private static loginResult ValidateLogin(string userName, string password, DbConnection conn, int timeout, bool logon, string host, out string sessionid)
{
sessionid = null;
object[] user = new object[2] {
userName, host
};
loginResult flag = loginResult.logNotFound;
string falsepwd = "0", sulogon = "0", surevoke = "0", lastfalsecount = "0";
conn.ExecReader(Q_VWLOGIN, user, timeout);
if (!conn.hasRow())
{
flag = loginResult.logNotFound;
}
else
{
surevoke = conn.GetFieldValue("SU_REVOKE");
sulogon = conn.GetFieldValue("SU_LOGON");
lastfalsecount = conn.GetFieldValue("SU_FALSEPWDCOUNT");
Encryption.SimpleEncryption enc = new Encryption.SimpleEncryption();
if (logon) // If already logon
{
flag = loginResult.logSuccess;
}
//else if (FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1") == conn.GetFieldValue("SU_PWD"))
else if (enc.Encrypt(password, true) == conn.GetFieldValue("SU_PWD"))
{ // If password is correct
//if (conn.GetFieldValue("SU_PWD") == FormsAuthentication.HashPasswordForStoringInConfigFile(conn.GetFieldValue("CHECKDEFPWD").Trim(), "sha1"))
if (conn.GetFieldValue("SU_PWD") == enc.Encrypt(conn.GetFieldValue("CHECKDEFPWD").Trim(), true))
{
flag = loginResult.logPwdDefault;
}
else if (conn.GetFieldValue("DEFPWD") == "1")
{
flag = loginResult.logPwdDefault;
}
else if (conn.GetFieldValue("SU_LOGON") == "1") // Check if user currently logs in...
{
flag = loginResult.logHasLogon;
}
else if (conn.GetFieldValue("SU_PWDEXPIRED") == "1")
{
flag = loginResult.logPwdExpired;
}
else
{
flag = loginResult.logSuccess;
}
}
else
{
// If incorrect password
falsepwd = "1";
flag = loginResult.logPwdInvalid;
if (password == string.Empty)
{
falsepwd = "0";
flag = loginResult.logPwdEmpty;
}
}
if (flag != loginResult.logPwdEmpty)
{
Guid rand_sessionid = Guid.NewGuid();
object[] actiparam = new object[7] {
userName, conn.GetNativeFieldValue("GROUPID"), falsepwd,
surevoke, host, sulogon, rand_sessionid.ToString()
};
conn.ExecuteNonQuery(SP_USERACTIVITY, actiparam, timeout);
sessionid = rand_sessionid.ToString();
}
}
//check revoke
conn.ExecReader(Q_CHECKREVOKE, user, timeout);
if (conn.hasRow())
{
flag = loginResult.logLocked;
if (surevoke == "0" && conn.GetFieldValue("SU_REVOKE") != "0")
{
flag = loginResult.logJustLocked;
}
}
return(flag);
}
protected void BTN_CHANGE_Click(object sender, EventArgs e)
{
if (TXT_NEW.Text.Trim() != TXT_VERIFY.Text.Trim())
{
LBL_MESSAGE.Text = "Password mismatch!";
Clear();
return;
}
int dbtimeout = int.Parse(ConfigurationSettings.AppSettings["dbTimeOut"]);
DbConnection conn = new DbConnection(Session["ConnStringLogin"].ToString());
string newPassword = "", oldPassword = "", dbPassword = "";
object[] user = new object[1] {
Session["UserID"]
};
Encryption.SimpleEncryption enc = new Encryption.SimpleEncryption();
if (TXT_OLD.Enabled)
{
//oldPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(TXT_OLD.Text.Trim(), "sha1");
oldPassword = enc.Encrypt(TXT_OLD.Text.Trim(), true);
conn.ExecReader(Q_OLDPWD, user, dbtimeout);
if (conn.hasRow())
{
dbPassword = conn.GetFieldValue(0);
}
}
if (!TXT_OLD.Enabled || oldPassword == dbPassword)
{
//newPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(TXT_NEW.Text, "sha1");
newPassword = enc.Encrypt(TXT_NEW.Text, true);
object[] parnew = new object[3] {
Session["UserID"], TXT_NEW.Text, newPassword
};
conn.ExecReader(Q_VALIDATEPOLICY, parnew, dbtimeout);
if (conn.hasRow())
{
if (conn.GetFieldValue(0) == "")
{
parnew = new object[2] {
Session["UserID"].ToString(), newPassword
};
conn.ExecuteNonQuery(SP_USRPWDALL, parnew, dbtimeout);
conn.ExecReader(Q_MODULEDB, user, dbtimeout);
while (conn.hasRow())
{
string connectionString = "Data Source=" + conn.GetFieldValue(0) + //dbip
";Initial Catalog=" + conn.GetFieldValue(1) + //dbnama
