protected void UserGridView_SelectedIndexChanged(object sender, EventArgs e)
{
string[] RolesForUser = null;
try
{
MembershipUser theUser;
EmployeeRolePanel.Visible = true;
RolesForUser = Roles.GetRolesForUser(UserGridView.SelectedValue.ToString());
FillCheckBoxesForRoles(RolesForUser);
theUser = Membership.GetUser(UserGridView.SelectedValue.ToString());
UserLabel.Text = theUser.UserName.ToString();
UserEmailLabel.Text = theUser.Email.ToString();
if (theUser.UserName.Equals(HttpContext.Current.User.Identity.Name))
{
foreach (ListItem item in UserRoleCheckBoxList.Items)
{
item.Enabled = false;
}
SaveRolesButton.Visible = false;
ResetRolesButton.Visible = false;
}
else
{
SaveRolesButton.Visible = true;
ResetRolesButton.Visible = (!LoginSecurity.IsUserAuthorizedPermission("RESET_USER_ACCOUNT"));
}
}
catch (Exception exc)
{
log.Error("Function InRoleListBox_SelectedIndexChanged from AssingRolesByUser page", exc);
SystemMessages.DisplaySystemMessage(Resources.SecurityData.MessageErrorGetRoles);
}
}
private void button1_Click(object sender, EventArgs e)
{
try
{
if (textBox1.Text.Trim() == "")
{
return;
}
if (LoginSecurity.checkPassword(textBox1.Text.Trim()))
{
//密码校验成功
Form1 mainForm = new Form1();
mainForm.setLoginVisableFalse(this);
mainForm.Show();
}
else
{
//密码校验失败
MessageBox.Show("密钥无效,或已经过时,请重新输入");
}
}
catch
{
//密码校验失败
MessageBox.Show("密钥无效输入错误,请重试");
}
}
protected void Page_Load(object sender, EventArgs e)
{
string id = string.Format("Id: {0} Uri: {1}", Guid.NewGuid(), HttpContext.Current.Request.Url);
using (Utils utility = new Utils())
{
utility.MethodStart(id, System.Reflection.MethodBase.GetCurrentMethod());
}
this._loginSecurity = new LoginSecurity();
try
{
this.UserLogin();
}
catch (Exception ex)
{
Elmah.ErrorSignal.FromCurrentContext().Raise(ex);
using (Utils utility = new Utils())
{
utility.MethodEnd(id, System.Reflection.MethodBase.GetCurrentMethod());
}
string str2 = "Error Request=" + id + ".Please share with Technical support.";
base.Response.Redirect("Bill_Sys_ErrorPage.aspx?ErrMsg=" + str2);
}
//Method End
using (Utils utility = new Utils())
{
utility.MethodEnd(id, System.Reflection.MethodBase.GetCurrentMethod());
}
}
public LoginSecurity GetLoginSecurityRecord(string recid, string UserID, string UserSNo)
{
LoginSecurity loginsecurity = new LoginSecurity();
try
{
DataSet ds = new DataSet();
SqlParameter[] Parameters = { new SqlParameter("@UserID", Convert.ToInt32(UserSNo)) };
string[] tableNames = null;
SqlHelper.FillDataset(ReadConnectionString.WebConfigConnectionString, CommandType.StoredProcedure, "GetListSystemSettings", ds, tableNames, Parameters);
if (ds.Tables[0].Rows.Count > 0)
{
loginsecurity.CountMaximumDayNoActivity = Convert.ToString(ds.Tables[0].Rows[0]["CountMaximumDayNoActivity"]);
loginsecurity.NoOfBadAttemps = Convert.ToString(ds.Tables[0].Rows[0]["NoOfBadAttemps"]);
loginsecurity.CountPasswoedExpiryDate = Convert.ToString(ds.Tables[0].Rows[0]["CountPasswoedExpiryDate"]);
loginsecurity.ISCaptcha = Convert.ToString(ds.Tables[0].Rows[0]["ISCaptcha"]);
loginsecurity.LogoURL = Convert.ToString(ds.Tables[0].Rows[0]["LogoURL"]);
loginsecurity.FooterHTML = Convert.ToString(ds.Tables[0].Rows[0]["FooterHTML"]);
}
}
catch (Exception ex)// (Exception ex)
{
}
return(loginsecurity);
}
private void btnLogin_Click(object sender, RoutedEventArgs e)
