public SystemUser Login(string Username, string Password) { SystemUser result = new SystemUser(); try { //quick validations if (string.IsNullOrEmpty(Username)) { result.StatusCode = SharedCommonsGlobals.FAILURE_STATUS_CODE; result.StatusDesc = $"Please Supply a {nameof(Username)}"; return(result); } if (string.IsNullOrEmpty(Password)) { result.StatusCode = SharedCommonsGlobals.FAILURE_STATUS_CODE; result.StatusDesc = $"Please Supply a {nameof(Password)}"; return(result); } //find the first user whose username is the one supplied SystemUser user = SystemUser.QueryWithStoredProc("GetSystemUserByID", Username).FirstOrDefault(); //oops no user found..stop if (user == null) { result.StatusCode = SharedCommonsGlobals.FAILURE_STATUS_CODE; result.StatusDesc = $"Invalid Username or Password"; return(result); } //hash the password supplied string hashedPassword = SharedCommons.GenerateMD5Hash(Password); //compare hashes if (hashedPassword != user.Password) { //no match..stop result.StatusCode = SharedCommonsGlobals.FAILURE_STATUS_CODE; result.StatusDesc = $"Invalid Username or Password"; return(result); } //user is authentic result = user; result.StatusCode = SharedCommonsGlobals.SUCCESS_STATUS_CODE; result.StatusDesc = SharedCommonsGlobals.SUCCESS_STATUS_TEXT; } catch (Exception ex) { result.StatusCode = SharedCommonsGlobals.FAILURE_STATUS_CODE; result.StatusDesc = $"ERROR: {ex.Message}"; } return(result); }
public Result RegisterSystemUser(SystemUser user) { Result result = new Result(); try { if (!user.IsValid()) { result.StatusCode = SharedCommonsGlobals.FAILURE_STATUS_CODE; result.StatusDesc = $"{user.StatusDesc}"; return(result); } //check among the existing users for someone with the same username SystemUser old = SystemUser.QueryWithStoredProc("GetSystemUserByID", user.Username).FirstOrDefault(); //a current user has been found with the same username if (old != null) { result.StatusCode = SharedCommonsGlobals.FAILURE_STATUS_CODE; result.StatusDesc = $"Username Already in Use. Please try another Username"; return(result); } //hash user password user.Password = SharedCommons.GenerateMD5Hash(user.Password); //save the user user.Save(); //success result.ResponseId = user.Username; result.StatusCode = SharedCommonsGlobals.SUCCESS_STATUS_CODE; result.StatusDesc = SharedCommonsGlobals.SUCCESS_STATUS_TEXT; } catch (Exception ex) { result.StatusCode = SharedCommonsGlobals.FAILURE_STATUS_CODE; result.StatusDesc = $"ERROR: {ex.Message}"; } return(result); }
private void System_login(string UserId, string passwd) { string msg = ""; SystemUser user = bll.GetSystemUserByUserId(UserId);//process_file.LoginDetails(userId, passwd); if (user.StatusCode != Globals.SUCCESS_STATUS_CODE) { msg = "FAILED: " + user.StatusDesc; bll.InsertIntoAuditLog("LOGIN", "", user.CompanyCode, UserId, "Unsuccessfull login of User with ID :" + UserId + " Error: " + msg); ShowMessage(msg, true); return; } string md5HashOfPassword = SharedCommons.GenerateMD5Hash(passwd); if (user.Password.ToUpper() != md5HashOfPassword.ToUpper()) { msg = "FAILED: INVALID USERNAME OR PASSWORD SUPPLIED"; bll.InsertIntoAuditLog("LOGIN", "", user.CompanyCode, UserId, "Unsuccessfull login of User with ID :" + UserId + " Error: " + msg); if (MaxInvalidLoginsIsExceeded()) { bll.InsertIntoAuditLog("DE-ACTIVATION", "", user.CompanyCode, user.UserId, "Deactivated: Maximum number of Invalid Logins Reached by User[" + user.UserId + "]"); bll.DeactivateUser(user.UserId, "PORTAL", ip, user.CompanyCode);// user.PhoneNumber msg = "User Credentials Deactivated: Maximum number of Invalid Logins Reached"; } bll.LogUserLogin("PORTAL", ip, user.UserId, this.Session.SessionID, "555", msg, "LOGIN"); ShowMessage(msg, true); return; } //user has to reset password if (user.ResetPassword) { msg = "RESET