public SystemUser Login(string Username, string Password)
{
SystemUser result = new SystemUser();
try
{
//quick validations
if (string.IsNullOrEmpty(Username))
{
result.StatusCode = SharedCommonsGlobals.FAILURE_STATUS_CODE;
result.StatusDesc = $"Please Supply a {nameof(Username)}";
return(result);
}
if (string.IsNullOrEmpty(Password))
{
result.StatusCode = SharedCommonsGlobals.FAILURE_STATUS_CODE;
result.StatusDesc = $"Please Supply a {nameof(Password)}";
return(result);
}
//find the first user whose username is the one supplied
SystemUser user = SystemUser.QueryWithStoredProc("GetSystemUserByID", Username).FirstOrDefault();
//oops no user found..stop
if (user == null)
{
result.StatusCode = SharedCommonsGlobals.FAILURE_STATUS_CODE;
result.StatusDesc = $"Invalid Username or Password";
return(result);
}
//hash the password supplied
string hashedPassword = SharedCommons.GenerateMD5Hash(Password);
//compare hashes
if (hashedPassword != user.Password)
{
//no match..stop
result.StatusCode = SharedCommonsGlobals.FAILURE_STATUS_CODE;
result.StatusDesc = $"Invalid Username or Password";
return(result);
}
//user is authentic
result = user;
result.StatusCode = SharedCommonsGlobals.SUCCESS_STATUS_CODE;
result.StatusDesc = SharedCommonsGlobals.SUCCESS_STATUS_TEXT;
}
catch (Exception ex)
{
result.StatusCode = SharedCommonsGlobals.FAILURE_STATUS_CODE;
result.StatusDesc = $"ERROR: {ex.Message}";
}
return(result);
}
public Result RegisterSystemUser(SystemUser user)
{
Result result = new Result();
try
{
if (!user.IsValid())
{
result.StatusCode = SharedCommonsGlobals.FAILURE_STATUS_CODE;
result.StatusDesc = $"{user.StatusDesc}";
return(result);
}
//check among the existing users for someone with the same username
SystemUser old = SystemUser.QueryWithStoredProc("GetSystemUserByID", user.Username).FirstOrDefault();
//a current user has been found with the same username
if (old != null)
{
result.StatusCode = SharedCommonsGlobals.FAILURE_STATUS_CODE;
result.StatusDesc = $"Username Already in Use. Please try another Username";
return(result);
}
//hash user password
user.Password = SharedCommons.GenerateMD5Hash(user.Password);
//save the user
user.Save();
//success
result.ResponseId = user.Username;
result.StatusCode = SharedCommonsGlobals.SUCCESS_STATUS_CODE;
result.StatusDesc = SharedCommonsGlobals.SUCCESS_STATUS_TEXT;
}
catch (Exception ex)
{
result.StatusCode = SharedCommonsGlobals.FAILURE_STATUS_CODE;
result.StatusDesc = $"ERROR: {ex.Message}";
}
return(result);
}
private void System_login(string UserId, string passwd)
{
string msg = "";
SystemUser user = bll.GetSystemUserByUserId(UserId);//process_file.LoginDetails(userId, passwd);
if (user.StatusCode != Globals.SUCCESS_STATUS_CODE)
{
msg = "FAILED: " + user.StatusDesc;
bll.InsertIntoAuditLog("LOGIN", "", user.CompanyCode, UserId, "Unsuccessfull login of User with ID :" + UserId + " Error: " + msg);
ShowMessage(msg, true);
return;
}
string md5HashOfPassword = SharedCommons.GenerateMD5Hash(passwd);
if (user.Password.ToUpper() != md5HashOfPassword.ToUpper())
{
msg = "FAILED: INVALID USERNAME OR PASSWORD SUPPLIED";
bll.InsertIntoAuditLog("LOGIN", "", user.CompanyCode, UserId, "Unsuccessfull login of User with ID :" + UserId + " Error: " + msg);
if (MaxInvalidLoginsIsExceeded())
{
bll.InsertIntoAuditLog("DE-ACTIVATION", "", user.CompanyCode, user.UserId, "Deactivated: Maximum number of Invalid Logins Reached by User[" + user.UserId + "]");
bll.DeactivateUser(user.UserId, "PORTAL", ip, user.CompanyCode);// user.PhoneNumber
msg = "User Credentials Deactivated: Maximum number of Invalid Logins Reached";
}
bll.LogUserLogin("PORTAL", ip, user.UserId, this.Session.SessionID, "555", msg, "LOGIN");
ShowMessage(msg, true);
return;
}
//user has to reset password
if (user.ResetPassword)
{
msg = "RESET PASSWORD";
