예제 #1
0
        protected override void RenderAttributes(HtmlTextWriter writer)
        {
            StringWriter stringWriter = new StringWriter();
            HtmlTextWriter htmlWriter = new HtmlTextWriter(stringWriter);
            base.RenderAttributes(htmlWriter);
            string html = stringWriter.ToString();

            // Locate and replace action attribute
            int startPoint = html.IndexOf("action=\"");
            if (startPoint >= 0) //does action exist?
            {
                int endPoint = html.IndexOf("\"", startPoint + 8) + 1;
                html = html.Remove(startPoint, endPoint - startPoint);
                PortalSecurity objSecurity = new PortalSecurity();
                html = html.Insert(startPoint, "action=\"" + objSecurity.InputFilter(HttpContext.Current.Request.RawUrl, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup) + "\"");
            }

            //' Locate and replace id attribute
            if (base.ID != null)
            {
                startPoint = html.IndexOf("id=\"");
                if (startPoint >= 0) //does id exist?
                {
                    int EndPoint = html.IndexOf("\"", startPoint + 4) + 1;
                    html = html.Remove(startPoint, EndPoint - startPoint);
                    html = html.Insert(startPoint, "id=\"" + base.ClientID + "\"");
                }
            }

            writer.Write(html);
        }
 private static string GetFilteredValue(PortalSecurity objSecurity, string value)
 {
     return objSecurity.InputFilter(
         value,
         PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets
         | PortalSecurity.FilterFlag.NoMarkup);
 }
예제 #3
0
 protected void linklogin_Click(object sender, EventArgs e)
 {
     DotNetNuke.Security.PortalSecurity users = new DotNetNuke.Security.PortalSecurity();
     string username = txtusername.Text.ToString();
     string password = txtpassword.Text.ToString();
     string portalname = PortalSettings.PortalName.ToString();
     int pid = PortalId;
     int userfound;
      userfound = users.UserLogin(username.ToString(), password.ToString(), pid, portalname, "127.0.0.1", true);
      if (userfound == -1)
      {
          //lblLoginError.Text = "Invalid username or password";
          Page.RegisterClientScriptBlock("!","<script type=\"text/javascript\">alert(\"Username and Password incorrect\");</script>");
      }
      else 
      {
          string currentpage = Page.Request.Url.AbsoluteUri.ToString();
          Response.Redirect(currentpage.ToString());
      
      }
   
     
         
   
     
 }
        public string BecomeUser(int userToBecomeId, int currentlyLoggedInUser, HttpContext context, PortalSettings portalSettings, HttpSessionState sessionState)
        {
            string url = string.Empty;
            string sessionStateName = string.Empty;
            if (Settings[ModuleSettingsNames.SessionObject] != null)
                sessionStateName = Settings[ModuleSettingsNames.SessionObject].ToString();
            if (userToBecomeId > 0)
            {
                DataCache.ClearUserCache(portalSettings.PortalId, context.User.Identity.Name);
                PortalSecurity portalSecurity = new PortalSecurity();
                portalSecurity.SignOut();

                UserInfo newUserInfo = UserController.GetUserById(portalSettings.PortalId, userToBecomeId);

                if (newUserInfo != null)
                {
                    sessionState.Contents[sessionStateName] = null;
                    UserController.UserLogin(portalSettings.PortalId, newUserInfo, portalSettings.PortalName, HttpContext.Current.Request.UserHostAddress, false);

                    if (currentlyLoggedInUser != 0)
                    {
                        sessionState[sessionStateName] = currentlyLoggedInUser;
                    }
                    else
                    {
                        sessionState[sessionStateName] = null;
                    }
                    url = (context.Request.UrlReferrer.AbsoluteUri);
                }
            }

            return url;
        }
예제 #5
0
 protected void linksignout_Click(object sender, EventArgs e)
 {
     DotNetNuke.Security.PortalSecurity signout = new DotNetNuke.Security.PortalSecurity();
     signout.SignOut();
     string currentpage = Page.Request.Url.AbsoluteUri.ToString();
     Response.Redirect(currentpage.ToString());
 }
예제 #6
0
        public void SaveComment(CommentInfo comment)
        {
            var portalSecurity = new PortalSecurity();
            if (!String.IsNullOrEmpty(comment.Comment))
            {
                comment.Comment = HttpUtility.HtmlDecode(portalSecurity.InputFilter(comment.Comment, PortalSecurity.FilterFlag.NoScripting));
                comment.Comment = portalSecurity.InputFilter(comment.Comment, Security.PortalSecurity.FilterFlag.NoMarkup);
            }
            //TODO: enable once the profanity filter is working properly.
            //objCommentInfo.Comment = portalSecurity.Remove(objCommentInfo.Comment, DotNetNuke.Security.PortalSecurity.ConfigType.ListController, "ProfanityFilter", DotNetNuke.Security.PortalSecurity.FilterScope.PortalList);

