protected void registrationBtnClicked(object sender, EventArgs e)
{
string captcha = rg_captcha.Text;
rg_captcha.Text = "";
if (captcha != CaptchaAnswer.ToString())
{
rg_errorMsg.InnerText = "CAPTCHA answer is incorrect";
RegisterJSAlert(rg_errorMsg.InnerText);
return;
}
if (!helper.IsStringEmptyWhiteSpace(rg_password1.Text) && rg_password2.Text != rg_password1.Text)
{
rg_errorMsg.InnerText = "Password does not match confirm password";
RegisterJSAlert(rg_errorMsg.InnerText);
return;
}
try
{
UserData ud = websrv.GetUserInformationByUserID(UserToken, UserToken.userid);
if (!helper.IsStringEmptyWhiteSpace(rg_password1.Text))
{
CECMembershipProvider cecMp = (Membership.Providers["CECProvider"] as CECMembershipProvider);
cecMp.UserToken = UserToken;
if (cecMp.ValidatePasswordStrength(rg_password1.Text))
{
cecMp.ChangePassword(rg_password1.Text);
}
ud.password_expired = false;
ud.password_change_date = DateTime.Today;
if (ForPasswordReset)
{
ud.password_reset_required = false;
}
websrv.SetUserSecurityAttributes(UserToken, ud);
}
if (!helper.IsStringEmptyWhiteSpace(rg_displayName.Text) && ud.display_name != rg_displayName.Text)
{
ud.display_name = rg_displayName.Text;
}
if (!helper.IsStringEmptyWhiteSpace(rg_emailAddress.Text) && ud.email != rg_emailAddress.Text)
{
ud.email = rg_emailAddress.Text;
}
websrv.SetUserInformation(UserToken, ud);
CECWebSrv.AuditLog_AddActivity(UserToken.userid, "user profile information updated");
SendEmailConfirmation();
Response.Redirect("/input/bouncer.aspx", false);
}
catch (Exception ex)
{
if (ex is MembershipPasswordException)
{
rg_errorMsg.InnerText = ex.Message;
}
else
{
rg_errorMsg.InnerText = "User account was not saved";
}
#if (DEBUG || DEBUGDEV)
rg_errorMsg.InnerText += String.Format(" ({0})", ex.Message);
#endif
LogError(rg_errorMsg.InnerText, ex);
RegisterJSAlert(String.Format("ERROR: {0}", rg_errorMsg.InnerText));
}
}
private void loginBtnClick(object sender, EventArgs e)
{
SecurityToken token = new SecurityToken();
CECMembershipProvider prov = (Membership.Providers["CECProvider"] as CECMembershipProvider);
try
{
string validation_errors = string.Empty;
if (String.IsNullOrWhiteSpace(usernameIn.Value))
{
validation_errors += "<p>Username cannot be blank</p>";
}
if (String.IsNullOrWhiteSpace(passwordIn.Value))
{
validation_errors += "<p>Password cannot be blank</p>";
}
if (!String.IsNullOrEmpty(validation_errors))
{
throw new Exception(validation_errors);
}
if (prov.ValidateUser(usernameIn.Value, passwordIn.Value, out token))
{
string local_userfiles_path = MapPath(String.Format("/user_files/{0}", token.userid));
if (!Directory.Exists(local_userfiles_path))
{
Directory.CreateDirectory(local_userfiles_path);
}
using (cec_publicservice.CECInputFormService websrv = new CECInputFormService())
{
// verify/handle user account conditions
UserData ud = websrv.GetUserInformationByUserID(token, token.userid);
using (cec_publicservice.CECHarmPublicService pubsrv = new CECHarmPublicService())
{
if (ud.account_lockout)
{
pubsrv.AuditLog_AddActivity(ud.userid, "login attempted; failed due to lockout");
throw new AccountLockedOutException(ud.email, ud.account_lockout_date);
}
// user was successfully authenticated, so set the auth cookie
FormsAuthentication.SetAuthCookie(token.email, false);
Session["UserSecurityToken"] = token;
Response.SetCookie(new HttpCookie("sessionid", token.session));
Response.SetCookie(new HttpCookie("uid", token.userid.ToString()));
Response.SetCookie(new HttpCookie("edit_mode", ""));
pubsrv.AuditLog_AddActivity(ud.userid, "login");
}
if (ud.password_reset_required || ud.password_expired)
{
Page.Response.Redirect("/userinfo.aspx?resetPassword", false);
}
else
{
Page.Response.Redirect("/input/bouncer.aspx", false);
}
//FormsAuthentication.RedirectFromLoginPage(token.email, false);
}
}
else
{
throw new Exception("Unknown login failure");
}
}
catch (Exception ex)
{
string script = "<script type=\"text/javascript\"> $(function() { $('#invalidlogin_msg').html('" + ex.Message + "').show(); $('#login_dialog').modal('show'); }); </script>";
Page.ClientScript.RegisterStartupScript(this.GetType(), "login_errors", script);
}
}
protected void forgotPassword_SendBtnClicked(object sender, EventArgs e)
{
if (helper.IsStringEmptyWhiteSpace(fg_email.Text))
{
fg_errorMsg.InnerText = "Email address cannot be left blank";
RegisterJSAlert(fg_errorMsg.InnerText);
return;
}
else if (!helper.IsEmailAddress(fg_email.Text))
{
fg_errorMsg.InnerText = "Email address not in expected format";
RegisterJSAlert(fg_errorMsg.InnerText);
return;
}
try
{
UserData ud = ps.GetUserInformationByEmail(fg_email.Text);
CECMembershipProvider prov = (Membership.Providers["CECProvider"] as CECMembershipProvider);
string newPass = prov.ResetPassword(ud.email, string.Empty);
System.Collections.Specialized.NameValueCollection data =
new NameValueCollection();
data.Add("password", newPass);
data.Add("to", ud.email);
DataRow[] dr_users;
using (DataTable dt_users = ps.GetUsers(helper.CreateTemporaryToken(), "uid, username, email"))
{
dr_users = dt_users.Select(String.Format("email='{0}'", ud.email));
}
if (dr_users.Length > 1)
{
string additional_accounts = string.Empty;
foreach (DataRow dr in dr_users)
{
additional_accounts += String.Format("\t{0}\n", dr["username"]);
}
data.Add("additional_accounts", String.Format("<p>The following accounts were updated with the password above because they are associated with this email address:<pre>{0}</pre></p>", additional_accounts));
}
else
{
data.Add("additional_accounts", string.Empty);
}
ps.CreateEmailAndSend(helper.CreateTemporaryToken(), "lost_password", data);
CECWebSrv.AuditLog_AddActivity(ud.userid, "password reset; email sent");
fg_errorMsg.Attributes["class"] = "bg-success text-sucess";
fg_errorMsg.InnerText = "Email successfully sent";
//Response.Redirect("/select.aspx", false);
}
catch (Exception ex)
{
fg_errorMsg.InnerText = String.Format("Failed to email the password to {0}.", fg_email.Text);
LogError(fg_errorMsg.InnerText, ex);
}
}