PASSWORD"; bll.LogUserLogin("PORTAL", ip, user.UserId, this.Session.SessionID, "111", msg, "LOGIN"); bll.InsertIntoAuditLog("LOGIN", "", user.CompanyCode, user.UserId, "Unsuccessfull login of User with ID :" + user.UserId + " Error: " + msg); CallResetPassword(user); ShowMessage(msg, true); return; } //user password has expired //if (bll.PasswordExpired(user.UserId, user.CompanyCode, ip)) //{ // msg = "YOUR PASSWORD EXPIRED AND NEEDS TO BE CHANGED"; // bll.LogUserLogin("PORTAL", "", ip, user.UserId, this.Session.SessionID, "222", msg, "LOGIN"); // CallResetPassword(user); // bll.ShowMessage(lblmsg, msg, true); // return; //} AssignSessionVariables(user); ShowMessage("System Logon denied", true); }
protected void btnForgotPassword_Click(object sender, EventArgs e) { SystemUser user = bll.GetSystemUserByUserId(txtUserId.Text); try { // validate the Captcha to check we're not dealing with a bot //string userInput = txtCaptcha.Text.Trim().ToUpper(); //bool isHuman = ExampleCaptcha.Validate(userInput); //txtCaptcha.Text = null; // clear previous user input //if (isHuman) //{ // // TODO: proceed with protected action //} //else //{ // ShowMessage("INCORRECT CAPTCHA", false); // return; //} //get user using his UserId //unable to find user if (user.StatusCode != "0") { string msg = user.StatusDesc; bll.LogUserLogin("PORTAL", ip, user.UserId, this.Session.SessionID, user.StatusCode, user.StatusDesc, "LOGIN"); bll.InsertIntoAuditLog("LOGIN", "", user.CompanyCode, user.UserId, "Unsuccessfull Password Reset of User with ID :" + user.UserId + " Error: " + msg); ShowMessage(msg, true); return; } ////use redis to save to cache //string host = "localhost"; //string key = user.UserId; //// Retrieve data from the cache using the key //string data = Get(host, key); //int i = 1; //if (string.IsNullOrEmpty(data)) //{ // // Store data in the cache // Save(host, key, i.ToString()); //} //else //{ // if (Convert.ToInt16(data) >= 3) // { // bll.ShowMessage(lblmsg, "Password cannot be changed more than 3 times in 24 hours", true); // return; // } // else // { // // Store data in the cache with increased count // i = Convert.ToInt16(data) + 1; // Save(host, key, i.ToString()); // } //} //generate a new password for the user string Password = bll.GeneratePassword(); user.Password = SharedCommons.GenerateMD5Hash(Password); ////user.ResetPassword = true; //update the password of the user at Pegasus Result result = bll.UpdateUserPassword(user); //failed to update if (result.StatusCode != "0") { ShowMessage("FAILED: " + result.StatusDesc, false); return; } //send the user the new credentials Result sendResult = bll.ResendCredentials(user, "Password", Password); //failed to send mail if (sendResult.StatusCode != "0") { //ShowMessage("FAILED: PASSWORD WAS RESET BUT EMAIL SEND TO [" + user.Email + "] FAILED : " + result.StatusDesc, false); //with no mail displayed to the user ShowMessage("FAILED: PASSWORD WAS RESET BUT EMAIL SEND TO YOUR ASSOCIATED MAIL ACCOUNT FAILED : " + result.StatusDesc, false); return; } //we are good //ShowMessage("YOUR PASSWORD HAS BEEN RESET AND AN EMAIL HAS BEEN SENT TO " + user.Email, false); //with no mail displayed to the user ShowMessage("YOUR PASSWORD HAS BEEN RESET AND AN EMAIL HAS BEEN SENT TO YOUR ASSOCIATED MAIL ACCOUNT", false); MultiView1.SetActiveView(View2); } catch (Exception ex) { bll.LogError(user.CompanyCode, "", "FORGOT-PWD" + ex.Message + ex.StackTrace, "", "EXCEPTION", ""); ShowMessage("FAILED: INTERNAL ERROR", true); } }