            if (comment.Comment != null && comment.Comment.Length > 2000)
            {
                comment.Comment = comment.Comment.Substring(0, 1999);
            }
            string xml = null;
            if (comment.CommentXML != null)
            {
                xml = comment.CommentXML.OuterXml;
            }

            comment.CommentId = _dataService.Journal_Comment_Save(comment.JournalId, comment.CommentId, comment.UserId, comment.Comment, xml);
            var newComment = GetComment(comment.CommentId);
            comment.DateCreated = newComment.DateCreated;
            comment.DateUpdated = newComment.DateUpdated;
        }
예제 #7
0
			public static string FilterScripts(string text)
			{
				if (string.IsNullOrEmpty(text))
				{
					return string.Empty;
				}
				PortalSecurity objPortalSecurity = new PortalSecurity();
				try
				{
					text = objPortalSecurity.InputFilter(text, PortalSecurity.FilterFlag.NoScripting);
				}
				catch (Exception ex)
				{

				}

				string pattern = "<script.*/*>|</script>|<[a-zA-Z][^>]*=['\"]+javascript:\\w+.*['\"]+>|<\\w+[^>]*\\son\\w+=.*[ /]*>";
				text = Regex.Replace(text, pattern, string.Empty, RegexOptions.IgnoreCase);
				string strip = "/*,*/,alert,document.,window.,eval(,eval[,@import,vbscript,javascript,jscript,msgbox";
				foreach (string s in strip.Split(','))
				{
					if (text.ToUpper().Contains(s.ToUpper()))
					{
						text = text.Replace(s.ToUpper(), string.Empty);
						text = text.Replace(s, string.Empty);
					}
				}
				return text;
			}
예제 #8
0
 public static string DecryptParameter( string Value )
 {
     PortalSettings _portalSettings = PortalController.GetCurrentPortalSettings();
     string strKey = _portalSettings.GUID.ToString(); // restrict the key to 6 characters to conserve space
     PortalSecurity objSecurity = new PortalSecurity();
     return objSecurity.Decrypt( strKey, Value );
 }
예제 #9
0
 private void OnSaveClick(object sender, EventArgs e)
 {
     PortalSecurity ps = new PortalSecurity();
     PortalController.UpdatePortalSetting(PortalId, "Store_Username", ps.EncryptString(txtUsername.Text, Config.GetDecryptionkey()));
     PortalController.UpdatePortalSetting(PortalId, "Store_Password", ps.EncryptString(txtPassword.Text, Config.GetDecryptionkey()));
     Response.Redirect(Globals.NavigateURL());
 }
예제 #10
0
        protected override void OnLoad(EventArgs e)
        {
            base.OnLoad(e);

            var objSecurity = new PortalSecurity();
            if ((Request.Params["Tag"] != null))
            {
                _tagQuery = HttpContext.Current.Server.HtmlEncode(objSecurity.InputFilter(Request.Params["Tag"], PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoMarkup));
            }

            if (_tagQuery.Length > 0)
            {
            //                if (!Page.IsPostBack)
            //                {
                    BindData();
            //                }
            }
            else
            {
                if (IsEditable)
                {
                   UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ModuleHidden", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError);
                }
                else
                {
                    ContainerControl.Visible = false;
                }
            }
        }
예제 #11
0
파일: Edit.ascx.cs 프로젝트: hnjm/DNN.Wiki
        /// <summary>
        /// Saves the and continue.
        /// </summary>
        private void SaveAndContinue()
        {
            SharedEnum.CrudOperation crudOperation = SharedEnum.CrudOperation.Insert;
            try
            {
                DotNetNuke.Security.PortalSecurity objSec = new DotNetNuke.Security.PortalSecurity();
                this.SaveTopic(
                    HttpUtility.HtmlDecode(
                        objSec.InputFilter(objSec.InputFilter(this.teContent.Text, PortalSecurity.FilterFlag.NoMarkup), PortalSecurity.FilterFlag.NoScripting)),
                    this.AllowDiscuss.Checked,
                    this.AllowRating.Checked,
                    objSec.InputFilter(WikiMarkup.DecodeTitle(this.txtTitle.Text.Trim()), PortalSecurity.FilterFlag.NoMarkup),
                    objSec.InputFilter(this.txtDescription.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup),
                    objSec.InputFilter(this.txtKeywords.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup),
                    out crudOperation);
            }
            catch (TopicValidationException exc)
            {
                switch (exc.CrudError)
                {
                case DotNetNuke.Wiki.BusinessObjects.TopicBO.TopicError.DUPLICATENAME:
                    this.Messages.ShowWarning(Localization.GetString("WarningDUPLICATENAME", this.LocalResourceFile));
                    break;