";uid=" + conn.GetFieldValue(2) + //db_loginid
";pwd=" + conn.GetFieldValue(3) + ";Pooling=true"; //db_loginpwd
using (DbConnection lclConn = new DbConnection(connectionString))
{
lclConn.ExecuteNonQuery(SP_USRPWD, parnew, dbtimeout);
}
}
LBL_MESSAGE.Text = "";
Clear();
Response.Write("<script for=window event=onload language=javascript>\n" +
"alert('Password Updated!');\nform1.IMG_BACK.click();</script>");
}
else
{
LBL_MESSAGE.Text = conn.GetFieldValue(0);
Clear();
}
}
}
else
{
LBL_MESSAGE.Text = "Old Password invalid!";
Clear();
}
conn.Dispose();
}
protected void BTN_SAVE_Click(object sender, System.EventArgs e)
{
if (TXT_USERID.Text == string.Empty || TXT_SU_FULLNAME.Text == string.Empty || DDL_GROUPID.SelectedValue == string.Empty)
{
LBL_RESULT.Text = "Mandatory field cannot blank... ";
LBL_RESULT.ForeColor = System.Drawing.Color.Red;
return;
}
if (TXT_SU_PWD.Text.Trim() != TXT_VERIFYPWD.Text.Trim())
{
LBL_RESULT.Text = "Password mismatch... ";
LBL_RESULT.ForeColor = System.Drawing.Color.Red;
return;
}
if (TXT_SU_EMAIL.Text != string.Empty && emailValidation(TXT_SU_EMAIL.Text) == false)
{
LBL_RESULT.Text = "Invalid email address... ";
LBL_RESULT.ForeColor = System.Drawing.Color.Red;
return;
}
using (conn = new DbConnection(ConnString))
{
//Validasi
if (LBL_SAVEMODE.Text == "1") //insert new user
{
object[] par = new object[1] {
TXT_USERID.Text
};
conn.ExecReader(Q_CEKUSER, par, dbtimeout);
if (conn.hasRow())
{
if (conn.GetFieldValue(0) == "1")
{
LBL_RESULT.Text = "UserID exists in existing system.";
LBL_RESULT.ForeColor = System.Drawing.Color.Red;
return;
}
else if (conn.GetFieldValue(1) == "2")
{
LBL_RESULT.Text = "UserID is in the pending list.";
LBL_RESULT.ForeColor = System.Drawing.Color.Red;
return;
}
}
}
string password = "";
conn.ExecReader(Q_LOGINPARAM, null, dbtimeout);
if (conn.hasRow())
{
if ((TXT_SU_PWD.Text.Trim().Length < (int)conn.GetNativeFieldValue(0) &&
TXT_SU_PWD.Text.Trim().Length > (int)conn.GetNativeFieldValue(1)))
{
LBL_RESULT.Text = "Password must be between " + conn.GetFieldValue(0) + " and " + conn.GetFieldValue(1) + " characters!";
LBL_RESULT.ForeColor = System.Drawing.Color.Red;
return;
}
}
bool isnew = LBL_SAVEMODE.Text == "1";
string revoke = "0", suActive = "0";
if (cb_revoke.Checked)
{
revoke = "1";
}
if (CHK_SU_ACTIVE.Checked)
{
suActive = "1";
}
if (cb_resetpwd.Checked)
{
password = conn.GetFieldValue("def_pwd");
}
else
{
password = TXT_SU_PWD.Text.Trim();
}
if (isnew && password == "" & ddl_JenisUser.SelectedValue == "2")
{
password = conn.GetFieldValue("def_pwd");
}
if (password != "")
{ // blank means using old pwd
//password = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1");
Encryption.SimpleEncryption enc = new Encryption.SimpleEncryption();
password = enc.Encrypt(password, true);
}
try
{
object[] pardata = new object[19] {
TXT_USERID.Text, DDL_GROUPID.SelectedValue,
TXT_SU_FULLNAME.Text, password,
TXT_SU_HPNUM.Text, TXT_SU_EMAIL.Text,
DBNull.Value, Session["UserID"], LBL_SAVEMODE.Text,
revoke, suActive, uREF_UPLINER.SelectedValue, uREF_BRANCHID.SelectedValue,
uREF_AREAID.SelectedValue, ddl_JenisUser.SelectedValue,
uREF_UPLINER2.SelectedValue, uREF_UPLINER3.SelectedValue,
uREF_UPLINER4.SelectedValue, uREF_UPLINER5.SelectedValue
};
conn.ExecuteNonQuery(SP_SAVE, pardata, dbtimeout);
LBL_RESULT.Text = "Request Submitted! Awaiting Approval ... ";
LBL_RESULT.ForeColor = System.Drawing.Color.Green;
}
catch (Exception ex)
{
if (ex.Message.IndexOf("Last Query:") > 0)
{
LBL_RESULT.Text = ex.Message.Substring(0, ex.Message.IndexOf("Last Query:"));
}
else
{
LBL_RESULT.Text = ex.Message;
}
LBL_RESULT.ForeColor = System.Drawing.Color.Red;
return;
}
DatGrd.CurrentPageIndex = 0;
BindData();
ClearEntries();
ClearSearch();
}
}
