private bool CanUpdateContactTitle(User contact, string title)
{
bool canUpdate = false;
bool wasUpdatedByUser = false;
ActionLogs actionLogs = new ActionLogs(LoginUser);
actionLogs.LoadByUserID(contact.UserID);
ActionLog lastActionLog = actionLogs.OrderByDescending(p => p.DateCreated)
.Where(p => p.RefType == ReferenceType.Users &&
p.Description.ToLower().Contains("set contact title"))
.FirstOrDefault();
//If the title has been updated before, we need to check if the user did it. If not then we can update.
if (lastActionLog != null)
{
wasUpdatedByUser = lastActionLog.ModifierID > 0;
if (!wasUpdatedByUser)
{
canUpdate = contact.Title != title;
}
}
else if (string.IsNullOrEmpty(contact.Title))
{
//The title has never changed. Update it if empty
canUpdate = true;
}
return(canUpdate);
}
private bool CanUpdateCompanyBio(Organization organization, string bio)
{
bool canUpdate = false;
bool wasUpdatedByUser = false;
ActionLogs actionLogs = new ActionLogs(LoginUser);
actionLogs.LoadByOrganizationID(organization.OrganizationID);
ActionLog lastActionLog = actionLogs.OrderByDescending(p => p.DateCreated)
.Where(p => p.RefType == ReferenceType.Organizations &&
(p.Description.ToLower().Contains("changed description")) ||
p.Description.ToLower().Contains("set company description"))
.FirstOrDefault();
//If the description has been updated before, we need to check if the user did it. If not then we can update.
if (lastActionLog != null)
{
wasUpdatedByUser = lastActionLog.ModifierID > 0;
if (!wasUpdatedByUser)
{
canUpdate = organization.Description != bio;
}
}
else if (string.IsNullOrEmpty(organization.Description))
{
//The description has never changed. Update it if empty
canUpdate = true;
}
return(canUpdate);
}
protected void Page_Load(object sender, EventArgs e)
{
if (Request.IsAuthenticated)
{
((Label)Master.FindControl("lastLoginStaff")).Text = "Your last logged in was <b>"
+ ActionLogs.getLastLoggedInOf(Context.User.Identity.Name) + "</b>";
}
if (IsPostBack)
{
errormsgPasswordAuthenticate.Visible = false;
}
if (!IsPostBack)
{
connection.Open();
SqlCommand retrieveSubmittedReportsCommand = new SqlCommand("SELECT CaseNumber, Date, Subject, ReportStatus, CreatedDateTime FROM Report " +
"WHERE Username = @Username AND ReportStatus = 'rejected' ", connection);
retrieveSubmittedReportsCommand.Parameters.AddWithValue("@Username", Context.User.Identity.Name);
SqlDataReader retrieveSubmittedReports = retrieveSubmittedReportsCommand.ExecuteReader();
DataTable dt = new DataTable();
dt.Load(retrieveSubmittedReports);
connection.Close();
GridView1.DataSource = dt;
ViewState["Datable"] = dt;
GridView1.DataBind();
}
}
protected void Button_Reject_Click(object sender, EventArgs e)
{
connection.Open();
SqlCommand updateReportStatus = new SqlCommand("UPDATE Report SET ReportStatus = @ReportStatus, Remarks = @Remarks WHERE Username = @AccountUsername AND CaseNumber = @CaseNumber", connection);
updateReportStatus.Parameters.AddWithValue("@ReportStatus", "rejected");
updateReportStatus.Parameters.AddWithValue("@AccountUsername", Label6.Text);
updateReportStatus.Parameters.AddWithValue("@CaseNumber", Session["caseNumberOfThisPendingReport"].ToString());
updateReportStatus.Parameters.AddWithValue("@Remarks", Label12_remarks.Text);
updateReportStatus.ExecuteNonQuery();
connection.Close();
caseNumberOfReport = Session["caseNumberOfThisPendingReport"].ToString();
//Add to logs
ActionLogs.Action action = ActionLogs.Action.BossRejectedReport;
ActionLogs.Log(Context.User.Identity.Name, action);