                default:
                    throw exc;
                }
            }

            this.PostTopicToDNNJournal(crudOperation);
        }
예제 #12
0
 public static string DecryptParameter(string value, string encryptionKey)
 {
     var objSecurity = new PortalSecurity();
     //[DNN-8257] - Can't do URLEncode/URLDecode as it introduces issues on decryption (with / = %2f), so we use a modifed Base64
     value = value.Replace("_", "/");
     value = value.Replace("-", "+");
     value = value.Replace("%3d", "=");
     return objSecurity.Decrypt(encryptionKey, value);
 }
예제 #13
0
 public SubscriberInfo()
 {
     ID = Guid.NewGuid().ToString();
     Name = "";
     Description = "";
     Address = "";
     var oPortalSecurity = new PortalSecurity();
     PrivateKey = oPortalSecurity.CreateKey(16);
 }
예제 #14
0
 public SubscriberInfo()
 {
     this._id = Guid.NewGuid().ToString();
     this._name = "";
     this._description = "";
     this._address = "";
     PortalSecurity portalSecurity = new PortalSecurity();
     this._privateKey = portalSecurity.CreateKey( 16 );
 }
 public static string StripHTMLTags(string Text, bool RetainWhiteSpace)
 {
     DotNetNuke.Security.PortalSecurity ps = new DotNetNuke.Security.PortalSecurity();
     Text = ps.InputFilter(Text, PortalSecurity.FilterFlag.NoScripting);
     Text = Regex.Replace(Text, "<(.|\\n)*?>", " ");
     if (!RetainWhiteSpace)
     {
         Text = Regex.Replace(Text, "\\s{2,}", " ").Trim();
     }
     return(Text);
 }
        private void GetFile(string fileAction, string fileId)
        {
            string fileCheck = Localization.GetString("StoreFile", LocalResourceFile);
            string postData = "";
            Dictionary<string, string> settings = PortalController.GetPortalSettingsDictionary(ModuleContext.PortalId);
            var ps = new PortalSecurity();
            string username = ps.DecryptString(settings["Store_Username"], Config.GetDecryptionkey());
            string password = ps.DecryptString(settings["Store_Password"], Config.GetDecryptionkey());
            postData = postData + "username="******"&password="******"&fileid=" + fileId;

            WebRequest request = WebRequest.Create(fileCheck);

            request.Method = "POST";
            // Create POST data and convert it to a byte array.

            byte[] byteArray = Encoding.UTF8.GetBytes(postData);

            request.ContentType = "application/x-www-form-urlencoded";
            request.ContentLength = byteArray.Length;

            Stream dataStream = request.GetRequestStream();
            dataStream.Write(byteArray, 0, byteArray.Length);
            dataStream.Close();

            WebResponse wr = request.GetResponse();
            string myfile = "";
            string cd = wr.Headers["Content-Disposition"];
            if (cd != null && cd.Trim() != "" && cd.StartsWith("inline;filename="))
            {
                myfile = cd.Replace("inline;filename=", "");
            }

            var objResponse = HttpContext.Current.Response;

            if (fileAction == "download")
            {
                objResponse.AppendHeader("Content-Disposition", "attachment; filename=\"" + myfile + "\"");
                objResponse.AppendHeader("Content-Length", wr.ContentLength.ToString());
                objResponse.ContentType = wr.ContentType;

                const int bufferLength = 4096;
                byte[] byteBuffer = new byte[bufferLength];
                Stream rs = wr.GetResponseStream();
                int len = 0;
                while ((len = rs.Read(byteBuffer, 0, byteBuffer.Length)) > 0)
                {
                    if (len < bufferLength)
                    { objResponse.BinaryWrite(byteBuffer.Take(len).ToArray()); }
                    else
                    { objResponse.BinaryWrite(byteBuffer); }
                    objResponse.Flush();
                }
            }
        }
예제 #17
0
        public void Html_Source_Tag_Should_Not_Be_Allowed(string html, string expectedOutput,
                                                          DotNetNuke.Security.PortalSecurity.FilterFlag markup)
        {
            //Arrange
            var portalSecurity = new DotNetNuke.Security.PortalSecurity();

