/// <summary>
/// Processes a request to update the password for a membership user.
/// </summary>
/// <param name="username">The user to update the password for.</param>
/// <param name="oldPassword">The current password for the specified user.</param>
/// <param name="newPassword">The new password for the specified user.</param>
/// <returns>
/// true if the password was updated successfully; otherwise, false.
/// </returns>
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
// in order to support updating passwords from the umbraco core, we can't validate the old password
Member m = Member.GetMemberFromLoginNameAndPassword(username, oldPassword);
if (m == null)
{
return(false);
}
ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPassword, false);
OnValidatingPassword(args);
if (args.Cancel)
{
if (args.FailureInformation != null)
{
throw args.FailureInformation;
}
else
{
throw new MembershipPasswordException("Change password canceled due to new password validation failure.");
}
}
string encodedPassword = EncodePassword(newPassword);
m.ChangePassword(encodedPassword);
return((m.Password == encodedPassword) ? true : false);
}
public static IHtmlString CachedPartial(
this HtmlHelper htmlHelper,
string partialViewName,
object model,
int cachedSeconds,
bool cacheByPage = false,
bool cacheByMember = false,
ViewDataDictionary viewData = null,
Func <object, ViewDataDictionary, string> contextualKeyBuilder = null)
{
var cacheKey = new StringBuilder(partialViewName);
if (cacheByPage)
{
if (UmbracoContext.Current == null)
{
throw new InvalidOperationException("Cannot cache by page if the UmbracoContext has not been initialized, this parameter can only be used in the context of an Umbraco request");
}
cacheKey.AppendFormat("{0}-", UmbracoContext.Current.PageId);
}
if (cacheByMember)
{
var currentMember = Member.GetCurrentMember();
cacheKey.AppendFormat("m{0}-", currentMember == null ? 0 : currentMember.Id);
}
if (contextualKeyBuilder != null)
{
var contextualKey = contextualKeyBuilder(model, viewData);
cacheKey.AppendFormat("c{0}-", contextualKey);
}
return(ApplicationContext.Current.ApplicationCache.CachedPartialView(htmlHelper, partialViewName, model, cachedSeconds, cacheKey.ToString(), viewData));
}
/// <summary>
/// Processes a request to update the password question and answer for a membership user.
/// </summary>
/// <param name="username">The user to change the password question and answer for.</param>
/// <param name="password">The password for the specified user.</param>
/// <param name="newPasswordQuestion">The new password question for the specified user.</param>
/// <param name="newPasswordAnswer">The new password answer for the specified user.</param>
/// <returns>
/// true if the password question and answer are updated successfully; otherwise, false.
/// </returns>
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
if (!String.IsNullOrEmpty(m_PasswordRetrievalQuestionPropertyTypeAlias) && !String.IsNullOrEmpty(m_PasswordRetrievalAnswerPropertyTypeAlias))
{
if (ValidateUser(username, password))
{
Member m = Member.GetMemberFromLoginName(username);
if (m != null)
{
UpdateMemberProperty(m, m_PasswordRetrievalQuestionPropertyTypeAlias, newPasswordQuestion);
UpdateMemberProperty(m, m_PasswordRetrievalAnswerPropertyTypeAlias, newPasswordAnswer);
m.Save();
return(true);
}
else
{
throw new MembershipPasswordException("The supplied user is not found!");
}
}
else
{
throw new MembershipPasswordException("Invalid user/password combo");
}
}
else
{
throw new NotSupportedException("Updating the password Question and Answer is not valid if the properties aren't set in the config file");
}
}
/// <summary>
/// Gets information from the data source for a user based on the unique identifier for the membership user. Provides an option to update the last-activity date/time stamp for the user.
/// </summary>
/// <param name="providerUserKey">The unique identifier for the membership user to get information for.</param>
/// <param name="userIsOnline">true to update the last-activity date/time stamp for the user; false to return user information without updating the last-activity date/time stamp for the user.</param>
/// <returns>
/// A <see cref="T:System.Web.Security.MembershipUser"></see> object populated with the specified user's information from the data source.
/// </returns>
public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
{
var asGuid = providerUserKey.TryConvertTo <Guid>();
if (asGuid.Success)
{
var m = new Member(asGuid.Result);
if (userIsOnline && LastLoginPropertyTypeAlias.IsNullOrWhiteSpace() == false)
{
UpdateMemberProperty(m, LastLoginPropertyTypeAlias, DateTime.Now);
//don't raise events for this! It just sets the member dates, if we do raise events this will
// cause all distributed cache to execute - which will clear out some caches we don't want.
// http://issues.umbraco.org/issue/U4-3451
m.Save(false);
}
return(ConvertToMembershipUser(m));
}
var asInt = providerUserKey.TryConvertTo <int>();
if (asInt.Success)
{
var m = new Member(asInt.Result);
if (userIsOnline && LastLoginPropertyTypeAlias.IsNullOrWhiteSpace() == false)
{
UpdateMemberProperty(m, LastLoginPropertyTypeAlias, DateTime.Now);
//don't raise events for this! It just sets the member dates, if we do raise events this will
// cause all distributed cache to execute - which will clear out some caches we don't want.
// http://issues.umbraco.org/issue/U4-3451
m.Save(false);
}
return(ConvertToMembershipUser(m));
}
throw new InvalidOperationException("The " + GetType() + " provider only supports GUID or Int as a providerUserKey");
}
/// <summary>
/// Gets information from the data source for a user. Provides an option to update the last-activity date/time stamp for the user.
/// </summary>
/// <param name="username">The name of the user to get information for.</param>
/// <param name="userIsOnline">true to update the last-activity date/time stamp for the user; false to return user information without updating the last-activity date/time stamp for the user.</param>
/// <returns>
/// A <see cref="T:System.Web.Security.MembershipUser"></see> object populated with the specified user's information from the data source.
