protected void GvRowCommand(object sender, GridViewCommandEventArgs e) { string editpage = "~/ControlRoom/Modules/Tenant/TenantUserAddEdit.aspx"; if (e.CommandName.ToLower() == "addrecord") { Session["UID"] = string.Empty; Response.Redirect(editpage); } if (e.CommandName.ToLower() == "editrecord") { int key = Convert.ToInt32(e.CommandArgument); Session["UID"] = key; Response.Redirect(editpage); //Response.Redirect(String.Format("{0}?PK={1}", editpage, key)); } if (e.CommandName.ToLower() == "deleterecord") { int key = Convert.ToInt32(e.CommandArgument); try { var obj = new SRPUser(key); if (obj.IsValid(BusinessRulesValidationMode.DELETE)) { SRPUser.Delete(key); LoadData(); var masterPage = (IControlRoomMaster)Master; if (masterPage != null) { masterPage.PageMessage = SRPResources.DeleteOK; } } else { var masterPage = (IControlRoomMaster)Master; string message = String.Format(SRPResources.ApplicationError1, "<ul>"); foreach (BusinessRulesValidationMessage m in obj.ErrorCodes) { message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage); } message = string.Format("{0}</ul>", message); if (masterPage != null) { masterPage.PageError = message; } } } catch (Exception ex) { var masterPage = (IControlRoomMaster)Master; if (masterPage != null) { masterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } } } }
void Application_End(object sender, EventArgs e) { // Code that runs on application shutdown try { SRPUser.LogoffAll(); } catch { } }
protected void Button1_Click(object sender, EventArgs e) { object tokenObject = this.ViewState["token"]; if (tokenObject == null) { passwordUpdate.Visible = false; invalidToken.Visible = true; return; } var user = SRPUser.UpdatePasswordByToken(tokenObject.ToString(), Password.Text); if (user == null) { passwordUpdate.Visible = false; invalidToken.Visible = true; return; } // user requested a password for an email address that is not in the database // if account doesn't exist, send an email saying so var values = new { SystemName = SRPSettings.GetSettingValue("SysName", user.TenID), ContactName = SRPSettings.GetSettingValue("ContactName", user.TenID), ContactEmail = SRPSettings.GetSettingValue("ContactEmail", user.TenID), RemoteAddress = new Tools.WebTools().RemoteUserAddress(Request), UserEmail = user.EmailAddress, ControlRoomLink = string.Format("{0}{1}", BaseUrl, "/ControlRoom/"), PasswordResetSuccessSubject = SRPResources.PasswordEmailSuccessSubject }; this.Log().Info("Password reset process for {0} complete from {1}", values.UserEmail, values.RemoteAddress); // TODO email - move this template out to the database StringBuilder body = new StringBuilder(); body.Append("<p>The password reset for your {SystemName} account is now complete.</p>"); body.Append("<p>You may now <a href=\"{ControlRoomLink}\">log in</a> using your new "); body.Append("password.</p>"); body.Append("<p>If you have any comments or questions, please contact "); body.Append("{ContactName} at <a href=\"mailto:{ContactEmail}\">{ContactEmail}"); body.Append("</a>.</p>"); body.Append("<p style=\"font-size: smaller;\"><em>This password request was "); body.Append("completed from: {RemoteAddress}.</em></p>"); new EmailService().SendEmail(user.EmailAddress, "{SystemName} - {PasswordResetSuccessSubject}".FormatWith(values), body.ToString().FormatWith(values)); Response.Redirect("Login.aspx"); }
void Application_Start(object sender, EventArgs e) { // Code that runs on application startup try { SRPUser.LogoffAll(); } catch { } LoggingExtensions.Logging.Log.InitializeWith <LoggingExtensions.NLog.NLogLog>(); }
void Session_End(object sender, EventArgs e) { // Code that runs when a session ends. // Note: The Session_End event is raised only when the sessionstate mode // is set to InProc in the Web.config file. If session mode is set to StateServer // or SQLServer, the event is not raised. if (Session[SessionData.UserProfile.ToString()] != null) { SRPUser.Logoff(((SRPUser)Session[SessionData.UserProfile.ToString()]).Uid); } }
protected void Button1_Click(object sender, EventArgs e) { SRPUser user = (SRPUser)Session[SessionData.UserProfile.ToString()]; user.NewPassword = uxNewPasswordField.Text; user.MustResetPassword = false; user.LastPasswordReset = DateTime.Now; user.Update(); Session[SessionData.UserProfile.ToString()] = user; FormsAuthentication.RedirectFromLoginPage(user.Username, false); }
protected void Page_Load(object sender, EventArgs e) { MasterPage.IsSecure = true; MasterPage.PageTitle = "User Login History"; lblUID.Text = Session["UID"] == null ? "" : Session["UID"].ToString(); //Session["UID"] = ""; if (lblUID.Text == "") { Response.Redirect("~/ControlRoom/"); } if (!IsPostBack) { //lblUID.Text = Request["UID"].ToString(); var user = new SRPUser(int.Parse(lblUID.Text)); lblUsername.Text = user.Username; lblName.Text = user.FirstName + " " + user.LastName; lblUsername.Visible = lblName.Visible = true; } ControlRoomAccessPermission.CheckControlRoomAccessPermission(1000); // User Security; if (!IsPostBack) { List <RibbonPanel> moduleRibbonPanels = StandardModuleRibbons.SecurityRibbon(); foreach (var moduleRibbonPanel in moduleRibbonPanels) { MasterPage.PageRibbon.Add(moduleRibbonPanel); } MasterPage.PageRibbon.DataBind(); } _mStrSortExp = String.Empty; if (!IsPostBack) { _mStrSortExp = String.Empty; } else { if (null != ViewState["_SortExp_"]) { _mStrSortExp = ViewState["_SortExp_"] as String; } if (null != ViewState["_Direction_"]) { _mSortDirection = (SortDirection)ViewState["_Direction_"]; } } if (!IsPostBack) { LoadData(); } }