            //Act
            var filterOutput = portalSecurity.InputFilter(html, markup);

            //Assert
            Assert.AreEqual(filterOutput, expectedOutput);
        }
예제 #18
0
        protected void btnProcess_Click(object sender, EventArgs e)
        {
            Page.Validate();
            if (!Page.IsValid)
            {
                return;
            }

            StoreInfo storeInfo = CheckoutControl.StoreData;
            IAddressInfo shippingAddress = CheckoutControl.ShippingAddress;
            IAddressInfo billingAddress = CheckoutControl.BillingAddress;
            OrderInfo orderInfo = CheckoutControl.GetFinalizedOrderInfo();
            //lblOrderNumber.Text = orderInfo.OrderID.ToString();

            PortalSecurity security = new PortalSecurity();

            TransactionDetails transaction = new TransactionDetails();
            //transaction.CardType = (TransactionDetails.CardTypes)Enum.Parse(typeof(TransactionDetails.CardTypes), rbCard.SelectedValue);
            //transaction.CardType = null;
            transaction.CardNumber = security.InputFilter(txtNumber.Text, PortalSecurity.FilterFlag.NoMarkup | PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoSQL);;
            //transaction.NameOnCard = security.InputFilter(txtName.Text, PortalSecurity.FilterFlag.NoMarkup | PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoSQL);;
            transaction.NameOnCard = string.Empty;
            transaction.VerificationCode = int.Parse(txtVer.Text);
            transaction.ExpirationMonth = int.Parse(ddlMonth.SelectedValue);
            transaction.ExpirationYear = int.Parse(ddlYear.SelectedValue);

            if (transaction.IsValid())
            {
                AuthNetGatewayProvider provider = new AuthNetGatewayProvider(storeInfo.GatewaySettings);

                TransactionResult orderResult = provider.ProcessTransaction(shippingAddress, billingAddress, orderInfo, transaction.ToString());
                if (!orderResult.Succeeded)
                {
                    litError.Text = Localization.GetString(orderResult.Message.ToString(), this.LocalResourceFile);
                }
                else
                {
                    invokePaymentSucceeded();

                    //Clear basket
                    CurrentCart.ClearItems(PortalId);

                    //Clear cookies
                    SetOrderIdCookie(-1);
                }
            }
            else
            {
                litError.Text = Localization.GetString("ErrorCardNotValid", this.LocalResourceFile);
            }
        }
        public string[] GetTagsCompletionList(string prefixText, int count, string contextKey)
        {
            var objSecurity = new PortalSecurity();

            DataTable dt = Tag.GetTagsByString(objSecurity.InputFilter(HttpUtility.UrlDecode(prefixText), PortalSecurity.FilterFlag.NoSQL), Convert.ToInt32(contextKey, CultureInfo.InvariantCulture));

            var returnTags = new string[dt.Rows.Count];
            foreach (DataRow dr in dt.Rows)
            {
                returnTags[0] = dr["name"].ToString();
            }

            return returnTags;
        }
예제 #20
0
        protected override void OnLoad(EventArgs e)
        {
            base.OnLoad(e);

            if (!Page.IsPostBack)
            {
                PortalSecurity ps = new PortalSecurity();
                Dictionary<string, string> settings = PortalController.GetPortalSettingsDictionary(ModuleContext.PortalId);
                if (settings.ContainsKey("Store_Username"))
                { txtUsername.Text = ps.DecryptString(settings["Store_Username"], Config.GetDecryptionkey()); }

                if (settings.ContainsKey("Store_Username"))
                { txtPassword.Text = ps.DecryptString(settings["Store_Password"], Config.GetDecryptionkey()); }
            }
        }
예제 #21
0
		private void DoLogoff()
		{
			try
			{
				//Remove user from cache
				if (User != null)
				{
					DataCache.ClearUserCache(PortalSettings.PortalId, Context.User.Identity.Name);
				}
				var objPortalSecurity = new PortalSecurity();
				objPortalSecurity.SignOut();
			}
			catch (Exception exc)	//Page failed to load
			{
				Exceptions.ProcessPageLoadException(exc);
			}
		}
예제 #22
0
        /// <summary>
        /// Handles the Click event of the SubmitButton control.
        /// </summary>
        /// <param name="sender">The source of the event.</param>
        /// <param name="e">The <see cref="System.EventArgs"/> instance containing the event
        /// data.</param>
        private void SubmitButton_Click(object sender, System.EventArgs e)
        {
            using (UnitOfWork uOw = new UnitOfWork())
            {
                var commentBo = new CommentBO(uOw);