{
if (!(txtPW.Password.ToString().Equals("")))
{
try
{
if (LoginSecurity.checkPassword(txtPW.Password.ToString(), 2) == true)
{
GestionCommandeCaissier gcmd = new GestionCommandeCaissier();
this.Visibility = Visibility.Hidden;
gcmd.Show();
}
else
{
MessageBox.Show("MDP ERRRONE");
j++;
txtNotice.Text = "Il vous reste " + j + " /5 tentatives";
}
}
catch (Exception exc)
{
MessageBox.Show(exc.Message);
}
}
if (txtPW.Password.ToString().Equals(""))
{
MessageBox.Show("mot de passe requis");
return;
}
if (j == 5)
{
DateTime now = DateTime.Now;
try
{
//check password
txtPW.IsEnabled = false;
btnLogin.IsEnabled = false;
txtNotice.Text = "CONNEXION BLOQUEE";
txtNotice.Foreground = Brushes.Red;
if ((txtPW.IsEnabled == false) && (now == DateTime.Now.AddMinutes(3)))
{
txtPW.IsEnabled = true;
btnLogin.IsEnabled = true;
}
//updating pw
int i = UserDAO.editUserPWAutomatically(1);
if (LoginSecurity.notifyAdminByEmail(2, "*****@*****.**", "Yassine Ben Hamida") == 1)
{
MessageBox.Show("Le mot de passe a été changé automatiquement veuillez consulter votre mail");
}
}
catch (Exception exe)
{
MessageBox.Show("ERR " + exe.Message);
}
return;
}
}
private void Form1_Load(object sender, EventArgs e)
{
if (LoginSecurity.checkBossComputer())
{
//是管理员用的电脑
button1.Visible = true;
}
}
private void btnValider_Click(object sender, RoutedEventArgs e)
{
try
{
if (txtNPW.Password.ToString() == "" || txtConfi.Password.ToString() == "")
{
MessageBox.Show("les deux champs sont requis !");
return;
}
if (txtNPW.Password.ToString().Contains(" ") || txtConfi.Password.ToString().Contains(" "))
{
MessageBox.Show("Pas d'espaces dans votre mot de passe !");
return;
}
if (txtNPW.Password.Length < 8 || txtConfi.Password.Length < 8)
{
MessageBox.Show("Le mdp doit etre au moins de 8 caractéres");
return;
}
if (txtNPW.Password.ToString() == txtConfi.Password.ToString())
{
string finalpw = txtConfi.Password.ToString();
try
{
if (!(LoginSecurity.checkPassword(finalpw, idOfFetchedUser)))
{
if (UserDAO.editUserPWWrequested(idOfFetchedUser, finalpw) == 1)
{
MessageBox.Show("Le mot de passe a été changé avec succés");
this.Close();
}
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
finally { Connexion.closeConnection(); }
}
else
{
MessageBox.Show("Les deux mot de passe ne sont pas identique !");
MessageBox.Show("Veuillez entre un nouveau mot de passe !");
}
}
catch (Exception n)
{
MessageBox.Show(n.Message);
}
}
private void button1_Click(object sender, EventArgs e)
{
try
{
if ("".Equals(comboBox1.Text) || null == comboBox1.Text)
{
return;
}
string macStr = macDict[comboBox1.Text];
string pwd = LoginSecurity.createPassword(macStr);
textBox1.Text = pwd;
}
catch
{
}
}
protected void OutRoleListBox_SelectedIndexChanged(object sender, EventArgs e)
{
try
{
InRoleListBox.ClearSelection();
if (VerifyIfIsOnlyOneUserSelected(OutRoleListBox))
{
MembershipUser theUser;
EmployeeRolePanel.Visible = true;
gRolesForUser = Roles.GetRolesForUser(OutRoleListBox.SelectedValue);
FillCheckBoxesForRoles(gRolesForUser);
theUser = Membership.GetUser(OutRoleListBox.SelectedValue.ToString());
UserLabel.Text = theUser.UserName.ToString();
UserEmailLabel.Text = theUser.Email.ToString();
if (theUser.UserName.Equals(HttpContext.Current.User.Identity.Name))
{
foreach (ListItem item in UserRoleCheckBoxList.Items)
{
item.Enabled = false;
}