/// </returns>
public override MembershipUser GetUser(string username, bool userIsOnline)
{
if (string.IsNullOrEmpty(username))
{
return(null);
}
var m = Member.GetMemberFromLoginName(username);
if (m == null)
{
return(null);
}
if (userIsOnline && LastLoginPropertyTypeAlias.IsNullOrWhiteSpace() == false)
{
UpdateMemberProperty(m, LastLoginPropertyTypeAlias, DateTime.Now);
//don't raise events for this! It just sets the member dates, if we do raise events this will
// cause all distributed cache to execute - which will clear out some caches we don't want.
// http://issues.umbraco.org/issue/U4-3451
m.Save(false);
}
return(ConvertToMembershipUser(m));
}
protected void login(object sender, EventArgs e)
{
string email = tb_email.Text;
string password = tb_password.Text;
string redirectUrl = Request.QueryString["redirectUrl"];
umbraco.cms.businesslogic.member.Member m = umbraco.cms.businesslogic.member.Member.GetMemberFromLoginNameAndPassword(email, password);
if (m != null)
{
umbraco.cms.businesslogic.member.Member.AddMemberToCache(m, false, new TimeSpan(30, 0, 0, 0));
uForum.Businesslogic.ForumEditor.SetEditorChoiceFromMemberProfile(m.Id);
if (!string.IsNullOrEmpty(redirectUrl))
{
Response.Redirect(redirectUrl);
}
if (NextPage > 0)
{
Response.Redirect(umbraco.library.NiceUrl(NextPage));
}
}
else
{
lt_err.Text = "<div class='error'><p>" + ErrorMessage + "</p></div>";
lt_err.Visible = true;
}
}
/// <summary>
/// Resets a user's password to a new, automatically generated password.
/// </summary>
/// <param name="username">The user to reset the password for.</param>
/// <param name="answer">The password answer for the specified user (not used with Umbraco).</param>
/// <param name="generatedPassword"></param>
/// <returns>The new password for the specified user.</returns>
protected override string PerformResetPassword(string username, string answer, string generatedPassword)
{
//TODO: This should be here - but how do we update failure count in this provider??
//if (answer == null && RequiresQuestionAndAnswer)
//{
// UpdateFailureCount(username, "passwordAnswer");
// throw new ProviderException("Password answer required for password reset.");
//}
var m = Member.GetMemberFromLoginName(username);
if (m == null)
{
throw new ProviderException("The supplied user is not found");
}
// check if user is locked out
if (string.IsNullOrEmpty(LockPropertyTypeAlias) == false)
{
var isLockedOut = false;
bool.TryParse(GetMemberProperty(m, LockPropertyTypeAlias, true), out isLockedOut);
if (isLockedOut)
{
throw new ProviderException("The member is locked out.");
}
}
if (RequiresQuestionAndAnswer)
{
// check if password answer property alias is set
if (string.IsNullOrEmpty(PasswordRetrievalAnswerPropertyTypeAlias) == false)
{
// match password answer
if (GetMemberProperty(m, PasswordRetrievalAnswerPropertyTypeAlias, false) != answer)
{
throw new ProviderException("Incorrect password answer");
}
}
else
{
throw new ProviderException("Password retrieval answer property alias is not set! To automatically support password question/answers you'll need to add references to the membertype properties in the 'Member' element in web.config by adding their aliases to the 'umbracoPasswordRetrievalQuestionPropertyTypeAlias' and 'umbracoPasswordRetrievalAnswerPropertyTypeAlias' attributes");
}
}
string salt;
var encodedPassword = EncryptOrHashNewPassword(generatedPassword, out salt);
//set the password on the member
m.ChangePassword(FormatPasswordForStorage(encodedPassword, salt));
if (string.IsNullOrEmpty(LastPasswordChangedPropertyTypeAlias) == false)
{
UpdateMemberProperty(m, LastPasswordChangedPropertyTypeAlias, DateTime.Now);
}
m.Save();
return(generatedPassword);
}
/// <summary>
/// Updates e-mail and potentially approved status, lock status and comment on a user.
/// </summary>
/// <param name="user">A <see cref="T:System.Web.Security.MembershipUser"></see> object that represents the user to update and the updated information for the user.</param>
public override void UpdateUser(MembershipUser user)
{
var m = Member.GetMemberFromLoginName(user.UserName);
if (m == null)
{
throw new ProviderException(string.Format("No member with the username '{0}' found", user.UserName));
}
m.Email = user.Email;
// if supported, update approve status
UpdateMemberProperty(m, ApprovedPropertyTypeAlias, user.IsApproved ? 1 : 0);
// if supported, update lock status
UpdateMemberProperty(m, LockPropertyTypeAlias, user.IsLockedOut ? 1 : 0);
if (user.IsLockedOut)
{
UpdateMemberProperty(m, LastLockedOutPropertyTypeAlias, DateTime.Now);
}
// if supported, update comment
UpdateMemberProperty(m, CommentPropertyTypeAlias, user.Comment);
m.Save();
}
/// <summary>
/// Processes a request to update the password for a membership user.
/// </summary>
/// <param name="username">The user to update the password for.</param>
/// <param name="oldPassword">This property is ignore for this provider</param>
/// <param name="newPassword">The new password for the specified user.</param>
/// <returns>
/// true if the password was updated successfully; otherwise, false.
/// </returns>
protected override bool PerformChangePassword(string username, string oldPassword, string newPassword)
{
//NOTE: due to backwards compatibility reasons, this provider doesn't care about the old password and
// allows simply setting the password manually so we don't really care about the old password.
// This is allowed based on the overridden AllowManuallyChangingPassword option.
// in order to support updating passwords from the umbraco core, we can't validate the old password
var m = Member.GetMemberFromLoginName(username);
if (m == null)
{
return(false);
}
string salt;
var encodedPassword = EncryptOrHashNewPassword(newPassword, out salt);
m.ChangePassword(
FormatPasswordForStorage(encodedPassword, salt));
UpdateMemberProperty(m, LastPasswordChangedPropertyTypeAlias, DateTime.Now);
m.Save();
return(true);
}
/// <summary>
/// Adds a new membership user to the data source.
