Exemplo n.º 1
0
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!PermissionHelper.bIsSessionOK())
            {
                return;
            }
            if (!Page.IsPostBack && !Page.IsCallback)
            {
                txtBuildingID.Text      = AESUtil.DecryptString(Request["BuildingID"].ToWSSafeString());
                txtCategoryFirstID.Text = AESUtil.DecryptString(Request["CFID"].ToWSSafeString());
                List <String> listInfo = DBUtil.DoLookupOLEDB(m_LookupTablesDBConnection, m_catTable, "ID", DBUtil.FieldTypeEnum2.Number, txtCategoryFirstID.Text, new List <String>()
                {
                    m_field_sectionName, m_field_mainCategory
                });
                txtSection.Text  = listInfo[0];
                txtCategory.Text = listInfo[1];

                lblBuildingName.Text = DBUtil.DoLookup("OLEDB", SqlFacility, "Building_ID", txtBuildingID.Text, "NUMBER", "LOCATION", "SELECT * FROM BUILDING");
                lblSection.Text      = txtSection.Text;
                lblCategory.Text     = txtCategory.Text;
            }
            HttpContext.Current.Application["User" + HttpContext.Current.Session["SID"]] = HttpContext.Current.User.Identity.Name.ToString().ToUpper() + "|" + DateTime.Now.ToString();
            HttpContext.Current.Session["LastRequest"] = DateTime.Now;
            lnkSelectCategory.DataBind();
            SqlFacility.Selected += new SqlDataSourceStatusEventHandler(SqlFacility_Selected);
        }
Exemplo n.º 2
0
 protected void DownloadFile()
 {
     try
     {
         String FileNum = String.Empty;
         try { FileNum = AESUtil.DecryptString(Request["FILE"].ToWSSafeString()); } catch { FileNum = Request["FILE"].ToWSSafeString(); }
         String sFileToSend = Session["FILETOSEND" + FileNum].ToString();
         if (String.IsNullOrEmpty(sFileToSend) || !System.IO.File.Exists(sFileToSend))
         {
             String js = "alert('Error. The specified file cannot be downloaded because it does not exist.');window.close();";
             Page.ClientScript.RegisterClientScriptBlock(Page.GetType(), "FILESENDERROR", js, true);
             return;
         }
         Response.ContentType = WebMap.Web.StringUtil.GetMimetype(System.IO.Path.GetExtension(sFileToSend));
         Response.Clear();
         Response.ClearContent();
         Response.ClearHeaders();
         Response.Buffer = true;
         Response.AppendHeader("Content-Disposition", "attachment; filename=" + System.IO.Path.GetFileName(sFileToSend));
         Response.AppendHeader("Content-Length", (new System.IO.FileInfo(sFileToSend)).Length.ToString());
         Response.TransmitFile(sFileToSend);
         Response.Flush();
         Context.ApplicationInstance.CompleteRequest();
     }
     catch (Exception)
     {
     }
 }
Exemplo n.º 3
0
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!PermissionHelper.bIsSessionOK())
            {
                return;
            }
            if (!Page.IsPostBack && !Page.IsCallback)
            {
                txtBuildingID.Text = AESUtil.DecryptString(Request["BuildingID"].ToWSSafeString());
                txtSubCatID.Text   = AESUtil.DecryptString(Request["SCID"].ToWSSafeString());
                List <String> listInfo = DBUtil.DoLookupOLEDB(m_LookupTablesDBConnection, m_catTable, "ID", DBUtil.FieldTypeEnum2.Number, txtSubCatID.Text, new List <String>()
                {
                    m_field_sectionName, m_field_mainCategory, m_field_subCategory
                });
                txtSection.Text     = listInfo[0];
                txtCategory.Text    = listInfo[1];
                txtSubCategory.Text = listInfo[2];

