protected void UpdateLogout(bool hideHeader)
{
bool isLoggedIn = Session["IsLoggedIn"] != null && Convert.ToBoolean(Session["IsLoggedIn"]);
bool isStakeholder = Session["IsStakeholder"] != null && Convert.ToBoolean(Session["IsStakeholder"]);
bool isMasterAdmin = Session["IsMasterAdmin"] != null && Convert.ToBoolean(Session["IsMasterAdmin"]);
bool isAdmin = Session["IsAdmin"] != null && Convert.ToBoolean(Session["IsAdmin"]);
bool isPrincipal = Session["IsPrincipal"] != null && Convert.ToBoolean(Session["IsPrincipal"]);
bool isAdminView = isStakeholder || isMasterAdmin || isAdmin;
if (!isLoggedIn)
{
Logout(hideHeader);
return;
}
// if another session logged in - logout here
if (!(new List <int> {
-5, -7, -8
}).Contains((int)Session["StaffID"]))
{
UserLogin userlogin = (Session["PatientID"] == null) ?
UserLoginDB.GetByUserID(Convert.ToInt32(Session["StaffID"]), -1) :
UserLoginDB.GetByUserID(-1, Convert.ToInt32(Session["StaffID"]));
if (userlogin == null || userlogin.SessionID != HttpContext.Current.Session.SessionID.ToString())
{
Logout(hideHeader);
return;
}
if (Session["SiteID"] == null &&
!HttpContext.Current.Request.Url.LocalPath.Contains("/Account/LoginV2.aspx") &&
!HttpContext.Current.Request.Url.LocalPath.Contains("/Account/LogoutV2.aspx") &&
!HttpContext.Current.Request.Url.LocalPath.Contains("/Account/SelectSiteV2.aspx"))
{
Response.Redirect("~/Account/SelectSiteV2.aspx?from_url=" + Request.RawUrl);
}
if (!isAdminView && Session["OrgID"] == null &&
!HttpContext.Current.Request.Url.LocalPath.Contains("/Account/Login.aspx") &&
!HttpContext.Current.Request.Url.LocalPath.Contains("/Account/Logout.aspx") &&
!HttpContext.Current.Request.Url.LocalPath.Contains("/Account/SelectOrg.aspx") &&
!HttpContext.Current.Request.Url.LocalPath.Contains("/Account/SelectSite.aspx"))
{
Response.Redirect("~/Account/SelectOrgV2.aspx?from_url=" + Request.RawUrl);
}
if (!(new List <int> {
-5, -7, -8
}).Contains((int)Session["StaffID"]))
{
UserLoginDB.UpdateLastAccessTime(userlogin.UserloginID, DateTime.Now, Request.RawUrl.Contains("/Account/Logout.aspx") ? "" : Request.RawUrl);
}
}
}
protected void UpdateLogout(bool hideHeader)
{
UserView userView = UserView.GetInstance();
if (!userView.IsLoggedIn)
{
Logout(hideHeader);
return;
}
// if another session logged in - logout here
if (Session["StaffID"] == null || !(new List <int> {
-5, -7, -8
}).Contains((int)Session["StaffID"]))
{
UserLogin userlogin = null;
if (HttpContext.Current.Session != null && HttpContext.Current.Session["DB"] != null)
{
userlogin = !userView.IsPatient ?
