protected void CheckUserEmail()
{
DataSet ds = new DataSet();
SqlConnection sqlConn = new SqlConnection(CBSAppUtils.PrimaryConnectionString);
SqlDataAdapter sqlDA = new SqlDataAdapter("CheckUserEmail", sqlConn);
sqlDA.SelectCommand.CommandType = CommandType.StoredProcedure;
sqlDA.SelectCommand.Parameters.Add("@UserID", Convert.ToInt32(Session["UserID"]));
sqlDA.SelectCommand.Parameters.Add("@CompanyID", Convert.ToInt32(iModuleCompanyID));
try
{
sqlConn.Open();
sqlDA.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
{
string Message = string.Empty;
string strFetchedEmail = Convert.ToString(ds.Tables[0].Rows[0]["Email"]);
if (strFetchedEmail.Trim().Length == 0)
{
strFetchedEmail = "No Email held";
}
if (strFetchedEmail == "No Email held" || !IsValidEmail(Convert.ToString(ds.Tables[0].Rows[0]["Email"])))
{
Message = "The email address held for you in the system is invalid (" + strFetchedEmail + "). Please contact your system administrator to correct it.";
this.RegisterClientScriptBlock("clientScript", "<script language=javascript>alert('" + Message + "'); </script>");
return;
}
//if (Convert.ToInt16(ds.Tables[0].Rows[0]["IsDuplicateEmail"]) > 0)
//{
// Message = "The email address held for you in the system is also being used by another active user ( " + strFetchedEmail + " ). Please contact the IS Helpdesk on 0330 606 1844 to update it.";
// this.RegisterClientScriptBlock("clientScript", "<script language=javascript>alert('" + Message + "'); </script>");
// return;
//}
#region : Save
string strSecurityQuestion = string.Empty;
if (ddlSecurityQuestion.SelectedValue != "--Select--" && ddlSecurityQuestion.SelectedValue != "0")
{
strSecurityQuestion = ddlSecurityQuestion.SelectedValue.ToString();
}
else
{
strSecurityQuestion = txtSecurityQuestion.Text.Trim();
}
int iReturnValue = 0;
string strSecurityQuestionAnswer = string.Empty;
SimpleHash objSimpleHash = new SimpleHash();
string salt = ConfigurationManager.AppSettings["SaltingKey"].Trim().ToString();
strSecurityQuestionAnswer = objSimpleHash.ComputeHash(txtSecurityAnswer.Text.Trim().ToUpper(), "SHA1", Encoding.ASCII.GetBytes(salt));
SqlConnection sqlConnInner = new SqlConnection(CBSAppUtils.PrimaryConnectionString);
SqlCommand sqlCmdInner = new SqlCommand("UserSecurityInfo", sqlConnInner);
sqlCmdInner.CommandType = CommandType.StoredProcedure;
sqlCmdInner.Parameters.Add("@UserID", Convert.ToInt32(Session["UserID"]));
sqlCmdInner.Parameters.Add("@ResetQuestion", strSecurityQuestion);
//blocked by kuntalkarar on 26thMay2016
//sqlCmdInner.Parameters.Add("@ResetAnswer", txtSecurityAnswer.Text);
//added by kuntalkarar on 26thMay2016
sqlCmdInner.Parameters.Add("@ResetAnswer", strSecurityQuestionAnswer);
SqlParameter sqlReturnParam = sqlCmdInner.Parameters.Add("ReturnValue", SqlDbType.Int);
sqlReturnParam.Direction = ParameterDirection.ReturnValue;
try
{
sqlConnInner.Open();
sqlCmdInner.ExecuteNonQuery();
iReturnValue = Convert.ToInt32(sqlReturnParam.Value);
}
catch (Exception ex)
{
string strExceptionMessage = ex.Message.Trim();
}
finally
{
sqlReturnParam = null;
if (sqlCmdInner != null)
{
sqlCmdInner.Dispose();
}
if (sqlConnInner != null)
{
sqlConnInner.Close();
}
}
if (iReturnValue == 1)
{
ddlSecurityQuestion.SelectedValue = "0";
txtSecurityAnswer.Text = "";
txtSecurityQuestion.Text = "";
this.RegisterClientScriptBlock("clientScript", "<script language=javascript>alert('Security question and answer saved successfully.'); </script>");
