protected bool CheckPatientFXUser(CSec secx, bool bIsNewPatPortalAcct) { if (txtPassword.Enabled) { //make sure pwd and verify pwd match if (txtPassword.Text != txtVerifyPassword.Text) { BaseMstr.StatusCode = 501; BaseMstr.StatusComment = "Password and verify password must match!"; return(false); } //check all the account rules for the account... if (!secx.ValidateUserAccountRules(BaseMstr, txtUserId.Text, txtPassword.Text)) { //Note: ValidateUserAccountRules will set StatusCode/StatusComment info return(false); } } //make sure user name does not already exist since //we are doing an insert if (bIsNewPatPortalAcct) { if (secx.UserNameExists(BaseMstr, txtUserId.Text)) { BaseMstr.StatusCode = 500; BaseMstr.StatusComment = "Please choose a different user name!"; return(false); } } return(true); }
// protected bool CheckIfFXUserRecExists() protected bool CheckIfFXUserRecExists() { CSec sec = new CSec(); DataSet secDataChk = new DataSet(); //attempt to grab the user's profile secDataChk = sec.CheckPatientFXUserRecDS(BaseMstr); //load all of the user's available fields if (secDataChk != null) { foreach (DataTable secTable in secDataChk.Tables) { foreach (DataRow secRow in secTable.Rows) { if (!secRow.IsNull("FXUSERCOUNT")) { if (secRow["FXUSERCOUNT"].ToString() != "0") { return(true); } } } } } return(false); }
protected bool CheckIfPatientFXUserRecExists() { CSec sec = new CSec(); DataSet secDataChk = sec.CheckPatientFXUserRecDS(BaseMstr); //load all of the patient's available fields if (secDataChk != null) { foreach (DataTable secTable in secDataChk.Tables) { foreach (DataRow secRow in secTable.Rows) { if (!secRow.IsNull("FXUSERCOUNT")) { long lFXUserCount = Convert.ToInt32(secRow["FXUSERCOUNT"]); if (lFXUserCount > 0) { return(true); } } } } } return(false); }
protected long getPatientFXUserID() { long Value = 0; CSec fxSec = new CSec(); DataSet SecSet = new DataSet(); SecSet = fxSec.GetPatientFXUserIdDS(BaseMstr); //load all of the user's available fields if (SecSet != null) { foreach (DataTable secTable in SecSet.Tables) { foreach (DataRow secRow in secTable.Rows) { if (!secRow.IsNull("FX_USER_ID")) { Value = Convert.ToInt64(secRow["FX_USER_ID"]); } } } } return(Value); }
/// <summary> /// called to logoff the user /// </summary> public void LogOff() { //clear the patient this.ClosePatient(); //clear FX_USER session var Session["FX_USER"] = null; //clear account details session var Session["ACC_DETAILS"] = null; //do any clean up necessary to logoff CSec sec = new CSec(); sec.LogOff(this); //is an extra step for timeouts etc... if (!String.IsNullOrEmpty(DBSessionID)) { DeleteAllSessionValues(); } //clear the dbsessionid DBSessionID = String.Empty; //clear the session Session.Clear(); //abandon the session Session.Abandon(); //redirect; Response.Redirect("default.aspx"); }
protected void Page_Load(object sender, EventArgs e) { CSec usrsec = new CSec(); bAllowUpdate = (usrsec.GetRightMode(Master, (long)SUATUserRight.DataManagementUR) > (long)RightMode.ReadOnly); ucTemplate.BaseMstr = Master; ucTemplate.bAllowUpdate = bAllowUpdate; if (!IsPostBack) { //this page does not require a patient Master.ClosePatient(); //get dataset for template tags and tag groups DataSet dsTagGroups = template.GetTemplateDataTagGroupDS(Master); DataSet dsTags = template.GetTemplateDataTagDS(Master); if (dsTagGroups != null && dsTags != null) { dsTagGroups.Tables[0].TableName = "groups"; dsTags.Tables[0].TableName = "tags"; //copy the "tags" table from dsTags to dsTagGroups dsTagGroups.Tables.Add(dsTags.Tables["tags"].Copy()); //define relation between tables dsTagGroups.Relations.Add("taggroup", dsTagGroups.Tables["groups"].Columns["group_id"], dsTagGroups.Tables["tags"].Columns["item_group_id"], false); dsTagGroups.AcceptChanges(); repTempItemGroups.DataSource = dsTagGroups.Tables["groups"]; repTempItemGroups.DataBind(); } } }
public CVerticalMenu(BaseMaster BaseMstr, DataSet dsTreatments, DataSet dsEncounters, DataSet dsIntakes) { m_BaseMstr = BaseMstr; m_dsTreatments = dsTreatments; m_dsEncounters = dsEncounters; m_dsAssessments = dsIntakes; usrsec = new CSec(); }
protected void Page_Load(object sender, EventArgs e) { CSec usrsec = new CSec(); bAllowUpdate = (usrsec.GetRightMode(Master, (long)SUATUserRight.AdministratorUR) > (long)RightMode.ReadOnly); ucUserAdmin.BaseMstr = Master; ucUserAdmin.bAllowUpdate = bAllowUpdate; }
protected void Page_Load(object sender, EventArgs e) { CIntake intake = new CIntake(); CSec usrsec = new CSec(); bReadOnly = (usrsec.GetRightMode(Master, (long)SUATUserRight.ProcessNewPatientsUR) < (long)RightMode.ReadWrite); if (Master.IsPatientLocked) { bReadOnly = true; } ucIntakeModules.BaseMstr = Master; ucIntakeModules.bReadOnly = bReadOnly; if (!Master.APPMaster.PatientHasOpenCase) { Master.StatusCode = 1; Master.StatusComment = "Patient Does Not Have An Open Case! An Open Case Is Required To Assign Assessments."; return; } if (!IsPostBack) { ucIntakeModules.LoadModuleGroups(); htxtSelectedModules.Value = ucIntakeModules.GetPatientModules(); } if (Master.OnMasterSAVE()) { string strSelectedModules = ucIntakeModules.GetAssignedModules(); if (!bReadOnly && !Master.IsPatientLocked) { if (intake.AssignPatientModules(Master, Master.SelectedPatientID, Master.SelectedProviderID, strSelectedModules)) { htxtSelectedModules.Value = strSelectedModules; divStatus.InnerHtml = "<font color=\"green\"><img alt=\"\" src=\"Images/tick.png\"> Assigned modules were saved for the patient!</font>"; ScriptManager.RegisterClientScriptBlock(upWrapperUpdatePanel, typeof(string), "saved", "clearStatusDiv(4);", true); } } else { if (bReadOnly) { Master.StatusCode = 1; Master.StatusComment = "<img alt=\"\" src=\"Images/lock16x16.png\" /> You have <b>Read-Only Access</b> to this section."; } else if (Master.IsPatientLocked) { Master.StatusCode = 1; Master.StatusComment = "<img alt=\"\" src=\"Images/lock16x16.png\" /> <b>Read-Only Access</b>: The patient's record is in use by " + Session["PAT_LOCK_PROVIDER"].ToString() + "."; } } } ShowSysFeedback(); }