SaveRolesButton.Visible = false;
ResetRolesButton.Visible = false;
AddInImageButton.Enabled = false;
AddOutImageButton.Enabled = false;
}
else
{
SaveRolesButton.Visible = true;
ResetRolesButton.Visible = (!LoginSecurity.IsUserAuthorizedPermission("RESET_USER_ACCOUNT"));
AddInImageButton.Enabled = true;
AddOutImageButton.Enabled = true;
}
}
else
{
EmployeeRolePanel.Visible = false;
}
}
catch (Exception q)
{
log.Error("Function OutRoleListBox_SelectedIndexChanged from AssigRole page", q);
SystemMessages.DisplaySystemMessage(Resources.SecurityData.MessageErrorGetRoles);
}
}
static void Main()
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
if (LoginSecurity.checkBossComputer())
{
//是管理员用的电脑
Form1 f1 = new Form1();
Application.Run(f1);
}
else
{
Login login = new Login();
Application.Run(login);
}
}
private void ConstructMenu()
{
List <Artexacta.App.Menu.Menu> theMenu;
List <Artexacta.App.Menu.Menu> theVisibleMenu;
theMenu = Artexacta.App.Menu.MenuBLL.MenuBLL.ReadMenuFromXMLConfiguration();
List <string> theClases = new List <string>();
// We have to construct the set of "menu classes" for the user. These will determine what
// menus the user has access to.
if (!LoginSecurity.IsUserAuthenticated())
{
Response.Redirect("~/Authentication/Login.aspx");
}
theClases.Add("CHANGEPASS");
if (LoginSecurity.IsUserAuthorizedPermission("MANAGE_SECURITY"))
{
theClases.Add("SECURITY");
}
if (LoginSecurity.IsUserAuthorizedPermission("ADMIN_CLASIFICADORES"))
{
theClases.Add("CLASIFICADORES");
}
if (LoginSecurity.IsUserAuthorizedPermission("ADMIN_TESTS"))
{
theClases.Add("TESTS");
}
if (LoginSecurity.IsUserAuthorizedPermission("MANAGE_CATEGORIES"))
{
theClases.Add("CATEGORY");
}
theVisibleMenu = Artexacta.App.Menu.MenuBLL.MenuBLL.RecursiveConstructionOfVisibleMenus(theMenu, theClases);
string visibleXML = Artexacta.App.Menu.MenuBLL.MenuBLL.GetMenuXML(theVisibleMenu, 0);
sideMenu.Text = visibleXML;
//MainRadMenu.LoadXml(visibleXML);
}
private void btnValider_Click(object sender, RoutedEventArgs e)
{
try
{
// MessageBox.Show(LoginSecurity.checkSecurityQuestionConformity(id, cmbQues.Text.ToString(), txtRep.Text.ToString())+"");
if (LoginSecurity.checkSecurityQuestionConformity(id, cmbQues.Text.ToString(), txtRep.Text.ToString()) == 1)
{
NewPassword NP = new NewPassword(id);
this.Close();
NP.Show();
}
else
{
MessageBox.Show("vérifier la reponse svp ! !!");
}
}
catch (Exception p) { MessageBox.Show(p.Message); }
}
void Application_PostAuthenticateRequest(object sender, EventArgs e)
{
var ctx = HttpContext.Current;
if (ctx.Request.IsAuthenticated)
{
var incomingIdentity = (ClaimsIdentity)ctx.User.Identity;
int?id = new Users().GetUserByIdFromUserName(incomingIdentity.Name);
if ((id ?? 0) > 0)
{
var sec = new LoginSecurity();
var authUser = new Users().GetUserById(id ?? 0);
UserSettingData userSettings = new Users().GetUserSettings(authUser.Users[0].UserId);
if (userSettings.UserSettings.Rows.Count > 0)
{
System.Text.StringBuilder userInfos = new System.Text.StringBuilder();
userInfos.Append(authUser.Users[0].UserName + ",");
userInfos.Append(authUser.Users[0].UserId + ",");
userInfos.Append(authUser.Users[0].FirstName + ",");
userInfos.Append(authUser.Users[0].LastName + ",");
userInfos.Append(authUser.Users[0].Email + ",");
userInfos.Append(userSettings.UserSettings[0].IsAdmin + ",");
