static public int UserLogin(string login, string password) { // TODO: for testing stage only if (login.IndexOf("@") >= 0) { login = login.Substring(0, login.IndexOf("@")); } /* int userId = DBUser.UserLogin(login, password); * switch(userId) * { * case -1: * throw new InvalidAccountException(); * case -2: * throw new InvalidPasswordException(); * case -3: * throw new NotActiveAccountException(); * case -4: * throw new ExternalOrPendingAccountException(); * } */ // O.R. [2008-12-09] //----------------------------------------------------- int userId = -1; string salt = string.Empty; string hash = string.Empty; bool isExternal = true; bool isPending = true; byte activity = 1; int originalId = -1; bool emptyPassword = false; using (IDataReader reader = DBUser.GetUserInfoByLogin(login)) { /// UserId, Login, FirstName, LastName, Email, Activity, IMGroupId, OriginalId, IsExternal, /// IsPending, salt, hash if (reader.Read()) { userId = (int)reader["UserId"]; salt = (string)reader["salt"]; hash = (string)reader["hash"]; isExternal = (bool)reader["IsExternal"]; isPending = (bool)reader["IsPending"]; activity = (byte)reader["Activity"]; if (reader["OriginalId"] != DBNull.Value) { originalId = (int)reader["OriginalId"]; } if ((string)reader["password"] == string.Empty) { emptyPassword = true; } } } // Audit if (userId == -1 || userId == -2) { if (PortalConfig.AuditWebLogin) { HttpRequest request = HttpContext.Current.Request; string referrer = ""; if (request.UrlReferrer != null) { referrer = String.Concat(request.UrlReferrer.Host, request.UrlReferrer.PathAndQuery); } string message = String.Format(CultureInfo.InvariantCulture, "Failed IBN portal login.\r\n\r\nLogin: {0}\r\nIP: {1}\r\nReferrer: {2}", login, request.UserHostAddress, referrer); Log.WriteEntry(message, System.Diagnostics.EventLogEntryType.FailureAudit); } } // if (userId <= 0) { throw new InvalidAccountException(); } else if (activity != 3) { throw new NotActiveAccountException(); } else if (isExternal || isPending) { throw new ExternalOrPendingAccountException(); } else if (!PasswordUtil.Check(password, salt, hash)) { throw new InvalidPasswordException(); } // reset password if necessary if (!emptyPassword) { using (DbTransaction tran = DbTransaction.Begin()) { DBUser.ResetPassword(userId); if (originalId > 0) { DBUser.ResetPasswordInMain(originalId); } tran.Commit(); } } //----------------------------------------------------- return(userId); }