protected void registrationBtnClicked(object sender, EventArgs e) { string captcha = rg_captcha.Text; rg_captcha.Text = ""; if (captcha != CaptchaAnswer.ToString()) { rg_errorMsg.InnerText = "CAPTCHA answer is incorrect"; RegisterJSAlert(rg_errorMsg.InnerText); return; } if (!helper.IsStringEmptyWhiteSpace(rg_password1.Text) && rg_password2.Text != rg_password1.Text) { rg_errorMsg.InnerText = "Password does not match confirm password"; RegisterJSAlert(rg_errorMsg.InnerText); return; } try { UserData ud = websrv.GetUserInformationByUserID(UserToken, UserToken.userid); if (!helper.IsStringEmptyWhiteSpace(rg_password1.Text)) { CECMembershipProvider cecMp = (Membership.Providers["CECProvider"] as CECMembershipProvider); cecMp.UserToken = UserToken; if (cecMp.ValidatePasswordStrength(rg_password1.Text)) { cecMp.ChangePassword(rg_password1.Text); } ud.password_expired = false; ud.password_change_date = DateTime.Today; if (ForPasswordReset) { ud.password_reset_required = false; } websrv.SetUserSecurityAttributes(UserToken, ud); } if (!helper.IsStringEmptyWhiteSpace(rg_displayName.Text) && ud.display_name != rg_displayName.Text) { ud.display_name = rg_displayName.Text; } if (!helper.IsStringEmptyWhiteSpace(rg_emailAddress.Text) && ud.email != rg_emailAddress.Text) { ud.email = rg_emailAddress.Text; } websrv.SetUserInformation(UserToken, ud); CECWebSrv.AuditLog_AddActivity(UserToken.userid, "user profile information updated"); SendEmailConfirmation(); Response.Redirect("/input/bouncer.aspx", false); } catch (Exception ex) { if (ex is MembershipPasswordException) { rg_errorMsg.InnerText = ex.Message; } else { rg_errorMsg.InnerText = "User account was not saved"; } #if (DEBUG || DEBUGDEV) rg_errorMsg.InnerText += String.Format(" ({0})", ex.Message); #endif LogError(rg_errorMsg.InnerText, ex); RegisterJSAlert(String.Format("ERROR: {0}", rg_errorMsg.InnerText)); } }
private void loginBtnClick(object sender, EventArgs e) { SecurityToken token = new SecurityToken(); CECMembershipProvider prov = (Membership.Providers["CECProvider"] as CECMembershipProvider); try { string validation_errors = string.Empty; if (String.IsNullOrWhiteSpace(usernameIn.Value)) { validation_errors += "<p>Username cannot be blank</p>"; } if (String.IsNullOrWhiteSpace(passwordIn.Value)) { validation_errors += "<p>Password cannot be blank</p>"; } if (!String.IsNullOrEmpty(validation_errors)) { throw new Exception(validation_errors); } if (prov.ValidateUser(usernameIn.Value, passwordIn.Value, out token)) { string local_userfiles_path = MapPath(String.Format("/user_files/{0}", token.userid)); if (!Directory.Exists(local_userfiles_path)) { Directory.CreateDirectory(local_userfiles_path); } using (cec_publicservice.CECInputFormService websrv = new CECInputFormService()) { // verify/handle user account conditions UserData ud = websrv.GetUserInformationByUserID(token, token.userid); using (cec_publicservice.CECHarmPublicService pubsrv = new CECHarmPublicService()) { if (ud.account_lockout) { pubsrv.AuditLog_AddActivity(ud.userid, "login attempted; failed due to lockout"); throw new AccountLockedOutException(ud.email, ud.account_lockout_date); } // user was successfully authenticated, so set the auth cookie FormsAuthentication.SetAuthCookie(token.email, false); Session["UserSecurityToken"] = token; Response.SetCookie(new HttpCookie("sessionid", token.session)); Response.SetCookie(new HttpCookie("uid", token.userid.ToString())); Response.SetCookie(new HttpCookie("edit_mode", "")); pubsrv.AuditLog_AddActivity(ud.userid, "login"); } if (ud.password_reset_required || ud.password_expired) { Page.Response.Redirect("/userinfo.aspx?resetPassword", false); } else { Page.Response.Redirect("/input/bouncer.aspx", false); } //FormsAuthentication.RedirectFromLoginPage(token.email, false); } } else { throw new Exception("Unknown login failure"); } } catch (Exception ex) { string script = "<script type=\"text/javascript\"> $(function() { $('#invalidlogin_msg').html('" + ex.Message + "').show(); $('#login_dialog').modal('show'); }); </script>"; Page.ClientScript.RegisterStartupScript(this.GetType(), "login_errors", script); } }
protected void forgotPassword_SendBtnClicked(object sender, EventArgs e) { if (helper.IsStringEmptyWhiteSpace(fg_email.Text)) { fg_errorMsg.InnerText = "Email address cannot be left blank"; RegisterJSAlert(fg_errorMsg.InnerText); return; } else if (!helper.IsEmailAddress(fg_email.Text)) { fg_errorMsg.InnerText = "Email address not in expected format"; RegisterJSAlert(fg_errorMsg.InnerText); return; } try { UserData ud = ps.GetUserInformationByEmail(fg_email.Text); CECMembershipProvider prov = (Membership.Providers["CECProvider"] as CECMembershipProvider); string newPass = prov.ResetPassword(ud.email, string.Empty); System.Collections.Specialized.NameValueCollection data = new NameValueCollection(); data.Add("password", newPass); data.Add("to", ud.email); DataRow[] dr_users; using (DataTable dt_users = ps.GetUsers(helper.CreateTemporaryToken(), "uid, username, email")) { dr_users = dt_users.Select(String.Format("email='{0}'", ud.email)); } if (dr_users.Length > 1) { string additional_accounts = string.Empty; foreach (DataRow dr in dr_users) { additional_accounts += String.Format("\t{0}\n", dr["username"]); } data.Add("additional_accounts", String.Format("<p>The following accounts were updated with the password above because they are associated with this email address:<pre>{0}</pre></p>", additional_accounts)); } else { data.Add("additional_accounts", string.Empty); } ps.CreateEmailAndSend(helper.CreateTemporaryToken(), "lost_password", data); CECWebSrv.AuditLog_AddActivity(ud.userid, "password reset; email sent"); fg_errorMsg.Attributes["class"] = "bg-success text-sucess"; fg_errorMsg.InnerText = "Email successfully sent"; //Response.Redirect("/select.aspx", false); } catch (Exception ex) { fg_errorMsg.InnerText = String.Format("Failed to email the password to {0}.", fg_email.Text); LogError(fg_errorMsg.InnerText, ex); } }