public CVerticalMenu(BaseMaster BaseMstr, DataSet dsTreatments, DataSet dsEncounters, DataSet dsIntakes) { m_BaseMstr = BaseMstr; m_dsTreatments = dsTreatments; m_dsEncounters = dsEncounters; m_dsAssessments = dsIntakes; usrsec = new CSec(); enctype = new CEncounter(); m_dsEncounterTypes = enctype.GetAllEncounterTypesDS(BaseMstr); }
public void loadPatientPortalAccount() { //Delete divPassword.Visible = false; txtPassword.Enabled = false; txtVerifyPassword.Enabled = false; BaseMstr.SetVSValue("NewPatientPortalAcct", false); BaseMstr.SetVSValue("PatientFXUserIDExists", false); BaseMstr.SetVSValue("PatientFXUserIDExists", CheckIfPatientFXUserRecExists()); bool bFXUserIDExists = BaseMstr.GetVSBoolValue("PatientFXUserIDExists"); if (!bFXUserIDExists) { //Delete divPassword.Visible = true; txtPassword.Enabled = true; txtVerifyPassword.Enabled = true; txtUserId.Enabled = true; //btnResetPassword.Enabled = false; chkResetPassword.Enabled = false; BaseMstr.SetVSValue("NewPatientPortalAcct", true); } else { CDataUtils utils = new CDataUtils(); CSec sec = new CSec(); DataSet dsSecData = new DataSet(); //attempt to grab the user's profile dsSecData = sec.GetPatientFXUsernamePasswordDS(BaseMstr); //load FXUser Username and Password fields if (dsSecData != null) { txtUserId.Text = sec.dec(utils.GetStringValueFromDS(dsSecData, "USER_NAME"), ""); //chkbxAccountLocked.Checked = Convert.ToBoolean(utils.GetLongValueFromDS(dsSecData, "IS_LOCKED")); //chkbxAccountInactive.Checked = Convert.ToBoolean(utils.GetLongValueFromDS(dsSecData, "IS_INACTIVE")); txtUserId.Enabled = false; divResetPWDButton.Visible = true; chkResetPassword.Enabled = true; txtPassword.Enabled = false; txtVerifyPassword.Enabled = false; } } Page_Load(null, EventArgs.Empty); }
//page load protected void Page_Load(object sender, EventArgs e) { CSec sec = new CSec(); CDataUtils utils = new CDataUtils(); if (!IsPostBack) { //if we are already logged in put us in change pwd mode if (BaseMstr.IsLoggedIn()) { //we are in change pwd mode since we are already logged in SetMode(2); //get the username from db DataSet dsSecData = sec.GetFXUsernamePasswordDS(BaseMstr); txtUN.Text = sec.dec(utils.GetStringValueFromDS(dsSecData, "USER_NAME"), ""); txtUN.ReadOnly = true; } else { //we are in login mode because we have not logged in yet SetMode(1); //when we time out session wise we dont want to ask the user //for a user name/password if they have a valid cert... //if (sec.CertLogin(BaseMstr)) //{ // BaseMstr.StatusCode = 0; // BaseMstr.StatusComment = ""; // Response.Redirect(strPageAfterLogin); //} BaseMstr.StatusCode = 0; BaseMstr.StatusComment = ""; } } else //a post back { //clear the divs html on the postback PopupPostLogin.InnerHtml = ""; //only if not logged in set the un on the change pwd dive = to the u //this is so we dont have to re-type it if forced to change pwd if (!BaseMstr.IsLoggedIn()) { txtUN.Text = txtU.Text; } } }
//check credentials and load the provider id property protected void btnSignSOAPP_Click(object sender, EventArgs e) { strLogAddendum = htxtLogAddendum.Value; //clear current provider id SignedProviderID = ""; SignedUserType = 0; CloseEncounter = 0; //check account CSec sec = new CSec(); if (sec.Sign(BaseMstr, txtProvUsername.Text, txtUPassword.Text, out m_strSignedProviderID, out m_lSignedUserType)) { //if account was ok the we are good SignedProviderID = m_strSignedProviderID; SignedUserType = m_lSignedUserType; if (BaseMstr.APPMaster.UserType == (long)SUATUserType.PROVIDER) { CloseEncounter = 1; chkClosed.Checked = true; } //clear the text txtProvUsername.Text = ""; txtUPassword.Text = ""; //bubble up the event so someone using //the control can check to see if we signed RaiseBubbleEvent(this, e); } //clear the text txtProvUsername.Text = ""; txtUPassword.Text = ""; //Hide Sign popup winSignNote.Hide(); //Show system feedback ShowSysFeedback(); }
protected void Page_Load(object sender, EventArgs e) { CSec usrsec = new CSec(); bAllowUpdate = (usrsec.GetRightMode(Master, (long)SUATUserRight.DataManagementUR) > (long)RightMode.ReadOnly); //this page does not require a patient Master.ClosePatient(); ucReferralClinicManagement.BaseMstr = Master; ucReferralClinicManagement.bAllowUpdate = bAllowUpdate; if (!IsPostBack) { ucReferralClinicManagement.LoadReferralClinic(); } }
protected void ProcessPatientData(DataSet ds) { CSec sec = new CSec(); if (ds != null) { foreach (DataTable dt in ds.Tables) { foreach (DataRow dr in dt.Rows) { if (!dr.IsNull("USER_NAME")) { dr["USER_NAME"] = sec.dec(dr["USER_NAME"].ToString(), ""); } } } ds.AcceptChanges(); } }
