protected void Page_Load(object sender, System.EventArgs e)
        {
            ltMessage.Text = AppLogic.GetString("savenotification.aspx.cs.1", Customer.Current.SkinID, Customer.Current.LocaleSetting);
            Int32  NotificationType = Int32.Parse(CommonLogic.QueryStringCanBeDangerousContent("NotificationType"));
            String itemCode         = CommonLogic.QueryStringCanBeDangerousContent("itemCode");
            String ProductURL       = CommonLogic.QueryStringCanBeDangerousContent("ProductURL") + "/" + InterpriseHelper.MakeItemLink(itemCode);


            string[][] ruleloaddataset;
            ruleloaddataset = new string[][] { new string[] { "ECOMMERCENOTIFICATION", "READECOMMERCENOTIFICATION", "@ContactCode", Customer.Current.ContactCode,
                                                              "@WebsiteCode", InterpriseHelper.ConfigInstance.WebSiteCode, "@ItemCode", itemCode, "@EmailAddress", Customer.Current.EMail } };

            EcommerceNotificationDatasetGateway ruleDatasetContainer = new EcommerceNotificationDatasetGateway();

            if (Interprise.Facade.Base.SimpleFacade.Instance.CurrentBusinessRule.LoadDataSet(
                    InterpriseHelper.ConfigInstance.OnlineCompanyConnectionString, ruleloaddataset, ruleDatasetContainer))
            {
                EcommerceNotificationDatasetGateway.EcommerceNotificationRow ruleDatasetContainernewRow;

                if (ruleDatasetContainer.EcommerceNotification.Rows.Count == 0)
                {
                    ruleDatasetContainernewRow = ruleDatasetContainer.EcommerceNotification.NewEcommerceNotificationRow();
                }
                else
                {
                    ruleDatasetContainernewRow = ruleDatasetContainer.EcommerceNotification[0];
                }

                Boolean OnPriceDrop = AppLogic.CheckNotification(Customer.Current.ContactCode, Customer.Current.EMail, itemCode, 1);
                Boolean OnItemAvail = AppLogic.CheckNotification(Customer.Current.ContactCode, Customer.Current.EMail, itemCode, 0);

                if (NotificationType == 1)
                {
                    OnPriceDrop = true;
                }
                else
                {
                    OnItemAvail = true;
                }

                ruleDatasetContainernewRow.BeginEdit();
                ruleDatasetContainernewRow.WebSiteCode       = InterpriseHelper.ConfigInstance.WebSiteCode;
                ruleDatasetContainernewRow.ItemCode          = itemCode;
                ruleDatasetContainernewRow.ContactCode       = Customer.Current.ContactCode;
                ruleDatasetContainernewRow.EmailAddress      = Customer.Current.EMail;
                ruleDatasetContainernewRow.NotifyOnPriceDrop = OnPriceDrop;
                ruleDatasetContainernewRow.NotifyOnItemAvail = OnItemAvail;
                ruleDatasetContainernewRow.ProductURL        = ProductURL;

                byte[] salt = InterpriseHelper.GenerateSalt();
                byte[] iv   = InterpriseHelper.GenerateVector();
                string contactCodeCypher  = InterpriseHelper.Encryption(Customer.Current.ContactCode, salt, iv);
                string emailAddressCypher = InterpriseHelper.Encryption(Customer.Current.EMail, salt, iv);

                ruleDatasetContainernewRow.EncryptedContactCode  = contactCodeCypher + "|" + Convert.ToBase64String(salt) + "|" + Convert.ToBase64String(iv);
                ruleDatasetContainernewRow.EncryptedEmailAddress = emailAddressCypher + "|" + Convert.ToBase64String(salt) + "|" + Convert.ToBase64String(iv);


                ruleDatasetContainernewRow.EndEdit();


                if (ruleDatasetContainer.EcommerceNotification.Rows.Count == 0)
                {
                    ruleDatasetContainer.EcommerceNotification.AddEcommerceNotificationRow(ruleDatasetContainernewRow);
                }

                string[][] rulecommandset;
                rulecommandset = new string[][] { new string[] { ruleDatasetContainer.EcommerceNotification.TableName, "CREATEECOMMERCENOTIFICATION",
                                                                 "UPDATEECOMMERCENOTIFICATION", "DELETEECOMMERCENOTIFICATION" } };

                if (Interprise.Facade.Base.SimpleFacade.Instance.CurrentBusinessRule.UpdateDataset(
                        InterpriseHelper.ConfigInstance.OnlineCompanyConnectionString, rulecommandset, ruleDatasetContainer))
                {
                    ltMessage.Text = AppLogic.GetString("savenotification.aspx.cs.2", Customer.Current.SkinID, Customer.Current.LocaleSetting);
                    Response.Write("<script type=text/javascript language=javascript>window.top.close();</script>");
                }
            }
        }
Exemplo n.º 2
0
        protected void RequestPassword_Click(object sender, EventArgs e)
        {
            ErrorPanel.Visible = true; // that is where the status msg goes, in all cases in this routine

