public int InsertSecurityQsn(Int64 userId, string curPassword, string newPassword, Int64 secQsnId, string secAns, int pwdCount)
{
try
{
UserLogonData userLogonData = new UserLogonData();
int status = ChangePasswordfun(userId, curPassword, newPassword, pwdCount);
if (status == 3)
{
return(status);
}
else
{
if (userLogonData.UpdateSecurityQuestion(userId, secQsnId, secAns) == true)
{
return(1);
}
else
{
return(0);
}
}
}
catch (Exception ex)
{
throw ex;
}
}
public int ResetEmployeePassword(Employee emp)
{
int result = 0;
try
{
UserLogonData userLogon = new UserLogonData();
Encrypt encrypt = new Encrypt();
string password = encrypt.CreateRandomPassword(6);
string hashPwd = encrypt.GetSHA1HashData(password);
string shapwd = encrypt.GetSHA1HashData(hashPwd + emp.id);
//Get Paremeters from the Database
//Status=1, initial status when user created.
string TemplateId = "3";
string SpName = emp.Email + "," + emp.Firstname + "," + emp.Lastname + "," + password;
DbCommand DCMD = DataAccess.ExecuteNonQueryCMD("MTS_AddEmailMasterEntry", TemplateId, SpName);
result = userLogon.ForgotPassword(emp.id, shapwd);
}
catch (Exception ex)
{
BaseExceptionHandler.HandleException(ref ex);
}
return(result);
}
public SecurityQuestionBaseModel initialDDLFillBase()
{
try
{
UserLogonData userLogon = new UserLogonData();
SecurityQuestionBaseModel securityQuestionModel = userLogon.GetSecurityQuestionBase();
return(securityQuestionModel);
}
catch (Exception ex)
{
throw ex;
}
}
public int ChangePasswordfun(Int64 userid, string currentpassword, string newpassword, int pwdCount)
{
// 1-PASS 2 INVALID CURRENTPASSWORD 3 ALREADY USED
int count = 0;
Int64 pwdHistoryId;
try
{
UserLogonData userLogonData = new UserLogonData();
PasswordHistory pwdHis = new PasswordHistory();
pwdHis.pwdHistory = userLogonData.GetPasswordHistory(userid);
if (pwdHis.pwdHistory.Count >= pwdCount)
{
pwdHistoryId = Int64.Parse(pwdHis.pwdHistory[0].Ph_Id.ToString());
}
else
{
pwdHistoryId = 0;
}
count = (from b in pwdHis.pwdHistory
where b.DBPassword == newpassword
select b).Count();
if (count > 0)
{
return(3);
}
else
{
if (userLogonData.UpdatePassword(userid, newpassword, pwdHistoryId) == true)
{
return(1);
}
else
{
return(0);
}
}
}
catch (Exception ex)
{
throw ex;
}
}
public ActionResult SecurityQuestions()
{
try
{
UserLogonData userLogon = new UserLogonData();
SecurityQuestionModel securityQuestionModel = userLogon.GetSecurityQuestionForNewUser();
return(View(securityQuestionModel));
}
catch (Exception ex)
{
throw ex;
}
}
public ActionResult AutoResetPassword(NewUser newUser)
{
UserData userData = new UserData();
UserLogonData userLogonData = new UserLogonData();
Encrypt encrypt = new Encrypt();
newUser.Password = encrypt.CreateRandomPassword(6);
string encryptedpass = encrypt.GetSHA1HashData(newUser.Password);
userLogonData.UpdateResetPasswordEmailScheduler(newUser);
if (userLogonData.ResetPassword(newUser.UserId, encrypt.GetSHA1HashData(encryptedpass + newUser.UserId)) == true)
{
return(Content("PWD_RESET_S"));
}
else
{
return(Content("PWD_RESET_F"));
}
}
public ActionResult LogOn(LogonUser model)
{
if (SessionHelper.LogonUser != null)
{
Session.Abandon();
return(RedirectToAction("LogOff", "Account"));
}
UserLogonData userLogon = new UserLogonData();
userLogon.GetData();
if (Request.QueryString.Count > 0)
{
byte statusId = byte.Parse(Request.QueryString["statusId"].ToString());
if (statusId == Status.FIRSTLOGIN)
{
model.Message = "First time login user can't use ForgetPassword";
}
}
ModelState.Clear();
return(View(model));
}
public ActionResult LogOn(LogonUser logonUser, string UserName)
{
//1 => pass 2=> failed 3 => locked 4 => 90 days pwd expired 5 => first time login 6 => Forget pwd
LogonUserSession logonUserSession = new LogonUserSession();
try
{
int status = 0;
if (ModelState.IsValid)
{
UserLogonData userLogon = new UserLogonData();
UserDetails userDetails = userLogon.GetUserDeatils(logonUser);
if (userDetails.Active != 0 && userDetails.UserId > 0)
{
status = ValidateLogonUser(1, userDetails, logonUser, logonUserSession);
}
else
{
status = ValidateLogonUser(0, userDetails, logonUser, logonUserSession);
}
if (status == 1)
{
logonUserSession.USERNAME = logonUser.UserName;
DataTable dt = userLogon.GetEmployeeId(userDetails.UserId);
Session["Username"] = userDetails.Firstname + " " + userDetails.Lastname;
Session["EmployeeId"] = dt.Rows[0]["Employee_Id"].ToString();
Session["DepartmentId"] = dt.Rows[0]["DepartmentId"].ToString();
Session["UserID"] = userDetails.UserId;
Session["Gender"] = dt.Rows[0]["Gender"].ToString();
Int64 roleid = userDetails.RoleId;;
Session["RoleId"] = userDetails.RoleId;
Session["MyRole"] = dt.Rows[0]["ROLE_NAME"].ToString();
SessionHelper.LogonUser = logonUserSession;
//SessionHelper.IPAddress = WebClientBase.GetIPAddress(HttpContext.Request);
//SessionHelper.BrowserName = WebClientBase.GetBrowserTypeAndVersion(HttpContext.Request);
return(Redirect(GetHomeUrl()));
}
else if (status == 3)
{
if ((byte.Parse(logonUserSession.STATUS.ToString())) == Status.NO_OF_ATM_LOCKED)
{
logonUser.Message = "User locked for no of attempts";
}
else
{
}
}
else if (status == 5)
{
logonUserSession.TEMPUSERNAME = logonUser.UserName;// if first login after enter sec qns then assign to Session[Status.USERNAME]
SessionHelper.LogonUser = logonUserSession;
return(RedirectToAction("SecurityQuestions", "Account"));
}
else if (status == Status.PWDEXPIRED || status == Status.FORGETPWD)
{
logonUserSession.TEMPUSERNAME = logonUser.UserName;// if AFTER 90DAYS login after CHANGE PWD then assign to Session[Status.USERNAME]
SessionHelper.LogonUser = logonUserSession;
return(RedirectToAction("ForgetChangePassword", "Account"));
}
else if (status == 2)
{
logonUser.Message = "The username or password you entered is incorrect.";
}
else if (status == 8)
{
logonUser.Message = "User Account is Deactivated";
}
else
{
}
}
return(View(logonUser));
}
catch (Exception ex)
{
BaseExceptionHandler.HandleException(ref ex);
}
return(View(logonUser));
}
public int ValidateLogonUser(int count, UserDetails userDetails, LogonUser logonUser, LogonUserSession logonUserSession)
{
int no_of_attempts = 0;
int days = 0;
byte status;
try
{
UserLogonData userLogon = new UserLogonData();
if (count == 1)
{
// if (ds.Tables[0].Rows.Count > 0)
//1 => pass 2=> failed 3 => locked 4 => 90 days pwd expired 5 => first time login 6 => Forget pwd
DateTime curDate = DateTime.Now;
TimeSpan ts = curDate.Date - userDetails.LastPwdChange;
status = userDetails.Status;
days = ts.Days;
no_of_attempts = (string.IsNullOrEmpty(userDetails.NoOfAttempts.ToString())) ? 0 : Int32.Parse(userDetails.NoOfAttempts.ToString());
encryptSha1 obj = new encryptSha1();
logonUser.TempPassword = obj.GetSHA1HashData(logonUser.Password + userDetails.UserId);
// logonUser.TempPassword = userDetails.DBPassword;
if (logonUser.TempPassword == userDetails.DBPassword)
{
logonUserSession.MENURANGE = userDetails.MenuRange;
logonUserSession.USERID = userDetails.UserId;
logonUserSession.CURRENTPASSWORD = userDetails.DBPassword;
logonUserSession.PASSWORDCOUNT = userDetails.PasswordCount;
logonUserSession.STATUS = userDetails.Status;
logonUserSession.FIRSTNAME = userDetails.Firstname;
logonUserSession.LASTNAME = userDetails.Lastname;
logonUserSession.USERROLE = userDetails.RoleId;
//logonUserSession.DEPARTMENT = userDetails.DepartmentId;
logonUserSession.ROLENAME = userDetails.RoleName;
logonUserSession.ROLEID = userDetails.RoleId;
SessionHelper.LogonUser = logonUserSession;
if (userDetails.Locked == true)
{
return(3);
}
else if (ts.Days > userDetails.PwdChangeDays)
{
//userLogon.UpdateStatus(userDetails.UserId, userDetails.Status, resource.GetResource("~/Views/Logon.cshtml", "PASS_EXPIRED"));
userLogon.UpdateStatus(userDetails.UserId, userDetails.Status, "Password expired");
logonUserSession.STATUS = Status.PWDEXPIRED;
logonUserSession.EXPIREDDAYS = ts.Days.ToString();
SessionHelper.LogonUser = logonUserSession;
return(4);
}
else if (status == Status.FIRSTLOGIN)
{
// userLogon.AddAudit(userDetails.UserId, resource.GetResource("~/Views/Logon.cshtml", "Login successfully"));
userLogon.AddAudit(userDetails.UserId, "Login successfully");
return(5);
}
else if (status == Status.FORGETPWD)
{
return(6);
}
else if (no_of_attempts <= userDetails.MaxAttemps)
{
userLogon.UpdateUserAttempts(userDetails.UserId, 0);
return(1);
}
else
{
return(2);
}
}
else
{
if (status != Status.FIRSTLOGIN)
{
if (no_of_attempts == userDetails.MaxAttemps)
{
//userLogon.UpdateLockUser(userDetails.UserId, Status.NO_OF_ATM_LOCKED, resource.GetResource("~/Views/Logon.cshtml", "USER_LOCK"));
userLogon.UpdateLockUser(userDetails.UserId, Status.NO_OF_ATM_LOCKED, "User locked for no of attempts");
logonUserSession.STATUS = Status.NO_OF_ATM_LOCKED;
SessionHelper.LogonUser = logonUserSession;
return(3);
}
else
{
no_of_attempts = ++no_of_attempts;
userLogon.UpdateUserAttempts(userDetails.UserId, no_of_attempts);
return(2);
}
}
else
{
userLogon.AddAudit(userDetails.UserId, "Login failed");
return(2);
}
}
}
else if (userDetails.Status == 8 && userDetails.Active == 0)
{
return(8);
}
else
{
// userLogon.UpdateAnonymsAttempts(resource.GetResource("~/Views/Logon.cshtml", "ANON_ATTEMPT"));
userLogon.UpdateAnonymsAttempts("Anonymous attempt");
return(2);
}
}
catch (Exception ex)
{
BaseExceptionHandler.HandleException(ref ex);
}
return(2);
}
public ActionResult ForgotPassword(ForgotPasswordModel forget, string Password, string button)
{
try
{
if (button == "Cancel")
{
return(RedirectToAction("Logon", "Account"));
}
if (ModelState.IsValid)
{
int status;
ForgotPasswordModel forgotPwd = new ForgotPasswordModel();
string secUserAns = forget.inhrtSecurityQuestionModel.SecAns;
Int64 secQunId = forget.inhrtSecurityQuestionModel.SelectedSecQsn;
encryptSha1 obj = new encryptSha1();
secUserAns = obj.GetSHA1HashData(secUserAns.ToUpper());
string msg = "";
UserLogonData userLogon = new UserLogonData();
LogonUser logonUser = new LogonUser();
logonUser.UserName = forget.UserName;
UserDetails userDetails = userLogon.GetUserDeatils(logonUser);
if (userDetails.Active != 0 && userDetails.UserId > 0)
{
status = compareSecAns(forget.UserName, userDetails.SecQunId, userDetails.SecAns, userDetails.Status, userDetails.UserId, secUserAns, secQunId);
//1 success 0 incorrect username 2 secQun or ans incorrect
if (status == Status.NO_OF_ATM_LOCKED)
{
forget.inhrtSecurityQuestionModel = initialDDLFillBase();
forget.Message = "User locked for no of attempts";
}
else if (status == Status.FIRSTLOGIN)
{
return(RedirectToAction("logon", "account", new { statusId = Status.FIRSTLOGIN }));
}
else if (status == Status.PASS)
{
msg = "FORGET_PASS";
if (userLogon.UpdateStatus(userDetails.UserId, Status.FORGETPWD, msg) == true)
{
//update cur date in last_pwd_change while ,if pwd expiry ,not change he attempt forget pwd
Encrypt encrypt = new Encrypt();
string TempPassword = encrypt.CreateRandomPassword(6);
string EncryptedPassword = encrypt.GetSHA1HashData(TempPassword);
userLogon.ForgotPassword(userDetails.UserId, encrypt.GetSHA1HashData(EncryptedPassword + userDetails.UserId));
string Templateid = "3";
string spname = "MTS_UserPasswordEmail";
spname = userDetails.Mailid + "," + userDetails.Firstname + "," + userDetails.Lastname + "," + TempPassword;
userLogon.MailSending(spname, Templateid);
forget.Message = "Password sent your mail id";
return(RedirectToAction("EmailSending", "account")); // for forgot password
}
else
{
//forget.Message = resource.GetResource("~/Views/Logon.cshtml", "Failed");
}
}
else if (status == 2)
{
forget.inhrtSecurityQuestionModel = initialDDLFillBase();
forget.Message = "The Sec Question or answer you entered is incorrect.";
}
else
{
}
}
else
{
forget.inhrtSecurityQuestionModel = initialDDLFillBase();
forget.Message = "Invalid user id.";
}
}
else
{
forget.inhrtSecurityQuestionModel = initialDDLFillBase();
}
return(View(forget));
}
catch (Exception ex)
{
throw ex;
}
}