return;
}
else if (iReturnValue == -501)
{
ddlSecurityQuestion.SelectedValue = "0";
txtSecurityAnswer.Text = "";
txtSecurityQuestion.Text = "";
lblErrorMessage.Visible = true;
lblErrorMessage.Text = "Your security question and answer have been saved. You do not need to re-enter them, nor will you need to re-enter them again when you reset/change your password - your security Q&A will remain the same.";
}
else
{
lblErrorMessage.Visible = false;
lblErrorMessage.Text = "";
}
// Security Question and Answer saved successfully
//return (iReturnValue);
#endregion
}
}
catch (Exception ex)
{
string ss = ex.Message.ToString();
}
finally
{
if (sqlDA != null)
{
sqlDA.Dispose();
}
if (sqlConn != null)
{
sqlConn.Close();
}
}
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
//added by kuntal karar on 26thMay 2016to make user force to change password
JKS.Users objUsers = new JKS.Users();
string strResetAnswer = string.Empty;
if (txtResetQuestionAnswer.Text.Trim().Length == 0)
{
this.RegisterClientScriptBlock("clientScript", "<script language=javascript>alert('Please enter Answer.'); </script>");
return;
}
else
{
// Salting Password Needed
SimpleHash objSimpleHash = new SimpleHash();
string salt = ConfigurationManager.AppSettings["SaltingKey"].Trim().ToString();
strResetAnswer = objSimpleHash.ComputeHash(txtResetQuestionAnswer.Text.Trim().ToString().ToUpper(), "SHA1", System.Text.Encoding.ASCII.GetBytes(salt));
// strResetAnswer=txtResetQuestionAnswer.Text.Trim().ToString().ToUpper();
}
int UserID = 0;
if (Request.QueryString["UserID"] != null)
{
UserID = Convert.ToInt32(Request.QueryString["UserID"]);
}
int iReturnValue = 0;
//blocked by kuntalkarar on 26thMay2016
// List<PasswordReset> lstSaltedPassword = objPasswordReset.checkSaltedPassword(UserID, txtResetQuestionAnswer.Text);//strResetAnswer
//added by kuntalkarar on 26thMay2016
List <PasswordReset> lstSaltedPassword = objPasswordReset.checkSaltedPassword(UserID, strResetAnswer);
if (lstSaltedPassword.Count > 0)
{
iReturnValue = lstSaltedPassword[0].iReturnValue;
}
if (iReturnValue == 1)
{
string strPassword = Guid.NewGuid().ToString().Substring(0, 8);
int strDbUserID = Convert.ToInt32(Request.QueryString["UserID"]);
ChangePassword(strDbUserID, strPassword);
// Change Password Section
int iReturnVal = 0;
//blocked by kuntal karar on 28thMay 2016 for RijnDael encryption.
//iReturnVal = ForgotChangePassword(strDbUserID, EncryptJKS.EncryptData(strPassword));
//Added by kuntal karar on 28thMay 2016 for RijnDael encryption.
iReturnVal = ForgotChangePassword(strDbUserID, objEncrypt.RijndaelEncription(strPassword));
if (iReturnVal == -101)
{
this.RegisterClientScriptBlock("clientScript", "<script language=javascript>alert('Error Changing Password.'); </script>");
return;
}
else
{
//added by kuntal karar on 26thMay 2016 to make user force to change password
objUsers.PasswordChangeRequired(strDbUserID);
}
string Email = FetchUserEmail(strDbUserID);
SendMailInfo(strDbUserID, Email, strPassword);
Response.Redirect("JKSSecurityIntermediate.aspx"); // need to create this page..
}
else if (iReturnValue == -501)
{
Page.RegisterStartupScript("Reg", "<script>PopulateMessage(-501);</script>");
return;
}
else if (iReturnValue == -500)
{
Page.RegisterStartupScript("Reg", "<script>PopulateMessage(-500);</script>");
return;
}
}