UserLoginDB.GetByUserID(Convert.ToInt32(Session["StaffID"]), -1) :
UserLoginDB.GetByUserID(-1, Convert.ToInt32(Session["PatientID"]));
}
if (userlogin == null || userlogin.SessionID != HttpContext.Current.Session.SessionID.ToString())
{
Logout(hideHeader);
return;
}
if (Session["SiteID"] == null &&
!HttpContext.Current.Request.Url.LocalPath.Contains("/Account/LoginV2.aspx") &&
!HttpContext.Current.Request.Url.LocalPath.Contains("/Account/LogoutV2.aspx") &&
!HttpContext.Current.Request.Url.LocalPath.Contains("/Account/SelectSiteV2.aspx"))
{
Response.Redirect("~/Account/SelectSiteV2.aspx?from_url=" + Request.RawUrl);
}
if (!userView.IsAdminView && Session["OrgID"] == null &&
!HttpContext.Current.Request.Url.LocalPath.Contains("/Account/LoginV2.aspx") &&
!HttpContext.Current.Request.Url.LocalPath.Contains("/Account/LogoutV2.aspx") &&
!HttpContext.Current.Request.Url.LocalPath.Contains("/Account/SelectOrgV2.aspx") &&
!HttpContext.Current.Request.Url.LocalPath.Contains("/Account/SelectSiteV2.aspx"))
{
Response.Redirect("~/Account/SelectOrgV2.aspx?from_url=" + Request.RawUrl);
}
UserLoginDB.UpdateLastAccessTime(userlogin.UserloginID, DateTime.Now, Request.RawUrl.Contains("/Account/Logout.aspx") ? "" : Request.RawUrl);
}
}
private void LogIn(string login, string pwd)
{
try
{
Session.Remove("DB");
if (Convert.ToBoolean(ConfigurationManager.AppSettings["UseConfigDB"]))
{
Session["DB"] = ConfigurationManager.AppSettings["Database"];
}
else // Get DB from Mediclinic_Main
{
UserDatabaseMapper user = UserDatabaseMapperDB.GetByLogin(login);
if (user == null)
{
this.FailureText.Text = "<div class=\"alert alert-danger\" runat=\"server\"><strong>Login Failed.</strong> Please ensure that your username and password are correct and try again.</div>";
return;
}
Session["DB"] = user.DBName;
}
Staff staff = StaffDB.GetByLogin(login);
Patient patient = PatientDB.GetByLogin(login);
bool allowPatientLogins = Convert.ToInt32(SystemVariableDB.GetByDescr("AllowPatientLogins").Value) == 1;
bool validStaff = staff != null && staff.Pwd == pwd && !staff.IsFired;
bool validPatient = allowPatientLogins && patient != null && patient.Pwd == pwd && !patient.IsDeleted;
if (validStaff)
{
UserLogin curLogin = UserLoginDB.GetCurLoggedIn(staff.StaffID, -1, HttpContext.Current.Session.SessionID, -1);
if (curLogin != null)
{
UserLoginDB.UpdateLastAccessTime(curLogin.UserloginID, DateTime.Now, Request.RawUrl);
UserLoginDB.UpdateSetOtherSessionsOfThisUserLoggedOut(curLogin.UserloginID, staff.StaffID, -1);
}
else
{
UserLoginDB.UpdateSetAllSessionsLoggedOut(staff.StaffID, -1);
UserLoginDB.Insert((staff == null) ? -1 : staff.StaffID, -1, login, -1, validStaff, HttpContext.Current.Session.SessionID, Request.UserHostAddress);
}
this.FailureText.Text = "";
Session["IsLoggedIn"] = true;
Session["IsStakeholder"] = staff.IsStakeholder;
Session["IsMasterAdmin"] = staff.IsMasterAdmin;
Session["IsAdmin"] = staff.IsAdmin;
Session["IsPrincipal"] = staff.IsPrincipal;
Session["IsProvider"] = staff.IsProvider;
Session["IsExternal"] = staff.IsExternal;
Session["StaffID"] = staff.StaffID;
Session["StaffFullnameWithoutMiddlename"] = staff.Person.FullnameWithoutMiddlename;
Session["StaffFirstname"] = staff.Person.Firstname;
Session["NumDaysToDisplayOnBookingScreen"] = staff.NumDaysToDisplayOnBookingScreen;
Session["HideBookingNotes"] = staff.HideBookingNotes;
Session["ShowOtherProvidersOnBookingScreen"] = false;
Session["ShowHeaderOnBookingScreen"] = staff.ShowHeaderOnBookingScreen;
Session["SystemVariables"] = SystemVariableDB.GetAll();
Session["OfferingColors"] = OfferingDB.GetColorCodes();
System.Web.Security.FormsAuthentication.SetAuthCookie("--", true); // needed to use forms authentication
UserView userView = UserView.GetInstance();
Site[] allowedSites = StaffSiteRestrictionDB.GetSitesNotRestricted(staff.StaffID, -1, false);
//
// until aged care is running, remove aged care from display
//
/*
* System.Collections.ArrayList list = new System.Collections.ArrayList();
* for (int i = 0; i < allowedSites.Length; i++)
* if (allowedSites[i].SiteType.ID == 1 || Utilities.IsDev())
* list.Add(allowedSites[i]);
* allowedSites = (Site[])list.ToArray(typeof(Site));
*/
Site[] allSites = SiteDB.GetAll();
if (allowedSites.Length == 0 && allSites.Length == 1)
{
Session["SiteID"] = allSites[0].SiteID;
Session["SiteName"] = allSites[0].Name;
Session["IsMultipleSites"] = false;
Session["SiteIsClinic"] = allSites[0].SiteType.ID == 1;
Session["SiteIsAgedCare"] = allSites[0].SiteType.ID == 2;
Session["SiteIsGP"] = allSites[0].SiteType.ID == 3;
Session["SiteTypeID"] = allSites[0].SiteType.ID;
Session["SiteTypeDescr"] = allSites[0].SiteType.Descr;
UserLoginDB.UpdateSite(staff.StaffID, -1, allSites[0].SiteID);
if (!userView.IsAdminView) // need to choose org
{
if (Session["OrgID"] == null) // providers need to select an org, need to choose one
{
Response.Redirect("~/Account/SelectOrgV2.aspx" + GetUrlCarryOverParams(), false);
return;
}
}
}
if (allowedSites.Length == 1)
{
Session["SiteID"] = allowedSites[0].SiteID;
Session["SiteName"] = allowedSites[0].Name;
Session["IsMultipleSites"] = false;
Session["SiteIsClinic"] = allowedSites[0].SiteType.ID == 1;
Session["SiteIsAgedCare"] = allowedSites[0].SiteType.ID == 2;
Session["SiteIsGP"] = allowedSites[0].SiteType.ID == 3;
Session["SiteTypeID"] = allowedSites[0].SiteType.ID;
Session["SiteTypeDescr"] = allowedSites[0].SiteType.Descr;
UserLoginDB.UpdateSite(staff.StaffID, -1, allowedSites[0].SiteID);
if (!userView.IsAdminView) // need to choose org
{
if (Session["OrgID"] == null) // providers need to select an org, need to choose one
{
Response.Redirect("~/Account/SelectOrgV2.aspx" + GetUrlCarryOverParams(), false);
return;
}
}
}
else // if more than one site, go to choose. if no sites this page will say to contact admin
{
if (Session["SiteID"] == null) // admins if yet to login to a site, need to choose one
{
Session["IsMultipleSites"] = true;
Response.Redirect("~/Account/SelectSiteV2.aspx" + GetUrlCarryOverParams(), false);
return;
}
}
/*
*
* if (!staff.IsAdmin)
* {
* // provs only login to clinic site
* Site site = SiteDB.GetByID(2);
* Session["SiteID"] = site.SiteID;
* Session["SiteName"] = site.Name;
*
* if (Session["OrgID"] == null) // providers et to login to select an org, need to choose one
* {
* if (Request.QueryString["from_url"] != null)
* {
* Response.Redirect("~/Account/SelectOrgV2.aspx?" + Request.RawUrl.Substring(Request.RawUrl.IndexOf("from_url=")), false);
* return;
* }
* else
* {
* Response.Redirect("~/Account/SelectOrgV2.aspx", false);
* return;
* }
* }
* }
* else
* {
* if (Session["SiteID"] == null) // admins if yet to login to a site, need to choose one
* {
* if (Request.QueryString["from_url"] != null)
* {
* Response.Redirect("~/Account/SelectSiteV2.aspx?" + Request.RawUrl.Substring(Request.RawUrl.IndexOf("from_url=")), false);
* return;
* }
* else
* {
* Response.Redirect("~/Account/SelectSiteV2.aspx", false);
* return;
* }
* }
* }
*
*/
if (Request.QueryString["from_url"] != null)
{
Response.Redirect(Server.UrlDecode(Request.RawUrl.Substring(Request.RawUrl.IndexOf("from_url=") + 9)), false);
return;
}
else
{
Response.Redirect(Convert.ToInt32(Session["StaffID"]) >= 0 ? "~/Default.aspx" : "~/StaffLoginsV2.aspx", false);
return;
}
}
else if (validPatient)
{
UserLogin curLogin = UserLoginDB.GetCurLoggedIn(-1, patient.PatientID, HttpContext.Current.Session.SessionID, -1);
if (curLogin != null)
{
UserLoginDB.UpdateLastAccessTime(curLogin.UserloginID, DateTime.Now, Request.RawUrl);
UserLoginDB.UpdateSetOtherSessionsOfThisUserLoggedOut(curLogin.UserloginID, -1, patient.PatientID);
}
else
{
UserLoginDB.UpdateSetAllSessionsLoggedOut(-1, patient.PatientID);
UserLoginDB.Insert(-1, (patient == null) ? -1 : patient.PatientID, login, -1, validPatient, HttpContext.Current.Session.SessionID, Request.UserHostAddress);
}
this.FailureText.Text = "";
Session["IsLoggedIn"] = true;
Session["IsStakeholder"] = false;
Session["IsMasterAdmin"] = false;
Session["IsAdmin"] = false;
Session["IsPrincipal"] = false;
Session["IsProvider"] = false;
Session["IsExternal"] = false;
Session["PatientID"] = patient.PatientID;
Session["StaffFullnameWithoutMiddlename"] = patient.Person.FullnameWithoutMiddlename;
Session["StaffFirstname"] = patient.Person.Firstname;
Session["NumDaysToDisplayOnBookingScreen"] = 3;
Session["ShowOtherProvidersOnBookingScreen"] = false;
Session["ShowHeaderOnBookingScreen"] = true;
Session["SystemVariables"] = SystemVariableDB.GetAll();
Session["OfferingColors"] = OfferingDB.GetColorCodes();
System.Web.Security.FormsAuthentication.SetAuthCookie("--", true); // needed to use forms authentication
Site[] allSites = SiteDB.GetAll();
Site[] allowedSites = SiteDB.GetAll();
//
// remove aged care from display
//
System.Collections.ArrayList list = new System.Collections.ArrayList();
for (int i = 0; i < allSites.Length; i++)
{
if (allSites[i].SiteType.ID == 1)
{
list.Add(allSites[i]);
}
}
allowedSites = (Site[])list.ToArray(typeof(Site));
if (allowedSites.Length == 0 && allSites.Length == 1)
{
Session["SiteID"] = allSites[0].SiteID;
Session["SiteName"] = allSites[0].Name;
Session["SiteIsClinic"] = allSites[0].SiteType.ID == 1;
Session["SiteIsAgedCare"] = allSites[0].SiteType.ID == 2;
Session["SiteIsGP"] = allSites[0].SiteType.ID == 3;
Session["SiteTypeID"] = allSites[0].SiteType.ID;
Session["SiteTypeDescr"] = allSites[0].SiteType.Descr;
UserLoginDB.UpdateSite(-1, patient.PatientID, allSites[0].SiteID);
if (Session["OrgID"] == null) // providers, ext staff, patient logins need to select an org, need to choose one
{
if (Request.QueryString["from_url"] != null)
{
string from_url = Server.UrlDecode(Request.RawUrl.Substring(Request.RawUrl.IndexOf("from_url=") + 9));
if (from_url.Contains("BookingsV2.aspx?") && from_url.Contains("orgs="))
{
Uri theRealURL = new Uri(HttpContext.Current.Request.Url.Scheme + "://" + HttpContext.Current.Request.Url.Authority + from_url);
string orgs = HttpUtility.ParseQueryString(theRealURL.Query).Get("orgs");
if (Regex.IsMatch(orgs, @"^\d+$"))
{
Organisation org = OrganisationDB.GetByID(Convert.ToInt32(orgs));
if (org != null)
{
Session["OrgID"] = org.OrganisationID.ToString();
Session["OrgName"] = org.Name;
Response.Redirect(from_url, false);
return;
}
}
}
}
Response.Redirect("~/Account/SelectOrgV2.aspx" + GetUrlCarryOverParams(), false);
return;
}
}
if (allowedSites.Length == 1)
{
Session["SiteID"] = allowedSites[0].SiteID;
Session["SiteName"] = allowedSites[0].Name;
Session["SiteIsClinic"] = allowedSites[0].SiteType.ID == 1;
Session["SiteIsAgedCare"] = allowedSites[0].SiteType.ID == 2;
Session["SiteIsGP"] = allowedSites[0].SiteType.ID == 3;
Session["SiteTypeID"] = allowedSites[0].SiteType.ID;
Session["SiteTypeDescr"] = allowedSites[0].SiteType.Descr;
UserLoginDB.UpdateSite(-1, patient.PatientID, allowedSites[0].SiteID);
if (Session["OrgID"] == null) // providers need to select an org, need to choose one
{
if (Request.QueryString["from_url"] != null)
{
string from_url = Server.UrlDecode(Request.RawUrl.Substring(Request.RawUrl.IndexOf("from_url=") + 9));
if (from_url.Contains("BookingsV2.aspx?") && from_url.Contains("orgs="))
{
Uri theRealURL = new Uri(HttpContext.Current.Request.Url.Scheme + "://" + HttpContext.Current.Request.Url.Authority + from_url);
string orgs = HttpUtility.ParseQueryString(theRealURL.Query).Get("orgs");
if (Regex.IsMatch(orgs, @"^\d+$"))
{
Organisation org = OrganisationDB.GetByID(Convert.ToInt32(orgs));
if (org != null)
{
Session["OrgID"] = org.OrganisationID.ToString();
Session["OrgName"] = org.Name;
Response.Redirect(from_url, false);
return;
}
}
}
}
Response.Redirect("~/Account/SelectOrgV2.aspx" + GetUrlCarryOverParams(), false);
return;
}
}
else // if more than one site, go to choose. if no sites this page will say to contact admin
{
if (Session["SiteID"] == null) // admins if yet to login to a site, need to choose one
{
Response.Redirect("~/Account/SelectSiteV2.aspx" + GetUrlCarryOverParams(), false);
return;
}
}
if (Request.QueryString["from_url"] != null)
{
Response.Redirect(Server.UrlDecode(Request.RawUrl.Substring(Request.RawUrl.IndexOf("from_url=") + 9)), false);
return;
}
else
{
Response.Redirect(Convert.ToInt32(Session["StaffID"]) >= 0 ? "~/Default.aspx" : "~/StaffLoginsV2.aspx", false);
return;
}
}
else
{
//UserLoginDB.Insert((staff == null) ? -1 : staff.StaffID, login, -1, validStaff, HttpContext.Current.Session.SessionID, Request.UserHostAddress);
this.FailureText.Text = "Login Failed.";
}
}
catch (Exception ex)
{
Logger.LogException(ex);
if (Utilities.IsDev())
{
FailureText.Text = ex.ToString();
}
else
{
throw;
}
}
}