                string commentText = this.txtComment.Text;
                DotNetNuke.Security.PortalSecurity objSec = new DotNetNuke.Security.PortalSecurity();

                if (commentText.Length > this.CommentsMaxLength)
                {
                    commentText = commentText.Substring(0, this.CommentsMaxLength);
                }
                ////4.8.3 has better control for NoMarkup
                var comment = new Comment
                {
                    ParentId    = this.ParentId,
                    Name        = objSec.InputFilter(this.txtName.Text, DotNetNuke.Security.PortalSecurity.FilterFlag.NoMarkup),
                    Email       = objSec.InputFilter(this.txtEmail.Text, DotNetNuke.Security.PortalSecurity.FilterFlag.NoMarkup),
                    CommentText = objSec.InputFilter(commentText, PortalSecurity.FilterFlag.NoMarkup),
                    Ip          = objSec.InputFilter(this.Context.Request.ServerVariables["REMOTE_ADDR"], DotNetNuke.Security.PortalSecurity.FilterFlag.NoMarkup),
                    EmailNotify = this.chkSubscribeToNotifications.Checked,
                    Datetime    = DateTime.Now
                };
                comment = commentBo.Add(comment);

                ////send the notification
                var topic = new TopicBO(uOw).Get(this.ParentId);
                DNNUtils.SendNotifications(uOw, topic, comment.Name, comment.Email, comment.CommentText, comment.Ip);
                this.mSuccessValue = comment.CommentId > 0;

                if (this.mSuccessValue)
                {
                    this.txtName.Text    = string.Empty;
                    this.txtEmail.Text   = string.Empty;
                    this.txtComment.Text = string.Empty;
                    this.Context.Cache.Remove("WikiComments" + this.ParentId.ToString());
                    if (this.PostSubmitted != null)
                    {
                        this.PostSubmitted(this);
                    }
                }
            }
        }
예제 #23
0
 public HttpResponseMessage Login(loginDTO postData)
 {
     UserLoginStatus loginStatus = UserLoginStatus.LOGIN_FAILURE;
     string userName = new PortalSecurity().InputFilter(postData.Username,
         PortalSecurity.FilterFlag.NoScripting |
         PortalSecurity.FilterFlag.NoAngleBrackets |
         PortalSecurity.FilterFlag.NoMarkup);
     var objUser = UserController.ValidateUser(PortalSettings.PortalId, userName, postData.Password, "DNN", string.Empty, PortalSettings.PortalName, AuthenticationLoginBase.GetIPAddress(), ref loginStatus);
     switch (loginStatus)
     {
         case UserLoginStatus.LOGIN_SUCCESS:
         case UserLoginStatus.LOGIN_SUPERUSER:
         case UserLoginStatus.LOGIN_INSECUREADMINPASSWORD:
         case UserLoginStatus.LOGIN_INSECUREHOSTPASSWORD:
             UserController.UserLogin(PortalSettings.PortalId, objUser, "", AuthenticationLoginBase.GetIPAddress(), postData.sc);
             return Request.CreateResponse(HttpStatusCode.OK, loginStatus.ToString());
         default:
             return Request.CreateResponse(HttpStatusCode.Unauthorized, loginStatus.ToString());
     }
 }
        public string GetProperty(string strPropertyName, string strFormat, CultureInfo formatProvider,
                                  UserInfo accessingUser, Scope accessLevel, ref bool propertyNotFound)
        {
            if (_nameValueCollection == null)
                return string.Empty;
            var value = _nameValueCollection[strPropertyName];

            if (string.IsNullOrEmpty(strFormat)) strFormat = string.Empty;
            if (value != null)
            {
                var security = new PortalSecurity();
                value = security.InputFilter(value, PortalSecurity.FilterFlag.NoScripting);
                return security.InputFilter(PropertyAccess.FormatString(value, strFormat),
                                            PortalSecurity.FilterFlag.NoScripting);
            }
            else
            {
                propertyNotFound = true;
                return string.Empty;
            }
        }
        private EventMessage DeserializeMessage( string filePath, string subscriberId )
        {
            EventMessage message = new EventMessage();
            StreamReader oStreamReader = File.OpenText( filePath );
            string messageString = oStreamReader.ReadToEnd();
            if( messageString.IndexOf( "EventMessage" ) < 0 )
            {
                PortalSecurity oPortalSecurity = new PortalSecurity();
                messageString = oPortalSecurity.Decrypt( EventQueueConfiguration.GetConfig().EventQueueSubscribers[subscriberId].PrivateKey, messageString );
            }
            message.Deserialize( messageString );
            oStreamReader.Close();