/// </summary>
/// <param name="memberTypeAlias"></param>
/// <param name="username">The user name for the new user.</param>
/// <param name="password">The password for the new user.</param>
/// <param name="email">The e-mail address for the new user.</param>
/// <param name="passwordQuestion">The password question for the new user.</param>
/// <param name="passwordAnswer">The password answer for the new user</param>
/// <param name="isApproved">Whether or not the new user is approved to be validated.</param>
/// <param name="providerUserKey">The unique identifier from the membership data source for the user.</param>
/// <param name="status">A <see cref="T:System.Web.Security.MembershipCreateStatus"></see> enumeration value indicating whether the user was created successfully.</param>
/// <returns>
/// A <see cref="T:System.Web.Security.MembershipUser"></see> object populated with the information for the newly created user.
/// </returns>
public MembershipUser CreateUser(string memberTypeAlias, string username, string password, string email, string passwordQuestion,
string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
{
if (Member.GetMemberFromLoginName(username) != null)
{
status = MembershipCreateStatus.DuplicateUserName;
}
else if (Member.GetMemberFromEmail(email) != null && RequiresUniqueEmail)
{
status = MembershipCreateStatus.DuplicateEmail;
}
else
{
var memberType = MemberType.GetByAlias(memberTypeAlias);
if (memberType == null)
{
throw new InvalidOperationException("Could not find a member type with alias " + memberTypeAlias + ". Ensure your membership provider configuration is up to date and that the default member type exists.");
}
Member m = Member.MakeNew(username, email, memberType, User.GetUser(0));
m.Password = password;
MembershipUser mUser =
ConvertToMembershipUser(m);
// custom fields
if (!String.IsNullOrEmpty(m_PasswordRetrievalQuestionPropertyTypeAlias))
{
UpdateMemberProperty(m, m_PasswordRetrievalQuestionPropertyTypeAlias, passwordQuestion);
}
if (!String.IsNullOrEmpty(m_PasswordRetrievalAnswerPropertyTypeAlias))
{
UpdateMemberProperty(m, m_PasswordRetrievalAnswerPropertyTypeAlias, passwordAnswer);
}
if (!String.IsNullOrEmpty(m_ApprovedPropertyTypeAlias))
{
UpdateMemberProperty(m, m_ApprovedPropertyTypeAlias, isApproved);
}
if (!String.IsNullOrEmpty(m_LastLoginPropertyTypeAlias))
{
mUser.LastActivityDate = DateTime.Now;
UpdateMemberProperty(m, m_LastLoginPropertyTypeAlias, mUser.LastActivityDate);
}
// save
m.Save();
status = MembershipCreateStatus.Success;
return(mUser);
}
return(null);
}
private static void UpdateMemberProperty(Member m, string propertyTypeAlias, object propertyValue)
{
if (string.IsNullOrEmpty(propertyTypeAlias) == false)
{
if (m.getProperty(propertyTypeAlias) != null)
{
m.getProperty(propertyTypeAlias).Value = propertyValue;
}
}
}
public static bool IsInGroup(string GroupName)
{
if (umbraco.library.IsLoggedOn())
{
return(IsMemberInGroup(GroupName, Member.CurrentMemberId()));
}
else
{
return(false);
}
}
/// <summary>
/// Removes a user from the membership data source.
/// </summary>
/// <param name="username">The name of the user to delete.</param>
/// <param name="deleteAllRelatedData">
/// TODO: This setting currently has no effect
/// </param>
/// <returns>
/// true if the user was successfully deleted; otherwise, false.
/// </returns>
public override bool DeleteUser(string username, bool deleteAllRelatedData)
{
var m = Member.GetMemberFromLoginName(username);
if (m == null)
{
return(false);
}
m.delete();
return(true);
}
static public bool IsMemberAdmin(umbraco.cms.businesslogic.member.Member uMember)
{
foreach (var group in uMember.Groups.Values)
{
if (group.ToString().Contains("DIYPT_Admin"))
{
return(true);
}
}
return(false);
}
public static Member GetMember(int id)
{
Member m = Member.GetMemberFromCache(id);
if (m == null)
{
m = new Member(id);
}
return(m);
}
/// <summary>
/// Gets the password for the specified user name from the data source.
/// </summary>
/// <param name="username">The user to retrieve the password for.</param>
/// <param name="answer">The password answer for the user.</param>
/// <returns>
/// The password for the specified user name.
/// </returns>
public override string GetPassword(string username, string answer)
{
if (!EnablePasswordRetrieval)
{
throw new ProviderException("Password Retrieval Not Enabled.");
}
if (PasswordFormat == MembershipPasswordFormat.Hashed)
{
throw new ProviderException("Cannot retrieve Hashed passwords.");
}
Member m = Member.GetMemberFromLoginName(username);
if (m != null)
{
if (RequiresQuestionAndAnswer)
{
// check if password answer property alias is set
if (!String.IsNullOrEmpty(m_PasswordRetrievalAnswerPropertyTypeAlias))
{
// check if user is locked out
if (!String.IsNullOrEmpty(m_LockPropertyTypeAlias))
{
bool isLockedOut = false;
bool.TryParse(GetMemberProperty(m, m_LockPropertyTypeAlias, true), out isLockedOut);
if (isLockedOut)
{
throw new MembershipPasswordException("The supplied user is locked out");
}
}
// match password answer
if (GetMemberProperty(m, m_PasswordRetrievalAnswerPropertyTypeAlias, false) != answer)
{
throw new MembershipPasswordException("Incorrect password answer");
}
}
else
{
throw new ProviderException("Password retrieval answer property alias is not set! To automatically support password question/answers you'll need to add references to the membertype properties in the 'Member' element in web.config by adding their aliases to the 'umbracoPasswordRetrievalQuestionPropertyTypeAlias' and 'umbracoPasswordRetrievalAnswerPropertyTypeAlias' attributes");
}
}
}
if (m == null)
{
throw new MembershipPasswordException("The supplied user is not found");
}
else
{
return(m.Password);
}
}
public static void RemoveMemberFromPotentialSpamGroup(Member member)
{
var memberGroup = MemberGroup.GetByName(SpamMemberGroupName);
if (memberGroup == null)
{
MemberGroup.MakeNew(SpamMemberGroupName, new User(0));
}
memberGroup = MemberGroup.GetByName(SpamMemberGroupName);
member.RemoveGroup(memberGroup.Id);
}
public static void AddMemberToPotentialSpamGroup(Member member)
{
var memberGroup = MemberGroup.GetByName(SpamMemberGroupName);
if (memberGroup == null)
{
MemberGroup.MakeNew(SpamMemberGroupName, new User(0));
}
memberGroup = MemberGroup.GetByName(SpamMemberGroupName);
member.AddGroup(memberGroup.Id);
}
public string authenticate(string email, string md5Password)
{
umbraco.cms.businesslogic.member.Member mem = umbraco.cms.businesslogic.member.Member.GetMemberFromEmail(email);
if (md5(mem.Password) == md5Password)
{
return(mem.UniqueId.ToString());
}
else
{
return(string.Empty);
}
}
public static Member GetMember(int id)
{
try
{
return(Member.GetMemberFromCache(id) ?? new Member(id));
}
catch (Exception exception)
{
Log.Add(LogTypes.Error, 0, string.Format("Could not get member {0} from the cache nor from the database - Exception: {1} {2} {3}", id, exception.Message, exception.StackTrace, exception.InnerException));
}
return(null);
}
/// <summary>
/// Gets the user name associated with the specified e-mail address.