protected void btnChangenewPassword_Click(object sender, EventArgs e) { try { string newpassword = txtnewpassword.Text; string confirmPassword = txtConfirmnewpassword.Text; if (newpassword.Equals("")) { ShowMessage("ENTER NEW PASSWORD", true); txtnewpassword.Focus(); } else if (confirmPassword.Equals("")) { ShowMessage("CONFIRM NEW PASSWORD", true); txtConfirmnewpassword.Focus(); } else { if (newpassword.Equals(confirmPassword)) { if (Session["PassUser"] != null) { SystemUser user = Session["PassUser"] as SystemUser; if (!user.UserId.Equals("")) { if (SharedCommons.GenerateMD5Hash(newpassword) == user.Password) { ShowMessage("YOUR NEW PASSWORD CANNOT BE THE SAME AS THE PREVIOUS ONE", true); } else if (!bll.ObeysPasswordPolicy(newpassword, user.CompanyCode)) { ShowMessage("Your new password should contain atleast one uppercase and lowercase letters, a special character,a number and Should be atleast 8 characters in Length", true); } else if (bll.PasswordHasBeenUsed(user.UserId, SharedCommons.GenerateMD5Hash(newpassword))) { ShowMessage("You have used this password before, please create another one", true); } else { string oldPassword = user.Password; user.Password = SharedCommons.GenerateMD5Hash(newpassword); Result result = bll.ChangeUsersPassword(user.UserId, user.CompanyCode, user.Password, user.RoleCode); if (result.StatusCode == "0") { bll.Log("PasswordTracker_Update", new string[] { user.UserId, oldPassword, ip }); string msg = "Password Changed Successfully"; ShowMessage(msg, false); MultiView1.ActiveViewIndex = 0; clearControls(); } else { string msg = result.StatusDesc; ShowMessage(msg, true); } } } else { ShowMessage("FAILED TO DETERMINE USER DETAILS", true); } } else { ShowMessage("FAILED TO DETERMINE USER DETAILS", true); } } else { ShowMessage("PASSWORD MISMATCH", true); } } } catch (Exception ex) { ShowMessage("FAILED: " + ex.Message, true); } }
protected void Button1_Click(object sender, EventArgs e) { Label LblMsg = (Label)Master.FindControl("lblMsg"); try { string OldPassword = txtOldPasswd.Text.Trim(); string NewPassword = txtNewPasswd.Text.Trim(); string ConfirmedPassword = txtConfirm.Text.Trim(); if (NewPassword != ConfirmedPassword) { string msg = "Msg: Your New Password Doesnt match the confirmed Password"; bll.ShowMessage(LblMsg, msg, true); txtOldPasswd.Focus(); } else if (SharedCommons.GenerateMD5Hash(OldPassword) != user.Password) { string msg = "Msg: Your Old Password Is Incorrect"; txtOldPasswd.Focus(); bll.ShowMessage(LblMsg, msg, true); } if (OldPassword.Equals("")) { ShowMessage("Please Enter your Old Password", true); txtOldPasswd.Focus(); } else if (NewPassword.Equals("")) { ShowMessage("Please Enter your New Password", true); txtNewPasswd.Focus(); } else if (ConfirmedPassword.Equals("")) { ShowMessage("Please Confirm your New Password", true); txtConfirm.Focus(); } else { if (SharedCommons.GenerateMD5Hash(NewPassword) == SharedCommons.GenerateMD5Hash(OldPassword)) { string msg = "Your new password can't be Similar to the Old One"; bll.ShowMessage(LblMsg, msg, true); } else if (!bll.ObeysPasswordPolicy(NewPassword, user.CompanyCode)) { string msg = "Your new password should have a mixture of uppercase & lowercase letters, special characters i.e ?,$ and numbers"; bll.ShowMessage(LblMsg, msg, true); } else if (bll.PasswordHasBeenUsed(user.UserId, SharedCommons.GenerateMD5Hash(NewPassword))) { bll.ShowMessage(LblMsg, "Your New Password can't be Similar To The Recent Two Passwords", true); } else { user.Password = SharedCommons.GenerateMD5Hash(NewPassword); user.ModifiedBy = user.UserId; Result result = bll.ChangeUsersPassword(user.UserId, user.CompanyCode, user.Password, user.RoleCode); //, false, "PASSWORD"); if (result.StatusCode == "0") { bll.Log("PasswordTracker_Update", new string[] { user.UserId, SharedCommons.GenerateMD5Hash(OldPassword), user.UserId, bll.getIp() }); string msg = "Password Changed Successfully"; bll.ShowMessage(LblMsg, msg, false); } else { string msg = result.StatusDesc; bll.ShowMessage(LblMsg, msg, true); } } } } catch (Exception ex) { ShowMessage(ex.Message, true); } }