private SRPUser GetUser(string userIdString) { if (!string.IsNullOrWhiteSpace(userIdString)) { int userId = 0; if (int.TryParse(userIdString, out userId)) { return(SRPUser.Fetch(userId)); } } return(null); }
protected override void OnPreLoad(EventArgs e) { MasterPage = (IControlRoomMaster)Master; if (MasterPage != null) { MasterPage.IsSecure = true; } SRPUser = (SRPUser)Session[SessionData.UserProfile.ToString()]; //UserPermissions = (List<SRPPermission>)Session[SessionData.PermissionList.ToString()]; UserPermissionList = (string)Session[SessionData.StringPermissionList.ToString()]; base.OnPreLoad(e); }
public static void Logout(Page page) { try { SRPUser u = (SRPUser)HttpContext.Current.Session[SessionData.UserProfile.ToString()]; if (u != null) { u.Logoff(); } } finally { page.Session.Abandon(); page.Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", "")); page.Response.Redirect("~/ControlRoom/Login.aspx", true); } }
protected void Page_Load(object sender, EventArgs e) { try { SRPUser u = (SRPUser)HttpContext.Current.Session[SessionData.UserProfile.ToString()]; if (u != null) { u.Logoff(); } } finally { Response.Redirect("~/ControlRoom/Login.aspx"); } }
private void LoadData() { var ds = new DataSet(); var dt = SRPUser.FetchAllAsDataTable(); ds.Tables.Add(dt); if (_mStrSortExp != "") { dt.DefaultView.Sort = _mStrSortExp + (_mSortDirection == SortDirection.Descending ? " DESC" : ""); var ds2 = new DataSet(); ds2.Tables.Add(dt.DefaultView.ToTable()); ds = ds2; } gv.DataSource = ds; gv.DataBind(); }
private void LoadData() { var ds = new DataSet(); var dt = SRPUser.GetLoginHistory(int.Parse(lblUID.Text)); ds.Tables.Add(dt); if (_mStrSortExp != "") { dt.DefaultView.Sort = _mStrSortExp + (_mSortDirection == SortDirection.Descending ? " DESC" : ""); var ds2 = new DataSet(); ds2.Tables.Add(dt.DefaultView.ToTable()); ds = ds2; } gv.DataSource = ds; gv.DataBind(); }
protected void LinkButton1_Click(object sender, EventArgs e) { uxLogin.PasswordRequiredErrorMessage = string.Empty; Page.Validate("uxLogin"); if (Page.IsValid || (uxLogin.UserName.Length > 0 && !Page.IsValid)) { SRPUser u = SRPUser.FetchByUsername(uxLogin.UserName); if (u != null) { // send email } uxMessageBox.Visible = true; FailureText.Text = SRPResources.PasswordEmailed; } }
public void ShouldAuthenticateTheSameUserOnTheServer() { var username = "******"; var password = "******"; var hash = new HMACSHA256(); var parameter = new Bit2048(); var srp = new SecureRemoteProtocol(hash, parameter); var privateKey = SecureRemoteProtocol.GetRandomNumber().ToBytes(); var serverKey = SecureRemoteProtocol.GetRandomNumber().ToBytes(); var verificationKey1 = srp.CreateVerificationKey(username, password); var user1 = new SRPUser(username, password, hash, parameter); var a = user1.GetEphemeralSecret(); var authentication1 = user1.StartAuthentication(); var user2 = new SRPUser(username, password, hash, parameter); var user2Ephemeral = user2.GetEphemeralSecret(); var authentication2 = user2.StartAuthentication(); Assert.IsTrue(authentication1.PublicKey.CheckEquals(authentication2.PublicKey)); var svr1 = new SRPVerifier(hash, parameter, verificationKey1, authentication1.PublicKey); var b = svr1.GetEphemeralSecret(); var challenge1 = svr1.GetChallenge(); var session1 = user1.ProcessChallenge(challenge1); var session2 = user2.ProcessChallenge(challenge1); Assert.IsTrue(session1.Key.CheckEquals(session2.Key)); var hamk = svr1.VerifiySession(session1); var svr2 = new SRPVerifier(hash, parameter, verificationKey1, authentication1.PublicKey); Assert.IsTrue(b.CheckEquals(svr2.GetEphemeralSecret())); var hamk2 = svr2.VerifiySession(session1); Assert.IsTrue(hamk.Key.CheckEquals(hamk2.Key)); }
public BaseControlRoomPage() { this.Load += (s, e) => { var tenantIdSession = Session["TenantID"]; int?tenantId = tenantIdSession as int?; int?crTenantId = CRTenantID; if (crTenantId != null && tenantId != crTenantId) { // tenant mismatch between user's TenantID and CR login tenant id // log out user try { SRPUser user = Session[SessionData.UserProfile.ToString()] as SRPUser; string who = "Unknown user"; if (user != null) { who = user.Username; } this.Log().Debug("{0} has mismatched tenants ({1} public and {2} CR) - performing logout", who, tenantId, crTenantId); } catch (Exception ex) { this.Log() .Debug("Unknown user has mismatched tenants ({0} public and {1} CR) - error occurred: {2} - performing logout", tenantId, crTenantId, ex.Message); } GRA.SRP.ControlRoom.CRLogout.Logout(this); return; } if (crTenantId != null) { this.ViewState["TenantID"] = crTenantId; } }; }
