protected void LoadSecQuestions() { CSecQuestions sec = new CSecQuestions(Master); DataSet dsQuest1 = sec.GetSecQuestionsRS(1); DataSet dsQuest2 = sec.GetSecQuestionsRS(2); cboQuestion1.DataSource = dsQuest1; cboQuestion1.DataTextField = "QUESTION"; cboQuestion1.DataValueField = "QUESTION_ID"; cboQuestion1.DataBind(); cboQuestion1.Items.Insert(0, new ListItem("--Select Question--", "-1")); cboQuestion2.DataSource = dsQuest2; cboQuestion2.DataTextField = "QUESTION"; cboQuestion2.DataValueField = "QUESTION_ID"; cboQuestion2.DataBind(); cboQuestion2.Items.Insert(0, new ListItem("--Select Question--", "-1")); }
protected void Submit_Click(object sender, EventArgs e) { CSec sec = new CSec(); CSecQuestions secquest = new CSecQuestions(Master); if (pnlAccntDetails.Visible) { ViewState["FX_USER_ID"] = null; bool bIsLocked = false; bool bIPLocked = false; if (txtUserName.Text.Trim().Length < 1) { return; } string strUsername = sec.Enc(txtUserName.Text.Trim(), String.Empty); DataSet dsQuest = secquest.GetUserQuestions(strUsername); if (dsQuest != null) { foreach (DataTable dt in dsQuest.Tables) { foreach (DataRow dr in dt.Rows) { if (!dr.IsNull("QUESTION_1")) { lblQuestion1.Text = dr["QUESTION_1"].ToString(); txtAnswer1.Text = String.Empty; } if (!dr.IsNull("QUESTION_2")) { lblQuestion2.Text = dr["QUESTION_2"].ToString(); txtAnswer2.Text = String.Empty; } if (!dr.IsNull("QUESTION_2")) { lblQuestion2.Text = dr["QUESTION_2"].ToString(); txtAnswer2.Text = String.Empty; } if (!dr.IsNull("FX_USER_ID")) { ViewState["FX_USER_ID"] = Convert.ToInt32(dr["FX_USER_ID"]); } if (!dr.IsNull("IS_LOCKED")) { bIsLocked = Convert.ToInt32(dr["IS_LOCKED"]) == 1; } if (!dr.IsNull("IP_LOCKED")) { bIPLocked = Convert.ToInt32(dr["IP_LOCKED"]) == 1; } } } if (dsQuest.Tables[0].Rows.Count > 0) { if (!bIsLocked) { bool bConfirmedAccnt = true; if (Convert.ToInt32(ViewState["FX_USER_ID"]) == 0) { Master.StatusCode = 1; Master.StatusComment = "The Username you entered is incorrect."; bConfirmedAccnt = false; } else if (Convert.ToInt32(ViewState["FX_USER_ID"]) > 0 && (lblQuestion1.Text.Length < 1 || lblQuestion2.Text.Length < 1)) { Master.StatusCode = 1; Master.StatusComment = "You have not yet selected security questions for your portal account."; bConfirmedAccnt = false; } if (bConfirmedAccnt) { pnlAccntDetails.Visible = false; pnlSecQuestions.Visible = true; } else { pnlAccntDetails.Visible = true; pnlSecQuestions.Visible = false; ShowSysFeedback(); } } else { pnlAccntDetails.Visible = true; pnlSecQuestions.Visible = false; Master.StatusCode = 9; //9: account is locked Master.StatusComment = "Your account has been locked. Please contact the system administrator to reactivate your login."; ShowSysFeedback(); } } else { Master.StatusCode = 1; Master.StatusComment = "The Username you entered is incorrect."; ShowSysFeedback(); } } else { ShowSysFeedback(); return; } } else if (pnlSecQuestions.Visible) { ///long lValidate = 0; long lFXUserID = 0; if (txtAnswer1.Text.Trim().Length > 0 && txtAnswer2.Text.Trim().Length > 0) { if (ViewState["FX_USER_ID"] != null) { lFXUserID = Convert.ToInt32(ViewState["FX_USER_ID"]); } string strAnswer1 = sec.Enc(txtAnswer1.Text.Trim().ToLower(), String.Empty); string strAnswer2 = sec.Enc(txtAnswer2.Text.Trim().ToLower(), String.Empty); secquest.ValidateAnswers(lFXUserID, strAnswer1, strAnswer2, String.Empty); if (Master.StatusCode == 0) // good to continue to reset password { pnlSecQuestions.Visible = false; pnlNewPassword.Visible = true; } else if (Master.StatusCode == 1) //1: invalid answer { ShowSysFeedback(); } else if (Master.StatusCode == 9) //9: account is locked { btnSubmit.Visible = false; divAccLocked.InnerText = Master.StatusComment; divAccLocked.Visible = true; } } else { Master.StatusCode = 1; Master.StatusComment = "Please answer all the questions to continue."; ShowSysFeedback(); } } else if (pnlNewPassword.Visible) { if (txtPassword.Text.Trim().Length < 1 || txtConfirmPassword.Text.Trim().Length < 1) { Master.StatusCode = 1; Master.StatusComment = "Pasword and Password Confirmation are required."; ShowSysFeedback(); return; } if (txtPassword.Text.Trim() != txtConfirmPassword.Text.Trim()) { Master.StatusCode = 1; Master.StatusComment = "Pasword and Password Confirmation are different."; ShowSysFeedback(); return; } //change password and login long lFXUserID = 0; if (ViewState["FX_USER_ID"] != null) { lFXUserID = Convert.ToInt32(ViewState["FX_USER_ID"]); } string strUserName = txtUserName.Text.Trim(); if (sec.ValidatePasswordRules(Master, txtPassword.Text.Trim())) { if (secquest.ResetPassword(lFXUserID, strUserName, txtPassword.Text.Trim())) { long lStatusCode = 0; string strStatusComment = String.Empty; if (sec.Login(Master, txtUserName.Text.Trim(), txtPassword.Text.Trim()) != 0) { Master.StatusCode = lStatusCode; Master.StatusComment = strStatusComment; ShowSysFeedback(); return; } //set a session variable with the login time Session["SESSION_INITIATED"] = DateTime.Now; //redirect, we are now logged in //Master.Response.Redirect("portal_revamp.aspx"); Master.Response.Redirect("portal_start.aspx"); return; } } } ShowSysFeedback(); }
protected void btnChangePWD_Click(object sender, EventArgs e) { if (string.IsNullOrEmpty(txtNewP.Text) || string.IsNullOrEmpty(txtVNewP.Text) || string.IsNullOrEmpty(txtOldP.Text)) { Master.StatusCode = 1; Master.StatusComment = "Password entries are empty!"; ShowSysFeedback(); return; } if (txtNewP.Text != txtVNewP.Text) { Master.StatusCode = 1; Master.StatusComment = "New Password and Verify Password do not match!"; ShowSysFeedback(); return; } if (pnlSecQuestions.Visible) { if (cboQuestion1.SelectedIndex < 1 || cboQuestion2.SelectedIndex < 1 || txtAnswer1.Text.Trim().Length < 1 || txtAnswer2.Text.Trim().Length < 1) { Master.StatusCode = 1; Master.StatusComment = "Please select two challenge questions and enter the corresponding answers!"; ShowSysFeedback(); return; } } long lStatusCode = 0; string strStatusComment = string.Empty; //validate the password rules CSec sec = new CSec(); if (!sec.ValidateUserAccountRules(Master, (string)Session["USER_NAME"], txtNewP.Text)) { Master.StatusCode = lStatusCode; Master.StatusComment = strStatusComment; ShowSysFeedback(); return; } //all good so far, change the pwd, login and redirect lStatusCode = sec.ChangePassword(Master, (string)Session["USER_NAME"], txtOldP.Text, txtNewP.Text); if (lStatusCode != 0) { Master.StatusCode = lStatusCode; Master.StatusComment = strStatusComment; ShowSysFeedback(); return; } //update security challenge questions & answers CSecQuestions secquest = new CSecQuestions(Master); if (!secquest.UpdateSecQuestions(Convert.ToInt32(cboQuestion1.SelectedValue), txtAnswer1.Text.Trim(), Convert.ToInt32(cboQuestion2.SelectedValue), txtAnswer2.Text.Trim(), -1, String.Empty)) { Master.StatusCode = lStatusCode; Master.StatusComment = strStatusComment; ShowSysFeedback(); return; } //if we get here we have successfully changed the password //now login with the new account if (sec.Login(Master, (string)Session["USER_NAME"], txtNewP.Text) != 0) { Master.StatusCode = lStatusCode; Master.StatusComment = strStatusComment; ShowSysFeedback(); return; } Master.StatusCode = lStatusCode; Master.StatusComment = strStatusComment; CPatient pat = new CPatient(); CDataUtils utils = new CDataUtils(); DataSet dsPat = pat.GetPatientIDRS(Master, Master.FXUserID); Master.SelectedPatientID = utils.GetDSStringValue(dsPat, "PATIENT_ID"); CPatientEvent evt = new CPatientEvent(Master); evt.CompletedEvent(1); ShowSysFeedback(); //successful login so clear txt boxes lblUID.Text = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; txtOldP.Text = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; txtNewP.Text = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; txtVNewP.Text = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; lblUID.Text = string.Empty; txtOldP.Text = string.Empty; txtNewP.Text = string.Empty; txtVNewP.Text = string.Empty; Session["USER_NAME"] = null; //set a session variable with the login time Session["SESSION_INITIATED"] = DateTime.Now; //redirect, we are now logged in //Master.Response.Redirect("portal_revamp.aspx"); Master.Response.Redirect("portal_start.aspx"); }