/// </summary>
/// <param name="email">The e-mail address to search for.</param>
/// <returns>
/// The user name associated with the specified e-mail address. If no match is found, return null.
/// </returns>
public override string GetUserNameByEmail(string email)
{
Member m = Member.GetMemberFromEmail(email);
if (m == null)
{
return(null);
}
else
{
return(m.LoginName);
}
}
/// <summary>
/// Converts to membership user.
/// </summary>
/// <param name="m">The m.</param>
/// <returns></returns>
private MembershipUser ConvertToMembershipUser(Member m)
{
if (m == null)
{
return(null);
}
var lastLogin = DateTime.Now;
var lastLocked = DateTime.MinValue;
var isApproved = true;
var isLocked = false;
var comment = "";
var passwordQuestion = "";
// last login
if (string.IsNullOrEmpty(LastLoginPropertyTypeAlias) == false)
{
DateTime.TryParse(GetMemberProperty(m, LastLoginPropertyTypeAlias, false), out lastLogin);
}
// approved
if (string.IsNullOrEmpty(ApprovedPropertyTypeAlias) == false)
{
bool.TryParse(GetMemberProperty(m, ApprovedPropertyTypeAlias, true), out isApproved);
}
// locked
if (string.IsNullOrEmpty(LockPropertyTypeAlias) == false)
{
bool.TryParse(GetMemberProperty(m, LockPropertyTypeAlias, true), out isLocked);
}
// last locked
if (string.IsNullOrEmpty(LastLockedOutPropertyTypeAlias) == false)
{
DateTime.TryParse(GetMemberProperty(m, LastLockedOutPropertyTypeAlias, false), out lastLocked);
}
// comment
if (string.IsNullOrEmpty(CommentPropertyTypeAlias) == false)
{
comment = GetMemberProperty(m, CommentPropertyTypeAlias, false);
}
// password question
if (string.IsNullOrEmpty(PasswordRetrievalQuestionPropertyTypeAlias) == false)
{
passwordQuestion = GetMemberProperty(m, PasswordRetrievalQuestionPropertyTypeAlias, false);
}
return(new MembershipUser(_providerName, m.LoginName, m.Id, m.Email, passwordQuestion, comment, isApproved, isLocked, m.CreateDateTime, lastLogin,
DateTime.Now, DateTime.Now, lastLocked));
}
private static string GetCacheKey(RenderingBlock block, IPublishedContent content, HttpRequestBase request, ViewDataDictionary viewData)
{
var key = "Zbu.Blocks__" + block.Source;
var cache = block.Cache;
if (cache.ByPage)
{
key += "__p:" + content.Id;
}
if (!string.IsNullOrWhiteSpace(cache.ByConst))
{
key += "__c:" + cache.ByConst;
}
if (cache.ByMember)
{
// sure it's obsolete but what's the new way of getting the 'current' member ID?
// currently even v7 HtmlHelperRenderExtensions uses the legacy API
var member = Member.GetCurrentMember();
key += "__m:" + (member == null ? 0 : member.Id);
}
if (cache.ByQueryString != null)
{
key = cache.ByQueryString.Aggregate(key, (current, vb) =>
current + "__" + request.QueryString[vb]);
}
if (cache.ByProperty != null)
{
key = cache.ByProperty.Aggregate(key, (current, alias) =>
{
var recurse = alias.StartsWith("_");
var value = content.GetPropertyValue(recurse ? alias.Substring(1) : alias, recurse);
return(current + "__v:" + value);
});
}
var custom = cache.GetCacheCustom(request, block, content, viewData);
if (!string.IsNullOrWhiteSpace(custom))
{
key += "__x:" + custom;
}
return(key.ToLowerInvariant());
}
/// <summary>
/// Resets a user's password to a new, automatically generated password.