protected void SaveGroups(DetailsView dv, SRPUser obj) { GridView gv = (GridView)dv.FindControl("gvUserGroups"); string memberGroups = string.Empty; foreach (GridViewRow row in gv.Rows) { if (((CheckBox)row.FindControl("isMember")).Checked) { memberGroups = string.Format("{0},{1}", memberGroups, ((Label)row.FindControl("GID")).Text); } } if (memberGroups.Length > 0) { memberGroups = memberGroups.Substring(1, memberGroups.Length - 1); } SRPUser.UpdateMemberGroups((int)obj.Uid, memberGroups, ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username); }
protected void SavePermissions(DetailsView dv, SRPUser obj) { GridView gv = (GridView)dv.FindControl("gvUserPermissions"); string groupPermissions = string.Empty; foreach (GridViewRow row in gv.Rows) { if (((CheckBox)row.FindControl("isChecked")).Checked) { groupPermissions = string.Format("{0},{1}", groupPermissions, ((Label)row.FindControl("PermissionID")).Text); } } if (groupPermissions.Length > 0) { groupPermissions = groupPermissions.Substring(1, groupPermissions.Length - 1); } SRPUser.UpdatePermissions((int)obj.Uid, groupPermissions, ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username); }
protected void uvButton_Click(object sender, EventArgs e) { SRPUser user = new SRPUser((int)((SRPUser)Session[SessionData.UserProfile.ToString()]).Uid); if (uxCPass.Text != user.Password) { MasterPage.PageError = String.Format(SRPResources.ApplicationError1, "Your current password is invalid."); return; } string oPass = user.Password; user.Password = uxPassword.Text; user.LastPasswordReset = DateTime.Now; user.MustResetPassword = false; try { user.ClearErrorCodes(); if (SRPUser.Update(user)) { Session[SessionData.UserProfile.ToString()] = user; MasterPage.PageMessage = String.Format("Password has been changed."); } else { user.Password = oPass; string message = String.Format(SRPResources.ApplicationError1, "<ul>"); foreach (BusinessRulesValidationMessage m in user.ErrorCodes) { message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage); } message = string.Format("{0}</ul>", message); MasterPage.PageError = message; } } catch (Exception ex) { user.Password = oPass; MasterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } }
protected void Button1_Click(object sender, EventArgs e) { lblMessage.Text = "Your password has been emailed to the address associated with the account and should arrive shortly."; SRPUser user = SRPUser.FetchByUsername(uxUsername.Text); if (user != null) { //Send Email;..... string baseUrl = Request.Url.Scheme + "://" + Request.Url.Authority + Request.ApplicationPath.TrimEnd('/'); var EmailBody = "<h1>Dear " + user.FirstName + ",</h1><br><br>This is your current account information. Please make sure you reset your password as soon as you are able to log back in.<br><br>" + "Username: "******"<br>Password: "******"<br><br>If you have any questions regarding your account please contact " + SRPSettings.GetSettingValue("ContactName") + " at " + SRPSettings.GetSettingValue("ContactEmail") + "." + "<br><br><br><a href='" + baseUrl + "'>" + baseUrl + "</a> <br> <a href='" + baseUrl + "/ControlRoom'>" + baseUrl + "/ControlRoom</a>"; EmailService.SendEmail(user.EmailAddress, "Summer Reading Program - Control Room Password recovery", EmailBody); } }
protected void Page_Load(object sender, EventArgs e) { if (!Page.IsPostBack) { string token = Request.QueryString["token"]; this.ViewState["token"] = token; if (string.IsNullOrEmpty(token)) { Response.Redirect("~/ControlRoom/PasswordReset.aspx"); } else { if (SRPUser.GetUserByToken(token) == null) { passwordUpdate.Visible = false; invalidToken.Visible = true; } } } }
public void ShouldAuthenticateSameUserTwice() { var username = "******"; var password = "******"; var hash = new HMACSHA256(); var parameter = new Bit2048(); var user1 = new SRPUser(username, password, hash, parameter); var a = user1.GetEphemeralSecret(); var authentication1 = user1.StartAuthentication(); var user2 = new SRPUser(username, password, hash, parameter); var user2Ephemeral = user2.GetEphemeralSecret(); Assert.IsTrue(a.CheckEquals(user2Ephemeral)); var authentication2 = user2.StartAuthentication(); Assert.AreEqual(authentication1.Username, authentication2.Username); Assert.IsTrue(authentication1.PublicKey.CheckEquals(authentication2.PublicKey)); }
protected void Page_Load(object sender, EventArgs e) { if (Session[CRSessionKey.TenantID] != null) { SRPUser currentUser = Session[SessionData.UserProfile.ToString()] as SRPUser; string loggedInAs = string.Empty; if (currentUser != null) { loggedInAs = string.Format(" as {0}", currentUser.Username); } Session[CRSessionKey.CRMessage] = string.Format("You are already logged in{0}. If you wish to log in as another user, please select Logoff first.", loggedInAs); Response.Redirect("~/ControlRoom/Default.aspx", true); return; } uxLogin.Focus(); if (Page.IsPostBack) { uxLogin.PasswordRequiredErrorMessage = GRA.SRP.ControlRoom.SRPResources.PasswordRequired; Page.Validate("uxLogin"); if (!Page.IsValid) { uxMessageBox.Visible = true; } } else { if (Request.Cookies["ControlRoomUsername"] != null) { var cookie = Request.Cookies["ControlRoomUsername"]; if (!string.IsNullOrEmpty(cookie.Value)) { this.uxLogin.UserName = cookie.Value; this.uxLogin.RememberMeSet = true; } } this.SystemName.Text = StringResources.getString("system-name"); } }
