public static bool shortIdCorrespondToAgentByIndex(ref Agent agent, SecureString short_id_to_compare) { /* Check if the given short secure id is the one store in the database for the current agent * If so return true, elese return false */ string encrypted_short_id = database.getAgentEncryptedShortSecureId(agent.tableId); if (encrypted_short_id == null) { //error from database agent.error = true; //change are not store into memory just temporarely into that structure return(false); } int index = client_list.LastIndexOf(agent); //index can not be equal to -1 here because of the previous statement (from other method) SecureString agent_short_id = DataProtection.unprotect(encrypted_short_id); //get the saved short secure id from database for that specific agent bool res_authentification = SecureStringEquals(agent_short_id, short_id_to_compare); //compare the saved short id and the given one if (!res_authentification) { setNewAttempForAgent(ref agent); } else { agent.numberOfConnectionAttemps = 0; //reset the number of attemp } client_list[index] = agent;//update agent data if (agent_short_id != null) { agent_short_id.Dispose(); } if (short_id_to_compare != null) { short_id_to_compare.Dispose(); } return(res_authentification); }
private void save_change_button_Click(object sender, EventArgs e) { if (!isDataCorrect())//if all the given data is correct { return; } int res; //save all the current information into a strcture agent.lastName = last_name_textBox.Text; agent.firstName = first_name_textBox.Text; agent.job = job_textBox.Text; agent.mailAdress = mail_adress_textBox.Text; agent.setIntRightFromString(right_checkedListBox.CheckedItems[0].ToString()); agent.id = id_textBox.Text; if (password_textBox.Text.Replace(" ", "").Length != 0)//password has been changed { SecureString password = new SecureString(); foreach (char c in password_textBox.Text) { password.AppendChar(c); } password.MakeReadOnly(); //create hash for the password string salt = DataProtection.getSaltForHashes(); agent.hashedPassword = DataProtection.getSaltHashedString(password, salt); agent.saltForHashe = salt; //hashed the password if (password != null) { password.Dispose(); } } //send mail to the agent about all his confidential data string subject; string body = ""; if (agent.tableId == -1)//if user add a new agent we automatically set a new short id for him { //user cannot create an account with higher priviledges if (!SecurityManager.rightLevelEnoughToAccesSystem(SecurityManager.getConnectedAgentRight(), agent.getRight())) { MessageBox.Show("Vous ne pouvez pas créer un compte de plus haut privilege que le votre"); return; } agent.shortSecureId = SecurityManager.setAgentShortSecureId(); res = database.addNewAgent(agent); subject = "Création de votre compte"; body = agent.lastName.ToUpper() + " " + agent.firstName.ToLower() + " (" + agent.job.ToUpper() + ") : " + "<br> L'agent " + SecurityManager.getFormatedSessionInfo() + " vient de créer votre compte" + "<br><br>Identifiant : " + id_textBox.Text + "<br>Mot de passe : " + password_textBox.Text + "<br>Code d'identification : " + DataProtection.ToInsecureString(DataProtection.unprotect(agent.shortSecureId)) + "<br><br>Le code d'identification est unique et ne peut être changé pour des raisons de sécurité."; } else { //user cannot edit an account with higher or equal priviledges (except for the maximun privildge right user) if (SecurityManager.getConnectedAgentRight() != SecurityManager.RIGHTS_LIST.LastIndexOf(SecurityManager.RIGHT_DEUS)) { //an user cannot delete an account with higer or equal priviledges if (SecurityManager.getConnectedAgentRight() == agent.getRight() || !SecurityManager.rightLevelEnoughToAccesSystem(SecurityManager.getConnectedAgentRight(), agent.getRight())) { MessageBox.Show("Vous ne disposez pas des droits éditer un compte de plus haut (ou égal) privilège"); return; } } res = database.updateAgent(agent); //send mail to the user in order to notify him about the actual changes subject = "Modification de votre compte"; body = agent.lastName.ToUpper() + " " + agent.firstName.ToLower() + " (" + agent.job.ToUpper() + ") : " + "<br> L'agent " + SecurityManager.getFormatedSessionInfo() + " vient de modifier votre compte" + "<br><br>Identifiant : " + id_textBox.Text + "<br>Mot de passe : " + password_textBox.Text + "<br>Code d'identification : " + DataProtection.ToInsecureString(DataProtection.unprotect(agent.shortSecureId)) + "<br>Le code d'identification est unique et ne peut être changé pour des raisons de sécurité."; } if (res == ToolsClass.Definition.NO_ERROR_INT_VALUE)//no error { /*if the user change the mail adress of an agent, we send mail to the old adress "old_mail_adress" to notify him * that we change his mail adress * Then we send mail to the new adress with the data that changed */ if ((old_mail_adress != null) && (old_mail_adress != "") && (old_mail_adress != agent.mailAdress)) { string text_body = agent.lastName.ToUpper() + " " + agent.firstName.ToLower() + " (" + agent.job.ToUpper() + ") : " + "<br> L'agent " + SecurityManager.getFormatedSessionInfo() + " vient de modifier votre compte" + "<br>Cette adresse mail n'est désormais plus assiocié à votre compte." + "En conséquence, vous ne receverez plus de notification à cette adresse"; ToolsClass.Tools.sendMail(subject, text_body, new List <string>(new string[] { old_mail_adress })); } //send mail to the current mail adress int res_mail = ToolsClass.Tools.sendMail(subject, body, new List <string>(new string[] { agent.mailAdress })); string message = "Les modifications ont été enregistrées avec succès"; if (res_mail != ToolsClass.Definition.NO_ERROR_INT_VALUE)//fail to send data { HtmlMessageBox box = new HtmlMessageBox("Information sur le compte", ref body); box.ShowDialog(); message += "\nLe mail n'a pas pu être envoyé"; } else { message += "\nLe mail a correctement été envoyé"; } MessageBox.Show(message); setListBox(); //update listbox setDefault(); //reset view } else//error { MessageBox.Show("Une erreur est survenue !"); } }