protected void Page_Load(object sender, EventArgs e) { CSec usrsec = new CSec(); bAllowUpdate = (usrsec.GetRightMode(Master, (long)SUATUserRight.AdministratorUR) > (long)RightMode.ReadOnly) && (Master.APPMaster.UserType == (long)SUATUserType.ADMINISTRATOR); if (!IsPostBack) { CDataUtils utils = new CDataUtils(); //get system settings DataSet dsSys = new DataSet(); if (Session["SYSSETTINGS"] == null) { CSystemSettings sys = new CSystemSettings(); Session["SYSSETTINGS"] = sys.GetSystemSettingsDS(Master); } dsSys = (DataSet)Session["SYSSETTINGS"]; txtMailSMTPHost.Text = utils.GetStringValueFromDS(dsSys, "MAIL_SMTP_HOST"); txtSenderEmailAddress.Text = utils.GetStringValueFromDS(dsSys, "MAIL_SMTP_SENDER"); txtMailSMTPPort.Text = Convert.ToString(utils.GetLongValueFromDS(dsSys, "MAIL_SMTP_PORT")); txtWebSiteUrl.Text = utils.GetStringValueFromDS(dsSys, "SITE_URL"); txtNotifyEmailAddress.Text = utils.GetStringValueFromDS(dsSys, "NOTIFY_EMAIL"); //New Text Message Fields txtTextingHost.Text = utils.GetStringValueFromDS(dsSys, "TEXTING_HOST"); txtTextingPort.Text = Convert.ToString(utils.GetLongValueFromDS(dsSys, "TEXTING_PORT")); txtTextingUser.Text = utils.GetStringValueFromDS(dsSys, "TEXTING_USER"); txtTextingPswd.Text = utils.GetStringValueFromDS(dsSys, "TEXTING_PSWD"); txtOraWinDir.Text = utils.GetStringValueFromDS(dsSys, "ORA_WIN_DIR"); Master.ClosePatient(); } if (Master.OnMasterSAVE()) { Save(); } }
public bool SavePatientPortalAccount() { bool bSaved = false; //fx sec Patient helper CSec sec = new CSec(); long lFXUserID = 0; bool bUserExists = CheckIfPatientFXUserRecExists(); bool bChkInsPatPortalAccount = CheckPatientFXUser(sec, !bUserExists); if (bChkInsPatPortalAccount) { bool m_bFXUserIDExists = bUserExists; if (!m_bFXUserIDExists) { bSaved = sec.InsertPatientFXUser(BaseMstr, BaseMstr.SelectedPatientID, txtUserId.Text, txtPassword.Text, false, //acount locked false, //account inactive out lFXUserID); if (BaseMstr.StatusCode == 0) { txtUserId.Enabled = false; //Delete divPassword.Visible = false; divPassword.Visible = true; divResetPWDButton.Visible = true; } } else { //long lFXUserID = 0; //update a record into the fx_user table and update //the fx_user_id in the patient table lFXUserID = getPatientFXUserID(); } //ONLY if we changed the users account info, update the //record in the FX_USER table //Delete if (divPassword.Visible) if (txtPassword.Enabled) { bSaved = sec.UpdatePatientFXUserPWD(BaseMstr, lFXUserID, txtUserId.Text, txtPassword.Text, false, //account locked false //account inactive ); if (BaseMstr.StatusCode == 0) { //Delete divPassword.Visible = false; txtPassword.Enabled = false; txtVerifyPassword.Enabled = false; //btnResetPassword.Enabled = true; } } else { bSaved = sec.UpdatePatientFXUserOptions(BaseMstr, lFXUserID, false, //account locked false //account inactive ); } } loadPatientPortalAccount(); //upPortalAccount.Update(); if (!bSaved) { chkResetPassword.Checked = false; } return(bSaved); }
public CSecQuestions(BaseMaster BaseMstr) { m_BaseMstr = BaseMstr; sec = new CSec(); }
/// <summary> /// this is the proper place to do initialization in a master page /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void Page_Init(object sender, EventArgs e) { //app specific stuff outside the base controller APPMaster = new AppMaster(); APPMaster.SetBaseMaster(this); //Returns a string that can be used in a client //event to cause postback to the server. Page.ClientScript.GetPostBackEventReference(this, String.Empty); //set the character set, since all pages derive from basemaster //this will set the encoding for all pages... Response.ContentEncoding = Encoding.UTF8; //init status info and objects m_strStatusComment = string.Empty; m_lStatusCode = -1;//-1 = success no show //04/16/2012 - Security Updates //set the timeout Timeout = (Session.Timeout < 15) ? Timeout = 15 : Timeout = Session.Timeout; //connect to the data source if (!ConnectToDataSource()) { //redirect to an error page Response.Redirect("error_database.aspx"); Response.End(); } //sec helper CSec sec = new CSec(); //DBSessionID gets set in the database when the user //logs in. this is used to cache values in the db and to determine if the //user is logged in // //reset FXUserID, only gets set in the call below FXUserID = 0; if (!String.IsNullOrEmpty(DBSessionID)) { //get actual user id from the database session created when the //user logs in string strUID = ""; if (GetSessionValue("FX_USER_ID", out strUID)) { if (strUID != "") { FXUserID = Convert.ToInt32(strUID); } //load the app specific user details //needed for the application APPMaster.LoadUserDetails(); } else { //log off if we cannot retrieve a valid session, //user timed out LogOff(); } } //user does not have access to this page //so logoff. if (!sec.AuditPageAccess(this)) { LogOff(); } string strPageName = this.GetPageName(); if (strPageName.IndexOf("event_management.aspx") != -1) { Response.AddHeader("X-UA-Compatible", "IE=8,chrome=1"); } else { Response.AddHeader("X-UA-Compatible", "IE=9,chrome=1"); } }