public BaseControlRoomPage() { this.Load += (s, e) => { var tenantIdSession = Session["TenantID"]; int?tenantId = tenantIdSession as int?; int?crTenantId = CRTenantID; if (tenantIdSession == null || tenantId == null || crTenantId == null || tenantId != crTenantId) { // tenant mismatch between user's TenantID and CR login tenant id // log out user try { SRPUser user = Session[SessionData.UserProfile.ToString()] as SRPUser; if (user == null) { this.Log() .Debug("Unknown user has mismatched tenants, clearing any login"); } else { this.Log() .Debug("User {0} has mismatched tenants, clearing any login", user.Username); } } catch (Exception ex) { this.Log() .Debug("Unknown user, mismatched tenants, error occurred, clearing: {0}", ex.Message); } GRA.SRP.ControlRoom.CRLogout.Logout(this); return; } this.ViewState["TenantID"] = crTenantId; }; }
protected void ResetPassword_Click(object sender, EventArgs e) { Error.Text = string.Empty; object userIdObject = Session["UID"]; int userId = 0; if (userIdObject == null || !int.TryParse(userIdObject.ToString(), out userId) || userId == 0) { Response.Redirect("Default.aspx"); } SRPUser user = SRPUser.Fetch(userId); user.NewPassword = uxPassword.Text; try { user.Update(); SRPUser currentUser = Session[SessionData.UserProfile.ToString()] as SRPUser; var changeInfo = new { Changer = currentUser == null ? "unknown" : currentUser.Username, User = user.Username }; this.Log().Info("Admin user {0} changed password for user {1}", changeInfo.Changer, changeInfo.User); } catch (Exception ex) { this.Log().Error("Admin user unable to change password for user {0}: {1}", userId, ex.Message); Error.Text = string.Format("An error occurred: {0}", ex.Message); } Response.Redirect("UserAddEdit.aspx"); }
protected void DvItemCommand(object sender, DetailsViewCommandEventArgs e) { string returnURL = "~/ControlRoom/Modules/Tenant/TenantList.aspx"; if (e.CommandName.ToLower() == "back") { Response.Redirect(returnURL); } if (e.CommandName.ToLower() == "refresh") { try { odsData.DataBind(); dv.DataBind(); dv.ChangeMode(DetailsViewMode.Edit); var masterPage = (IControlRoomMaster)Master; if (masterPage != null) { masterPage.PageMessage = SRPResources.RefreshOK; } } catch (Exception ex) { var masterPage = (IControlRoomMaster)Master; masterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } } if (e.CommandName.ToLower() == "add" || e.CommandName.ToLower() == "addandback") { try { var obj = new Core.Utilities.Tenant(); obj.Name = ((TextBox)((DetailsView)sender).FindControl("Name")).Text; obj.LandingName = ((TextBox)((DetailsView)sender).FindControl("LandingName")).Text; obj.AdminName = ((TextBox)((DetailsView)sender).FindControl("AdminName")).Text; obj.isActiveFlag = ((CheckBox)((DetailsView)sender).FindControl("isActiveFlag")).Checked; obj.isMasterFlag = ((CheckBox)((DetailsView)sender).FindControl("isMasterFlag")).Checked; obj.Description = ((CKEditor.NET.CKEditorControl)((DetailsView)sender).FindControl("Description")).Text; obj.DomainName = ((TextBox)((DetailsView)sender).FindControl("DomainName")).Text; try { obj.showNotifications = ((CheckBox)((DetailsView)sender).FindControl("showNotifications")).Checked; obj.showOffers = ((CheckBox)((DetailsView)sender).FindControl("showOffers")).Checked; obj.showBadges = ((CheckBox)((DetailsView)sender).FindControl("showBadges")).Checked; obj.showEvents = ((CheckBox)((DetailsView)sender).FindControl("showEvents")).Checked; obj.NotificationsMenuText = ((TextBox)((DetailsView)sender).FindControl("NotificationsMenuText")).Text; obj.OffersMenuText = ((TextBox)((DetailsView)sender).FindControl("OffersMenuText")).Text; obj.BadgesMenuText = ((TextBox)((DetailsView)sender).FindControl("BadgesMenuText")).Text; obj.EventsMenuText = ((TextBox)((DetailsView)sender).FindControl("EventsMenuText")).Text; obj.FldInt1 = ((TextBox)((DetailsView)sender).FindControl("FldInt1")).Text.SafeToInt(); } catch (Exception exc) { this.Log().Error("Error parsing new tenant information: {0}", exc.Message); } /* * * obj.FldInt2 = ((TextBox)((DetailsView)sender).FindControl("FldInt2")).Text.SafeToInt(); * obj.FldInt3 = ((TextBox)((DetailsView)sender).FindControl("FldInt3")).Text.SafeToInt(); * obj.FldBit1 = ((CheckBox)((DetailsView)sender).FindControl("FldBit1")).Checked; * obj.FldBit2 = ((CheckBox)((DetailsView)sender).FindControl("FldBit2")).Checked; * obj.FldBit3 = ((CheckBox)((DetailsView)sender).FindControl("FldBit3")).Checked; * obj.FldText1 = ((CKEditor.NET.CKEditorControl)((DetailsView)sender).FindControl("FldText1")).Text; * obj.FldText2 = ((CKEditor.NET.CKEditorControl)((DetailsView)sender).FindControl("FldText2")).Text; * obj.FldText3 = ((CKEditor.NET.CKEditorControl)((DetailsView)sender).FindControl("FldText3")).Text; */ // TODO security - don't give all new tenants the same password string newPassword = "******"; obj.AddedDate = DateTime.Now; obj.AddedUser = ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username; //"N/A"; // Get from session obj.LastModDate = obj.AddedDate; obj.LastModUser = obj.AddedUser; var sysadmin = new SRPUser(); sysadmin.Username = ((TextBox)((DetailsView)sender).FindControl("sysadmin")).Text; sysadmin.NewPassword = newPassword; sysadmin.FirstName = ((TextBox)((DetailsView)sender).FindControl("fname")).Text; sysadmin.LastName = ((TextBox)((DetailsView)sender).FindControl("lname")).Text; sysadmin.EmailAddress = ((TextBox)((DetailsView)sender).FindControl("email")).Text; sysadmin.Division = ((TextBox)((DetailsView)sender).FindControl("Name")).Text; sysadmin.Department = sysadmin.Title = ""; sysadmin.AddedDate = DateTime.Now; sysadmin.AddedUser = ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username; //"N/A"; // Get from session sysadmin.LastModDate = sysadmin.AddedDate; sysadmin.LastModUser = sysadmin.AddedUser; sysadmin.IsActive = true; if (sysadmin.IsValid(BusinessRulesValidationMode.INSERT)) { if (obj.IsValid(BusinessRulesValidationMode.INSERT)) { obj.Insert(); var TID = obj.TenID; TenantInitialize.InitializeSecurity(sysadmin, TID, newPassword); TenantInitialize.InitializeData(TID); if (e.CommandName.ToLower() == "addandback") { Response.Redirect(returnURL); } lblPK.Text = obj.TenID.ToString(); odsData.DataBind(); dv.DataBind(); dv.ChangeMode(DetailsViewMode.Edit); var masterPage = (IControlRoomMaster)Master; masterPage.PageMessage = SRPResources.AddedOK; } else { var masterPage = (IControlRoomMaster)Master; string message = String.Format(SRPResources.ApplicationError1, "<ul>"); foreach (BusinessRulesValidationMessage m in obj.ErrorCodes) { message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage); } message = string.Format("{0}</ul>", message); masterPage.PageError = message; } } else { var masterPage = (IControlRoomMaster)Master; string message = String.Format(SRPResources.ApplicationError1, "<ul>"); foreach (BusinessRulesValidationMessage m in sysadmin.ErrorCodes) { message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage); } message = string.Format("{0}</ul>", message); masterPage.PageError = message; } } catch (Exception ex) { var masterPage = (IControlRoomMaster)Master; masterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message); this.Log().Error("Error adding tenant: {0}", ex.Message); } } if (e.CommandName.ToLower() == "save" || e.CommandName.ToLower() == "saveandback") { try { var obj = new GRA.SRP.Core.Utilities.Tenant(); int pk = int.Parse(lblPK.Text); obj.Fetch(pk); obj.Name = ((TextBox)((DetailsView)sender).FindControl("Name")).Text; obj.LandingName = ((TextBox)((DetailsView)sender).FindControl("LandingName")).Text; obj.AdminName = ((TextBox)((DetailsView)sender).FindControl("AdminName")).Text; obj.isActiveFlag = ((CheckBox)((DetailsView)sender).FindControl("isActiveFlag")).Checked; obj.isMasterFlag = ((CheckBox)((DetailsView)sender).FindControl("isMasterFlag")).Checked; obj.Description = ((CKEditor.NET.CKEditorControl)((DetailsView)sender).FindControl("Description")).Text; obj.DomainName = ((TextBox)((DetailsView)sender).FindControl("DomainName")).Text; try { obj.showNotifications = ((CheckBox)((DetailsView)sender).FindControl("showNotifications")).Checked; obj.showOffers = ((CheckBox)((DetailsView)sender).FindControl("showOffers")).Checked; obj.showBadges = ((CheckBox)((DetailsView)sender).FindControl("showBadges")).Checked; obj.showEvents = ((CheckBox)((DetailsView)sender).FindControl("showEvents")).Checked; obj.NotificationsMenuText = ((TextBox)((DetailsView)sender).FindControl("NotificationsMenuText")).Text; obj.OffersMenuText = ((TextBox)((DetailsView)sender).FindControl("OffersMenuText")).Text; obj.BadgesMenuText = ((TextBox)((DetailsView)sender).FindControl("BadgesMenuText")).Text; obj.EventsMenuText = ((TextBox)((DetailsView)sender).FindControl("EventsMenuText")).Text; obj.FldInt1 = ((TextBox)((DetailsView)sender).FindControl("FldInt1")).Text.SafeToInt(); } catch (Exception exc) { } /* * * obj.FldInt2 = ((TextBox)((DetailsView)sender).FindControl("FldInt2")).Text.SafeToInt(); * obj.FldInt3 = ((TextBox)((DetailsView)sender).FindControl("FldInt3")).Text.SafeToInt(); * obj.FldBit1 = ((CheckBox)((DetailsView)sender).FindControl("FldBit1")).Checked; * obj.FldBit2 = ((CheckBox)((DetailsView)sender).FindControl("FldBit2")).Checked; * obj.FldBit3 = ((CheckBox)((DetailsView)sender).FindControl("FldBit3")).Checked; * obj.FldText1 = ((CKEditor.NET.CKEditorControl)((DetailsView)sender).FindControl("FldText1")).Text; * obj.FldText2 = ((CKEditor.NET.CKEditorControl)((DetailsView)sender).FindControl("FldText2")).Text; * obj.FldText3 = ((CKEditor.NET.CKEditorControl)((DetailsView)sender).FindControl("FldText3")).Text; */ obj.LastModDate = DateTime.Now; obj.LastModUser = ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username; //"N/A"; // Get from session if (obj.IsValid(BusinessRulesValidationMode.UPDATE)) { obj.Update(); if (e.CommandName.ToLower() == "saveandback") { Response.Redirect(returnURL); } odsData.DataBind(); dv.DataBind(); dv.ChangeMode(DetailsViewMode.Edit); var masterPage = (IControlRoomMaster)Master; masterPage.PageMessage = SRPResources.SaveOK; } else { var masterPage = (IControlRoomMaster)Master; string message = String.Format(SRPResources.ApplicationError1, "<ul>"); foreach (BusinessRulesValidationMessage m in obj.ErrorCodes) { message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage); } message = string.Format("{0}</ul>", message); masterPage.PageError = message; } } catch (Exception ex) { var masterPage = (IControlRoomMaster)Master; masterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } } }
protected void Button1_Click(object sender, EventArgs e) { string userId = new SRPUser().GetUsernameByEmail(uxEmailaddress.Text); string remoteAddress = new Tools.WebTools().RemoteUserAddress(Request); if (string.IsNullOrEmpty(userId)) { // user requested a password for an email address that is not in the database // if account doesn't exist, send an email saying so var values = new { SystemName = SRPSettings.GetSettingValue("SysName", 1), ControlRoomLink = string.Format("{0}{1}", BaseUrl, "/ControlRoom/LoginRecovery.aspx"), ContactName = SRPSettings.GetSettingValue("ContactName", 1), ContactEmail = SRPSettings.GetSettingValue("ContactEmail", 1), RemoteAddress = remoteAddress, UserEmail = uxEmailaddress.Text, PasswordResetSubject = SRPResources.PasswordEmailSubject }; this.Log().Info("User at {0} requested password reset for nonexistent email {1}", values.RemoteAddress, values.UserEmail); // TODO email - move this template out to the database StringBuilder body = new StringBuilder(); body.Append("<p>A password reset request was received by {SystemName} for your "); body.Append("address. Unfortunately no account could be found associated with "); body.Append("this email address.</p>"); body.Append("<p>If you initiated this request, feel free to "); body.Append("<a href=\"{ControlRoomLink}\">try requesting the password</a> "); body.Append("for any other email address you might have used.</p>"); body.Append("<p>If you have any comments or questions, please contact "); body.Append("{ContactName} at <a href=\"mailto:{ContactEmail}\">{ContactEmail}"); body.Append("</a>.</p>"); body.Append("<p style=\"font-size: smaller;\"><em>This password request was "); body.Append("submitted from: {RemoteAddress}.</em></p>"); new EmailService().SendEmail(uxEmailaddress.Text, "{SystemName} - {PasswordResetSubject}".FormatWith(values), body.ToString().FormatWith(values)); } else { SRPUser lookupUser = SRPUser.FetchByUsername(userId); string passwordResetToken = lookupUser.GeneratePasswordResetToken(); if (string.IsNullOrEmpty(passwordResetToken)) { lblMessage.Text = "Unable to initiate password reset process."; return; } var values = new { SystemName = SRPSettings.GetSettingValue("SysName", lookupUser.TenID), PasswordResetLink = string.Format("{0}{1}?token={2}", BaseUrl, "/ControlRoom/PasswordRecovery.aspx", passwordResetToken), ContactName = SRPSettings.GetSettingValue("ContactName", lookupUser.TenID), ContactEmail = SRPSettings.GetSettingValue("ContactEmail", lookupUser.TenID), RemoteAddress = remoteAddress, UserEmail = uxEmailaddress.Text, PasswordResetSubject = SRPResources.PasswordEmailSubject, }; this.Log().Info("User at {0} requested password reset for email {1}", values.RemoteAddress, values.UserEmail); // TODO email - move this template out to the database StringBuilder body = new StringBuilder(); body.Append("<p>A password reset request was received by {SystemName} for your "); body.Append("address.</p>"); body.Append("<p>Please <a href=\"{PasswordResetLink}\">click here</a> "); body.Append("to create a new password for your account.</p>"); body.Append("<p>If you did not initiate this request, take no action and your "); body.Append("password will not be changed.</p>"); body.Append("<p>If you have any comments or questions, please contact "); body.Append("{ContactName} at <a href=\"mailto:{ContactEmail}\">{ContactEmail}"); body.Append("</a>.</p>"); body.Append("<p style=\"font-size: smaller;\"><em>This password request was "); body.Append("submitted from: {RemoteAddress}.</em></p>"); new EmailService().SendEmail(uxEmailaddress.Text, "{SystemName} - {PasswordResetSubject}".FormatWith(values), body.ToString().FormatWith(values)); } lblMessage.Text = "Processing your password reset request, you should receive an email soon."; }