userInfos.Append(userSettings.UserSettings[0].GlobalSurveyAccess);
userInfos.Append("|");
int[] userRights = new Users().GetUserSecurityRights(authUser.Users[0].UserId);
for (int i = 0; i < userRights.Length; i++)
{
userInfos.Append(userRights[i].ToString());
if (i + 1 < userRights.Length)
{
userInfos.Append(",");
}
}
incomingIdentity.AddClaim(new Claim(Votations.NSurvey.Constants.Constants.MyCustomClaimType, userInfos.ToString()));
}
}
}
}
private void CreateUserButton_Click(object sender, System.EventArgs e)
{
if (ValidateFieldOptions())
{
NSurveyUserData userData = new NSurveyUserData();
NSurveyUserData.UsersRow newUser = userData.Users.NewUsersRow();
if (_userProvider is INSurveyUserProvider)
{
//if (PasswordTextBox.Text.Length == 0)
if (!Regex.IsMatch(PasswordTextBox.Text, @"(?=^.{8,12}$)(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()_+}{":;'?/>.<,])(?!.*\s).*$"))
{
MessageLabel.Visible = true;
((PageBase)Page).ShowErrorMessage(MessageLabel, ((PageBase)Page).GetPageResource("PasswordRequiredMessage"));
return;
}
newUser.UserName = UserNameTextBox.Text;
var sec = new LoginSecurity();
newUser.PasswordSalt = sec.CreateSaltKey(5);
newUser.Password = sec.CreatePasswordHash(PasswordTextBox.Text, newUser.PasswordSalt);
newUser.Email = EmailTextBox.Text;
newUser.FirstName = FirstNameTextBox.Text;
newUser.LastName = LastNameTextBox.Text;
userData.Users.Rows.Add(newUser);
((INSurveyUserProvider)_userProvider).AddUser(userData);
}
if (userData.Users.Rows.Count > 0)
{
UserSettingData userSettings = new UserSettingData();
UserSettingData.UserSettingsRow newUserSettings = userSettings.UserSettings.NewUserSettingsRow();
newUserSettings.UserId = userData.Users[0].UserId;
newUserSettings.IsAdmin = IsAdminCheckBox.Checked;
newUserSettings.GlobalSurveyAccess = HasSurveyAccessCheckBox.Checked;
userSettings.UserSettings.Rows.Add(newUserSettings);
new User().AddUserSettings(userSettings);
}
UINavigator.NavigateToUserManager(((PageBase)Page).getSurveyId(), ((PageBase)Page).MenuIndex);
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (IsPostBack)
{
return;
}
int userId = 0;
if (LoginSecurity.IsUserAuthenticated())
{
try
{
userId = UserBLL.GetUserIdByUsername(HttpContext.Current.User.Identity.Name);
}
catch (Exception)
{
}
}
UserIdHiddenLabel.Text = userId.ToString();
}
private void ImportUsersButton_Click(object sender, System.EventArgs e)
{
Regex re = new Regex(@"^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}" +
@"\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\" +
@".)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$");
string[] users = ImportUsersTextBox.Text.Split('\n');
int importCount = 0;
var sec = new LoginSecurity();
for (int i = 0; i < users.Length; i++)
{
string[] user = users[i].Split(',');
if (user.Length > 4 && user[0].Trim().Length > 0 && user[1].Trim().Length > 0)
{
// Check if user already exists in the db
if (new Users().GetUserByIdFromUserName(user[0]) == -1)
{
NSurveyUserData userData = new NSurveyUserData();
NSurveyUserData.UsersRow newUser = userData.Users.NewUsersRow();
newUser.UserName = user[0].Trim();
string password = user[1].Trim();
newUser.PasswordSalt = sec.CreateSaltKey(5);
newUser.Password = sec.CreatePasswordHash(password, newUser.PasswordSalt);
newUser.Email = user[4].Length > 0 && re.IsMatch(user[4].Trim()) ?
