public RESTStatus ChangeMyPassword(SQLLib sql, ChangePassword chgpw, NetworkConnectionInfo ni)
{
if (ni.HasAcl(ACLFlags.ComputerLogin) == true)
{
ni.Error = "Access denied";
ni.ErrorID = ErrorFlags.AccessDenied;
return(RESTStatus.Denied);
}
ni.Error = "";
if (ni.IsLDAP == true)
{
ni.Error = "Password is LDAP";
ni.ErrorID = ErrorFlags.IsLDAP;
return(RESTStatus.Fail);
}
string PWMD5REQ = Convert.ToBase64String(Encoding.Unicode.GetBytes(chgpw.OldPassword));
if (MeetPasswordPolicy(chgpw.NewPassword) == false)
{
ni.Error = "Password policy not met";
ni.ErrorID = ErrorFlags.PWPolicyNotMet;
return(RESTStatus.Fail);
}
int Count = Convert.ToInt32(sql.ExecSQLScalar("SELECT Count(*) FROM Users WHERE Username=@u AND Password=@p",
new SQLParam("@u", ni.Username),
new SQLParam("@p", PWMD5REQ)));
if (Count < 1)
{
ni.Error = "Invalid old password";
ni.ErrorID = ErrorFlags.InvalidPassword;
return(RESTStatus.Fail);
}
string PWMD5New = Convert.ToBase64String(Encoding.Unicode.GetBytes(chgpw.NewPassword));
sql.ExecSQLNQ("UPDATE Users SET Password=@pw, MustChangePassword=0 WHERE Username=@u",
new SQLParam("@u", ni.Username),
new SQLParam("@pw", PWMD5New));
ni.MustChangePassword = false;
return(RESTStatus.NoContent);
}
