public static bool shortIdCorrespondToAgentByIndex(ref Agent agent, SecureString short_id_to_compare)
{
/* Check if the given short secure id is the one store in the database for the current agent
* If so return true, elese return false
*/
string encrypted_short_id = database.getAgentEncryptedShortSecureId(agent.tableId);
if (encrypted_short_id == null)
{ //error from database
agent.error = true; //change are not store into memory just temporarely into that structure
return(false);
}
int index = client_list.LastIndexOf(agent); //index can not be equal to -1 here because of the previous statement (from other method)
SecureString agent_short_id = DataProtection.unprotect(encrypted_short_id); //get the saved short secure id from database for that specific agent
bool res_authentification = SecureStringEquals(agent_short_id, short_id_to_compare); //compare the saved short id and the given one
if (!res_authentification)
{
setNewAttempForAgent(ref agent);
}
else
{
agent.numberOfConnectionAttemps = 0;
//reset the number of attemp
}
client_list[index] = agent;//update agent data
if (agent_short_id != null)
{
agent_short_id.Dispose();
}
if (short_id_to_compare != null)
{
short_id_to_compare.Dispose();
}
return(res_authentification);
}
private void save_change_button_Click(object sender, EventArgs e)
{
if (!isDataCorrect())//if all the given data is correct
{
return;
}
int res;
//save all the current information into a strcture
agent.lastName = last_name_textBox.Text;
agent.firstName = first_name_textBox.Text;
agent.job = job_textBox.Text;
agent.mailAdress = mail_adress_textBox.Text;
agent.setIntRightFromString(right_checkedListBox.CheckedItems[0].ToString());
agent.id = id_textBox.Text;
if (password_textBox.Text.Replace(" ", "").Length != 0)//password has been changed
{
SecureString password = new SecureString();
foreach (char c in password_textBox.Text)
{
password.AppendChar(c);
}
password.MakeReadOnly();
//create hash for the password
string salt = DataProtection.getSaltForHashes();
agent.hashedPassword = DataProtection.getSaltHashedString(password, salt);
agent.saltForHashe = salt;
//hashed the password
if (password != null)
{
password.Dispose();
}
}
//send mail to the agent about all his confidential data
string subject;
string body = "";
if (agent.tableId == -1)//if user add a new agent we automatically set a new short id for him
{
//user cannot create an account with higher priviledges
if (!SecurityManager.rightLevelEnoughToAccesSystem(SecurityManager.getConnectedAgentRight(), agent.getRight()))
{
MessageBox.Show("Vous ne pouvez pas créer un compte de plus haut privilege que le votre");
return;
}
agent.shortSecureId = SecurityManager.setAgentShortSecureId();
res = database.addNewAgent(agent);
subject = "Création de votre compte";
body = agent.lastName.ToUpper() + " " + agent.firstName.ToLower() + " (" + agent.job.ToUpper() + ") : "
+ "<br> L'agent " + SecurityManager.getFormatedSessionInfo() + " vient de créer votre compte"
+ "<br><br>Identifiant : " + id_textBox.Text
+ "<br>Mot de passe : " + password_textBox.Text
+ "<br>Code d'identification : " + DataProtection.ToInsecureString(DataProtection.unprotect(agent.shortSecureId))
+ "<br><br>Le code d'identification est unique et ne peut être changé pour des raisons de sécurité.";
}
else
{
//user cannot edit an account with higher or equal priviledges (except for the maximun privildge right user)
if (SecurityManager.getConnectedAgentRight() != SecurityManager.RIGHTS_LIST.LastIndexOf(SecurityManager.RIGHT_DEUS))
{
//an user cannot delete an account with higer or equal priviledges
if (SecurityManager.getConnectedAgentRight() == agent.getRight() || !SecurityManager.rightLevelEnoughToAccesSystem(SecurityManager.getConnectedAgentRight(), agent.getRight()))
{
MessageBox.Show("Vous ne disposez pas des droits éditer un compte de plus haut (ou égal) privilège");
return;
}
}
res = database.updateAgent(agent);
//send mail to the user in order to notify him about the actual changes
subject = "Modification de votre compte";
body = agent.lastName.ToUpper() + " " + agent.firstName.ToLower() + " (" + agent.job.ToUpper() + ") : "
+ "<br> L'agent " + SecurityManager.getFormatedSessionInfo() + " vient de modifier votre compte"
+ "<br><br>Identifiant : " + id_textBox.Text
+ "<br>Mot de passe : " + password_textBox.Text
+ "<br>Code d'identification : " + DataProtection.ToInsecureString(DataProtection.unprotect(agent.shortSecureId))
+ "<br>Le code d'identification est unique et ne peut être changé pour des raisons de sécurité.";
}
if (res == ToolsClass.Definition.NO_ERROR_INT_VALUE)//no error
{
/*if the user change the mail adress of an agent, we send mail to the old adress "old_mail_adress" to notify him
* that we change his mail adress
* Then we send mail to the new adress with the data that changed
*/
if ((old_mail_adress != null) && (old_mail_adress != "") && (old_mail_adress != agent.mailAdress))
{
string text_body = agent.lastName.ToUpper() + " " + agent.firstName.ToLower() + " (" + agent.job.ToUpper() + ") : "
+ "<br> L'agent " + SecurityManager.getFormatedSessionInfo() + " vient de modifier votre compte"
+ "<br>Cette adresse mail n'est désormais plus assiocié à votre compte."
+ "En conséquence, vous ne receverez plus de notification à cette adresse";
ToolsClass.Tools.sendMail(subject, text_body, new List <string>(new string[] { old_mail_adress }));
}
//send mail to the current mail adress
int res_mail = ToolsClass.Tools.sendMail(subject, body, new List <string>(new string[] { agent.mailAdress }));
string message = "Les modifications ont été enregistrées avec succès";
if (res_mail != ToolsClass.Definition.NO_ERROR_INT_VALUE)//fail to send data
{
HtmlMessageBox box = new HtmlMessageBox("Information sur le compte", ref body);
box.ShowDialog();
message += "\nLe mail n'a pas pu être envoyé";
}
else
{
message += "\nLe mail a correctement été envoyé";
}
MessageBox.Show(message);
setListBox(); //update listbox
setDefault(); //reset view
}
else//error
{
MessageBox.Show("Une erreur est survenue !");
}
}