user[4].Trim() : null;
newUser.FirstName = user[3].Length > 0 ? user[3].Trim() : null;
newUser.LastName = user[2].Length > 0 ? user[2].Trim() : null;
userData.Users.Rows.Add(newUser);
((INSurveyUserProvider)_userProvider).AddUser(userData);
if (userData.Users[0].UserId > 0)
{
importCount++;
}
AddUserSettings(userData.Users[0].UserId);
AddUserRoles(userData.Users[0].UserId);
if (!HasSurveyAccessCheckBox.Checked)
{
AddUserSurveys(userData.Users[0].UserId);
}
}
}
}
MessageLabel.Visible = true;
if (importCount > 0)
{
((PageBase)Page).ShowNormalMessage(MessageLabel, ((PageBase)Page).GetPageResource("UserImportedMessage"));
}
else
{
((PageBase)Page).ShowErrorMessage(MessageLabel, ((PageBase)Page).GetPageResource("NoUserImportedMessage"));
}
ImportUsersTextBox.Text = string.Empty;
UserRolesListBox.Items.Clear();
UserSurveysListBox.Items.Clear();
BindSurveyDropDownLists();
}
protected void ImportUsersButton_Click(object sender, EventArgs e)
{
Regex re = new Regex(@"^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}" +
@"\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\" +
@".)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$");
int importCount = 0;
var sec = new LoginSecurity();
if (ImportUserMatrixFile.HasFile)
{
try {
var workPart = SpreadsheetDocument.Open(ImportUserMatrixFile.FileContent, false).WorkbookPart;
var sheetData = workPart.WorksheetParts.First().Worksheet.Elements <SheetData>().First();
foreach (var row in sheetData.Elements <Row>())
{
if (row.RowIndex > 0)
{
var cells = row.Descendants <Cell>().ToList();
if (cells.Count >= 5)
{
string username = ReadExcelCell(cells[0], workPart);
if (new Users().GetUserByIdFromUserName(username) == -1)
{
NSurveyUserData userData = new NSurveyUserData();
NSurveyUserData.UsersRow newUser = userData.Users.NewUsersRow();
newUser.UserName = username.Trim();
string password = "******";
newUser.PasswordSalt = sec.CreateSaltKey(5);
newUser.Password = sec.CreatePasswordHash(password, newUser.PasswordSalt);
string email = ReadExcelCell(cells[1], workPart);
newUser.Email = email.Length > 0 && re.IsMatch(email.Trim()) ?
email.Trim() : null;
if (cells.Count >= 6)
{
newUser.FirstName = ReadExcelCell(cells[5], workPart);
}
if (cells.Count >= 7)
{
newUser.LastName = ReadExcelCell(cells[6], workPart);
}
userData.Users.Rows.Add(newUser);
((INSurveyUserProvider)_userProvider).AddUser(userData);
if (userData.Users[0].UserId > 0)
{
importCount++;
//TODO: add user group
AddUserSettings(userData.Users[0].UserId);
AddUserRoles(userData.Users[0].UserId);
new Survey().AssignUserToSurvey(int.Parse(ReadExcelCell(cells[2], workPart)), userData.Users[0].UserId);
}
}
}
}
}
}
catch (Exception ex) {
((PageBase)Page).ShowErrorMessage(MessageLabel, ex.Message);
}
}
string[] users = "".Split('\n'); //ImportUsersTextBox.Text.Split('\n');
//for (int i = 0; i < users.Length; i++)
//{
// string[] user = users[i].Split(',');
// if (user.Length > 4 && user[0].Trim().Length > 0 && user[1].Trim().Length > 0)
// {
// // Check if user already exists in the db
// if (new Users().GetUserByIdFromUserName(user[0]) == -1)
// {
// NSurveyUserData userData = new NSurveyUserData();
// NSurveyUserData.UsersRow newUser = userData.Users.NewUsersRow();
// newUser.UserName = user[0].Trim();
// string password = user[1].Trim();
// newUser.PasswordSalt =sec.CreateSaltKey(5);
// newUser.Password = sec.CreatePasswordHash(password, newUser.PasswordSalt);
// newUser.Email = user[4].Length > 0 && re.IsMatch(user[4].Trim()) ?