            //FireFox does not validate RequiredFieldValidator1.
            //This code will double check forgotemail has value.
            if (ForgotEMail.Text.Trim() == string.Empty)
            {
                ErrorMsgLabel.Text = AppLogic.GetString("signin.aspx.3", SkinID, ThisCustomer.LocaleSetting, true);
                return;
            }

            //Decrypt connectionstring using salt & vector scheme implemented by Interprise.
            ErrorMsgLabel.Text = string.Empty;
            string PWD           = string.Empty;
            bool   passwordValid = true;
            string customerCode  = string.Empty;
            string contactCode   = string.Empty;
            bool   exists        = false;

            string sql = string.Format("SELECT EntityCode, cc.ContactCode, Password,PasswordSalt,PasswordIV FROM CRMContact cc WITH (NOLOCK) INNER JOIN EcommerceCustomerActiveSites ecas ON cc.ContactCode = ecas.ContactCode WHERE IsAllowWebAccess=1 AND UserName= {0} AND ecas.WebSiteCode = {1} AND ecas.IsEnabled = 1", DB.SQuote(ForgotEMail.Text.ToLower()), DB.SQuote(InterpriseHelper.ConfigInstance.WebSiteCode));

            using (var con = DB.NewSqlConnection())
            {
                con.Open();
                using (var rs = DB.GetRSFormat(con, sql))
                {
                    exists = rs.Read();
                    if (exists)
                    {
                        string pwdCypher = DB.RSField(rs, "Password");
                        string salt      = DB.RSField(rs, "PasswordSalt");
                        string iv        = DB.RSField(rs, "PasswordIV");
                        customerCode = DB.RSField(rs, "EntityCode");
                        contactCode  = DB.RSField(rs, "ContactCode");

                        try
                        {
                            var tmpCrypto = new Interprise.Licensing.Base.Services.CryptoServiceProvider();
                            PWD = tmpCrypto.Decrypt(Convert.FromBase64String(pwdCypher),
                                                    Convert.FromBase64String(salt),
                                                    Convert.FromBase64String(iv));
                        }
                        catch
                        {
                            passwordValid = false;
                        }
                    }
                    else
                    {
                        ErrorMsgLabel.Text = AppLogic.GetString("lostpassword.aspx.4", SkinID, ThisCustomer.LocaleSetting, true);
                        return;
                    }
                }
            }

            if (exists && !passwordValid)
            {
                byte[] salt = InterpriseHelper.GenerateSalt();
                byte[] iv   = InterpriseHelper.GenerateVector();

                string newPassword       = Guid.NewGuid().ToString("N").Substring(0, 8);
                string newPasswordCypher = InterpriseHelper.Encryption(newPassword, salt, iv);

                string saltBase64 = Convert.ToBase64String(salt);
                string ivBase64   = Convert.ToBase64String(iv);

                DB.ExecuteSQL("UPDATE CRMContact SET Password = {0}, PasswordSalt = {1}, PasswordIV = {2} WHERE EntityCode = {3} AND ContactCode = {4}", DB.SQuote(newPasswordCypher), DB.SQuote(saltBase64), DB.SQuote(ivBase64), DB.SQuote(customerCode), DB.SQuote(contactCode));

                PWD = newPassword;
            }

            if (PWD.Length != 0)
            {
                string FromEMail = AppLogic.AppConfig("MailMe_FromAddress");
                string EMail     = ForgotEMail.Text;
                bool   SendWasOk = false;
                try
                {
                    string WhoisRequestingThePassword = "******" + ThisCustomer.LastIPAddress + "\r\n" + DateTime.Now.ToString();
                    string MsgBody = string.Empty;

                    MsgBody = InterpriseHelper.GetPasswordEmailTemplate(EMail);
                    if (MsgBody.Length > 0)
                    {
                        AppLogic.SendMail(AppLogic.AppConfig("StoreName") + " " + AppLogic.GetString("lostpassword.aspx.5", SkinID, ThisCustomer.LocaleSetting, true), MsgBody, true, FromEMail, FromEMail, EMail, EMail, "", AppLogic.AppConfig("MailMe_Server"));
                        SendWasOk = true;
                    }
                    else
                    {
                        ErrorMsgLabel.Text = AppLogic.GetString("lostpassword.aspx.4", SkinID, ThisCustomer.LocaleSetting, true);
                    }
                }
                catch { }
                if (SendWasOk)
                {
                    ErrorMsgLabel.Text = AppLogic.GetString("lostpassword.aspx.2", SkinID, ThisCustomer.LocaleSetting, true);
                }
                else
                {
                    ErrorMsgLabel.Text = AppLogic.GetString("lostpassword.aspx.3", SkinID, ThisCustomer.LocaleSetting, true);
                }
            }
            else
            {
                ErrorMsgLabel.Text = AppLogic.GetString("lostpassword.aspx.4", SkinID, ThisCustomer.LocaleSetting, true);
            }
        }