                lblBuildingName.Text = DBUtil.DoLookup(DBUtil.DBType.oledb, SqlFacility, "Building_ID", txtBuildingID.Text, DBUtil.FieldType.number, "LOCATION", "SELECT * FROM BUILDING");
                lblSection.Text      = txtSection.Text;
                lblCategory.Text     = txtCategory.Text;
            }
            HttpContext.Current.Application["User" + HttpContext.Current.Session["SID"]] = HttpContext.Current.User.Identity.Name.ToString().ToUpper() + "|" + DateTime.Now.ToString();
            HttpContext.Current.Session["LastRequest"] = DateTime.Now;
            lnkSelectSubCategory.DataBind();
            ltNoData.Visible = true;
            ltNoData.Text    = String.Format("<p class=\"ui-body ui-body-c message\"><strong>No data entered for {0}. Please use the Add New Record button below to add a new record.</strong></p>", txtSubCategory.Text.ToWSTitleCase());
        }
Exemplo n.º 4
0
        protected void DateButton_Click(object sender, EventArgs e)
        {
            //update database
            txtBuildingID.Text = AESUtil.DecryptString(Request["BuildingID"].ToWSSafeString()); //viewstate is disabled, need to update this on postback
            String fld  = "INSP" + ConfigurationManager.AppSettings["InspectionYear"].ToWSSafeString();
            String sSql = String.Format("UPDATE [{0}] SET [{1}] = DATE() WHERE [BUILDING_ID]={2} AND [{1}] IS NULL", m_FeatureClassTable, fld, txtBuildingID.Text);

            DBUtil.ConnExecute(DBUtil.DBConnType.Oledb, m_LookupTablesDBConnection, sSql);
            Response.Redirect(Request.RawUrl);
        }
Exemplo n.º 5
0
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!PermissionHelper.bIsSessionOK())
            {
                return;
            }
            if (!Page.IsPostBack && !Page.IsCallback)
            {
                txtBuildingID.Text = AESUtil.DecryptString(Request["BuildingID"].ToWSSafeString());
                txtSubCatID.Text   = AESUtil.DecryptString(Request["SCID"].ToWSSafeString());
                List <String> listInfo = DBUtil.DoLookupOLEDB(m_LookupTablesDBConnection, m_catTable, "ID", DBUtil.FieldTypeEnum2.Number, txtSubCatID.Text, new List <String>()
                {
                    m_field_sectionName, m_field_mainCategory, m_field_subCategory
                });
                txtSection.Text     = listInfo[0];
                txtCategory.Text    = listInfo[1];
                txtSubCategory.Text = listInfo[2];
                String sEntryUid = AESUtil.DecryptString(Request["EntryUID"].ToWSSafeString());
                txtInspector.Text = User.Identity.Name.ToWSSafeString();

                lblBuildingName.Text = DBUtil.DoLookup(DBUtil.DBType.oledb, SqlFacility, "Building_ID", txtBuildingID.Text, DBUtil.FieldType.number, "LOCATION", "SELECT * FROM BUILDING");
                lblSection.Text      = txtSection.Text;
                lblCategory.Text     = txtCategory.Text;
                lblSubcategory.Text  = txtSubCategory.Text;
                txtEntryUID.Text     = sEntryUid == AddNewKey ? "-1" : sEntryUid;
                lblMessage.Text      = sEntryUid == AddNewKey ? "Adding New Record" : "Viewing Record";
            }
            HttpContext.Current.Application["User" + HttpContext.Current.Session["SID"]] = HttpContext.Current.User.Identity.Name.ToString().ToUpper() + "|" + DateTime.Now.ToString();
            HttpContext.Current.Session["LastRequest"] = DateTime.Now;

            if (txtEntryUID.Text == "-1")
            {
                if (IsEditEnabled())
                {
                    DetailsView1.ChangeMode(DetailsViewMode.Insert);
                }
                else
                {
                    lblMessage.Text = "Sorry, your user account does not have permission to edit the data.";
                }
            }