Session["rejectedMsg"] = "Report with the Case Number of <b><u><big>#" + Session["caseNumberOfThisPendingReport"].ToString() + "</b></u></big> has been <b>rejected</b>.";
Response.Redirect("~/Content/BossConsole/PendingReports.aspx");
//ClientScript.RegisterStartupScript(GetType(), "alert", "alert('Report with the Case Number of #" + Session["caseNumberOfThisPendingReport"].ToString() + " has been rejected.'); window.location = 'PendingReports.aspx'; ", true);
//ClientScript.RegisterStartupScript(this.GetType(), "alert", "alert('This report has been rejected.')", true);
}
public void Add(int actionTypeId, int moduleId, object item, Users actionUser)
{
try
{
ActionLogs obj = new ActionLogs
{
ActionTypeId = actionTypeId,
ModuleId = moduleId,
UserId = actionUser.UserId,
Date = DateTime.Now,
Status = (byte)enStatus.ACTIVE
};
var settings = new JsonSerializerSettings
{
ContractResolver = ShouldSerializeContractResolver.Instance
};
var json = JsonConvert.SerializeObject(item, settings);
obj.Data = json;
_context.ActionLogs.Add(obj);
_context.SaveChanges();
}
catch (Exception ex)
{
_logger.Error(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType + " " + System.Reflection.MethodBase.GetCurrentMethod().Name + " : " + ex.Message, ex);
}
}
public void DeleteOrganizationProduct(int organizationProductID, bool bypass = true)
{
if (!UserSession.CurrentUser.IsSystemAdmin && bypass)
{
return;
}
try
{
OrganizationProducts organizationProducts = new OrganizationProducts(UserSession.LoginUser);
organizationProducts.LoadByOrganizationProductID(organizationProductID);
UserProducts userProducts = new UserProducts(UserSession.LoginUser);
//userProducts.LoadByOrganizationProductAndVersionID(organizationProducts[0].OrganizationID, "hola", "adios");
userProducts.LoadByOrganizationProductAndVersionID(organizationProducts[0].OrganizationID, organizationProducts[0].ProductID, organizationProducts[0].ProductVersionID);
userProducts.DeleteAll();
userProducts.Save();
organizationProducts.DeleteFromDB(organizationProductID);
Product p = Products.GetProduct(TSAuthentication.GetLoginUser(), organizationProducts[0].ProductID);
string description = String.Format("{0} deleted product association to {1} ", TSAuthentication.GetUser(TSAuthentication.GetLoginUser()).FirstLastName, p.Name);
ActionLogs.AddActionLog(TSAuthentication.GetLoginUser(), ActionLogType.Delete, ReferenceType.Organizations, organizationProducts[0].OrganizationID, description);
}
catch (Exception ex)
{
DataUtils.LogException(UserSession.LoginUser, ex);
}
}
public void DeleteUser(int userID)
{
if (!UserSession.CurrentUser.IsSystemAdmin)
{
return;
}
Users.MarkUserDeleted(UserSession.LoginUser, userID);
User user = Users.GetUser(UserSession.LoginUser, userID);
string description = String.Format("{0} deleted user {1} ", UserSession.CurrentUser.FirstLastName, user.FirstLastName);
ActionLogs.AddActionLog(UserSession.LoginUser, ActionLogType.Delete, ReferenceType.Organizations, user.OrganizationID, description);
Organization org = Organizations.GetOrganization(TSAuthentication.GetLoginUser(), user.OrganizationID);
if (org.DefaultSupportUserID == user.UserID)
{
org.DefaultSupportUserID = null;
org.Collection.Save();
}
if (user.IsActive && org.ParentID == 1)
{
user.EmailCountToMuroc(false);
}
}
/// <summary> Log Message </summary>
public static void LogMessage(ActionLogType logType, ReferenceType refType, int?refID, string message)
{
AuthenticationModel authentication = new AuthenticationModel();
LoginUser user = new LoginUser(authentication.UserID, authentication.OrganizationID);
ActionLogs.AddActionLog(user, logType, refType, refID.HasValue ? refID.Value : 0, message); // 0 if no ID?