/// </summary>
/// <param name="username">The user to reset the password for.</param>
/// <param name="answer">The password answer for the specified user (not used with Umbraco).</param>
/// <returns>The new password for the specified user.</returns>
public override string ResetPassword(string username, string answer)
{
if (!EnablePasswordReset)
{
throw new NotSupportedException("Password reset is not supported");
}
Member m = Member.GetMemberFromLoginName(username);
if (m == null)
{
throw new MembershipPasswordException("The supplied user is not found");
}
else
{
if (RequiresQuestionAndAnswer)
{
// check if password answer property alias is set
if (!String.IsNullOrEmpty(m_PasswordRetrievalAnswerPropertyTypeAlias))
{
// check if user is locked out
if (!String.IsNullOrEmpty(m_LockPropertyTypeAlias))
{
bool isLockedOut = false;
bool.TryParse(GetMemberProperty(m, m_LockPropertyTypeAlias, true), out isLockedOut);
if (isLockedOut)
{
throw new MembershipPasswordException("The supplied user is locked out");
}
}
// match password answer
if (GetMemberProperty(m, m_PasswordRetrievalAnswerPropertyTypeAlias, false) != answer)
{
throw new MembershipPasswordException("Incorrect password answer");
}
}
else
{
throw new ProviderException("Password retrieval answer property alias is not set! To automatically support password question/answers you'll need to add references to the membertype properties in the 'Member' element in web.config by adding their aliases to the 'umbracoPasswordRetrievalQuestionPropertyTypeAlias' and 'umbracoPasswordRetrievalAnswerPropertyTypeAlias' attributes");
}
}
string newPassword = Membership.GeneratePassword(MinRequiredPasswordLength, MinRequiredNonAlphanumericCharacters);
m.Password = newPassword;
return(newPassword);
}
}
/// <summary>
/// Updates e-mail and potentially approved status, lock status and comment on a user.
/// Note: To automatically support lock, approve and comments you'll need to add references to the membertype properties in the
/// 'Member' element in web.config by adding their aliases to the 'umbracoApprovePropertyTypeAlias', 'umbracoLockPropertyTypeAlias' and 'umbracoCommentPropertyTypeAlias' attributes
/// </summary>
/// <param name="user">A <see cref="T:System.Web.Security.MembershipUser"></see> object that represents the user to update and the updated information for the user.</param>
public override void UpdateUser(MembershipUser user)
{
Member m = Member.GetMemberFromLoginName(user.UserName);
m.Email = user.Email;
// if supported, update approve status
UpdateMemberProperty(m, m_ApprovedPropertyTypeAlias, user.IsApproved);
// if supported, update lock status
UpdateMemberProperty(m, m_LockPropertyTypeAlias, user.IsLockedOut);
// if supported, update comment
UpdateMemberProperty(m, m_CommentPropertyTypeAlias, user.Comment);
m.Save();
}
/// <summary>
/// Gets information from the data source for a user based on the unique identifier for the membership user. Provides an option to update the last-activity date/time stamp for the user.
/// </summary>
/// <param name="providerUserKey">The unique identifier for the membership user to get information for.</param>
/// <param name="userIsOnline">true to update the last-activity date/time stamp for the user; false to return user information without updating the last-activity date/time stamp for the user.</param>
/// <returns>
/// A <see cref="T:System.Web.Security.MembershipUser"></see> object populated with the specified user's information from the data source.
/// </returns>
public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
{
if (String.IsNullOrEmpty(providerUserKey.ToString()))
{
return(null);
}
Member m = new Member(Convert.ToInt32(providerUserKey));
if (m == null)
{
return(null);
}
else
{
return(ConvertToMembershipUser(m));
}
}
/// <summary>
/// Gets information from the data source for a user. Provides an option to update the last-activity date/time stamp for the user.
/// </summary>
/// <param name="username">The name of the user to get information for.</param>
/// <param name="userIsOnline">true to update the last-activity date/time stamp for the user; false to return user information without updating the last-activity date/time stamp for the user.</param>
/// <returns>
/// A <see cref="T:System.Web.Security.MembershipUser"></see> object populated with the specified user's information from the data source.
/// </returns>
public override MembershipUser GetUser(string username, bool userIsOnline)
{
if (String.IsNullOrEmpty(username))
{
return(null);
}
Member m = Member.GetMemberFromLoginName(username);
if (m == null)
{
return(null);
}
else
{
return(ConvertToMembershipUser(m));
}
}
private static string GetMemberProperty(Member m, string propertyTypeAlias, bool isBool)
{
if (string.IsNullOrEmpty(propertyTypeAlias) == false)
{
if (m.getProperty(propertyTypeAlias) != null &&
m.getProperty(propertyTypeAlias).Value != null)
{
if (isBool)
{
// Umbraco stored true as 1, which means it can be bool.tryParse'd
return(m.getProperty(propertyTypeAlias).Value.ToString().Replace("1", "true").Replace("0", "false"));
}
return(m.getProperty(propertyTypeAlias).Value.ToString());
}
}
return(null);
}
/// <summary>
/// Converts to membership user.
/// </summary>
/// <param name="m">The m.</param>
/// <returns></returns>
private MembershipUser ConvertToMembershipUser(Member m)
{
if (m == null)
{
return(null);
}
else
{
DateTime lastLogin = DateTime.Now;
bool isApproved = true;
bool isLocked = false;
string comment = "";
string passwordQuestion = "";
// last login
if (!String.IsNullOrEmpty(m_LastLoginPropertyTypeAlias))
{
DateTime.TryParse(GetMemberProperty(m, m_LastLoginPropertyTypeAlias, false), out lastLogin);
}
// approved
if (!String.IsNullOrEmpty(m_ApprovedPropertyTypeAlias))
{
bool.TryParse(GetMemberProperty(m, m_ApprovedPropertyTypeAlias, true), out isApproved);
}
// locked
if (!String.IsNullOrEmpty(m_LockPropertyTypeAlias))
{
bool.TryParse(GetMemberProperty(m, m_LockPropertyTypeAlias, true), out isLocked);
}
// comment
if (!String.IsNullOrEmpty(m_CommentPropertyTypeAlias))
{
comment = GetMemberProperty(m, m_CommentPropertyTypeAlias, false);
}
// password question
if (!String.IsNullOrEmpty(m_PasswordRetrievalQuestionPropertyTypeAlias))
{
passwordQuestion = GetMemberProperty(m, m_PasswordRetrievalQuestionPropertyTypeAlias, false);
}
return(new MembershipUser(m_providerName, m.LoginName, m.Id, m.Email, passwordQuestion, comment, isApproved, isLocked, m.CreateDateTime, lastLogin,
DateTime.Now, DateTime.Now, DateTime.Now));
}
}
/// <summary>
/// Clears a lock so that the membership user can be validated.