            //remove the persisted message from the queue if it has expired
            if( message.ExpirationDate < DateTime.Now )
            {
                File.Delete( filePath );
            }

            return message;
        }
예제 #26
0
        private void SaveMetadata()
        {
            var security = new DotNetNuke.Security.PortalSecurity();
            var ctlRole  = new RoleController();
            var role     = ctlRole.GetRole(GroupId, PortalId);

            var settingKey   = security.InputFilter(txtSettingKey.Text.Trim(), PortalSecurity.FilterFlag.NoMarkup);
            var settingValue = security.InputFilter(txtSettingValue.Text.Trim(), PortalSecurity.FilterFlag.NoScripting);

            if (role.Settings.ContainsKey(settingKey))
            {
                // update the existing key
                role.Settings[settingKey] = settingValue;
            }
            else
            {
                // add a new key
                role.Settings.Add(settingKey, settingValue);
            }

            TestableRoleController.Instance.UpdateRoleSettings(role, true);
        }
 /// <summary>
 /// Get Property out of NameValueCollection
 /// </summary>
 /// <param name="strPropertyName"></param>
 /// <param name="strFormat"></param>
 /// <param name="formatProvider"></param>
 /// <param name="AccessingUser"></param>
 /// <param name="AccessLevel"></param>
 /// <param name="PropertyNotFound"></param>
 /// <returns></returns>
 public string GetProperty(string strPropertyName, string strFormat, CultureInfo formatProvider, UserInfo AccessingUser, Scope AccessLevel, ref bool PropertyNotFound)
 {
     if (NameValueCollection == null)
         return string.Empty;
     var value = NameValueCollection[strPropertyName];
     //string OutputFormat = null;
     //if (strFormat == string.Empty)
     //{
     //    OutputFormat = "g";
     //}
     //else
     //{
     //    OutputFormat = string.Empty;
     //}
     if (value != null)
     {
         var Security = new PortalSecurity();
         value = Security.InputFilter(value, PortalSecurity.FilterFlag.NoScripting);
         return Security.InputFilter(PropertyAccess.FormatString(value, strFormat), PortalSecurity.FilterFlag.NoScripting);
     }
     PropertyNotFound = true;
     return string.Empty;
 }
        private void OnAcquireRequestState(object sender, EventArgs eventArgs)
        {
            Debug.WriteLine("SessionManagement OnAuthenticateRequest");
            var context = HttpContext.Current;

            if (context.User == null || context.User.Identity == null || !context.User.Identity.IsAuthenticated)
            {
                return;
            }

            var session = context.Session;
            if (session == null)
            {
                return;
            }

            var userInfo = UserController.GetCurrentUserInfo();
            if (userInfo.IsSuperUser)
            {
                return;
            }

            var userId = userInfo.UserID;
            var sessionId = session.SessionID;
            var ipAddress = context.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];

            if (!sharedSessionManagement.RegisterSession(userId, sessionId, ipAddress))
            {
                // Logout user
                var objPortalSecurity = new PortalSecurity();
                objPortalSecurity.SignOut();

                // Redirect the user to the current page
                context.Response.Redirect(Globals.NavigateURL());
            }
        }
예제 #29
0
    protected void Continue_Click(object sender, EventArgs e)
    {
        try
        {
            PortalSecurity secure = new PortalSecurity();
            user.FirstName = txtFirstName.Text;
            user.LastName = txtLastName.Text;
            user.Email = txtEmailAdd.Text;
            if ((Page.IsValid && user.UserID > 0) && (TextBox1.Text != "" && TextBox2.Text != ""))
            {
                UserController.ChangePassword(user, UserController.GetPassword(ref user, user.Membership.PasswordAnswer), TextBox1.Text);
            }
            Page.ClientScript.RegisterStartupScript(this.GetType(), "nKey", "DisplayAlert()", true);

            SqlConnection conn = new SqlConnection(connectionString);
            SqlDataAdapter adap = new SqlDataAdapter("Update Users set IsFirstLogin=1 where username= '******'", conn);
            dt.Clear();
            adap.Fill(dt);
            secure.SignOut();
            Session.Abandon();
        }
        catch (Exception ex)
        {


            UserInfo info = UserController.GetCurrentUserInfo();
            ErrorLog objLog = new ErrorLog();
            objLog.ErrorDescription = ex.ToString();
            objLog.ErrorDate = DateTime.Now;
            objLog.ErrorFunctionName = System.Reflection.MethodBase.GetCurrentMethod().Name;
            objLog.ErrorControlName = (GetType().ToString().Replace("ASP.", "").Replace("_ascx", ".ascx").Remove(0, GetType().ToString().Replace("ASP.", "").Replace("_ascx", ".ascx").LastIndexOf("_") + 1));
            objLog.ErrorLoggedInUser = info.Username;
            objLog.AddErrorToLog(objLog);

        }
    }
예제 #30
0
        private static void UpgradeToVersion721()
        {
            try
            {
                //the username maybe html encode when register in 7.1.2, it will caught unicode charactors changed, need use InputFilter to correct the value.
                var portalSecurity = new PortalSecurity();
                using (var reader = DataProvider.Instance().ExecuteSQL("SELECT UserID, Username FROM {databaseOwner}[{objectQualifier}Users] WHERE Username LIKE '%&%'"))
                {
                    while (reader.Read())
                    {
                        var userId = Convert.ToInt32(reader["UserID"]);
                        var userName = reader["Username"].ToString();

                        if (userName != HttpUtility.HtmlDecode(userName))
                        {
                            
                            userName = HttpUtility.HtmlDecode(userName);
                            userName = portalSecurity.InputFilter(userName,
                                                                 PortalSecurity.FilterFlag.NoScripting |
                                                                 PortalSecurity.FilterFlag.NoAngleBrackets |
                                                                 PortalSecurity.FilterFlag.NoMarkup);

                            UserController.ChangeUsername(userId, userName);
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                Logger.Error(ex);
            }

            AddManageUsersModulePermissions();
        }
        /// <summary>
        ///     Handles cmdSaveEntry.Click
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        /// <remarks>
        ///     Using "CommandName" property of cmdSaveEntry to determine action to take (ListUpdate/AddEntry/AddList)
        /// </remarks>
        protected void OnSaveEntryClick(object sender, EventArgs e)
        {
            String entryValue;
            String entryText;
            if (UserInfo.IsSuperUser)
            {
                entryValue = txtEntryValue.Text;
                entryText = txtEntryText.Text;
            }
            else
            {
                var ps = new PortalSecurity();

                entryValue = ps.InputFilter(txtEntryValue.Text, PortalSecurity.FilterFlag.NoScripting);
                entryText = ps.InputFilter(txtEntryText.Text, PortalSecurity.FilterFlag.NoScripting);
            }
            var listController = new ListController();
            var entry = new ListEntryInfo();
            {
                entry.DefinitionID = Null.NullInteger;
                entry.PortalID = ListPortalID;
                entry.ListName = txtEntryName.Text;
                entry.Value = entryValue;
                entry.Text = entryText;
            }
            if (Page.IsValid)
            {
                Mode = "ListEntries";
                switch (cmdSaveEntry.CommandName.ToLower())
                {
                    case "update":
                        entry.ParentKey = SelectedList.ParentKey;
                        entry.EntryID = Int16.Parse(txtEntryID.Text);
                        bool canUpdate = true;
                        foreach (var curEntry in listController.GetListEntryInfoItems(SelectedList.Name, entry.ParentKey, entry.PortalID))
                        {
                            if (entry.EntryID != curEntry.EntryID) //not the same item we are trying to update
                            {
                                if (entry.Value == curEntry.Value && entry.Text == curEntry.Text)
                                {
                                    UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ItemAlreadyPresent", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError);
                                    canUpdate = false;
                                    break;
                                }

                            }
                        }

                        if (canUpdate)
                        {
                            listController.UpdateListEntry(entry);
                            DataBind();
                        }
                        break;
                    case "saveentry":
                        if (SelectedList != null)
                        {
                            entry.ParentKey = SelectedList.ParentKey;
                            entry.ParentID = SelectedList.ParentID;
                            entry.Level = SelectedList.Level;
                        }
                        if (chkEnableSortOrder.Checked)
                        {
                            entry.SortOrder = 1;
                        }
                        else
                        {
                            entry.SortOrder = 0;
                        }

                        if (listController.AddListEntry(entry) == Null.NullInteger) //entry already found in database
                        {
                            UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ItemAlreadyPresent", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError);
                        }

                        DataBind();
                        break;
                    case "savelist":
                        if (ddlSelectParent.SelectedIndex != -1)
                        {
                            int parentID = Int32.Parse(ddlSelectParent.SelectedItem.Value);
                            ListEntryInfo parentEntry = listController.GetListEntryInfo(parentID);
                            entry.ParentID = parentID;
                            entry.DefinitionID = parentEntry.DefinitionID;
                            entry.Level = parentEntry.Level + 1;
                            entry.ParentKey = parentEntry.Key;
                        }
                        if (chkEnableSortOrder.Checked)
                        {
                            entry.SortOrder = 1;
                        }
                        else
                        {
                            entry.SortOrder = 0;
                        }

                        if (listController.AddListEntry(entry) == Null.NullInteger) //entry already found in database
                        {
                            UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ItemAlreadyPresent", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError);
                        }
                        else
                        {
                            SelectedKey = entry.ParentKey.Replace(":", ".") + ":" + entry.ListName;
                            Response.Redirect(Globals.NavigateURL(TabId, "", "Key=" + SelectedKey));
                        }
                        break;
                }
            }
        }
예제 #32
0
        private void LogResult(string message)
        {
            var portalSecurity = new PortalSecurity();

			var log = new LogInfo
            {
                LogPortalID = PortalSettings.PortalId,
                LogPortalName = PortalSettings.PortalName,
                LogUserID = UserId,
                LogUserName = portalSecurity.InputFilter(txtUsername.Text, PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup)
            };
			
            if (string.IsNullOrEmpty(message))
            {
                log.LogTypeKey = "PASSWORD_SENT_SUCCESS";
            }
            else
            {
                log.LogTypeKey = "PASSWORD_SENT_FAILURE";
                log.LogProperties.Add(new LogDetailInfo("Cause", message));
            }
            
			log.AddProperty("IP", _ipAddress);
            
            LogController.Instance.AddLog(log);

        }
예제 #33
0
 internal virtual string InputFilter(string input)
 {
     var ps = new PortalSecurity();
     return ps.InputFilter(input, PortalSecurity.FilterFlag.NoProfanity);
 }
예제 #34
0
        /// -----------------------------------------------------------------------------
        /// <summary>
        /// Page_Load runs when the control is loaded
        /// </summary>
        /// <history>
        /// 	[cnurse]	11/11/2004	documented
        ///     [cnurse]    12/13/2004  Switched to using a DataGrid for Search Results
        /// </history>
        /// -----------------------------------------------------------------------------
        protected override void OnLoad(EventArgs e)
        {
            base.OnLoad(e);

            dgResults.PageIndexChanged += dgResults_PageIndexChanged;
            ctlPagingControl.PageChanged += ctlPagingControl_PageChanged;

            var objSecurity = new PortalSecurity();
            if (Request.Params["Search"] != null)
            {
                _SearchQuery = HttpContext.Current.Server.HtmlEncode(objSecurity.InputFilter(Request.Params["Search"], PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoMarkup));
            }
            if (!String.IsNullOrEmpty(_SearchQuery))
            {
                if (!Page.IsPostBack)
                {
                    BindData();
                }
            }
            else
            {
                if (IsEditable)
                {
                    UI.Skins.Skin.AddModuleMessage(this, Localization.GetString("ModuleHidden", LocalResourceFile), ModuleMessage.ModuleMessageType.RedError);
                }
                else
                {
                    ContainerControl.Visible = false;
                }
            }
        }
예제 #35
0
 public static XmlDocument UpdateValidationKey(XmlDocument xmlConfig)
 {
     XmlNode xmlMachineKey = xmlConfig.SelectSingleNode("configuration/system.web/machineKey");
     if (xmlMachineKey.Attributes["validationKey"].Value == "F9D1A2D3E1D3E2F7B3D9F90FF3965ABDAC304902")
     {
         var objSecurity = new PortalSecurity();
         string validationKey = objSecurity.CreateKey(20);
         XmlUtils.UpdateAttribute(xmlMachineKey, "validationKey", validationKey);
     }
     return xmlConfig;
 }