}
protected void btnSearch_Click(object sender, EventArgs e)
{
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["FileDatabaseConnectionString2"].ConnectionString);
connection.Open();
SqlDataReader dataReader = null;
SqlCommand dateCommand = new SqlCommand("SELECT * FROM ErrorExceptionLogs WHERE (lower(Username) LIKE @txtSearchValue OR lower(ExceptionType) LIKE @txtSearchValue OR lower(ErrorMessage) LIKE @txtSearchValue OR lower(ErrorSource) LIKE @txtSearchValue OR lower(Location) LIKE @txtSearchValue) ORDER BY convert(datetime,Timestamp) DESC", connection);
dateCommand.Parameters.AddWithValue("@txtSearchValue", "%" + txtSearchValue.Text.Trim().ToLower() + "%");
dataReader = dateCommand.ExecuteReader();
DataTable dt = new DataTable();
dt.Load(dataReader);
GridView1.DataSource = dt;
ViewState["Datable"] = dt;
GridView1.DataBind();
if (dt.Rows.Count == 0)
{
ClientScript.RegisterStartupScript(this.GetType(), "alert", "alert('There is no data found for this search.')", true);
}
connection.Close();
searchValue = txtSearchValue.Text;
url = System.Web.HttpContext.Current.Request.Url.ToString();
//Add to logs
ActionLogs.Action actionLog = ActionLogs.Action.SearchErrorLogs;
ActionLogs.Log(Context.User.Identity.Name, actionLog);
}
protected void Page_Load(object sender, EventArgs e)
{
//To make sure do not allow staff to access boss console through browser
if (Context.User.Identity.Name != "KaiTatL97")
{
Response.Redirect("../../Account/Login.aspx");
return;
//ClientScript.RegisterStartupScript(GetType(), "alert", "alert('Dear " + Session["AccountUsername"].ToString() + ", you are not allowed to access this page.'); window.location = '../../Account/Login.aspx'; ", true);
//return;
}
if (Request.IsAuthenticated)
{
((Label)Master.FindControl("lastLoginBoss")).Text = "Your last logged in was <b>"
+ ActionLogs.getLastLoggedInOf(Context.User.Identity.Name) + "</b>";
}
if (IsPostBack)
{
errormsgPasswordAuthenticate.Visible = false;
}
}
public void DeleteTask(int taskID)
{
Task task = Tasks.GetTask(UserSession.LoginUser, taskID);
if (task.CreatorID != UserSession.CurrentUser.UserID && !UserSession.CurrentUser.IsSystemAdmin)
{
return;
}
TaskAssociations associations = new TaskAssociations(UserSession.LoginUser);
associations.DeleteByReminderIDOnly(taskID);
Tasks subtasks = new Tasks(UserSession.LoginUser);
subtasks.LoadIncompleteByParentID(taskID);
foreach (Task subtask in subtasks)
{
DeleteTask(subtask.TaskID);
}
if (task.ReminderID != null)
{
Data.Reminder reminder = Reminders.GetReminder(UserSession.LoginUser, (int)task.ReminderID);
reminder.Delete();
reminder.Collection.Save();
}
string description = String.Format("{0} deleted task {1} ", UserSession.CurrentUser.FirstLastName, task.Description);
ActionLogs.AddActionLog(UserSession.LoginUser, ActionLogType.Delete, ReferenceType.Tasks, taskID, description);
task.Delete();
task.Collection.Save();
}
public ActionLogProxy[] LoadActionsHistory(int assetID, int start)
{
ActionLogs history = new ActionLogs(TSAuthentication.GetLoginUser());
history.LoadByAssetIDLimit(assetID, start);
return(history.GetActionLogProxies());
}
public static string GetActionLog(RestCommand command, int actionLogID)
{
ActionLog actionLog = ActionLogs.GetActionLog(command.LoginUser, actionLogID);
if (actionLog.OrganizationID != command.Organization.OrganizationID)
{
throw new RestException(HttpStatusCode.Unauthorized);
}
return(actionLog.GetXml("ActionLog", true));
}
protected void btnSearch_Click(object sender, EventArgs e)
{
bool hasData = false;
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["FileDatabaseConnectionString2"].ConnectionString);
connection.Open();