bll.LogUserLogin("PORTAL", ip, user.UserId, this.Session.SessionID, "111", msg, "LOGIN");
bll.InsertIntoAuditLog("LOGIN", "", user.CompanyCode, user.UserId, "Unsuccessfull login of User with ID :" + user.UserId + " Error: " + msg);
CallResetPassword(user);
ShowMessage(msg, true);
return;
}
//user password has expired
//if (bll.PasswordExpired(user.UserId, user.CompanyCode, ip))
//{
// msg = "YOUR PASSWORD EXPIRED AND NEEDS TO BE CHANGED";
// bll.LogUserLogin("PORTAL", "", ip, user.UserId, this.Session.SessionID, "222", msg, "LOGIN");
// CallResetPassword(user);
// bll.ShowMessage(lblmsg, msg, true);
// return;
//}
AssignSessionVariables(user);
ShowMessage("System Logon denied", true);
}
protected void btnForgotPassword_Click(object sender, EventArgs e)
{
SystemUser user = bll.GetSystemUserByUserId(txtUserId.Text);
try
{
// validate the Captcha to check we're not dealing with a bot
//string userInput = txtCaptcha.Text.Trim().ToUpper();
//bool isHuman = ExampleCaptcha.Validate(userInput);
//txtCaptcha.Text = null; // clear previous user input
//if (isHuman)
//{
// // TODO: proceed with protected action
//}
//else
//{
// ShowMessage("INCORRECT CAPTCHA", false);
// return;
//}
//get user using his UserId
//unable to find user
if (user.StatusCode != "0")
{
string msg = user.StatusDesc;
bll.LogUserLogin("PORTAL", ip, user.UserId, this.Session.SessionID, user.StatusCode, user.StatusDesc, "LOGIN");
bll.InsertIntoAuditLog("LOGIN", "", user.CompanyCode, user.UserId, "Unsuccessfull Password Reset of User with ID :" + user.UserId + " Error: " + msg);
ShowMessage(msg, true);
return;
}
////use redis to save to cache
//string host = "localhost";
//string key = user.UserId;
//// Retrieve data from the cache using the key
//string data = Get(host, key);
//int i = 1;
//if (string.IsNullOrEmpty(data))
//{
// // Store data in the cache
// Save(host, key, i.ToString());
//}
//else
//{
// if (Convert.ToInt16(data) >= 3)
// {
// bll.ShowMessage(lblmsg, "Password cannot be changed more than 3 times in 24 hours", true);
// return;
// }
// else
// {
// // Store data in the cache with increased count
// i = Convert.ToInt16(data) + 1;
// Save(host, key, i.ToString());
// }
//}
//generate a new password for the user
string Password = bll.GeneratePassword();
user.Password = SharedCommons.GenerateMD5Hash(Password);
////user.ResetPassword = true;
//update the password of the user at Pegasus
Result result = bll.UpdateUserPassword(user);
//failed to update
if (result.StatusCode != "0")
{
ShowMessage("FAILED: " + result.StatusDesc, false);
return;
}
//send the user the new credentials
Result sendResult = bll.ResendCredentials(user, "Password", Password);
//failed to send mail
if (sendResult.StatusCode != "0")
{
//ShowMessage("FAILED: PASSWORD WAS RESET BUT EMAIL SEND TO [" + user.Email + "] FAILED : " + result.StatusDesc, false);
//with no mail displayed to the user
ShowMessage("FAILED: PASSWORD WAS RESET BUT EMAIL SEND TO YOUR ASSOCIATED MAIL ACCOUNT FAILED : " + result.StatusDesc, false);
return;
}
//we are good
//ShowMessage("YOUR PASSWORD HAS BEEN RESET AND AN EMAIL HAS BEEN SENT TO " + user.Email, false);
//with no mail displayed to the user
ShowMessage("YOUR PASSWORD HAS BEEN RESET AND AN EMAIL HAS BEEN SENT TO YOUR ASSOCIATED MAIL ACCOUNT", false);
MultiView1.SetActiveView(View2);
}
catch (Exception ex)
{
bll.LogError(user.CompanyCode, "", "FORGOT-PWD" + ex.Message + ex.StackTrace, "", "EXCEPTION", "");
ShowMessage("FAILED: INTERNAL ERROR", true);
}
}
protected void btnChangenewPassword_Click(object sender, EventArgs e)
{
try
{
string newpassword = txtnewpassword.Text;
string confirmPassword = txtConfirmnewpassword.Text;
if (newpassword.Equals(""))
{
ShowMessage("ENTER NEW PASSWORD", true);
txtnewpassword.Focus();
}
else if (confirmPassword.Equals(""))
{
ShowMessage("CONFIRM NEW PASSWORD", true);
txtConfirmnewpassword.Focus();
}
else
{
if (newpassword.Equals(confirmPassword))
{
if (Session["PassUser"] != null)
{
SystemUser user = Session["PassUser"] as SystemUser;
if (!user.UserId.Equals(""))
{
if (SharedCommons.GenerateMD5Hash(newpassword) == user.Password)
{
ShowMessage("YOUR NEW PASSWORD CANNOT BE THE SAME AS THE PREVIOUS ONE", true);
}
else if (!bll.ObeysPasswordPolicy(newpassword, user.CompanyCode))
{
ShowMessage("Your new password should contain atleast one uppercase and lowercase letters, a special character,a number and Should be atleast 8 characters in Length", true);
}
else if (bll.PasswordHasBeenUsed(user.UserId, SharedCommons.GenerateMD5Hash(newpassword)))
{
ShowMessage("You have used this password before, please create another one", true);
}
else
{
string oldPassword = user.Password;
user.Password = SharedCommons.GenerateMD5Hash(newpassword);
Result result = bll.ChangeUsersPassword(user.UserId, user.CompanyCode, user.Password, user.RoleCode);
if (result.StatusCode == "0")
{
bll.Log("PasswordTracker_Update", new string[] { user.UserId, oldPassword, ip });
string msg = "Password Changed Successfully";
ShowMessage(msg, false);
MultiView1.ActiveViewIndex = 0;
clearControls();
}
else
{
string msg = result.StatusDesc;
ShowMessage(msg, true);
}
}
}
else
{
ShowMessage("FAILED TO DETERMINE USER DETAILS", true);
}
}
else
{
ShowMessage("FAILED TO DETERMINE USER DETAILS", true);
}
}
else
{
ShowMessage("PASSWORD MISMATCH", true);
}
}
}
catch (Exception ex)
{
ShowMessage("FAILED: " + ex.Message, true);
}
}
protected void Button1_Click(object sender, EventArgs e)
{
Label LblMsg = (Label)Master.FindControl("lblMsg");
try
{
string OldPassword = txtOldPasswd.Text.Trim();
string NewPassword = txtNewPasswd.Text.Trim();
string ConfirmedPassword = txtConfirm.Text.Trim();
if (NewPassword != ConfirmedPassword)
{
string msg = "Msg: Your New Password Doesnt match the confirmed Password";
bll.ShowMessage(LblMsg, msg, true);
txtOldPasswd.Focus();
}
else if (SharedCommons.GenerateMD5Hash(OldPassword) != user.Password)
{
string msg = "Msg: Your Old Password Is Incorrect";
txtOldPasswd.Focus();
bll.ShowMessage(LblMsg, msg, true);
}
if (OldPassword.Equals(""))
{
ShowMessage("Please Enter your Old Password", true);
txtOldPasswd.Focus();
}
else if (NewPassword.Equals(""))
{
ShowMessage("Please Enter your New Password", true);
txtNewPasswd.Focus();
}
else if (ConfirmedPassword.Equals(""))
{
ShowMessage("Please Confirm your New Password", true);
txtConfirm.Focus();
}
else
{
if (SharedCommons.GenerateMD5Hash(NewPassword) == SharedCommons.GenerateMD5Hash(OldPassword))
{
string msg = "Your new password can't be Similar to the Old One";
bll.ShowMessage(LblMsg, msg, true);
}
else if (!bll.ObeysPasswordPolicy(NewPassword, user.CompanyCode))
{
string msg = "Your new password should have a mixture of uppercase & lowercase letters, special characters i.e ?,$ and numbers";
bll.ShowMessage(LblMsg, msg, true);
}
else if (bll.PasswordHasBeenUsed(user.UserId, SharedCommons.GenerateMD5Hash(NewPassword)))
{
bll.ShowMessage(LblMsg, "Your New Password can't be Similar To The Recent Two Passwords", true);
}
else
{
user.Password = SharedCommons.GenerateMD5Hash(NewPassword);
user.ModifiedBy = user.UserId;
Result result = bll.ChangeUsersPassword(user.UserId, user.CompanyCode, user.Password, user.RoleCode); //, false, "PASSWORD");
if (result.StatusCode == "0")
{
bll.Log("PasswordTracker_Update", new string[] { user.UserId, SharedCommons.GenerateMD5Hash(OldPassword), user.UserId, bll.getIp() });
string msg = "Password Changed Successfully";
bll.ShowMessage(LblMsg, msg, false);
}
else
{
string msg = result.StatusDesc;
bll.ShowMessage(LblMsg, msg, true);
}
}
}
}
catch (Exception ex)
{
ShowMessage(ex.Message, true);
}
}