// user[4].Trim() : null;
// newUser.FirstName = user[3].Length > 0 ? user[3].Trim() : null;
// newUser.LastName = user[2].Length > 0 ? user[2].Trim() : null;
// userData.Users.Rows.Add(newUser);
// ((INSurveyUserProvider)_userProvider).AddUser(userData);
// if (userData.Users[0].UserId > 0) importCount++;
// AddUserSettings(userData.Users[0].UserId);
// AddUserRoles(userData.Users[0].UserId);
// //if (!HasSurveyAccessCheckBox.Checked)
// //{
// // AddUserSurveys(userData.Users[0].UserId);
// //}
// }
// }
//}
MessageLabel.Visible = true;
if (importCount > 0)
{
((PageBase)Page).ShowNormalMessage(MessageLabel, ((PageBase)Page).GetPageResource("UserImportedMessage"));
}
else
{
((PageBase)Page).ShowErrorMessage(MessageLabel, ((PageBase)Page).GetPageResource("NoUserImportedMessage"));
}
BindSurveyDropDownLists();
}
private void ValidateCredentialsButton_Click(object sender, System.EventArgs e)
{
string enteredPwd = PasswordTextBox.Text.Trim();
string enteredUname = LoginTextBox.Text.Trim();
if (enteredUname.Length > 0 && enteredPwd.Length > 0)
{
string encryptedPwd;
int?id = new Users().GetUserByIdFromUserName(LoginTextBox.Text);
if ((id ?? 0) > 0)
{
var sec = new LoginSecurity();
var user = new Users().GetUserById(id ?? 0);
string pwd = user.Users[0].Password;
string salt = user.Users[0].IsPasswordSaltNull() ? null : user.Users[0].PasswordSalt;
if (string.IsNullOrEmpty(salt))// Unhashed old style .Create salted password and update
{
encryptedPwd = new User().EncryptUserPassword(enteredPwd);
salt = sec.CreateSaltKey(5);
}
else
{
salt = user.Users[0].PasswordSalt;
encryptedPwd = sec.CreatePasswordHash(enteredPwd, salt);
}
if (user.Users[0].Password == encryptedPwd)
{
var authUser = user;
UserSettingData userSettings = new Users().GetUserSettings(authUser.Users[0].UserId);
if (userSettings.UserSettings.Rows.Count > 0)
{
System.Text.StringBuilder userInfos = new System.Text.StringBuilder();
userInfos.Append(authUser.Users[0].UserName + ",");
userInfos.Append(authUser.Users[0].UserId + ",");
userInfos.Append(authUser.Users[0].FirstName + ",");
userInfos.Append(authUser.Users[0].LastName + ",");
userInfos.Append(authUser.Users[0].Email + ",");
userInfos.Append(userSettings.UserSettings[0].IsAdmin + ",");
userInfos.Append(userSettings.UserSettings[0].GlobalSurveyAccess);
userInfos.Append("|");
int[] userRights = new Users().GetUserSecurityRights(authUser.Users[0].UserId);
for (int i = 0; i < userRights.Length; i++)
{
userInfos.Append(userRights[i].ToString());
if (i + 1 < userRights.Length)
{
userInfos.Append(",");
}
}
if (authUser.Users[0].IsPasswordSaltNull())
{
authUser.Users[0].PasswordSalt = salt;
authUser.Users[0].Password = sec.CreatePasswordHash(enteredPwd, salt);
((INSurveyUserProvider)_userProvider).UpdateUser(authUser);
}
FormsAuthentication.SetAuthCookie(userInfos.ToString(), false);
var x = UserFactory.Create().CreatePrincipal(new ClaimsIdentity());
// ((Wap)this.Master).isTreeStale = true;
((PageBase)Page).SelectedFolderId = null;
// ((Wap)this.Master).RebuildTree();
UINavigator.NavigateToFirstAccess(x, -1);
}
}
}
}
MessageLabel.Visible = true;
((PageBase)Page).ShowErrorMessage(MessageLabel, ((PageBase)Page).GetPageResource("InvalidLoginPasswordMessage"));
}
private void ApplyChangesButton_Click(object sender, System.EventArgs e)
{
if (ValidateFieldOptions())
{
if (new Users().IsAdministrator(UserId) && !IsAdminCheckBox.Checked && new Users().GetAdminCount() == 1)
{
MessageLabel.Visible = true;
((PageBase)Page).ShowErrorMessage(MessageLabel, ((PageBase)Page).GetPageResource("CannotDeleteLastAdminMessage"));
return;