SqlDataReader dateReader = null;
SqlCommand dateCommand = new SqlCommand("SELECT DISTINCT(convert(date, Timestamp)) AS Date FROM Logs WHERE lower(Action) LIKE @Action AND Username = @AccountUsername ORDER BY convert(date,Timestamp) DESC", connection);
dateCommand.Parameters.AddWithValue("@Action", "%" + txtSearchValue.Text.Trim().ToLower() + "%");
dateCommand.Parameters.AddWithValue("@AccountUsername", bossUsername.Text);
dateReader = dateCommand.ExecuteReader();
while (dateReader.Read())
{
DateTime date = (DateTime)dateReader["Date"];
//Response.Write("Date : " + date + "<br>");
AddDateToPlaceholder(date);
SqlConnection connection2 = new SqlConnection(ConfigurationManager.ConnectionStrings["FileDatabaseConnectionString2"].ConnectionString);
connection2.Open();
SqlDataReader logReader = null;
SqlCommand logCommand = new SqlCommand("SELECT Action, Timestamp FROM Logs WHERE lower(Action) LIKE @Action AND Username = @AccountUsername AND convert(date, Timestamp) = convert(date,@Date) ORDER BY convert(date,Timestamp) ASC", connection2);
logCommand.Parameters.AddWithValue("@Action", "%" + txtSearchValue.Text.Trim().ToLower() + "%");
logCommand.Parameters.AddWithValue("@AccountUsername", bossUsername.Text);
logCommand.Parameters.AddWithValue("@Date", date);
logReader = logCommand.ExecuteReader();
while (logReader.Read())
{
hasData = true;
string action = logReader["Action"].ToString();
DateTime actionDate = (DateTime)logReader["Timestamp"];
//Response.Write("Date : " + actionDate + " Action : " + action + "<br>");
AddActionToPlaceholder(action, actionDate);
}
}
if (hasData == false)
{
ClientScript.RegisterStartupScript(this.GetType(), "alert", "alert('There is no data found for this search.')", true);
}
searchValue = txtSearchValue.Text;
url = System.Web.HttpContext.Current.Request.Url.ToString();
//Add to logs
ActionLogs.Action actionLog = ActionLogs.Action.SearchBossLogs;
ActionLogs.Log(Context.User.Identity.Name, actionLog);
}
public string SetAssetNotes(int assetID, string value)
{
LoginUser loginUser = TSAuthentication.GetLoginUser();
Asset o = Assets.GetAsset(loginUser, assetID);
string description = String.Format("Changed Notes from \"{0}\" to \"{1}\".", o.Notes, value);
o.Notes = value;
o.DateModified = DateTime.UtcNow;
o.ModifierID = loginUser.UserID;
o.Collection.Save();
ActionLogs.AddActionLog(loginUser, ActionLogType.Update, ReferenceType.Assets, assetID, description);
return(value != "" ? value : "Empty");
}
public override void OnActionExecuted(ActionExecutedContext filterContext)
{
stopWatch.Stop();
var actionLog = new ActionLogs();
actionLog.ExecutionTimeInMs = stopWatch.ElapsedMilliseconds;
//actionLog.ControllerName = filterContext.RouteData.Values["controller"].ToString();
actionLog.ControllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
actionLog.ActionName = filterContext.ActionDescriptor.ActionName;
db.ActionLog.Add(actionLog);
db.SaveChanges();
}
protected void Page_Load(object sender, EventArgs e)
{
if (Request.IsAuthenticated)
{
((Label)Master.FindControl("lastLoginStaff")).Text = "Your last logged in was <b>"
+ ActionLogs.getLastLoggedInOf(Context.User.Identity.Name) + "</b>";
}
if (IsPostBack)
{
errormsgPasswordAuthenticate.Visible = false;
}
}
protected void Page_Load(object sender, EventArgs e)
{
//To make sure do not allow staff to access boss console through browser
if (Context.User.Identity.Name != "KaiTatL97")
{
Response.Redirect("../../Account/Login.aspx");
return;
//ClientScript.RegisterStartupScript(GetType(), "alert", "alert('Dear " + Session["AccountUsername"].ToString() + ", you are not allowed to access this page.'); window.location = '../../Account/Login.aspx'; ", true);
