protected void btn_Submit_Click(object sender, EventArgs e) { try { if (captcha == "True") { if (txt_UserID.Text != "" && txt_Password.Text != "") { if (SqInjection.checkForSQLInjection(txt_UserID.Text.Trim())) { return; } else { name = Encrypt(txt_UserID.Text.Trim()); objPRReq.UserID = HttpUtility.UrlEncode(txt_UserID.Text.Trim()); objPRReq.SGNO = txt_UserID.Text.Trim(); } if (SqInjection.checkForSQLInjection(txt_UserID.Text.Trim())) { Response.Redirect(string.Format("~/Error.aspx"), false); } else { objPRReq.Email = txt_UserID.Text.Trim(); } if (SqInjection.checkForSQLInjection(txt_Password.Text.Trim())) { Response.Redirect(string.Format("~/Error.aspx"), false); } else { objPRReq.Password = HttpUtility.UrlEncode(txt_Password.Text.Trim()); } objPRReq.Status = "Active"; PRResp r = objPRIBC.AdminLogin(objPRReq); DataTable dt = r.GetTable; objPRReq.Role = 0; if (dt.Rows.Count > 0) { string myval = FormsAuthentication.HashPasswordForStoringInConfigFile(ViewState["KeyGenerator"].ToString(), "SHA1"); string password = dt.Rows[0]["Password"].ToString(); string value = FormsAuthentication.HashPasswordForStoringInConfigFile(password.ToLower() + myval.ToLower(), "SHA1"); if (txtPwdHash.Value == value.ToLower()) { foreach (DataRow dr in dt.Rows) { if (dr["Role"].ToString() != "0") { continue; } // CIT Inventory if (dr["Status"].ToString() == "Active") { Session["UserID"] = dr["UID"]; Response.Redirect(string.Format("~/Admin/AssignRole.aspx?st={0}", name), false); } } throw new Exception("You are not authorised for the role of Admin"); } } try { objPRReq.EmpID = double.Parse(objPRReq.UserID); } catch { throw new Exception("Invalid User Login Credentials"); } r = objPRIBC.EmpLogin(objPRReq); dt = r.GetTable; if (dt.Rows.Count > 0) { r = objPRIBC.getAdminRoleEmpID(objPRReq); DataTable dr = r.GetTable; string myval = FormsAuthentication.HashPasswordForStoringInConfigFile(ViewState["KeyGenerator"].ToString(), "SHA1"); string password = dt.Rows[0]["Password"].ToString(); string value = FormsAuthentication.HashPasswordForStoringInConfigFile(password.ToLower() + myval.ToLower(), "SHA1"); // CIT Inventory if (txtPwdHash.Value != value.ToLower()) { } else if (dr.Rows.Count > 0 && dr.Rows[0]["Status"].ToString() == "Active") { Session["UserID"] = dr.Rows[0]["UID"]; Response.Redirect(string.Format("~/Admin/AssignRole.aspx?st={0}", name), false); } else { throw new Exception("You are not authorised for the role of Admin"); } } r = objPRIBC.ProjStaffLogin(objPRReq); dt = r.GetTable; if (dt.Rows.Count > 0) { r = objPRIBC.getAdminRoleEmpID(objPRReq); DataTable dr = r.GetTable; string myval = FormsAuthentication.HashPasswordForStoringInConfigFile(ViewState["KeyGenerator"].ToString(), "SHA1"); string password = dt.Rows[0]["Password"].ToString(); string value = FormsAuthentication.HashPasswordForStoringInConfigFile(password.ToLower() + myval.ToLower(), "SHA1"); // CIT Inventory if (txtPwdHash.Value != value.ToLower()) { } else if (dr.Rows.Count > 0 && dr.Rows[0]["Status"].ToString() == "Active") { Session["UserID"] = dr.Rows[0]["UID"]; Response.Redirect(string.Format("~/Admin/AssignRole.aspx?st={0}", name), false); } else { throw new Exception("You are not authorised for the role of Admin"); } } throw new Exception(" Invalid User Login Credintials"); } else { throw new Exception(" Enter UserID & Password"); } } } catch (Exception ex) { string msg = ex.Message.Replace("'", ""); ScriptManager.RegisterStartupScript(this.Page, this.Page.GetType(), "Alert...!!!", "alert('" + msg + "');", true); } }
// Admin Login //protected void ValidateCaptcha(object sender, ServerValidateEventArgs e) //{ // Captcha1.ValidateCaptcha(txt_Captcha.Text.Trim()); // e.IsValid = Captcha1.UserValidated; // if (e.IsValid) // { // captcha = e.IsValid.ToString(); // } //} protected void btn_AdminLogin_Click(object sender, EventArgs e) { try { if (txt_UserID.Text != "" && txt_Password.Text != "") { if (Session["captcha"].ToString() == txt_Captcha.Text) { if (SqInjection.checkForSQLInjection(txt_UserID.Text.Trim())) { return; } else { name = Encrypt(txt_UserID.Text.Trim()); objPRReq.UserID = HttpUtility.UrlEncode(txt_UserID.Text.Trim()); objPRReq.SGNO = txt_UserID.Text.Trim(); } if (SqInjection.checkForSQLInjection(txt_UserID.Text.Trim())) { Response.Redirect(string.Format("~/Error.aspx"), false); } else { objPRReq.Email = txt_UserID.Text.Trim(); } if (SqInjection.checkForSQLInjection(txt_Password.Text.Trim())) { Response.Redirect(string.Format("~/Error.aspx"), false); } else { objPRReq.Password = HttpUtility.UrlEncode(txt_Password.Text.Trim()); } objPRReq.Status = "Active"; PRResp r = objPRIBC.AdminLogin(objPRReq); DataTable dt = r.GetTable; if (dt.Rows.Count > 0) { foreach (DataRow dr in dt.Rows) { string myval = FormsAuthentication.HashPasswordForStoringInConfigFile(ViewState["KeyGenerator"].ToString(), "SHA1"); string password = dr["Password"].ToString(); string value = FormsAuthentication.HashPasswordForStoringInConfigFile(password.ToLower() + myval.ToLower(), "SHA1"); //Application Admin if (dr["Status"].ToString() == "Active" && dr["Role"].ToString() == "0" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = dr["UID"]; Response.Redirect(string.Format("Admin/{0}?st={0}", name), false); } else // DG if (dr["Status"].ToString() == "Active" && dr["Role"].ToString() == "1" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = dr["UID"]; Response.Redirect(string.Format("~/DG/DGHome.aspx?st={0}", name), false); } else //Project Staff Payroll if (dr["Status"].ToString() == "Active" && dr["Role"].ToString() == "10" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = dr["UID"]; Response.Redirect(string.Format("~/PSPayrolls/PSHome.aspx?st={0}", name), false); } else // Payroll Users if (dr["Status"].ToString() == "Active" && dr["Role"].ToString() == "2" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = dr["UID"]; Response.Redirect(string.Format("~/ACCPayrolls/PayrollHome.aspx?st={0}", name), false); } else // Vehicle Admin if (dr["Status"].ToString() == "Active" && dr["Role"].ToString() == "3" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = dr["UID"]; Response.Redirect(string.Format("~/Vehicle/VehicleHome.aspx?st={0}", name), false); } else //E Admin if (dr["Status"].ToString() == "Active" && dr["Role"].ToString() == "4" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = dr["UID"]; Response.Redirect(string.Format("~/EAdmin/eAdmnHome.aspx?st={0}", name), false); } else // Security if (dr["Status"].ToString() == "Active" && dr["Role"].ToString() == "5" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = dr["UID"]; Response.Redirect(string.Format("~/SecurityOfficer/SOHome.aspx?st={0}", name), false); } else // ART if (dr["Status"].ToString() == "Active" && dr["Role"].ToString() == "6" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = dr["UID"]; Response.Redirect(string.Format("~/AR_T/ARTHome.aspx?st={0}", name), false); } else //ARE if (dr["Status"].ToString() == "Active" && dr["Role"].ToString() == "7" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = dr["UID"]; Response.Redirect(string.Format("~/AR_E/AREHome.aspx?st={0}", name), false); } else //GuestHouse if (dr["Status"].ToString() == "Active" && dr["Role"].ToString() == "8" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = dr["UID"]; Response.Redirect(string.Format("~/GuestHouse/GHHome.aspx?st={0}", name), false); } else // CIT Inventory if (dr["Status"].ToString() == "Active" && dr["Role"].ToString() == "9" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = dr["UID"]; Response.Redirect(string.Format("~/CICTInventory/InventoryHome.aspx?st={0}", name), false); } else // CIT Inventory if (dr["Status"].ToString() == "Active" && dr["Role"].ToString() == "11" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = dr["UID"]; Response.Redirect(string.Format("~/eLeave/eLeaveAdminHome.aspx?st={0}", name), false); } else // Finance if (dr["Status"].ToString() == "Active" && dr["Role"].ToString() == "12" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = dr["UID"]; Response.Redirect(string.Format("~/Finance/FinanceHome.aspx?st={0}", name), false); } else // CMU Ticketing if (dr["Status"].ToString() == "Active" && dr["Role"].ToString() == "14" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = dr["UID"]; Response.Redirect(string.Format("~/CMU_Ticketing/CMUTicketingHome.aspx?st={0}", name), false); } else { string msg = " Invalid User Login Credintials"; ScriptManager.RegisterStartupScript(this.Page, this.Page.GetType(), "Alert...!!!", "alert('" + msg + "');", true); } } } else { objPRReq.Status = "Active"; PRResp ru = objPRIBC.StoreUserLogin(objPRReq); DataTable dtu = ru.GetTable; if (dtu.Rows.Count > 0) { foreach (DataRow dru in dtu.Rows) { string myval = FormsAuthentication.HashPasswordForStoringInConfigFile(ViewState["KeyGenerator"].ToString(), "SHA1"); string password = dru["Password"].ToString(); string value = FormsAuthentication.HashPasswordForStoringInConfigFile(password.ToLower() + myval.ToLower(), "SHA1"); if (dru["Status"].ToString() == "Active" && dru["Role"].ToString() == "10" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = dru["SUID"]; Response.Redirect(string.Format("~/NIRDStores/StoreUser/StoreUserHome.aspx?st={0}", name), false); } else { string msg = "Invalid User Login Credientials"; ScriptManager.RegisterStartupScript(this.Page, this.Page.GetType(), "Alert...!!!", "alert('" + msg + "');", true); } } } else { objPRReq.Status = "Active"; if (Microsoft.VisualBasic.Information.IsNumeric(txt_UserID.Text)) { objPRReq.EmpID = int.Parse(txt_UserID.Text.Trim()); } PRResp remp = objPRIBC.EmpLogin(objPRReq); DataTable dtemp = remp.GetTable; if (dtemp.Rows.Count > 0) { foreach (DataRow dremp in dtemp.Rows) { string myval = FormsAuthentication.HashPasswordForStoringInConfigFile(ViewState["KeyGenerator"].ToString(), "SHA1"); string password = dremp["Password"].ToString(); string value = FormsAuthentication.HashPasswordForStoringInConfigFile(password.ToLower() + myval.ToLower(), "SHA1"); if (dremp["Status"].ToString() == "Active" && dremp["Role"].ToString() == "5" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = dremp["EmpID"]; Response.Redirect(string.Format("~/HOC/HOC_MainHome.aspx?st={0}", name), false); } //else // if (dremp["Status"].ToString() == "Active" && dremp["Role"].ToString() == "5" && txtPwdHash.Value == value.ToLower()) // { // Session["UserID"] = dremp["EmpID"]; // Response.Redirect(string.Format("~/Emp/Circulars.aspx?st={0}", name), false); // } else { string msg = "Invalid User Login Credientials"; ScriptManager.RegisterStartupScript(this.Page, this.Page.GetType(), "Alert...!!!", "alert('" + msg + "');", true); } } } else { PRResp rps = objPRIBC.ProjStaffLogin(objPRReq); DataTable dps = rps.GetTable; if (dps.Rows.Count > 0) { foreach (DataRow drps in dps.Rows) { string myval = FormsAuthentication.HashPasswordForStoringInConfigFile(ViewState["KeyGenerator"].ToString(), "SHA1"); string password = drps["Password"].ToString(); string value = FormsAuthentication.HashPasswordForStoringInConfigFile(password.ToLower() + myval.ToLower(), "SHA1"); if (drps["Status"].ToString() == "Active" && drps["Role"].ToString() == "12" && txtPwdHash.Value == value.ToLower().Trim() && (drps["Flag1"].ToString() != "1" || drps["Flag1"].ToString() == "")) { Session["UserID"] = drps["EmpID"]; Response.Redirect(string.Format("~/ProjectStaff/PSHome.aspx?st={0}", name), false); } else if (drps["Status"].ToString() == "Active" && drps["Role"].ToString() == "12" && txtPwdHash.Value == value.ToLower().Trim()) { Session["UserID"] = drps["EmpID"]; Response.Redirect(string.Format("~/ProjectStaff/PS_MainHome.aspx?st={0}", name), false); } else { string msg = "Invalid User Login Credientials"; ScriptManager.RegisterStartupScript(this.Page, this.Page.GetType(), "Alert...!!!", "alert('" + msg + "');", true); } } } else { // Security Guard objPRReq.Status = "Active"; objPRReq.SGNO = txt_UserID.Text.Trim(); PRResp rsg = objPRIBC.SGLogin(objPRReq); DataTable dsg = rsg.GetTable; if (dsg.Rows.Count > 0) { foreach (DataRow drg in dsg.Rows) { string myval = FormsAuthentication.HashPasswordForStoringInConfigFile(ViewState["KeyGenerator"].ToString(), "SHA1"); string password = drg["Password"].ToString(); string value = FormsAuthentication.HashPasswordForStoringInConfigFile(password.ToLower() + myval.ToLower(), "SHA1"); if (drg["Status"].ToString() == "Active" && drg["Role"].ToString() == "100" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = drg["SGID"]; Response.Redirect(string.Format("~/Security/SecurityHomepage.aspx?st={0}", name), false); } else { string msg = "Invalid User Login Credientials"; ScriptManager.RegisterStartupScript(this.Page, this.Page.GetType(), "Alert...!!!", "alert('" + msg + "');", true); } } } else { objPRReq.Status = "Active"; objPRReq.Email = txt_UserID.Text.Trim(); PRResp rcit = objPRIBC.CITSSLogin(objPRReq); DataTable dcit = rcit.GetTable; if (dcit.Rows.Count > 0) { foreach (DataRow dts in dcit.Rows) { string myval = FormsAuthentication.HashPasswordForStoringInConfigFile(ViewState["KeyGenerator"].ToString(), "SHA1"); string password = dts["Password"].ToString(); string value = FormsAuthentication.HashPasswordForStoringInConfigFile(password.ToLower() + myval.ToLower(), "SHA1"); if (dts["Status"].ToString() == "Active" && dts["Role"].ToString() == "11" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = dts["CSID"]; Response.Redirect(string.Format("~/CITStaff/CITSSHome.aspx?st={0}", name), false); } else { string msg = "Invalid User Login Credientials"; ScriptManager.RegisterStartupScript(this.Page, this.Page.GetType(), "Alert...!!!", "alert('" + msg + "');", true); } } } else { objPRReq.Status = "Active"; objPRReq.UserID = txt_UserID.Text.Trim(); PRResp rcelDA = objPRIBC.eLDALogin(objPRReq); DataTable dcelDA = rcelDA.GetTable; if (dcelDA.Rows.Count > 0) { foreach (DataRow dtelda in dcelDA.Rows) { string myval = FormsAuthentication.HashPasswordForStoringInConfigFile(ViewState["KeyGenerator"].ToString(), "SHA1"); string password = dtelda["Password"].ToString(); string value = FormsAuthentication.HashPasswordForStoringInConfigFile(password.ToLower() + myval.ToLower(), "SHA1"); if (dtelda["Status"].ToString() == "Active" && dtelda["Role"].ToString() == "12" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = dtelda["UserID"]; Response.Redirect(string.Format("~/eLeaveDA/EmployeeStatus.aspx?st={0}", name), false); } else if (dtelda["Status"].ToString() == "Active" && dtelda["Role"].ToString() == "13" && txtPwdHash.Value == value.ToLower()) { Session["UserID"] = dtelda["UserID"]; Response.Redirect(string.Format("~/HCMS/hcmsHome.aspx?st={0}", name), false); } else { string msg = "Invalid User Login Credientials"; ScriptManager.RegisterStartupScript(this.Page, this.Page.GetType(), "Alert...!!!", "alert('" + msg + "');", true); } } } else { string msg = " Enter User Login Credientials"; ScriptManager.RegisterStartupScript(this.Page, this.Page.GetType(), "Alert...!!!", "alert('" + msg + "');", true); } } } } } } } } else { string msg = " Enter Valid Cpatch.."; ScriptManager.RegisterStartupScript(this.Page, this.Page.GetType(), "Alert...!!!", "alert('" + msg + "');", true); } } else { string msg = " Enter User Login Credientials"; ScriptManager.RegisterStartupScript(this.Page, this.Page.GetType(), "Alert...!!!", "alert('" + msg + "');", true); } } catch (Exception ex) { string msg = ex.Message.Replace("'", ""); Response.Redirect(string.Format("~/Error.aspx?st=" + msg.ToString()), false); } }