            if (!IsEditEnabled())
            {
                addJS("jsIsEditEnabled", "var jsIsEditEnabled = false;");
            }
            else
            {
                addJS("jsIsEditEnabled", "var jsIsEditEnabled = true;");
            }
            lnkBack.DataBind();
        }
Exemplo n.º 6
0
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!PermissionHelper.bIsSessionOK())
            {
                return;
            }
            if (!Page.IsPostBack && !Page.IsCallback)
            {
                txtBuildingID.Text      = AESUtil.DecryptString(Request["BuildingID"].ToWSSafeString());
                txtSectionExpanded.Text = AESUtil.DecryptString(Request["CFID"].ToWSSafeString()); //coming back from SelectSubCategory this is CategoryFirstOfID but if navigate through to edit form, when you come back this is actually SCID
                if (!String.IsNullOrWhiteSpace(txtSectionExpanded.Text))
                {
                    List <String> listInfo = DBUtil.DoLookupOLEDB(m_LookupTablesDBConnection, m_catTable, "ID", DBUtil.FieldTypeEnum2.Number, txtSectionExpanded.Text, new List <String>()
                    {
                        m_field_sectionName, m_field_mainCategory, "FirstOfID"
                    });
                    txtSectionExpanded.Text = listInfo[0];
                    String sCatName = listInfo[1];
                    String sCFID    = listInfo[2];
                    //function loadSubMenu(divid, firstid, _buildingid, _sectionname, _maincategory) {
                    String js = String.Format("loadSubMenu('{0}','{1}','{2}','{3}','{4}');scroolToDivID('{0}');", GetCategorySubMenuID(sCFID), sCFID, txtBuildingID.Text, txtSectionExpanded.Text, sCatName);
                    addJS("init-cat-expand", js, true);
                }

                lblBuildingName.Text = DBUtil.DoLookup("OLEDB", SqlFacility, "Building_ID", txtBuildingID.Text, "NUMBER", "LOCATION", "SELECT * FROM BUILDING");
                if (collapseSection)
                {
                    ltCollapseULBegin.Text = "<div data-role=\"collapsible-set\" data-theme=\"b\" data-content-theme=\"c\" >";
                    ltCollapseULEnd.Text   = "</div>";
                }
                else
                {
                    ltCollapseULBegin.Text = "<ul data-role=\"listview\" data-inset=\"true\" data-filter=\"false\" data-filter-theme=\"false\">";
                    ltCollapseULEnd.Text   = "</ul>";
                }
            }
            HttpContext.Current.Application["User" + HttpContext.Current.Session["SID"]] = HttpContext.Current.User.Identity.Name.ToString().ToUpper() + "|" + DateTime.Now.ToString();
            HttpContext.Current.Session["LastRequest"] = DateTime.Now;
        }
Exemplo n.º 7
0
        protected string sqlFeatureInsertCommand()
        {
            //this sub-routine read field lists from sqlDataSource insert parameters.
            //Parameter names are case-sensitive and must match those used by Bind or Eval statement in GridView / DetailsView

            String FieldList = String.Empty;
            String ValueList = String.Empty;
            bool   bFirst    = true;

            //time stamp
            if (!String.IsNullOrEmpty(m_FeatureClassTimeStampField))
            {
                if (bFirst)
                {
                    bFirst = false;
                }
                else
                {
                    FieldList += ","; ValueList += ",";
                }
                FieldList += m_FeatureClassTimeStampField;
                //ValueList += "GETDATE()";
                ValueList += "Now()";
            }

            //inspector
            if (!String.IsNullOrEmpty(m_InspectorField))
            {
                if (bFirst)
                {
                    bFirst = false;
                }
                else
                {
                    FieldList += ","; ValueList += ",";
                }
                FieldList += m_InspectorField;
                ValueList += String.Format("'{0}'", User.Identity.Name.ToWSSafeString());
            }

            //building id
            if (bFirst)
            {
                bFirst = false;
            }
            else
            {
                FieldList += ","; ValueList += ",";
            }
            FieldList += "Building_ID";
            String bldgID = String.Empty;

            if (txtBuildingID == null || String.IsNullOrWhiteSpace(txtBuildingID.Text))
            {
                bldgID = AESUtil.DecryptString(Request["BuildingID"].ToWSSafeString());
            }
            else
            {
                bldgID = txtBuildingID.Text;
            }
            ValueList += String.Format("{0}", bldgID);

            //sub-category id
            if (bFirst)
            {
                bFirst = false;
            }
            else
            {
                FieldList += ","; ValueList += ",";
            }
            FieldList += "Sub_Category_ID";
            String subCatID = String.Empty;

            if (txtSubCatID == null || String.IsNullOrWhiteSpace(txtSubCatID.Text))
            {
                subCatID = AESUtil.DecryptString(Request["SCID"].ToWSSafeString());
            }
            else
            {
                subCatID = txtSubCatID.Text;
            }
            ValueList += String.Format("{0}", subCatID);

            //all other fields
            for (int i = 0; i <= SqlFacility.InsertParameters.Count - 1; i++)
            {
                Parameter uPrm = SqlFacility.UpdateParameters[i];
                if (bFirst)
                {
                    bFirst = false;
                }
                else
                {
                    FieldList += ","; ValueList += ",";
                }
                FieldList += uPrm.Name;
                ValueList += String.Format("@{0}", uPrm.Name);
            }

            string sSql = String.Format("INSERT INTO [{0}] ({1}) VALUES ({2})", m_FeatureClassTable.ToUpper(), FieldList, ValueList);

            return(sSql);
        }
Exemplo n.º 8
0
    protected void Page_Load(object sender, EventArgs e)
    {
        //Custom Client Names.
        string clientName = ConfigurationManager.AppSettings["ClientName"];

        Page.Title = clientName + " LOGIN PAGE";
        messageContainer.Visible = false;

        //PersistCookie.Checked = false;
        //PersistCookie.Visible = false;

        Session["INTERNAL_IP"] = false;
        System.Data.OleDb.OleDbConnection IPDBConnection = new System.Data.OleDb.OleDbConnection(ConfigurationManager.ConnectionStrings["_InternalIPDB"].ConnectionString);

        //check session to prevent logs from being created twice [1st on page load, 2nd when user click login button]
        if (Session["SID"] == null)
        {
            string sHost = "";
            try
            {
                sHost = System.Net.Dns.GetHostEntry(Request.Params["REMOTE_ADDR"]).HostName.ToString().ToUpper();
            }
            catch (Exception ex)
            {
            }
            finally
            {
                Session["sHOST"] = sHost.ToUpper();
            }
            System.Data.OleDb.OleDbConnection myConnection = new System.Data.OleDb.OleDbConnection(ConfigurationManager.ConnectionStrings["_UserDatabase"].ConnectionString);
            string strCommand = string.Format("Insert into [LOG] (IP_ADDRESS,COMPUTER_NAME, TIME_START) values ('{0}','{1}','{2}')", Request.Params["REMOTE_ADDR"], sHost, DateTime.Now.ToString());
            System.Data.OleDb.OleDbCommand myCommand = new System.Data.OleDb.OleDbCommand(strCommand, myConnection);
            myCommand.Connection.Open();
            myCommand.ExecuteNonQuery();
            System.Data.OleDb.OleDbCommand cmdGetidentity = new System.Data.OleDb.OleDbCommand("SELECT @@IDENTITY", myConnection);
            long lngNewID = Convert.ToInt64(cmdGetidentity.ExecuteScalar());
            Session["SID"] = lngNewID;
            myCommand.Connection.Close();
        }

        if (Page.Request["NoByPass"] == "TRUE")
        {
            if ((Session["CurrentEditor"] != null))
            //user has already authenticated through one of the ASP edit forms
            {
                FormsAuthentication.RedirectFromLoginPage(Session["CurrentEditor"].ToString(), false);
            }
            return;
        }

        if (!string.IsNullOrEmpty(ConfigurationManager.AppSettings["No_Internal_IP_L123_Bypass"]) && bool.Parse(ConfigurationManager.AppSettings["No_Internal_IP_L123_Bypass"]) && Request["Token"] == null)
        {
            return;
        }

        if ((Session["sHost"].ToString().IndexOf("GIS1") == 0 || Session["sHost"].ToString().IndexOf("PROD3") == 0) && Request["Token"] == null)
        {
            //logged in from WS PC
            DeveloperBypass();
            return;
        }
        else if (Request.UserHostAddress == "127.0.0.1" || Request.UserHostAddress == "::1")
        {
            //logged in from server using localhost in browser address
            DeveloperBypass_InitiallyReadOnly("ADMIN", "L3 Bypass (Debug)"); //will be prompted for password if trying to edit
            return;
        }
        else
        {
            //check ip address
            DataSet myData = new DataSet();

            //Level II bypass - GIS PC
            string           strGISPCQuery = string.Format("select * from [IP_List_GIS] where [PCNAME] like '{0}'", Session["sHost"].ToString());
            OleDbDataAdapter dsGISCmd      = new OleDbDataAdapter(strGISPCQuery, IPDBConnection);
            dsGISCmd.Fill(myData, "GIS_PC");
            DataTable pTableGIS = myData.Tables["GIS_PC"];
            if (pTableGIS.Rows.Count > 0)
            {
                DeveloperBypass_InitiallyReadOnly(pTableGIS.Rows[0]["LOGIN"].ToString(), string.Format("L2 Bypass ({0})", pTableGIS.Rows[0]["LOGIN"].ToString())); //will be prompted for password if trying to edit
                return;
            }

            //Level I bypass - Wendel Intranet
            bool             bIpOk      = false;
            string           strIPQuery = string.Format("select * from [IP_List] where [IP] = '{0}'", Request.UserHostAddress);
            OleDbDataAdapter dsCmd      = new OleDbDataAdapter(strIPQuery, IPDBConnection);
            dsCmd.Fill(myData, "IP_Exact");
            DataTable pTable = myData.Tables["IP_Exact"];
            if (pTable.Rows.Count > 0)
            {
                //Exact match to IP address
                bIpOk = true;
                //
            }
            else
            {
                strIPQuery = "select * from [IP_List] where instr(1,[IP],'*')";
                dsCmd      = new OleDbDataAdapter(strIPQuery, IPDBConnection);
                dsCmd.Fill(myData, "IP_SubNet");
                pTable = myData.Tables["IP_SubNet"];
                System.Data.DataRow pRow = null;
                foreach (DataRow pRow_loopVariable in pTable.Rows)
                {
                    pRow = pRow_loopVariable;
                    Wildcard wildcard = new Wildcard(pRow["IP"].ToString(), RegexOptions.IgnoreCase);
                    if (wildcard.IsMatch(Request.UserHostAddress) || wildcard.IsMatch(Session["sHOST"].ToString()))
                    {
                        bIpOk = true;
                        break; // TODO: might not be correct. Was : Exit For
                    }
                }
            }

            //'Level 1 DNS lookup bypass
            //'disable DNS lookup. it's slow
            //If Not bIpOk Then
            //    strIPQuery = "select * from [IP_List] where [DNSLookup] = true"
            //    dsCmd = New OleDbDataAdapter(strIPQuery, IPDBConnection)
            //    dsCmd.Fill(myData, "DNS_SubNet")
            //    pTable = myData.Tables("DNS_SubNet")
            //    Dim pRow As System.Data.DataRow
            //    For Each pRow In pTable.Rows
            //        Try
            //            If Request.UserHostAddress = System.Net.Dns.GetHostEntry(pRow.Item("IP").ToString).AddressList(0).ToString Then
            //                bIpOk = True
            //                Exit For
            //            End If
            //        Catch ex As Exception