//return;
}
if (Request.IsAuthenticated && (IsPostBack || !IsPostBack))
{
((Label)Master.FindControl("lastLoginBoss")).Text = "Your last logged in was <b>"
+ ActionLogs.getLastLoggedInOf(Context.User.Identity.Name) + "</b>";
showNewPendingReports();
}
if (IsPostBack)
{
errormsgPasswordAuthenticate.Visible = false;
}
if (Session["approvedMsg"] != null)
{
if (System.Web.HttpContext.Current.Request.Url.ToString() == "http://localhost:53380/Content/BossConsole/PendingReports")
{
alertBoxApproved.Visible = true;
approvedMsg.Visible = true;
approvedMsg.Text = Session["approvedMsg"].ToString();
Session["approvedMsg"] = null;
}
}
if (Session["rejectedMsg"] != null)
{
if (System.Web.HttpContext.Current.Request.Url.ToString() == "http://localhost:53380/Content/BossConsole/PendingReports")
{
alertBoxRejected.Visible = true;
rejectedMsg.Visible = true;
rejectedMsg.Text = Session["rejectedMsg"].ToString();
Session["rejectedMsg"] = null;
}
}
}
public List <string> GetActionLogSummary()
{
List <string> output = new List <string>();
if (this.ActionLogs != null)
{
ActionLogs.ToList().ForEach((a) =>
{
output.Add(a.Command + " : " + (a.Result != null ? a.Result : ""));
});
}
return(output);
}
public int SetAssetProductVersion(int assetID, int value, string oldName, string newName)
{
LoginUser loginUser = TSAuthentication.GetLoginUser();
Asset o = Assets.GetAsset(loginUser, assetID);
o.ProductVersionID = value;
o.DateModified = DateTime.UtcNow;
o.ModifierID = loginUser.UserID;
o.Collection.Save();
string description = String.Format("Changed Product Version from \"{0}\" to \"{1}\".", oldName, newName);
ActionLogs.AddActionLog(loginUser, ActionLogType.Update, ReferenceType.Assets, assetID, description);
return(value);
}
public void RequestTicketUpdate(int ticketID)
{
TicketsViewItem ticket = TicketsView.GetTicketsViewItem(UserSession.LoginUser, ticketID);
if (ticket == null)
{
return;
}
EmailPosts.SendTicketUpdateRequest(UserSession.LoginUser, ticketID);
string description = String.Format("{0} requested an update from {1} for {2}", UserSession.CurrentUser.FirstLastName, ticket.UserName, Tickets.GetTicketLink(UserSession.LoginUser, ticketID));
ActionLogs.AddActionLog(UserSession.LoginUser, ActionLogType.Update, ReferenceType.Tickets, ticket.TicketID, description);
}
public void DeleteAttachment(int attachmentID)
{
//if (!UserSession.CurrentUser.IsSystemAdmin) return;
try
{
string fileName = ModelAPI.AttachmentAPI.DeleteAttachment(attachmentID, AttachmentProxy.References.None);
string description = String.Format("{0} deleted attachment {1}", UserSession.CurrentUser.FirstLastName, fileName);
ActionLogs.AddActionLog(UserSession.LoginUser, ActionLogType.Delete, ReferenceType.Attachments, attachmentID, description);
}
catch (Exception ex)
{
DataUtils.LogException(UserSession.LoginUser, ex);
}
}
public static string GetActionLogs(RestCommand command)
{
ActionLogs actionLogs = new ActionLogs(command.LoginUser);
actionLogs.LoadByOrganizationID(command.Organization.OrganizationID);
if (command.Format == RestFormat.XML)
{
return(actionLogs.GetXml("ActionLogs", "ActionLog", true, command.Filters));
}
else
{
throw new RestException(HttpStatusCode.BadRequest, "Invalid data format");
}
}
public ReminderProxy EditReminder(int?reminderID, ReferenceType refType, int refID, string description, DateTime dueDate, int userID)
{
Reminder reminder;
if (reminderID == null)
{
string logdescription;
reminder = (new Reminders(TSAuthentication.GetLoginUser())).AddNewReminder();
reminder.OrganizationID = TSAuthentication.OrganizationID;
User reminderUser = (User)Users.GetUser(TSAuthentication.GetLoginUser(), userID);
if (refType == ReferenceType.Tickets)
{
logdescription = String.Format("Added Reminder for {0} , for {1}", reminderUser.FirstLastName, Tickets.GetTicketLink(TSAuthentication.GetLoginUser(), refID));
}
else
{
logdescription = String.Format("Added Reminder for {0}", reminderUser.FirstLastName);
}
ActionLogs.AddActionLog(TSAuthentication.GetLoginUser(), ActionLogType.Insert, ReferenceType.Tickets, refID, logdescription);
ActionLogs.AddActionLog(TSAuthentication.GetLoginUser(), ActionLogType.Insert, ReferenceType.Users, userID, logdescription);
}
else
{
reminder = Reminders.GetReminder(TSAuthentication.GetLoginUser(), (int)reminderID);
if (reminder.OrganizationID != TSAuthentication.OrganizationID)
{
return(null);
}
}
User user = Users.GetUser(reminder.Collection.LoginUser, userID);
if (user.OrganizationID != TSAuthentication.OrganizationID)
{
return(null);
}
reminder.Description = description;
reminder.RefType = refType;
reminder.RefID = refID;
reminder.DueDate = dueDate;
reminder.UserID = userID;
reminder.HasEmailSent = false;
reminder.Collection.Save();
return(reminder.GetProxy());
}
protected void btnSearchBoth_Click(object sender, EventArgs e)
{
string s = TextBox2.Text;
DateTime datetimeDT;
if (DateTime.TryParse(s, out datetimeDT))
{
string date = s.ToString().Split(' ')[0];
date = String.Format("{0:dd/MM/yyyy}", date);
DateTime InputDate = Convert.ToDateTime(date);
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["FileDatabaseConnectionString2"].ConnectionString);
connection.Open();
SqlDataReader dataReader = null;
SqlCommand dateCommand = new SqlCommand("SELECT * FROM ErrorExceptionLogs WHERE ((lower(Username) LIKE @txtSearchValue OR lower(ExceptionType) LIKE @txtSearchValue OR lower(ErrorMessage) LIKE @txtSearchValue OR lower(ErrorSource) LIKE @txtSearchValue OR lower(Location) LIKE @txtSearchValue) AND convert(date, Timestamp, 103) = convert(date,@Timestamp,103)) ORDER BY convert(date,Timestamp) DESC", connection);
dateCommand.Parameters.AddWithValue("@txtSearchValue", "%" + TextBox1.Text.Trim().ToLower() + "%");
dateCommand.Parameters.AddWithValue("@Timestamp", InputDate);
dataReader = dateCommand.ExecuteReader();
DataTable dt = new DataTable();
dt.Load(dataReader);
GridView1.DataSource = dt;
ViewState["Datable"] = dt;
GridView1.DataBind();
if (dt.Rows.Count == 0)
{
ClientScript.RegisterStartupScript(this.GetType(), "alert", "alert('There is no data found for this search.')", true);
}
connection.Close();
}
searchValue = TextBox1.Text + " " + TextBox2.Text;
url = System.Web.HttpContext.Current.Request.Url.ToString();
//Add to logs
ActionLogs.Action actionLog = ActionLogs.Action.SearchErrorLogs;
ActionLogs.Log(Context.User.Identity.Name, actionLog);
}
protected void Unnamed_LoggingOut(object sender, LoginCancelEventArgs e)
{
Context.GetOwinContext().Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
Session["AccountUsername"] = Context.User.Identity.Name;
//Add to logs
ActionLogs.Action action = ActionLogs.Action.Logout;
ActionLogs.Log(Session["AccountUsername"].ToString(), action);
connection.Open();
SqlCommand updateFirstLoginAccess = new SqlCommand("UPDATE UserAccount SET isFirstTimeAccessed = @isFirstTimeAccessed WHERE Username = @AccountUsername", connection);
updateFirstLoginAccess.Parameters.AddWithValue("@isFirstTimeAccessed", "0");
updateFirstLoginAccess.Parameters.AddWithValue("@AccountUsername", Session["AccountUsername"].ToString());
updateFirstLoginAccess.ExecuteNonQuery();
connection.Close();
}
protected void btnAuthenticate_Click(object sender, EventArgs e)
{
if (IsPostBack)
{
string inputUsername = Context.User.Identity.Name;
string inputPassword = txtPasswordAuthenticate.Text;
string dbUsername = "";
string dbPasswordHash = "";
string dbSalt = "";
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["FileDatabaseConnectionString2"].ConnectionString);
connection.Open();
SqlCommand myCommand = new SqlCommand("SELECT HashedPassword, Salt, Role, Username FROM UserAccount WHERE Username = @AccountUsername", connection);
myCommand.Parameters.AddWithValue("@AccountUsername", inputUsername);
SqlDataReader myReader = myCommand.ExecuteReader();
while (myReader.Read())
{
dbPasswordHash = (myReader["HashedPassword"].ToString());
dbSalt = (myReader["Salt"].ToString());
dbUsername = (myReader["Username"].ToString());
}
connection.Close();
string passwordHash = ComputeHash(inputPassword, new SHA512CryptoServiceProvider(), Convert.FromBase64String(dbSalt));
if (dbUsername.Equals(inputUsername.Trim()))
{
if (dbPasswordHash.Equals(passwordHash))
{
Page.ClientScript.RegisterStartupScript(GetType(), "alert", "$('#myModal').modal('hide')", true);
//Add to logs
ActionLogs.Action action = ActionLogs.Action.ReauthenticatedDueToAccountLockout;
ActionLogs.Log(Context.User.Identity.Name, action);
}
else
{
Page.ClientScript.RegisterStartupScript(GetType(), "alert", "$('#myModal').modal('show')", true);
errormsgPasswordAuthenticate.Visible = true;
}
}
}
}
public void SignOut()
{
try
{
ActionLogs.AddActionLog(TSAuthentication.GetLoginUser(), ActionLogType.Insert, ReferenceType.Users, TSAuthentication.UserID, "Logged out");
TSEventLog.WriteEvent(TSEventLogEventType.LogoutSuccess, HttpContext.Current.Request, TSAuthentication.GetLoginUser().GetUser(), TSAuthentication.GetLoginUser().GetOrganization());
}
catch (Exception)
{
}
HttpContext.Current.Response.Cookies["sl"].Value = null;
HttpContext.Current.Response.Cookies[FormsAuthentication.FormsCookieName].Value = null;
//HttpContext.Current.Session.Clear();
//HttpContext.Current.Session.Abandon();
FormsAuthentication.SignOut();
}
protected void Page_Load(object sender, EventArgs e)
{
//To make sure do not allow staff to access boss console through browser
if (Context.User.Identity.Name != "KaiTatL97")
{
Response.Redirect("../../Account/Login.aspx");
return;
//ClientScript.RegisterStartupScript(GetType(), "alert", "alert('Dear " + Session["AccountUsername"].ToString() + ", you are not allowed to access this page.'); window.location = '../../Account/Login.aspx'; ", true);
//return;
}
if (Request.IsAuthenticated)
{
((Label)Master.FindControl("lastLoginBoss")).Text = "Your last logged in was <b>"
+ ActionLogs.getLastLoggedInOf(Context.User.Identity.Name) + "</b>";
if (IsPostBack)
{
errormsgPasswordAuthenticate.Visible = false;
}
}
if (!IsPostBack)
{
connection.Open();
SqlCommand retrieveSubmittedReportsCommand = new SqlCommand("SELECT DISTINCT(Username) FROM UserAccount WHERE Username != @Username ", connection);
retrieveSubmittedReportsCommand.Parameters.AddWithValue("@Username", Context.User.Identity.Name);
SqlDataReader retrieveSubmittedReports = retrieveSubmittedReportsCommand.ExecuteReader();
DataTable dt = new DataTable();
dt.Load(retrieveSubmittedReports);
connection.Close();
GridView1.DataSource = dt;
GridView1.DataBind();
}
}
public void DeleteNote(int noteID)
{
Note note = Notes.GetNote(UserSession.LoginUser, noteID);
if (note.CreatorID != UserSession.CurrentUser.UserID && !UserSession.CurrentUser.IsSystemAdmin)
{
return;
}
// delete attachments which point to this Note (Activity)
string description = String.Format("{0} deleted note {1} ", UserSession.CurrentUser.FirstLastName, note.Title);
ActionLogs.AddActionLog(UserSession.LoginUser, ActionLogType.Delete, ReferenceType.Notes, noteID, description);
note.Delete();
note.Collection.Save();
}