}
if (_userProvider is INSurveyUserProvider)
{
NSurveyUserData userData = new NSurveyUserData();
NSurveyUserData.UsersRow updatedUser = userData.Users.NewUsersRow();
updatedUser.UserId = UserId;
updatedUser.UserName = UserNameTextBox.Text;
// if no password was specified the old one will be kept
if (PasswordTextBox.Text.Length > 0)
{
if (!Regex.IsMatch(PasswordTextBox.Text, @"(?=^.{8,12}$)(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()_+}{":;'?/>.<,])(?!.*\s).*$"))
{
MessageLabel.Visible = true;
((PageBase)Page).ShowErrorMessage(MessageLabel, ((PageBase)Page).GetPageResource("PasswordRequiredMessage"));
return;
}
else
{
var sec = new LoginSecurity();
updatedUser.PasswordSalt = sec.CreateSaltKey(5);
updatedUser.Password = sec.CreatePasswordHash(PasswordTextBox.Text, updatedUser.PasswordSalt);
}
}
else
{
updatedUser.Password = null;
updatedUser.PasswordSalt = null;
}
updatedUser.Email = EmailTextBox.Text;
updatedUser.FirstName = FirstNameTextBox.Text;
updatedUser.LastName = LastNameTextBox.Text;
userData.Users.Rows.Add(updatedUser);
((INSurveyUserProvider)_userProvider).UpdateUser(userData);
}
UserSettingData userSettings = new UserSettingData();
UserSettingData.UserSettingsRow newUserSettings = userSettings.UserSettings.NewUserSettingsRow();
newUserSettings.UserId = UserId;
newUserSettings.IsAdmin = IsAdminCheckBox.Checked;
newUserSettings.GlobalSurveyAccess = HasSurveyAccessCheckBox.Checked;
userSettings.UserSettings.Rows.Add(newUserSettings);
new User().UpdateUserSettings(userSettings);
// Notifiy containers that data has changed
OnOptionChanged();
BindSurveyDropDownLists();
MessageLabel.Visible = true;
((PageBase)Page).ShowNormalMessage(MessageLabel, ((PageBase)Page).GetPageResource("UserUpdatedMessage"));
}
}
private bool IsUserAuthorizedPage()
{
string currentPage = Page.Request.AppRelativeCurrentExecutionFilePath;
// The following is a list of all the pages that are open to
// authenticated users. These users do not need specific permissions
// to access the page.
string[] openPages =
{
"~/MainPage.aspx",
"~/Security/EditUser.aspx",
"~/Test/TestUserControlForTest.aspx",
"~/About/VersionInformation.aspx",
"~/About/Credits.aspx",
"~/Security/ChangePassword.aspx",
"~/UserConfiguration/UserConfiguration.aspx",
"~/Authentication/UserIsLocked.aspx",
"~/Authentication/UserIsUnlocked.aspx",
"~/Authentication/UserNotApproved.aspx",
"~/Test/TestTooltip.aspx",
"~/ResetSystem.aspx",
"~/Test/TestAddData.aspx",
"~/Test/TestVisitKpi.aspx",
"~/HelpManager/Default.aspx",
"~/Test/TestDatePicker.aspx",
"~/Organization/ListOrganizations.aspx",
"~/Organization/EditOrganization.aspx",
"~/Organization/OrganizationDetails.aspx",
"~/Organization/ShareOrganization.aspx",
"~/Project/ProjectForm.aspx",
"~/Project/ProjectDetails.aspx",
"~/Project/ProjectList.aspx",
"~/Project/ShareProject.aspx",
"~/Activity/AddActivity.aspx",
"~/Activity/ActivityDetails.aspx",
"~/Activity/ActivitiesList.aspx",
"~/Activity/ShareActivity.aspx",
"~/People/SharePerson.aspx",
"~/People/PersonDetails.aspx",
"~/Personas/ListaPersonas.aspx",
"~/Personas/PeopleForm.aspx",
"~/Kpi/KpiForm.aspx",
"~/Kpis/KpiDetails.aspx",
"~/Kpis/KpiDashboard.aspx",
"~/Kpi/KpiList.aspx",
"~/Kpi/KpiDataEntry.aspx",
"~/Kpi/ShareKpi.aspx",
"~/Kpi/ImportData.aspx",
"~/Trash/TrashList.aspx"
};
for (int i = 0; i < openPages.Length; i++)
{
if (currentPage.Equals(openPages[i]))
{
return(true);
}
}
// SECURITY pages
string[] securityPages = new string[] {
"~/Security/AssignRoles.aspx",
"~/Security/AssignRolesByUser.aspx",
"~/Security/DefinePermissionsByRol.aspx",