            //        End Try
            //    Next
            //End If

            //token in URL
            if (Request["Token"] != null)
            {
                String[] userInfo = AESUtil.DecryptString(Request["Token"]).Split(new String[] { "|" }, StringSplitOptions.None);
                //if ip matched the token - allow regardless of ip address
                if (userInfo[0].ToUpper() == "WARIT" && userInfo[1] == Request.UserHostAddress)
                {
                    //token valid
                    DeveloperBypass();
                    return;
                }
                //developer bypass - allow if coming from any of the recognized ip and token contains any of the recognized ip
                else if (bIpOk)
                {
                    String           strTokenIPQuery = String.Format("select * from [IP_List] where [IP] = '{0}'", userInfo[1]);
                    OleDbDataAdapter dsTokenIPCmd    = new OleDbDataAdapter(strTokenIPQuery, IPDBConnection);
                    dsCmd.Fill(myData, "Token_IP_Exact");
                    DataTable pTokenIPTable = myData.Tables["Token_IP_Exact"];
                    if (pTable.Rows.Count > 0)
                    {
                        //token valid
                        DeveloperBypass();
                        return;
                    }
                }
            }

            if (bIpOk)
            {
                Session["INTERNAL_IP"] = true;
                if (!string.IsNullOrEmpty(ConfigurationManager.AppSettings["No_Internal_IP_Bypass"]) && bool.Parse(ConfigurationManager.AppSettings["No_Internal_IP_Bypass"]))
                {
                    messageContainer.Visible = true;
                    lblResults.Text          = "Internal IP bypass is disabled in this application. You need to login.";
                    lblResults.Font.Bold     = true;
                }
                else
                {
                    UpdateLogUser("ADMIN", "L1 Bypass");
                    //Level I bypass
                    //Internal Access - bypass login screen
                    Session["AllowEdit"] = false;
                    FormsAuthentication.RedirectFromLoginPage("ADMIN", false);
                    return;
                }
            }
        }

        //Restrict_IP_Address
        if (!string.IsNullOrEmpty(ConfigurationManager.AppSettings["Restrict_IP_Address"]) && bool.Parse(ConfigurationManager.AppSettings["Restrict_IP_Address"]))
        {
            bool             bUserIPOK          = false;
            OleDbConnection  myUserIPConnection = new OleDbConnection(ConfigurationManager.ConnectionStrings["_UserDatabase"].ConnectionString);
            string           strUserIPQuery     = "select * from [IP_Allow_List] where [IP] = '" + Request.UserHostAddress + "'";
            OleDbDataAdapter dsUserIPCmd        = new OleDbDataAdapter(strUserIPQuery, myUserIPConnection);
            DataSet          myUserIPData       = new DataSet();
            dsUserIPCmd.Fill(myUserIPData, "IP_Exact");
            DataTable pUserIPTable = myUserIPData.Tables["IP_Exact"];
            if (pUserIPTable.Rows.Count > 0)
            {
                //Exact match to IP address
                bUserIPOK = true;
            }
            else
            {
                strUserIPQuery = "select * from [IP_Allow_List] where instr(1,[IP],'*')";
                dsUserIPCmd    = new OleDbDataAdapter(strUserIPQuery, myUserIPConnection);
                dsUserIPCmd.Fill(myUserIPData, "IP_SubNet");
                pUserIPTable = myUserIPData.Tables["IP_SubNet"];
                System.Data.DataRow pRow = null;
                foreach (DataRow pRow_loopVariable in pUserIPTable.Rows)
                {
                    pRow = pRow_loopVariable;
                    if (Request.UserHostAddress.Length >= pRow["IP"].ToString().Length)
                    {
                        if (Request.UserHostAddress.Substring(0, pRow["IP"].ToString().Length - 1) == pRow["IP"].ToString().Substring(0, pRow["IP"].ToString().Length - 1))
                        {
                            bUserIPOK = true;
                            break; // TODO: might not be correct. Was : Exit For
                        }
                    }
                }
            }

            if (!bUserIPOK)
            {
                UserName.Disabled        = true;
                UserPass.Disabled        = true;
                cmdLogin.Enabled         = false;
                messageContainer.Visible = true;
                lblResults.Text          = "Sorry, access is not permitted from your IP Address. Please contact Wendel GIS department for assistance.";
                lblResults.Font.Bold     = true;
            }
        }
    }