTools.DirectoryPath = AppSession.Parameters.LDAPPath.Value;
if (ldapTools.Authenticate())
{
LDAPAuthSuccess = true;
string memberName = ldapTools.MemberInfo.DisplayName;
string memberAllGroups = ldapTools.GetGroups();
///////////////////////////////////////////////////////////////////////////////////////////////////////////
// The member email will be changed because the first part of e-mail can be different with user network id.
///////////////////////////////////////////////////////////////////////////////////////////////////////////
Email = ldapTools.MemberInfo.Email;
Member memberNew = Members.GetByEmail(Email);
if (memberNew.MemberID <= 0)
{
memberNew.Name = memberName;
memberNew.Email = Email;
memberNew.Password = StringTool.RandomString(80);
memberNew.IsBuiltIn = false;
memberNew.Created = DateTime.UtcNow;
memberNew.Save();
string Message = String.Format("LDAP member added: {0} {1}", memberName, Email);
AuditEvent.AppEventInfo(AppSession.Parameters.GeneralAdminEmail.Value, Message, null, true);
// Add signin/sign up domain.
Domain _domain = Domains.GetByName(AppSession.SignUpDomain);
if (_domain.DomainID > 0)
{
MemberDomain _memberDomain = new MemberDomain();
_memberDomain.DomainID = _domain.DomainID;
_memberDomain.MemberID = memberNew.MemberID;
_memberDomain.Save();
}
// Create LDAP settings roles
if (AppSession.Parameters.LDAPAddToRoles.Value != null && AppSession.Parameters.LDAPAddToRoles.Value.Length > 0)
{
string[] memberRoles = AppSession.Parameters.LDAPAddToRoles.Value.Split(new string[] { ";" }, StringSplitOptions.RemoveEmptyEntries);
foreach (string memberRole in memberRoles)
{
Web.Admin.Logic.Objects.Role _role = Web.Admin.Logic.Collections.Roles.GetBy(memberRole);
if (_role.RoleID > 0)
{
MemberRole _memberRole = new MemberRole();
_memberRole.MemberID = memberNew.MemberID;
_memberRole.RoleID = _role.RoleID;
_memberRole.Save();
}
}
}
}
// Create LDAP specific roles
if (memberAllGroups != null && memberAllGroups.Length > 0 && AppSession.Parameters.LDAPAddRoleGroup.Value == "true")
{
string[] memberGroups = memberAllGroups.Split(new string[] { "|" }, StringSplitOptions.RemoveEmptyEntries);
foreach (string memberGroup in memberGroups)
{
Web.Admin.Logic.Objects.Role _role = Web.Admin.Logic.Collections.Roles.GetBy(memberGroup);
if (_role.RoleID <= 0)
{
_role.Name = memberGroup;
_role.Settings = "LDAP role reflection. Keep key word: [LDAP-Auto-Role] to be synchronized.";
_role.BackColor = "6bbb54";
_role.ForeColor = "ffffff";
_role.Save();
string Message = String.Format("LDAP role added: {0}", _role.Name);
AuditEvent.AppEventInfo(AppSession.Parameters.GeneralAdminEmail.Value, Message, null, true);
}
;
if (_role.RoleID > 0)
{
MemberRole _memberRole = new MemberRole();
_memberRole.MemberID = memberNew.MemberID;
_memberRole.RoleID = _role.RoleID;
_memberRole.Save();
}
}
}
// Synchronize members roles with LDAP [LDAP-Auto-Role] key words.
List <Role> _roles = Web.Admin.Logic.Collections.Roles.GetByMemberKeyWordInDescription(memberNew.MemberID, "[LDAP-Auto-Role]");
string[] _groups = memberAllGroups.Split(new string[] { "|" }, StringSplitOptions.RemoveEmptyEntries);
foreach (Web.Admin.Logic.Objects.Role _role in _roles)
{
if (_groups != null && _groups.Length > 0)
{
if (_groups.Where(t => t.Trim().ToLower() == _role.Name.Trim().ToLower()).FirstOrDefault() == default(String))
{
Web.Admin.Logic.Objects.Role removeRoleFromUser = Web.Admin.Logic.Collections.Roles.GetBy(_role.Name);
MemberRole _memberRole = new MemberRole();
_memberRole.MemberID = memberNew.MemberID;
_memberRole.RoleID = removeRoleFromUser.RoleID;
_memberRole.Delete();
}
}
else
{
MemberRole _memberRole = new MemberRole();
_memberRole.MemberID = memberNew.MemberID;
_memberRole.RoleID = _role.RoleID;
_memberRole.Delete();
}
}
}
}
//Classic Auth
Member member = Members.GetByEmail(Email);
if (member.MemberID > 0)
{
if ((IsLDAPAuth && LDAPAuthSuccess) ||
(IsClassicAuth && Member.ComputePasswordHash(Password) == member.Password)
)
{
MemberAttempt Attempt = MemberAttempts.GetTodayLoginPasswordFail(member.MemberID);
if (Attempt.AttemptID > 0)
{
Attempt.IsAttemptValid = 0;
Attempt.Save();
}
// Add signin/sign up domain.
Domain _domain = Domains.GetByName(AppSession.SignUpDomain);
if (_domain.DomainID > 0)
{
MemberDomain _memberDomain = new MemberDomain();
_memberDomain.DomainID = _domain.DomainID;
_memberDomain.MemberID = member.MemberID;
_memberDomain.Save();
}
member.UpdateLoginTime();
return(true);
}
else
{
MemberAttempt Attempt = MemberAttempts.GetTodayLoginPasswordFail(member.MemberID);
if (Attempt.MemberID <= 0)
{
Attempt.MemberID = member.MemberID;
Attempt.AttemptType = MemberAttemptTypes.LoginPasswordFailed;
Attempt.IsAttemptValid = 1;
}
if (Attempt.Attempts > 0)
{
Attempt.Attempts++;
}
else
{
Attempt.Attempts = 1;
}
Attempt.Save();
if (AppSession.Parameters.RulesPasswordFailedRoles.Value != null && AppSession.Parameters.RulesPasswordFailedRoles.Value.Length > 0 && !AppSession.IsMemberInAdminRole)
{
Parameter Param = AppSession.Parameters.RulesPasswordFailedAttempts;
long value = -1;
bool result = long.TryParse(Param.Value, out value);
if (result && value > 0 && Attempt.Attempts >= value)
{
string[] RoleNames = AppSession.Parameters.RulesPasswordFailedRoles.Value.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries);
foreach (String RoleName in RoleNames)
{
Role role = Web.Admin.Logic.Collections.Roles.GetBy(RoleName);
if (role.RoleID > 0)
{
MemberRole memberrole = new MemberRole();
memberrole.MemberID = member.MemberID;
memberrole.RoleID = role.RoleID;
memberrole.Save();
}
}
}
}
return(false);
}
}
else
{
return(false);
}
}