"~/Security/DefinePermissionsByUser.aspx",
"~/Security/NewRole.aspx",
"~/Security/UserList.aspx",
"~/Security/CreateUser.aspx",
"~/Security/UserIsLocked.aspx",
"~/Security/UserIsUnlocked.aspx",
"~/Bitacora/ListaEventosBitacora.aspx"
};
for (int i = 0; i < securityPages.Length; i++)
{
if (currentPage.Equals(securityPages[i]) &&
LoginSecurity.IsUserAuthorizedPermission("MANAGE_SECURITY"))
{
return(true);
}
}
//CATEGORIES pages
string[] categoriesPages = new string[] {
"~/Category/CategoriesList.aspx",
"~/Category/CategoryDetails.aspx"
};
for (int i = 0; i < categoriesPages.Length; i++)
{
if (currentPage.Equals(categoriesPages[i]) &&
LoginSecurity.IsUserAuthorizedPermission("MANAGE_CATEGORIES"))
{
return(true);
}
}
// PERSONAS pages
string[] personasPages = new string[] {
"~/Seguimiento/SeguimientoCampana.aspx"
};
for (int i = 0; i < personasPages.Length; i++)
{
if (currentPage.Equals(personasPages[i]) &&
LoginSecurity.IsUserAuthorizedPermission("ADMIN_TESTS"))
{
return(true);
}
}
// Nothing else worked. The user should not be allowed to access the page.
return(false);
}
protected void Page_Load(object sender, EventArgs e)
{
log.Debug("############# Master Page starting Page Load #############");
//BuildFeedbackIframeCode();
if (!IsPostBack)
{
log.Debug("Page is not Postback");
// Verify the integrity of the system
Artexacta.App.Utilities.VersionUtilities.VersionUtilities.verifySystemVersionIntegrity();
log.Debug("Application version is ok");
/*
* Perform security validations for the page
*/
int userID = 0;
if (LoginSecurity.IsUserAuthenticated())
{
try
{
userID = Artexacta.App.User.BLL.UserBLL.GetUserIdByUsername(HttpContext.Current.User.Identity.Name);
}
catch (Exception q)
{
log.Error("Failed to get the ID of the current user", q);
}
}
else
{
Response.Redirect("~/Authentication/Login.aspx");
}
CurrentUserIDHiddenField.Value = userID.ToString();
bool userIsAdministrator = LoginSecurity.IsUserAdministrator();
bool currentPageRoleManagement = IsCurrentPageUserOrRoleManagement();
if (log.IsDebugEnabled)
{
if (userIsAdministrator)
{
log.Debug("Current user IS administrator");
}
else
{
log.Debug("Current user IS NOT administrator");
}
if (currentPageRoleManagement)
{
log.Debug("Current page IS Role Management");
}
else
{
log.Debug("Current page IS NOT Role Management");
}
}
try
{
User objUser = UserBLL.GetUserById(userID);
LoginStatus1.LogoutText = "<i class='zmdi zmdi-run'></i> " + Resources.InitMasterPage.Logout + ", " + objUser.FullName;
}
catch (Exception ex)
{
log.Error("Error getting user name information", ex);
}
if (userIsAdministrator && currentPageRoleManagement)
{
// If the current page is the Role Management or the User Management pages then
// the administrator user is sufficient for access to those pages.
// Do nothing. We don't perform any further security checks.
log.Debug("Current user is Admin and page is Role Management. No further security checks required");
}
else
{
log.Debug("Determining if user has access to page");
// Verify that the user has sufficient access permissions for the page.
if (!IsUserAuthorizedPage())
{
// Transfer the user to a page that tells him that he is not authorized to
// see that page.
Response.Redirect("~/Authentication/NotAuthorized.aspx");
}
}
// lblUseName.Text = HttpContext.Current.User.Identity.Name;
LoadMainMenuScript();
ConstructMenu();
}
else
{
// Verify that the user has been authenticated.
LoginSecurity.EnsureUserAuthentication();
}
//BuildFeedbackIframeCode();
//LoadCalendarItems(CurrentUserIDHiddenField.Value);
log.Debug("############# Master Page ending Page Load #############");
}