/// </summary>
/// <param name="userName">The membership user to clear the lock status for.</param>
/// <returns>
/// true if the membership user was successfully unlocked; otherwise, false.
/// </returns>
public override bool UnlockUser(string userName)
{
if (string.IsNullOrEmpty(LockPropertyTypeAlias) == false)
{
var m = Member.GetMemberFromLoginName(userName);
if (m != null)
{
UpdateMemberProperty(m, LockPropertyTypeAlias, 0);
if (string.IsNullOrEmpty(FailedPasswordAttemptsPropertyTypeAlias) == false)
{
UpdateMemberProperty(m, FailedPasswordAttemptsPropertyTypeAlias, 0);
}
m.Save();
return(true);
}
throw new ProviderException(string.Format("No member with the username '{0}' found", userName));
}
throw new ProviderException("To enable lock/unlocking, you need to add a 'bool' property on your membertype and add the alias of the property in the 'umbracoLockPropertyTypeAlias' attribute of the membership element in the web.config.");
}
public byte[] fetchProtectedPackage(string packageGuid, string memberKey)
{
//Guid package = new Guid(packageGuid);
byte[] packageByteArray = new byte[0];
Package pack = PackageByGuid(packageGuid);
umbraco.cms.businesslogic.member.Member mem = new umbraco.cms.businesslogic.member.Member(new Guid(memberKey));
umbraco.cms.businesslogic.contentitem.ContentItem packageNode = packageContentItem(packageGuid);
if (pack.Protected && Access.HasAccess(packageNode.Id, packageNode.Path, System.Web.Security.Membership.GetUser(mem.Id)))
{
string FilePath = Server.MapPath(packageNode.getProperty("package").Value.ToString());
System.IO.FileStream fs1 = null;
fs1 = System.IO.File.Open(FilePath, FileMode.Open, FileAccess.Read);
packageByteArray = new byte[fs1.Length];
fs1.Read(packageByteArray, 0, (int)fs1.Length);
fs1.Close();
int downloads = 0;
string downloadsVal = packageNode.getProperty("downloads").Value.ToString();
if (downloadsVal != "")
downloads = int.Parse(downloadsVal);
downloads++;
packageNode.getProperty("downloads").Value = downloads;
packageNode.Save();
}
return packageByteArray;
}
public static void AddMemberToPotentialSpamGroup(Member member)
{
var memberGroup = MemberGroup.GetByName(SpamMemberGroupName);
if (memberGroup == null)
MemberGroup.MakeNew(SpamMemberGroupName, new User(0));
memberGroup = MemberGroup.GetByName(SpamMemberGroupName);
member.AddGroup(memberGroup.Id);
}
private bool CheckApproveStatus(Member m)
{
bool isApproved = false;
if (!String.IsNullOrEmpty(m_ApprovedPropertyTypeAlias))
{
if (m != null)
{
string approveStatus = GetMemberProperty(m, m_ApprovedPropertyTypeAlias, true);
if (!String.IsNullOrEmpty(approveStatus))
{
bool.TryParse(approveStatus, out isApproved);
}
}
}
else {
// if we don't use approve statuses
isApproved = true;
}
return isApproved;
}
/// <summary>
/// Gets information from the data source for a user based on the unique identifier for the membership user. Provides an option to update the last-activity date/time stamp for the user.
/// </summary>
/// <param name="providerUserKey">The unique identifier for the membership user to get information for.</param>
/// <param name="userIsOnline">true to update the last-activity date/time stamp for the user; false to return user information without updating the last-activity date/time stamp for the user.</param>
/// <returns>
/// A <see cref="T:System.Web.Security.MembershipUser"></see> object populated with the specified user's information from the data source.
/// </returns>
public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
{
if (String.IsNullOrEmpty(providerUserKey.ToString()))
return null;
Member m = new Member(Convert.ToInt32(providerUserKey));
if (m == null) return null;
else return ConvertToMembershipUser(m);
}
/// <summary>
/// Gets information from the data source for a user based on the unique identifier for the membership user. Provides an option to update the last-activity date/time stamp for the user.
/// </summary>
/// <param name="providerUserKey">The unique identifier for the membership user to get information for.</param>
/// <param name="userIsOnline">true to update the last-activity date/time stamp for the user; false to return user information without updating the last-activity date/time stamp for the user.</param>
/// <returns>
/// A <see cref="T:System.Web.Security.MembershipUser"></see> object populated with the specified user's information from the data source.
/// </returns>
public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
{
var asGuid = providerUserKey.TryConvertTo<Guid>();
if (asGuid.Success)
{
var m = new Member(asGuid.Result);
return ConvertToMembershipUser(m);
}
var asInt = providerUserKey.TryConvertTo<int>();
if (asInt.Success)
{
var m = new Member(asInt.Result);
return ConvertToMembershipUser(m);
}
throw new InvalidOperationException("The " + GetType() + " provider only supports GUID or Int as a providerUserKey");
}
/// <summary>
/// Converts to membership user.
/// </summary>
/// <param name="m">The m.</param>
/// <returns></returns>
private MembershipUser ConvertToMembershipUser(Member m)
{
if (m == null) return null;
else
{
DateTime lastLogin = DateTime.Now;
bool isApproved = true;
bool isLocked = false;
string comment = "";
string passwordQuestion = "";
// last login
if (!String.IsNullOrEmpty(m_LastLoginPropertyTypeAlias))
{
DateTime.TryParse(GetMemberProperty(m, m_LastLoginPropertyTypeAlias, false), out lastLogin);
}
// approved
if (!String.IsNullOrEmpty(m_ApprovedPropertyTypeAlias))
{
bool.TryParse(GetMemberProperty(m, m_ApprovedPropertyTypeAlias, true), out isApproved);
}
// locked
if (!String.IsNullOrEmpty(m_LockPropertyTypeAlias))
{
bool.TryParse(GetMemberProperty(m, m_LockPropertyTypeAlias, true), out isLocked);
}
// comment
if (!String.IsNullOrEmpty(m_CommentPropertyTypeAlias))
{
comment = GetMemberProperty(m, m_CommentPropertyTypeAlias, false);
}
// password question
if (!String.IsNullOrEmpty(m_PasswordRetrievalQuestionPropertyTypeAlias))
{
passwordQuestion = GetMemberProperty(m, m_PasswordRetrievalQuestionPropertyTypeAlias, false);
}
return new MembershipUser(m_providerName, m.LoginName, m.Id, m.Email, passwordQuestion, comment, isApproved, isLocked, m.CreateDateTime, lastLogin,
DateTime.Now, DateTime.Now, DateTime.Now);
}
}
public static Member GetMember(int id)
{
Member m = Member.GetMemberFromCache(id);
if (m == null)
m = new Member(id);
return m;
}
//used by the repo webservice
public static SubmitStatus SubmitPackageAsProject(string authorGuid, string packageGuid, byte[] packageFile, byte[] packageDoc, byte[] packageThumbnail, string name, string description)
{
try
{
if (packageFile.Length == 0)
return SubmitStatus.Error;
umbraco.cms.businesslogic.member.Member mem = new umbraco.cms.businesslogic.member.Member(new Guid(authorGuid));
Package packageNode = uRepo.Packages.GetPackageByGuid( new Guid(packageGuid));
if (mem != null)
{
//existing package...
if (packageNode != null)
{
return SubmitStatus.Exists;
}
else
{
Document d = Document.MakeNew(name, DocumentType.GetByAlias(_projectAlias), new umbraco.BusinessLogic.User(0), _projectsRoot);
d.getProperty("version").Value = "1.0";
d.getProperty("description").Value = description;
d.getProperty("stable").Value = false;
d.getProperty("demoUrl").Value = "";
d.getProperty("sourceUrl").Value = "";
d.getProperty("websiteUrl").Value = "";
d.getProperty("licenseUrl").Value = "";
d.getProperty("licenseName").Value = "";
d.getProperty("vendorUrl").Value = "";
d.getProperty("owner").Value = mem.Id;
d.getProperty("packageGuid").Value = packageGuid;
uWiki.Businesslogic.WikiFile wf = uWiki.Businesslogic.WikiFile.Create(name,"zip", d.UniqueId, mem.UniqueId, packageFile, "package", new List<UmbracoVersion>(){UmbracoVersion.DefaultVersion()});
d.getProperty("file").Value = wf.Id;
//Create Documentation
if (packageDoc.Length > 0)
{
uWiki.Businesslogic.WikiFile doc = uWiki.Businesslogic.WikiFile.Create("documentation", "pdf", d.UniqueId, mem.UniqueId, packageDoc, "docs", new List<UmbracoVersion>() { UmbracoVersion.DefaultVersion() });
d.getProperty("documentation").Value = doc.Id;
}
d.XmlGenerate(new XmlDocument());
d.Save();
d.Publish(new umbraco.BusinessLogic.User(0));
umbraco.library.UpdateDocumentCache(d.Id);
return SubmitStatus.Complete;
}
}
else
{
return SubmitStatus.NoAccess;
}
}
catch (Exception ex)
{
umbraco.BusinessLogic.Log.Add(umbraco.BusinessLogic.LogTypes.Debug, -1, ex.ToString());
return SubmitStatus.Error;
}
}
/// <summary>
/// Converts to membership user.
/// </summary>
/// <param name="m">The m.</param>
/// <returns></returns>
private MembershipUser ConvertToMembershipUser(Member m)
{
if (m == null) return null;
var lastLogin = DateTime.Now;
var lastLocked = DateTime.MinValue;
var isApproved = true;
var isLocked = false;
var comment = "";
var passwordQuestion = "";
// last login
if (string.IsNullOrEmpty(_lastLoginPropertyTypeAlias) == false)
{
DateTime.TryParse(GetMemberProperty(m, _lastLoginPropertyTypeAlias, false), out lastLogin);
}
// approved
if (string.IsNullOrEmpty(ApprovedPropertyTypeAlias) == false)
{
bool.TryParse(GetMemberProperty(m, ApprovedPropertyTypeAlias, true), out isApproved);
}
// locked
if (string.IsNullOrEmpty(LockPropertyTypeAlias) == false)
{
bool.TryParse(GetMemberProperty(m, LockPropertyTypeAlias, true), out isLocked);
}
// last locked
if (string.IsNullOrEmpty(_lastLockedOutPropertyTypeAlias) == false)
{
DateTime.TryParse(GetMemberProperty(m, _lastLockedOutPropertyTypeAlias, false), out lastLocked);
}
// comment
if (string.IsNullOrEmpty(CommentPropertyTypeAlias) == false)
{
comment = GetMemberProperty(m, CommentPropertyTypeAlias, false);
}
// password question
if (string.IsNullOrEmpty(_passwordRetrievalQuestionPropertyTypeAlias) == false)
{
passwordQuestion = GetMemberProperty(m, _passwordRetrievalQuestionPropertyTypeAlias, false);
}
return new MembershipUser(_providerName, m.LoginName, m.Id, m.Email, passwordQuestion, comment, isApproved, isLocked, m.CreateDateTime, lastLogin,
DateTime.Now, DateTime.Now, lastLocked);
}
private bool CheckApproveStatus(Member m)
{
var isApproved = false;
if (string.IsNullOrEmpty(ApprovedPropertyTypeAlias) == false)
{
if (m != null)
{
var approveStatus = GetMemberProperty(m, ApprovedPropertyTypeAlias, true);
if (string.IsNullOrEmpty(approveStatus) == false)
{
//try parsing as bool first (just in case)
if (bool.TryParse(approveStatus, out isApproved) == false)
{
int intStatus;