public void OnAuthenticate(object sender, AuthenticateEventArgs e) { if (Page.IsValid) { SRPUser user = new SRPUser(); bool auth = SRPUser.Login(uxLogin.UserName, uxLogin.Password, Session.SessionID, Request.UserHostAddress == "::1" ? "127.0.0.1" : Request.UserHostAddress, Request.UserHostName == "::1" ? "localhost" : Request.UserHostName, Request.Browser.Browser + " - v" + Request.Browser.MajorVersion + Request.Browser.MinorVersionString); if (!auth) { uxMessageBox.Visible = true; FailureText.Text = SRPResources.BadUserPass; //Account Inactive // e.Authenticated = false; } else { e.Authenticated = true; } if (e.Authenticated) { // handle remember me if (uxLogin.RememberMeSet == true) { var rememberMe = new HttpCookie("ControlRoomUsername", uxLogin.UserName); rememberMe.Expires = DateTime.Now.AddDays(14); Response.Cookies.Set(rememberMe); } else { var rememberMe = new HttpCookie("ControlRoomUsername", string.Empty); rememberMe.Expires = DateTime.Now.AddDays(-1); Response.Cookies.Set(rememberMe); } // Put User Profile into Session. // Put Security roles into session // = ConfigurationManager.AppSettings["ApplicationName"]; user = SRPUser.FetchByUsername(uxLogin.UserName); Session[SessionData.IsLoggedIn.ToString()] = true; Session[SessionData.UserProfile.ToString()] = user; List <SRPPermission> perms = user.EffectiveUserPermissions(); //Session[SessionData.PermissionList.ToString()] = perms; string permList = string.Empty; foreach (SRPPermission perm in perms) { permList += String.Format("#{0}", perm.Permission); } Session[SessionData.StringPermissionList.ToString()] = permList; Session["TenantID"] = user.TenID; Session[CRSessionKey.TenantID] = user.TenID; var tenant = Tenant.FetchObject(user.TenID); Session[CRSessionKey.IsMaster] = tenant.isMasterFlag; if (user.MustResetPassword) { this.Log().Info("Redirecting {0} to mandatory password reset.", user.Username); Response.Redirect("~/ControlRoom/PasswordReset.aspx"); } //List<CMSFolder> folders = user.EffectiveUserFolders(); //Session[SessionData.FoldersList.ToString()] = folders; //string foldersList= string.Empty; //foreach (CMSFolder folder in folders) // foldersList += string.Format("#{0}", folder.Folder); //Session[SessionData.StringFoldersList.ToString()] = foldersList; ////// to do - make sure these are in the settings module/ complete the settings module ////string[] HideFolders = new string[] { ".svn", "CVS", "app_data", "properties", "bin", "obj", "controls", "core", "controlroom", "app_themes" }; ////CMSSettings.SetSetting("HideFolders", HideFolders, ","); ////string[] HideFiles = new string[] { ".*" }; ////CMSSettings.SetSetting("HideFiles", HideFiles, ","); ////string[] AllowedExtensions = new string[] { }; ////CMSSettings.SetSetting("AllowedExtensions", AllowedExtensions, ","); ////string[] DeniedExtensions = new string[] { }; ////CMSSettings.SetSetting("DeniedExtensions", DeniedExtensions, ","); ////// end to do FormsAuthentication.RedirectFromLoginPage(uxLogin.UserName, false); } } else { uxMessageBox.Visible = true; } }
protected void DvItemCommand(object sender, DetailsViewCommandEventArgs e) { string returnURL = "~/ControlRoom/Modules/Tenant/TenantUserList.aspx"; if (e.CommandName.ToLower() == "back") { Response.Redirect(returnURL); } if (e.CommandName.ToLower() == "refresh") { try { odsSRPUser.DataBind(); dv.DataBind(); dv.ChangeMode(DetailsViewMode.Edit); MasterPage.PageMessage = SRPResources.RefreshOK; } catch (Exception ex) { MasterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } } if (e.CommandName.ToLower() == "add" || e.CommandName.ToLower() == "addandback") { try { SRPUser obj = new SRPUser(); obj.Username = ((TextBox)((DetailsView)sender).FindControl("Username")).Text; obj.NewPassword = ((TextBox)((DetailsView)sender).FindControl("Password")).Text; obj.FirstName = ((TextBox)((DetailsView)sender).FindControl("FirstName")).Text; obj.LastName = ((TextBox)((DetailsView)sender).FindControl("LastName")).Text; obj.EmailAddress = ((TextBox)((DetailsView)sender).FindControl("EmailAddress")).Text; obj.Division = ((TextBox)((DetailsView)sender).FindControl("Division")).Text; obj.Department = ((TextBox)((DetailsView)sender).FindControl("Department")).Text; obj.Title = ((TextBox)((DetailsView)sender).FindControl("Title")).Text; //((TextBox)((DetailsView)sender).FindControl("Password")).Attributes["value"] = obj.Password; obj.IsActive = true; obj.MustResetPassword = true; obj.IsDeleted = false; obj.AddedDate = DateTime.Now; obj.AddedUser = ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username; //"N/A"; // Get from session obj.LastModDate = obj.AddedDate; obj.LastModUser = obj.AddedUser; obj.TenID = int.Parse(Session["ATENID"].ToString()); if (obj.IsValid(BusinessRulesValidationMode.INSERT)) { obj.Insert(); if (e.CommandName.ToLower() == "addandback") { Response.Redirect(returnURL); } lblUID.Text = obj.Uid.ToString(); odsSRPUser.DataBind(); dv.DataBind(); dv.ChangeMode(DetailsViewMode.Edit); MasterPage.PageMessage = SRPResources.AddedOK; } else { string message = String.Format(SRPResources.ApplicationError1, "<ul>"); foreach (BusinessRulesValidationMessage m in obj.ErrorCodes) { message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage); } message = string.Format("{0}</ul>", message); MasterPage.PageError = message; } } catch (Exception ex) { MasterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } } if (e.CommandName.ToLower() == "save" || e.CommandName.ToLower() == "saveandback") { try { int pk = int.Parse(((DetailsView)sender).Rows[0].Cells[1].Text); SRPUser obj = new SRPUser(pk); obj.Username = ((TextBox)((DetailsView)sender).FindControl("Username")).Text; obj.NewPassword = ((TextBox)((DetailsView)sender).FindControl("Password")).Text; obj.FirstName = ((TextBox)((DetailsView)sender).FindControl("FirstName")).Text; obj.LastName = ((TextBox)((DetailsView)sender).FindControl("LastName")).Text; obj.EmailAddress = ((TextBox)((DetailsView)sender).FindControl("EmailAddress")).Text; obj.Division = ((TextBox)((DetailsView)sender).FindControl("Division")).Text; obj.Department = ((TextBox)((DetailsView)sender).FindControl("Department")).Text; obj.Title = ((TextBox)((DetailsView)sender).FindControl("Title")).Text; obj.IsActive = ((CheckBox)((DetailsView)sender).FindControl("IsActive")).Checked; obj.MustResetPassword = ((CheckBox)((DetailsView)sender).FindControl("MustResetPassword")).Checked; //((TextBox)((DetailsView)sender).FindControl("Password")).Attributes.Add("value", obj.Password); //obj.IsDeleted = ((TextBox)((DetailsView)sender).FindControl("IsDeleted")).Text; //obj.LastPasswordReset = ((TextBox)((DetailsView)sender).FindControl("LastPasswordReset")).Text; //obj.DeletedDate = ((TextBox)((DetailsView)sender).FindControl("DeletedDate")).Text; //obj.LastModDate = ((TextBox)((DetailsView)sender).FindControl("LastModDate")).Text; //obj.LastModUser = ((TextBox)((DetailsView)sender).FindControl("LastModUser")).Text; //obj.AddedDate = ((TextBox)((DetailsView)sender).FindControl("AddedDate")).Text; //obj.AddedUser = ((TextBox)((DetailsView)sender).FindControl("AddedUser")).Text; obj.LastModDate = DateTime.Now; obj.LastModUser = ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username; //"N/A"; // Get from session if (obj.IsValid(BusinessRulesValidationMode.UPDATE)) { obj.Update(); SaveGroups((DetailsView)sender, obj); //SavePermissions((DetailsView)sender, obj); //SaveFolders((DetailsView)sender, obj); if (e.CommandName.ToLower() == "saveandback") { Response.Redirect(returnURL); } odsSRPUser.DataBind(); dv.DataBind(); dv.ChangeMode(DetailsViewMode.Edit); MasterPage.PageMessage = SRPResources.SaveOK; } else { string message = String.Format(SRPResources.ApplicationError1, "<ul>"); foreach (BusinessRulesValidationMessage m in obj.ErrorCodes) { message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage); } message = string.Format("{0}</ul>", message); MasterPage.PageError = message; } } catch (Exception ex) { MasterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } } }
protected void DvItemCommand(object sender, DetailsViewCommandEventArgs e) { string returnURL = "~/ControlRoom/"; if (e.CommandName.ToLower() == "back") { Response.Redirect(returnURL); } if (e.CommandName.ToLower() == "password") { Response.Redirect("~/ControlRoom/Modules/PortalUser/PasswordReset.aspx"); } if (e.CommandName.ToLower() == "refresh") { try { odsCMSUser.DataBind(); dv.DataBind(); dv.ChangeMode(DetailsViewMode.Edit); //ICMSMasterPage masterPage = (ICMSMasterPage)Master; //masterPage. PageMessage = SRPResources.RefreshOK; } catch (Exception ex) { //ICMSMasterPage masterPage = (ICMSMasterPage)Master; //masterPage. PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } } if (e.CommandName.ToLower() == "save" || e.CommandName.ToLower() == "saveandback") { try { SRPUser obj = new SRPUser(); int pk = (int)SRPUser.Uid; obj = SRPUser.Fetch(pk); obj.FirstName = ((TextBox)((DetailsView)sender).FindControl("FirstName")).Text; obj.LastName = ((TextBox)((DetailsView)sender).FindControl("Lastname")).Text; obj.LastName = ((TextBox)((DetailsView)sender).FindControl("Lastname")).Text; obj.EmailAddress = ((TextBox)((DetailsView)sender).FindControl("Emailaddress")).Text; obj.Title = ((TextBox)((DetailsView)sender).FindControl("Title")).Text; obj.Department = ((TextBox)((DetailsView)sender).FindControl("Department")).Text; obj.Division = ((TextBox)((DetailsView)sender).FindControl("Division")).Text; obj.LastModDate = DateTime.Now; obj.LastModUser = "******"; // Get from session if (obj.IsValid(BusinessRulesValidationMode.UPDATE)) { obj.Update(); SRPUser = obj; Session[SessionData.UserProfile.ToString()] = obj; if (e.CommandName.ToLower() == "saveandback") { Response.Redirect(returnURL); } odsCMSUser.DataBind(); dv.DataBind(); dv.ChangeMode(DetailsViewMode.Edit); //ICMSMasterPage masterPage = (ICMSMasterPage)Master; //masterPage. PageMessage = SRPResources.SaveOK; } else { //ICMSMasterPage masterPage = (ICMSMasterPage)Master; string message = String.Format(SRPResources.ApplicationError1, "<ul>"); foreach (BusinessRulesValidationMessage m in obj.ErrorCodes) { message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage); } message = string.Format("{0}</ul>", message); //masterPage. PageError = message; } } catch (Exception ex) { //ICMSMasterPage masterPage = (ICMSMasterPage)Master; //masterPage. PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } } }