예제 #1
0
        protected void btnResetPassword_Click(Object sender, EventArgs e)
        {
            Regex regex = new Regex("[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,4}");

            string emailAddress = txtEmailAddress.Text.Trim().ToUpperInvariant();

            if (String.IsNullOrEmpty(emailAddress) || !regex.IsMatch(emailAddress))
            {
                lblErrorMessage.Visible = true;
                return;
            }

            //Test if Email doesn't correspond to an account
            IUserRepository userRepo   = RepositoryFactory.Get <IUserRepository>();
            bool            userExists = userRepo.Users.Any(u => u.email.Equals(emailAddress));

            if (!userExists)
            {
                //Prints success for security reasons (Account Harvesting)
                lblResetEmailMessage.Text = "Success! A new password has been sent if the email provided was registered to an account";
                lblResetEmailMessage.Style.Add(HtmlTextWriterStyle.Color, "Green");
                return;
            }

            //Already checked that db entry exists. Now pull the user object!
            User editUser = userRepo.Users.First(u => u.email.Equals(emailAddress));

            //Generate Password
            string passwordGenerated = Membership.GeneratePassword(8, 0);

            //Work-around for bug in Membership.GeneratePassword() which adds 1 non-alphanumeric character
            //Regex regexPW = new Regex("[^A-Za-z0-9]");
            //passwordGenerated = regexPW.Replace(passwordGenerated, "");

            //Stores new Password in User table
            editUser.password = Security.MD5Encode(passwordGenerated);
            userRepo.SubmitChanges();

            //Emails Password
            string message = String.Empty;
            string from    = companyEmail;
            string to      = emailAddress;
            string subject = "Password Reset Message";
            string body    = "Dear " + editUser.firstName.Trim() + ",\n"
                             + "\n"
                             + "You have requested a new password to access XYZ Print Shop's website.\n"
                             + "\n"
                             + "Use the following password to sign on\n"
                             + "\n"
                             + "Password: "******"\n"
                             + "\n"
                             + "If you have any questions, please feel free to contact us at " + companyEmail + "\n"
                             + "\n"
                             + "Sincerely, "
                             + "XYZ Support Group\n"
                             + "\n"
                             + "ABOUT THIS MESSAGE\n"
                             + "This is a service e-mail message from the XYZ Print Shop Website.\n"
                             + "Please do not reply to this service e-mail message as no response will be returned to you.\n";

            if (SendEMail(from, to, subject, body, ref message))
            {
                lblResetEmailMessage.Text = "Success! A new password has been sent if the email provided was registered to an account";
                lblResetEmailMessage.Style.Add(HtmlTextWriterStyle.Color, "Green");
            }
            else
            {
                //Will need to be changed to protect against Account Harvesting.
                lblResetEmailMessage.Text = message;
            }
        }
예제 #2
0
        private void updateRoleTable()
        {
            //used to update the role table entries
            IRoleRepository roleRepo = RepositoryFactory.Get <IRoleRepository>();

            var query = from p in roleRepo.Roles
                        select p;

            //clear existing roles, get a new list (in case any are added / deleted / changed)
            this.roleDescriptionTable.Rows.Clear();

            this.roleDescriptionTable.Rows.Add(titleRow);

            //for every role that is in the database, add it as a row in the table
            foreach (var role in query)
            {
                //instantiate a new row
                TableRow row = new TableRow();
                row.CssClass = "orderRow";

                bool canEdit   = true;
                bool canDelete = true;

                TableCell cellEdit = new TableCell();
                if (canEdit)
                {
                    ImageButton edit = new ImageButton();
                    edit.ImageUrl        = "/images/edit.gif";
                    edit.ToolTip         = "Edit";
                    edit.CommandArgument = role.roleID.ToString();
                    edit.Command        += new CommandEventHandler(btnEditRole_Click);
                    cellEdit.Controls.Add(edit);
                }
                else
                {
                    Image edit = new Image();
                    edit.ImageUrl = "/images/edit_gray.gif";
                    edit.ToolTip  = "Edit";
                    cellEdit.Controls.Add(edit);
                }

                TableCell cellDelete = new TableCell();
                if (canDelete)
                {
                    ImageButton delete = new ImageButton();
                    delete.ImageUrl        = "/images/delete.gif";
                    delete.ToolTip         = "Delete";
                    delete.CommandArgument = role.roleID.ToString();
                    delete.Command        += new CommandEventHandler(btnDeleteRole_Click);
                    cellDelete.Controls.Add(delete);
                }
                else
                {
                    Image delete = new Image();
                    delete.ImageUrl = "/images/delete_gray.gif";
                    delete.ToolTip  = "Delete";
                    cellDelete.Controls.Add(delete);
                    cellDelete.Enabled = false;
                }

                TableCell roleID = new TableCell();
                roleID.Text = role.roleID.ToString();

                TableCell roleName = new TableCell();
                roleName.Text = role.role_name.ToString();

                TableCell roleDesc = new TableCell();
                roleDesc.Text = role.role_desc;

                //add the row to the table
                row.Cells.Add(cellEdit);
                row.Cells.Add(cellDelete);
                row.Cells.Add(roleID);
                row.Cells.Add(roleName);
                row.Cells.Add(roleDesc);

                this.roleDescriptionTable.Rows.Add(row);
            }
        }
예제 #3
0
        protected void Page_Load(object sender, EventArgs e)
        {
            //check that user has access
            //if not -> redirect to home page
            if (Session[Constants.PWAS_SESSION_ID] == null || !Security.IsAuthorized((int)Session[Constants.PWAS_SESSION_ID], PwasObject.User, PwasAction.View, PwasScope.All))
            {
                Response.Redirect("customerView_Home.aspx");
            }

            //load active users and populate tableManageUsers
            IUserRepository userRepo  = RepositoryFactory.Get <IUserRepository>();
            List <User>     users     = userRepo.Users.Where(u => u.active == true).ToList();
            bool            canEdit   = Security.IsAuthorized((int)Session[Constants.PWAS_SESSION_ID], PwasObject.User, PwasAction.Update, PwasScope.All);
            bool            canDelete = Security.IsAuthorized((int)Session[Constants.PWAS_SESSION_ID], PwasObject.User, PwasAction.Delete, PwasScope.All);
            //is user has update and delete access for all users (also allow acces to update roles) -> might be changed in the future when there is actually and action for updateroles
            bool canEditRoles = canEdit && canDelete;

            //load all Roles
            IRoleRepository roleRepo = RepositoryFactory.Get <IRoleRepository>();
            List <Role>     roles    = roleRepo.Roles.ToList <Role>();

            //Sets counter to set Different IDs to all Dropdown controls
            //Set to 1 to skip header row
            int roleCounter = 1;

            foreach (User user in users)
            {
                TableRow tableRow = new TableRow();
                tableRow.CssClass = "orderRow";

                TableCell cellEdit = new TableCell();
                if (canEdit)
                {
                    ImageButton edit = new ImageButton();
                    edit.ImageUrl        = "/images/edit.gif";
                    edit.ToolTip         = "Edit";
                    edit.CommandArgument = user.userID.ToString();
                    edit.Command        += new CommandEventHandler(btnEditUser_Click);
                    cellEdit.Controls.Add(edit);
                }
                else
                {
                    Image edit = new Image();
                    edit.ImageUrl = "/images/edit_gray.gif";
                    edit.ToolTip  = "Edit";
                    cellEdit.Controls.Add(edit);
                }


                TableCell cellDelete = new TableCell();
                if (canDelete)
                {
                    ImageButton delete = new ImageButton();
                    delete.ImageUrl        = "/images/delete.gif";
                    delete.ToolTip         = "Delete";
                    delete.CommandArgument = user.userID.ToString();
                    delete.Command        += new CommandEventHandler(btnDeleteUser_Click);
                    cellDelete.Controls.Add(delete);
                }
                else
                {
                    Image delete = new Image();
                    delete.ImageUrl = "/images/delete_gray.gif";
                    delete.ToolTip  = "Delete";
                    cellDelete.Controls.Add(delete);
                    cellDelete.Enabled = false;
                }


                TableCell cellUsername = new TableCell();
                string    username     = user.email.Trim();
                username           = username.Substring(0, username.IndexOf('@'));
                cellUsername.Text  = username;
                cellUsername.Width = Unit.Pixel(150);

                TableCell cellFullName = new TableCell();
                cellFullName.Text  = user.firstName.Trim() + " " + user.lastName.Trim();
                cellFullName.Width = Unit.Pixel(200);

                TableCell cellEmail = new TableCell();
                cellEmail.Text  = user.email.Trim();
                cellEmail.Width = Unit.Pixel(200);

                TableCell    cellRole = new TableCell();
                DropDownList ddRoles  = new DropDownList();
                ddRoles.ID = "ddRoles" + roleCounter;
                foreach (Role r in roles)
                {
                    ListItem item = new ListItem();
                    item.Value = r.roleID.ToString();
                    item.Text  = r.role_name;
                    ddRoles.Items.Add(item);
                }
                ddRoles.Items.FindByValue(user.roleID.ToString()).Selected = true;
                ddRoles.Enabled = canEditRoles; //disables the dropdown control if user does not have access to change the role.
                cellRole.Controls.Add(ddRoles);

                TableCell cellRoleUpdate = new TableCell();
                Button    btnUpdateRole  = new Button();
                btnUpdateRole.Text            = "Update";
                btnUpdateRole.ToolTip         = "Update Role";
                btnUpdateRole.CommandArgument = user.userID.ToString() + ";" + roleCounter;
                btnUpdateRole.Command        += new CommandEventHandler(btnUpdateRole_Click);
                btnUpdateRole.Enabled         = canEditRoles; //disables the button control if user does not have access to change the role.
                cellRoleUpdate.Controls.Add(btnUpdateRole);

                tableRow.Cells.Add(cellEdit);
                tableRow.Cells.Add(cellDelete);
                tableRow.Cells.Add(cellUsername);
                tableRow.Cells.Add(cellFullName);
                tableRow.Cells.Add(cellEmail);
                tableRow.Cells.Add(cellRole);
                tableRow.Cells.Add(cellRoleUpdate);

                tableManageUsers.Rows.Add(tableRow);

                roleCounter++;
            }
        }