예제 #1
0
        public RESTStatus ChangeMyPassword(SQLLib sql, ChangePassword chgpw, NetworkConnectionInfo ni)
        {
            if (ni.HasAcl(ACLFlags.ComputerLogin) == true)
            {
                ni.Error   = "Access denied";
                ni.ErrorID = ErrorFlags.AccessDenied;
                return(RESTStatus.Denied);
            }

            ni.Error = "";

            if (ni.IsLDAP == true)
            {
                ni.Error   = "Password is LDAP";
                ni.ErrorID = ErrorFlags.IsLDAP;
                return(RESTStatus.Fail);
            }

            string PWMD5REQ = Convert.ToBase64String(Encoding.Unicode.GetBytes(chgpw.OldPassword));

            if (MeetPasswordPolicy(chgpw.NewPassword) == false)
            {
                ni.Error   = "Password policy not met";
                ni.ErrorID = ErrorFlags.PWPolicyNotMet;
                return(RESTStatus.Fail);
            }
            int Count = Convert.ToInt32(sql.ExecSQLScalar("SELECT Count(*) FROM Users WHERE Username=@u AND Password=@p",
                                                          new SQLParam("@u", ni.Username),
                                                          new SQLParam("@p", PWMD5REQ)));

            if (Count < 1)
            {
                ni.Error   = "Invalid old password";
                ni.ErrorID = ErrorFlags.InvalidPassword;
                return(RESTStatus.Fail);
            }
            string PWMD5New = Convert.ToBase64String(Encoding.Unicode.GetBytes(chgpw.NewPassword));

            sql.ExecSQLNQ("UPDATE Users SET Password=@pw, MustChangePassword=0 WHERE Username=@u",
                          new SQLParam("@u", ni.Username),
                          new SQLParam("@pw", PWMD5New));
            ni.MustChangePassword = false;

            return(RESTStatus.NoContent);
        }