//if that fails, try parsing as int (since its normally stored as 0 or 1)
if (int.TryParse(approveStatus, out intStatus))
{
isApproved = intStatus != 0;
}
}
}
else
{
//There is no property so we shouldn't use the approve status
isApproved = true;
}
}
}
else {
// if we don't use approve statuses
isApproved = true;
}
return isApproved;
}
public static void SendMemberSignupMail(Member member)
{
try
{
var ipAddress = GetIpAddress();
var client = new RestClient("http://api.stopforumspam.org");
var request = new RestRequest(string.Format("api?ip={0}&email={1}&f=json", ipAddress, HttpUtility.UrlEncode(member.Email)), Method.GET);
var response = client.Execute(request);
var jsonResult = new JsonDeserializer();
var spamCheckResult = jsonResult.Deserialize<SpamCheckResult>(response);
var spammer = new SpamResult
{
MemberId = member.Id,
Name = member.Text,
Company = member.GetProperty<string>("company"),
Bio = member.GetProperty<string>("profileText"),
Email = member.Email,
Ip = ipAddress
};
if (spamCheckResult.Success == 1)
{
var score = spamCheckResult.Ip.Confidence + spamCheckResult.Email.Confidence;
var blocked = score > SpamBlockThreshold;
spammer.ScoreEmail = spamCheckResult.Email.Confidence.ToString(CultureInfo.InvariantCulture);
spammer.FrequencyEmail = spamCheckResult.Email.Frequency.ToString(CultureInfo.InvariantCulture);
spammer.ScoreIp = spamCheckResult.Ip.Confidence.ToString(CultureInfo.InvariantCulture);
spammer.FrequencyIp = spamCheckResult.Ip.Frequency.ToString(CultureInfo.InvariantCulture);
spammer.Blocked = blocked;
spammer.TotalScore = score;
SendNewMemberMail(spammer);
}
else
{
Log.Add(LogTypes.Error, -1, string.Format("Error checking stopforumspam.org {0}", spamCheckResult.Error));
}
}
catch (Exception ex)
{
Log.Add(LogTypes.Error, -1, string.Format("Error checking stopforumspam.org {0}", ex.Message + ex.StackTrace));
}
}
private static void UpdateMemberProperty(Member m, string propertyAlias, object propertyValue)
{
if (string.IsNullOrEmpty(propertyAlias) == false)
{
if (m.getProperty(propertyAlias) != null)
{
m.getProperty(propertyAlias).Value = propertyValue;
}
}
}
private static string GetMemberProperty(Member m, string propertyAlias, bool isBool)
{
if (string.IsNullOrEmpty(propertyAlias) == false)
{
if (m.getProperty(propertyAlias) != null &&
m.getProperty(propertyAlias).Value != null)
{
if (isBool)
{
// Umbraco stored true as 1, which means it can be bool.tryParse'd
return m.getProperty(propertyAlias).Value.ToString().Replace("1", "true").Replace("0", "false");
}
return m.getProperty(propertyAlias).Value.ToString();
}
}
return null;
}
public static SpamResult CheckForSpam(Member member)
{
try
{
// Already blocked, nothing left to do here
if (member.getProperty("blocked") != null && member.getProperty("blocked").Value != null && member.getProperty("blocked").Value.ToString() == "1")
{
return new SpamResult
{
MemberId = member.Id,
Name = member.Text,
Blocked = true
};
}
// If reputation is > ReputationThreshold they've got enough karma, spammers never get that far
var reputation = string.Empty;
if (member.getProperty("reputationTotal") != null && member.getProperty("reputationTotal").Value != null)
reputation = member.getProperty("reputationTotal").Value.ToString();
int reputationTotal;
if (int.TryParse(reputation, out reputationTotal) && reputationTotal > ReputationThreshold)
return null;
// If they're already marked as suspicious then no need to process again
if (Roles.IsUserInRole(member.LoginName, SpamMemberGroupName))
{
return new SpamResult
{
MemberId = member.Id,
Name = member.Text,
AlreadyInSpamRole = true
};
}
var spammer = CheckForSpam(member.Email, member.Text, false);
if (spammer != null && spammer.TotalScore > PotentialSpammerThreshold)
{
AddMemberToPotentialSpamGroup(member);
spammer.MemberId = member.Id;
SendPotentialSpamMemberMail(spammer);
if (spammer.Blocked)
{
member.getProperty("blocked").Value = true;
member.Save();
// If blocked, just redirect them to the home page where they'll get a message saying they're blocked
HttpContext.Current.Response.Redirect("/");
}
}
}
catch (Exception ex)
{
Log.Add(LogTypes.Error, new User(0), -1, string.Format("Error trying to CheckForSpam for a member {0} {1} {2}", ex.Message, ex.StackTrace, ex.InnerException));
}
return null;
}
public static bool IsHq(int id)
{
Member m = new Member(id);
return m.Groups.ContainsKey(MemberGroup.GetByName("HQ").Id);
}
public void SetContactId(string userName, int contactId)
{
ProfileBase profile = ProfileBase.Create(userName);
profile.SetPropertyValue("contactId", contactId.ToString());
profile.Save();
//TODO: do we need all this?
try
{
//having to update membership in this convoluted way because of Umbraco bug
//see http://umbraco.codeplex.com/workitem/30789
var updateMember = Membership.GetUser(userName);
var m = new umbraco.cms.businesslogic.member.Member((int)updateMember.ProviderUserKey);
//m.LoginName = contact.Email;
//m.Email = contact.Email;
m.Save();
FormsAuthentication.SetAuthCookie(userName, true);
}
catch (Exception e)
{
string err = e.ToString();
}
//var updateMember = Membership.GetUser(contact.UserName);
}
public static void RemoveMemberFromPotentialSpamGroup(Member member)
{
var memberGroup = MemberGroup.GetByName(SpamMemberGroupName);
if (memberGroup == null)
MemberGroup.MakeNew(SpamMemberGroupName, new User(0));
memberGroup = MemberGroup.GetByName(SpamMemberGroupName);
member.RemoveGroup(memberGroup.Id);
}