protected void Save(out bool bSaved) { bSaved = false; bool bNotify = false; if (bAllowUpdate) { if (!String.IsNullOrEmpty(txtUserId.Text) && txtUserId.Text.Trim().Length > 0) { #region SaveUser ////////////////////////////////////////////////////// //user account is valid so press on with the saves... CPatient patSave = new CPatient(); //fx sec helper CSec sec = new CSec(); if (chkResetPasswd.Checked || String.IsNullOrEmpty(htxtPatientID.Value)) { //make sure pwd and verify pwd match if (txtPassword.Text != txtVerifyPassword.Text) { BaseMstr.StatusCode = 1; BaseMstr.StatusComment = "Password and verify password must match!"; ShowSysFeedback(); return; } //check all the account rules for the account... if (!sec.ValidateUserAccountRules(BaseMstr, txtUserId.Text, txtPassword.Text)) { BaseMstr.StatusCode = 1; //Note: ValidateUserAccountRules will set StatusCode/StatusComment info ShowSysFeedback(); return; } } //if a user is looked up, then SelectedPatientID will be set //otherwise we are creating a new user if (htxtPatientID.Value == "")//this is a new user { return; } else if (htxtPatientID.Value != "") { BaseMstr.SelectedPatientID = htxtPatientID.Value; long lFXUserID = 0; BaseMstr.SetVSValue("FXUserIDExists", CheckIfFXUserRecExists()); blnFXUserIDExists = BaseMstr.GetVSBoolValue("FXUserIDExists"); if (!blnFXUserIDExists) { //insert a record into the fx_user table and update //the fx_user_id in the patient table sec.InsertPatientFXUser(BaseMstr, BaseMstr.SelectedPatientID, txtUserId.Text, txtPassword.Text, chkbxAccountLocked.Checked, chkbxAccountInactive.Checked, out lFXUserID); if (BaseMstr.StatusCode == 0) { txtUserId.Enabled = false; chkResetPasswd.Checked = false; txtPassword.Text = String.Empty; txtVerifyPassword.Text = String.Empty; txtPassword.Enabled = false; txtVerifyPassword.Enabled = false; bSaved = true; } bSaved = (BaseMstr.StatusCode == 0); if (bSaved) { bNotify = true; } } else { //update a record into the fx_user table and update //the fx_user_id in the suat user table lFXUserID = getFXUserID(); } //ONLY if we changed the users account info, update the //record in the FX_USER table if (chkResetPasswd.Checked) { sec.UpdatePatientFXUserPWD(BaseMstr, lFXUserID, txtUserId.Text, txtPassword.Text, chkbxAccountLocked.Checked, chkbxAccountInactive.Checked ); if (BaseMstr.StatusCode == 0) { txtUserId.Enabled = false; chkResetPasswd.Checked = false; txtPassword.Text = String.Empty; txtVerifyPassword.Text = String.Empty; txtPassword.Enabled = false; txtVerifyPassword.Enabled = false; } bSaved = (BaseMstr.StatusCode == 0); if (bSaved) { bNotify = true; } } else { bSaved = sec.UpdatePatientFXUserOptions(BaseMstr, lFXUserID, chkbxAccountLocked.Checked, chkbxAccountInactive.Checked ); } bSaved = (BaseMstr.StatusCode == 0); } if (bNotify) { //Add all patient events CPatientEvent evt = new CPatientEvent(BaseMstr); evt.AddSpecificEvent(cnChgPSWDEventID); //Password Changed if (BaseMstr.StatusCode == 0) { evt.CompletedSpecificEvent(cnChgPSWDEventID); //Password Changed Event ID } } LoadPatientsData(); #endregion } else { return; } } else { BaseMstr.StatusCode = 1; BaseMstr.StatusComment = "<img alt=\"\" src=\"Images/lock16x16.png\" /> You have <b>Read-Only Access</b> to this section."; } ShowSysFeedback(); return; }
//login or change password protected void btnLogin_Click(object sender, EventArgs e) { long lStatus = 0; CSec sec = new CSec(); if (divLogin.Visible)//logging in { lStatus = sec.Login(BaseMstr, txtU.Text, txtP.Text); if (lStatus == 0) { //good to go so cleanup and redirect PopupPostLogin.InnerHtml = ""; //put us in change password mode divChangePassword.Visible = true; txtUN.ReadOnly = false;//lest them re-type there user name txtUN.Text = ""; txtOldP.Text = ""; txtNewP.Text = ""; txtVNewP.Text = ""; txtU.Text = ""; txtP.Text = ""; divLogin.Visible = false; //set a session variable with the login time Session["SESSION_INITIATED"] = DateTime.Now; GetPatientID(); if (!String.IsNullOrEmpty(BaseMstr.SelectedPatientID)) { CPatientTxStep patstep = new CPatientTxStep(BaseMstr); patstep.SetBaseMstrPatientStep(); } //redirect, we are now logged in //BaseMstr.Response.Redirect("portal_revamp.aspx"); BaseMstr.Response.Redirect(strPageAfterLogin); } else { // //4 = change password // if (lStatus == 4) { Session["USER_NAME"] = txtU.Text.Trim(); Response.Redirect("change_password.aspx"); /* * divLogin.Visible = false; * divChangePassword.Visible = true; * * string strMsg = "<div style=\"padding: 10px; \">"; * strMsg += "<span class=\"login-alert\"><img src=\"Images/error.png\" alt=\"Transaction Failed\" /> "; * strMsg += "Please change your password."; * strMsg += "</span>"; * strMsg += "</div>"; * divLoginStatus.InnerHtml = strMsg; * * txtUN.Text = txtU.Text; * txtUN.ReadOnly = true; * return; */ } ////////////////////////////////////////////////////// //following are handled below // //1 = invalid pwd //7 = invalid pwd and locked it //2 = account locked //3 = account inactive //6 = ip address locked // //show error and try again string strErr = "<div style=\"padding: 10px; \">"; strErr += "<span class=\"login-error\"><img src=\"Images/cancel.png\" alt=\"Transaction Failed\" /> "; strErr += BaseMstr.StatusComment; strErr += "</span>"; strErr += "</div>"; divLoginStatus.InnerHtml = strErr; Session["SESSION_INITIATED"] = null; } } //are we changing the password? if (divChangePassword.Visible)//changing password { //only if not logged in if (!BaseMstr.IsLoggedIn()) { txtUN.Text = txtU.Text; } //new pwd and verify new pwd must match if (txtNewP.Text != txtVNewP.Text) { string strErr = "<div style=\"padding: 10px; \">"; strErr += "<span class=\"login-error\"><img src=\"Images/cancel.png\" alt=\"Transaction Failed\" /> "; strErr += "New Password and Verify Password do not match"; strErr += "</span>"; strErr += "</div>"; divLoginStatus.InnerHtml = strErr; return; } //check all the account rules for the account... if (!sec.ValidateUserAccountRules(BaseMstr, txtUN.Text, txtNewP.Text)) { //Note: will set StatusCode/StatusComment info string strErr = "<div style=\"padding: 10px; \">"; strErr += "<span class=\"login-error\"><img src=\"Images/cancel.png\" alt=\"Transaction Failed\" /> "; strErr += BaseMstr.StatusComment; strErr += "</span>"; strErr += "</div>"; if (BaseMstr.StatusComment.Length < 48) { divLoginStatus.InnerHtml = strErr; PopupPostLogin.InnerHtml = String.Empty; } else { divLoginStatus.InnerHtml = String.Empty; ScriptManager.RegisterStartupScript(upLogin, typeof(string), "loginmsg", "sysfeedback('" + BaseMstr.StatusComment + "')", true); //PopupPostLogin.InnerHtml = "<script type=\"text/javascript\">alert('" + BaseMstr.StatusComment + "');</script>"; } return; } //change the users password, this will also log the user in lStatus = sec.ChangePassword(BaseMstr, txtUN.Text, txtOldP.Text, txtNewP.Text); if (lStatus != 0) { //Note: will set StatusCode/StatusComment info string strErr = "<div style=\"padding: 10px; \">"; strErr += "<span class=\"login-error\"><img src=\"Images/cancel.png\" alt=\"Transaction Failed\" /> "; strErr += BaseMstr.StatusComment; strErr += "</span>"; strErr += "</div>"; divLoginStatus.InnerHtml = strErr; Session["SESSION_INITIATED"] = null; return; } else { //successfully logged in! divLoginStatus.InnerHtml = ""; //clear the user id and pwd txtU.Text = ""; txtP.Text = ""; txtUN.Text = ""; txtOldP.Text = ""; txtNewP.Text = ""; txtVNewP.Text = ""; txtUN.ReadOnly = false; Session["SESSION_INITIATED"] = DateTime.Now; GetPatientID(); if (!String.IsNullOrEmpty(BaseMstr.SelectedPatientID)) { CPatientTxStep patstep = new CPatientTxStep(BaseMstr); patstep.SetBaseMstrPatientStep(); } //BaseMstr.Response.Redirect("portal_revamp.aspx"); BaseMstr.Response.Redirect(strPageAfterLogin); } } }
public bool SavePatientPortalAccount() { bool bSaved = false; CheckUserRightsMode(); bool bIsReadOnly = ( ((BaseMstr.APPMaster.UserType != (long)SUATUserType.ADMINISTRATOR) && lUsrRightMode < (long)RightMode.ReadWrite) || ((BaseMstr.APPMaster.UserType == (long)SUATUserType.ADMINISTRATOR) && usrsec.GetRightMode(BaseMstr, (long)SUATUserRight.AdministratorUR) < (long)RightMode.ReadWrite) ); if (bIsReadOnly) { return(false); } else { //fx sec Patient helper CSec sec = new CSec(); long lFXUserID = 0; bool bUserExists = CheckIfPatientFXUserRecExists(); bool bChkInsPatPortalAccount = CheckPatientFXUser(sec, !bUserExists); if (bChkInsPatPortalAccount) { bool m_bFXUserIDExists = bUserExists; if (!m_bFXUserIDExists) { bSaved = sec.InsertPatientFXUser(BaseMstr, BaseMstr.SelectedPatientID, txtUserId.Text, txtPassword.Text, chkbxAccountLocked.Checked, chkbxAccountInactive.Checked, out lFXUserID); if (BaseMstr.StatusCode == 0) { txtUserId.Enabled = false; divPassword.Visible = true; divResetPWDButton.Visible = true; } } else { //update a record into the fx_user table and update //the fx_user_id in the patient table lFXUserID = getPatientFXUserID(); } //ONLY if we changed the users account info, update the //record in the FX_USER table if (txtPassword.Enabled) { bSaved = sec.UpdatePatientFXUserPWD(BaseMstr, lFXUserID, txtUserId.Text, txtPassword.Text, chkbxAccountLocked.Checked, chkbxAccountInactive.Checked ); if (BaseMstr.StatusCode == 0) { txtPassword.Enabled = false; txtVerifyPassword.Enabled = false; } } else { bSaved = sec.UpdatePatientFXUserOptions(BaseMstr, lFXUserID, chkbxAccountLocked.Checked, chkbxAccountInactive.Checked ); } } loadPatientPortalAccount(); return(bSaved); } }
protected void btnChangePWD_Click(object sender, EventArgs e) { if (string.IsNullOrEmpty(txtNewP.Text) || string.IsNullOrEmpty(txtVNewP.Text) || string.IsNullOrEmpty(txtOldP.Text)) { Master.StatusCode = 1; Master.StatusComment = "Password entries are empty!"; ShowSysFeedback(); return; } if (txtNewP.Text != txtVNewP.Text) { Master.StatusCode = 1; Master.StatusComment = "New Password and Verify Password do not match!"; ShowSysFeedback(); return; } if (pnlSecQuestions.Visible) { if (cboQuestion1.SelectedIndex < 1 || cboQuestion2.SelectedIndex < 1 || txtAnswer1.Text.Trim().Length < 1 || txtAnswer2.Text.Trim().Length < 1) { Master.StatusCode = 1; Master.StatusComment = "Please select two challenge questions and enter the corresponding answers!"; ShowSysFeedback(); return; } } long lStatusCode = 0; string strStatusComment = string.Empty; //validate the password rules CSec sec = new CSec(); if (!sec.ValidateUserAccountRules(Master, (string)Session["USER_NAME"], txtNewP.Text)) { Master.StatusCode = lStatusCode; Master.StatusComment = strStatusComment; ShowSysFeedback(); return; } //all good so far, change the pwd, login and redirect lStatusCode = sec.ChangePassword(Master, (string)Session["USER_NAME"], txtOldP.Text, txtNewP.Text); if (lStatusCode != 0) { Master.StatusCode = lStatusCode; Master.StatusComment = strStatusComment; ShowSysFeedback(); return; } //update security challenge questions & answers CSecQuestions secquest = new CSecQuestions(Master); if (!secquest.UpdateSecQuestions(Convert.ToInt32(cboQuestion1.SelectedValue), txtAnswer1.Text.Trim(), Convert.ToInt32(cboQuestion2.SelectedValue), txtAnswer2.Text.Trim(), -1, String.Empty)) { Master.StatusCode = lStatusCode; Master.StatusComment = strStatusComment; ShowSysFeedback(); return; } //if we get here we have successfully changed the password //now login with the new account if (sec.Login(Master, (string)Session["USER_NAME"], txtNewP.Text) != 0) { Master.StatusCode = lStatusCode; Master.StatusComment = strStatusComment; ShowSysFeedback(); return; } Master.StatusCode = lStatusCode; Master.StatusComment = strStatusComment; CPatient pat = new CPatient(); CDataUtils utils = new CDataUtils(); DataSet dsPat = pat.GetPatientIDRS(Master, Master.FXUserID); Master.SelectedPatientID = utils.GetDSStringValue(dsPat, "PATIENT_ID"); CPatientEvent evt = new CPatientEvent(Master); evt.CompletedEvent(1); ShowSysFeedback(); //successful login so clear txt boxes lblUID.Text = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; txtOldP.Text = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; txtNewP.Text = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; txtVNewP.Text = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; lblUID.Text = string.Empty; txtOldP.Text = string.Empty; txtNewP.Text = string.Empty; txtVNewP.Text = string.Empty; Session["USER_NAME"] = null; //set a session variable with the login time Session["SESSION_INITIATED"] = DateTime.Now; //redirect, we are now logged in //Master.Response.Redirect("portal_revamp.aspx"); Master.Response.Redirect("portal_start.aspx"); }
/// <summary> /// this is the proper place to do initialization in a master page /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void Page_Init(object sender, EventArgs e) { //app specific stuff outside the base controller APPMaster = new AppMaster(); APPMaster.SetBaseMaster(this); //Returns a string that can be used in a client //event to cause postback to the server. Page.ClientScript.GetPostBackEventReference(this, String.Empty); //set the character set, since all pages derive from basemaster //this will set the encoding for all pages... Response.ContentEncoding = Encoding.UTF8; //init status info and objects m_strStatusComment = ""; m_lStatusCode = -1;//-1 = success no show //04/16/2012 - Security Updates //set the timeout if (Session.Timeout < 15) { Timeout = 15; } else { Timeout = Session.Timeout; } //connect to the data source if (!ConnectToDataSource()) { //redirect to an error page Response.Redirect("error_database.aspx"); Response.End(); } //sec helper CSec sec = new CSec(); //auto-login with CAC/cert NO! //from the inspection user must click banner //so no auto login here /*if (!IsPostBack) * { * string strPage = GetPageName(); * if (strPage != "fx_logoff.aspx") * { * //don't try to login if we clicked the logoff option * if (Request.QueryString["logoff"] == null) * { * //attempt a cac cert login * if (Session["SessionID"] == null) * { * //auto login with the cert on the CAC... * sec.CertLogin(this); * } * } * } * }*/ //get sessionid if set - set user id if session is ok //Session["SessionID"] gets set in the database when the user //logs in. this is used to cache values in the db and also //force timeouts etc.... /* if (Session["SessionID"] != null) * { * m_strSessionID = Session["SessionID"].ToString(); * * //get actual user id * string strUID = ""; * if (GetSessionValue("FX_USER_ID", out strUID)) * { * if (strUID != "") * { * m_lFXUserID = Convert.ToInt32(strUID); * } * * //load the app specific user details * //needed for the application * APPMaster.LoadUserDetails(); * } * } * else * { * //default to ASP.net session if we have not logged in * m_strSessionID = Context.Session.SessionID; * } */ //DBSessionID gets set in the database when the user //logs in. this is used to cache values in the db and to determine if the //user is logged in // //reset FXUserID, only gets set in the call below FXUserID = 0; if (!String.IsNullOrEmpty(DBSessionID)) { //get actual user id from the database session created when the //user logs in string strUID = ""; if (GetSessionValue("FX_USER_ID", out strUID)) { if (strUID != "") { FXUserID = Convert.ToInt32(strUID); } //load the app specific user details //needed for the application APPMaster.LoadUserDetails(); } else { //log off if we cannot retrieve a valid session, //user timed out LogOff(); } } //user does not have access to this page //so logoff. if (!sec.AuditPageAccess(this)) { LogOff(); } long lNewModuleID = -1; //keep the module id, page id and random data segment if (Request.QueryString["mid"] != null) { string strModuleID; GetSessionValue("CURR_MODULE_ID", out strModuleID); if (strModuleID != Request.QueryString["mid"].ToString()) { lNewModuleID = 1; } else { lNewModuleID = -1; } m_lModuleID = Convert.ToInt32(Request.QueryString["mid"].ToString()); SetSessionValue("CURR_MODULE_ID", Convert.ToString(m_lModuleID)); } if (Request.QueryString["pid"] != null) { if (lNewModuleID != -1) { m_lPageID = -1; } else { m_lPageID = Convert.ToInt32(Request.QueryString["pid"].ToString()); } SetSessionValue("CURR_PAGE_ID", Convert.ToString(m_lPageID)); } if (Request.QueryString["rds"] != null) { m_strRDS = Request.QueryString["rds"].ToString(); } if (m_lModuleID < 1) { string strModuleID = ""; if (m_lFXUserID > 0) { GetSessionValue("CURR_MODULE_ID", out strModuleID); if (strModuleID != "") { m_lModuleID = Convert.ToInt32(strModuleID); } } } if (m_lModuleID < 1) { string strModuleID = ""; if (m_lFXUserID > 0) { GetSessionValue("CURR_MODULE_ID", out strModuleID); if (strModuleID != "") { m_lModuleID = Convert.ToInt32(strModuleID); } } } if (m_lPageID < 1) { string strPageID = ""; if (m_lFXUserID > 0) { GetSessionValue("CURR_PAGE_ID", out strPageID); if (strPageID != "") { m_lPageID = Convert.ToInt32(strPageID); } } } }
protected void Submit_Click(object sender, EventArgs e) { CSec sec = new CSec(); CSecQuestions secquest = new CSecQuestions(Master); if (pnlAccntDetails.Visible) { ViewState["FX_USER_ID"] = null; bool bIsLocked = false; bool bIPLocked = false; if (txtUserName.Text.Trim().Length < 1) { return; } string strUsername = sec.Enc(txtUserName.Text.Trim(), String.Empty); DataSet dsQuest = secquest.GetUserQuestions(strUsername); if (dsQuest != null) { foreach (DataTable dt in dsQuest.Tables) { foreach (DataRow dr in dt.Rows) { if (!dr.IsNull("QUESTION_1")) { lblQuestion1.Text = dr["QUESTION_1"].ToString(); txtAnswer1.Text = String.Empty; } if (!dr.IsNull("QUESTION_2")) { lblQuestion2.Text = dr["QUESTION_2"].ToString(); txtAnswer2.Text = String.Empty; } if (!dr.IsNull("QUESTION_2")) { lblQuestion2.Text = dr["QUESTION_2"].ToString(); txtAnswer2.Text = String.Empty; } if (!dr.IsNull("FX_USER_ID")) { ViewState["FX_USER_ID"] = Convert.ToInt32(dr["FX_USER_ID"]); } if (!dr.IsNull("IS_LOCKED")) { bIsLocked = Convert.ToInt32(dr["IS_LOCKED"]) == 1; } if (!dr.IsNull("IP_LOCKED")) { bIPLocked = Convert.ToInt32(dr["IP_LOCKED"]) == 1; } } } if (dsQuest.Tables[0].Rows.Count > 0) { if (!bIsLocked) { bool bConfirmedAccnt = true; if (Convert.ToInt32(ViewState["FX_USER_ID"]) == 0) { Master.StatusCode = 1; Master.StatusComment = "The Username you entered is incorrect."; bConfirmedAccnt = false; } else if (Convert.ToInt32(ViewState["FX_USER_ID"]) > 0 && (lblQuestion1.Text.Length < 1 || lblQuestion2.Text.Length < 1)) { Master.StatusCode = 1; Master.StatusComment = "You have not yet selected security questions for your portal account."; bConfirmedAccnt = false; } if (bConfirmedAccnt) { pnlAccntDetails.Visible = false; pnlSecQuestions.Visible = true; } else { pnlAccntDetails.Visible = true; pnlSecQuestions.Visible = false; ShowSysFeedback(); } } else { pnlAccntDetails.Visible = true; pnlSecQuestions.Visible = false; Master.StatusCode = 9; //9: account is locked Master.StatusComment = "Your account has been locked. Please contact the system administrator to reactivate your login."; ShowSysFeedback(); } } else { Master.StatusCode = 1; Master.StatusComment = "The Username you entered is incorrect."; ShowSysFeedback(); } } else { ShowSysFeedback(); return; } } else if (pnlSecQuestions.Visible) { ///long lValidate = 0; long lFXUserID = 0; if (txtAnswer1.Text.Trim().Length > 0 && txtAnswer2.Text.Trim().Length > 0) { if (ViewState["FX_USER_ID"] != null) { lFXUserID = Convert.ToInt32(ViewState["FX_USER_ID"]); } string strAnswer1 = sec.Enc(txtAnswer1.Text.Trim().ToLower(), String.Empty); string strAnswer2 = sec.Enc(txtAnswer2.Text.Trim().ToLower(), String.Empty); secquest.ValidateAnswers(lFXUserID, strAnswer1, strAnswer2, String.Empty); if (Master.StatusCode == 0) // good to continue to reset password { pnlSecQuestions.Visible = false; pnlNewPassword.Visible = true; } else if (Master.StatusCode == 1) //1: invalid answer { ShowSysFeedback(); } else if (Master.StatusCode == 9) //9: account is locked { btnSubmit.Visible = false; divAccLocked.InnerText = Master.StatusComment; divAccLocked.Visible = true; } } else { Master.StatusCode = 1; Master.StatusComment = "Please answer all the questions to continue."; ShowSysFeedback(); } } else if (pnlNewPassword.Visible) { if (txtPassword.Text.Trim().Length < 1 || txtConfirmPassword.Text.Trim().Length < 1) { Master.StatusCode = 1; Master.StatusComment = "Pasword and Password Confirmation are required."; ShowSysFeedback(); return; } if (txtPassword.Text.Trim() != txtConfirmPassword.Text.Trim()) { Master.StatusCode = 1; Master.StatusComment = "Pasword and Password Confirmation are different."; ShowSysFeedback(); return; } //change password and login long lFXUserID = 0; if (ViewState["FX_USER_ID"] != null) { lFXUserID = Convert.ToInt32(ViewState["FX_USER_ID"]); } string strUserName = txtUserName.Text.Trim(); if (sec.ValidatePasswordRules(Master, txtPassword.Text.Trim())) { if (secquest.ResetPassword(lFXUserID, strUserName, txtPassword.Text.Trim())) { long lStatusCode = 0; string strStatusComment = String.Empty; if (sec.Login(Master, txtUserName.Text.Trim(), txtPassword.Text.Trim()) != 0) { Master.StatusCode = lStatusCode; Master.StatusComment = strStatusComment; ShowSysFeedback(); return; } //set a session variable with the login time Session["SESSION_INITIATED"] = DateTime.Now; //redirect, we are now logged in //Master.Response.Redirect("portal_revamp.aspx"); Master.Response.Redirect("portal_start.aspx"); return; } } } ShowSysFeedback(); }
protected void Save(out bool bSaved) { bSaved = false; if (bAllowUpdate) { if (!String.IsNullOrEmpty(txtUserId.Text) && txtUserId.Text.Trim().Length > 0) { #region SaveUser strMessage = ""; ////////////////////////////////////////////////////// //user account is valid so press on with the saves... CUserAdmin usrSave = new CUserAdmin(); int iUserType = 0; //get the user rights for storing long lUserRights = 0; long lReadOnly = 0; GetUserRights(out lUserRights, out lReadOnly); strMessage = CheckUserDemoErrors(); if (strMessage != "") { BaseMstr.StatusCode = 1; BaseMstr.StatusComment = strMessage; ShowSysFeedback(); return; } //User Type Selected iUserType = Convert.ToInt32(rblUserType.SelectedItem.Value); int lService = 0; //fx sec helper CSec sec = new CSec(); if (chkResetPasswd.Checked || String.IsNullOrEmpty(htxtProviderID.Value)) { //make sure pwd and verify pwd match if (txtPassword.Text != txtVerifyPassword.Text) { BaseMstr.StatusCode = 1; BaseMstr.StatusComment = "Password and verify password must match!"; ShowSysFeedback(); return; } //check all the account rules for the account... if (!sec.ValidateUserAccountRules(BaseMstr, txtUserId.Text, txtPassword.Text)) { BaseMstr.StatusCode = 1; //Note: ValidateUserAccountRules will set StatusCode/StatusComment info ShowSysFeedback(); return; } } //////////////////////////////////////////////////////// ////user account is valid so press on with the saves... //is a user is looked up, then SelectedProviderID will be set //otherwise we are creating a new user if (htxtProviderID.Value == "")//this is a new user { if (BaseMstr.StatusCode == 0) { //note: user name and pwd are valid so do the inserts //make sure user name does not already exist since //we are doing an insert if (sec.UserNameExists(BaseMstr, txtUserId.Text)) { BaseMstr.StatusCode = 1; BaseMstr.StatusComment = "Please choose a different user name!"; ShowSysFeedback(); return; } //get a new provider id strNewProviderID = BaseMstr.APPMaster.GetNewProviderID(); //insert a record into the suat user table usrSave.InsertSuatUser(BaseMstr, strNewProviderID, 0, //n/a now that we have fx-user - Locked txtName.Text, "N/A", //Not Used Rank 0, //Not Used Service, txtTitle.Text, "N/A", //Not Used Corps, "N/A", //Not Used Squadron, "N/A", //Not Used OfficeSymbol, txtPhone.Text, txtEmail.Text, cboSite.SelectedValue, "N/A", //- Not Used UIDPWD 0, //n/a now that we have fx_user - Not Used MustChgPWD "N/A"); //Not Used SupervisorID); if (BaseMstr.StatusCode == 0) { BaseMstr.SelectedProviderID = strNewProviderID; htxtProviderID.Value = strNewProviderID; //insert a record into the fx_user table and update //the fx_user_id in the suat user table long lFXUserID = 0; sec.InsertFXUser(BaseMstr, BaseMstr.SelectedProviderID, txtUserId.Text, txtPassword.Text, chkbxAccountLocked.Checked, chkbxAccountInactive.Checked, out lFXUserID); if (BaseMstr.StatusCode == 0) { sec.UpdateFXUserRights(BaseMstr, lFXUserID, iUserType, lUserRights, lReadOnly); txtUserId.Enabled = false; chkResetPasswd.Checked = false; txtPassword.Text = String.Empty; txtVerifyPassword.Text = String.Empty; txtPassword.Enabled = false; txtVerifyPassword.Enabled = false; } bSaved = (BaseMstr.StatusCode == 0); } } } else //if is existing user { //user is selected for edit if (htxtProviderID.Value != "") { BaseMstr.SelectedProviderID = htxtProviderID.Value; if (BaseMstr.StatusCode == 0) { //update the users record in the SUAT_USER table usrSave.UpdateSuatUser(BaseMstr, 0, //n.a now that we have fx_user - Locked txtName.Text, "N/A", //Not Used Rank 0, //Not Used Service, txtTitle.Text, "N/A", //Not Used Corps "N/A", //Not Used Squadron "N/A", //Not Used OfficeSymbol txtPhone.Text, txtEmail.Text, cboSite.SelectedValue, "N/A", //Not Used UIDPWD 0, //n/a now that we have fx_user -Not Used MustChgPWD "N/A"); //Not Used SupervisorID); if (BaseMstr.StatusCode == 0) { long lFXUserID = 0; BaseMstr.SetVSValue("FXUserIDExists", CheckIfFXUserRecExists()); blnFXUserIDExists = BaseMstr.GetVSBoolValue("FXUserIDExists"); if (!blnFXUserIDExists) { //insert a record into the fx_user table and update //the fx_user_id in the patient table sec.InsertFXUser(BaseMstr, BaseMstr.SelectedProviderID, txtUserId.Text, txtPassword.Text, chkbxAccountLocked.Checked, chkbxAccountInactive.Checked, out lFXUserID); if (BaseMstr.StatusCode == 0) { txtUserId.Enabled = false; chkResetPasswd.Checked = false; txtPassword.Text = String.Empty; txtVerifyPassword.Text = String.Empty; txtPassword.Enabled = false; txtVerifyPassword.Enabled = false; bSaved = true; } bSaved = (BaseMstr.StatusCode == 0); } else { //update a record into the fx_user table and update //the fx_user_id in the suat user table lFXUserID = getFXUserID(); } //ONLY if we changed the users account info, update the //record in the FX_USER table if (chkResetPasswd.Checked) { sec.UpdateFXUserPWD(BaseMstr, lFXUserID, txtUserId.Text, txtPassword.Text, chkbxAccountLocked.Checked, chkbxAccountInactive.Checked ); if (BaseMstr.StatusCode == 0) { txtUserId.Enabled = false; chkResetPasswd.Checked = false; txtPassword.Text = String.Empty; txtVerifyPassword.Text = String.Empty; txtPassword.Enabled = false; txtVerifyPassword.Enabled = false; } bSaved = (BaseMstr.StatusCode == 0); } else { bSaved = sec.UpdateFXUserOptions(BaseMstr, lFXUserID, chkbxAccountLocked.Checked, chkbxAccountInactive.Checked ); } //update fx_user_rights bSaved = sec.UpdateFXUserRights(BaseMstr, lFXUserID, iUserType, lUserRights, lReadOnly); } bSaved = (BaseMstr.StatusCode == 0); } } } LoadUsersData(); #endregion } else { BaseMstr.StatusCode = 1; BaseMstr.StatusComment = "<b>Username</b> and <b>Password</b> are required for the new user account."; } } else { BaseMstr.StatusCode = 1; BaseMstr.StatusComment = "<img alt=\"\" src=\"Images/lock16x16.png\" /> You have <b>Read-Only Access</b> to this section."; } ShowSysFeedback(); return; }