/// <summary> /// Handles the Click event of the btnSubmit control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param> /// <remarks></remarks> protected void btnSubmit_Click(object sender, EventArgs e) { hdnErrormsgFromLoginNext.Value = ""; //Page.ClientScript.RegisterStartupScript(this.GetType(), "VKeyboard", "init();", true); Session["AccountNumber"] = null; _cardHolderId = Convert.ToInt32(Session["CardHolderId"]); bool UserStatus = false; if (hdnTabIndex.Value == "0" && (txtUsername.Text == "" || txtPassword.Text == "")) { LblErrorMessage.Text = Constants.InvalidUnamePwd; DivERROR.Attributes.CssStyle.Add("display", "block"); return; } if (hdnTabIndex.Value == "1" && (txtUsername.Text == "" || txtOTP.Text == "")) { LblErrorMessage.Text = Constants.InvalidUnamePwd; DivERROR.Attributes.CssStyle.Add("display", "block"); return; } var am = new CardHolderManager(); var cmn = new CardManager(); var chlm = new CardHolderLoginInfoManager(); var chdto = new List <CardHolderLogin_InfoDTO>(); string Paswd = txtPassword.Text.Trim(); txtPassword.Text = string.Empty; string publicIp = Request.UserHostAddress; var cardHolder = am.AuthenticateUser(txtUsername.Text.Trim(), publicIp); if (hdnTabIndex.Value == "0" && String.CompareOrdinal(Paswd, cardHolder.User_pwd) != 0) { if (_cardHolderId == 0) { Response.Redirect("ErrorPage/CodeError.aspx"); } int tries = 1; chdto = chlm.getCardHolderLoginInfoByID(_cardHolderId); if (chdto.Count > 0) { if (chdto[0].Login_Attempt_FirstDt <= System.DateTime.Today.AddDays(-1) && chdto[0].Login_Attempts < 3) { chlm.DeleteCardHolderLoginInfo(_cardHolderId); } else if (chdto.Count == 2) { if (chdto[1].Login_Attempt_SecondDt <= System.DateTime.Today.AddDays(-1) && chdto[1].Login_Attempts < 3) { chlm.DeleteCardHolderLoginInfo(_cardHolderId); } } else if (chdto.Count == 3) { if (chdto[2].Login_Attempt_ThirdDt <= System.DateTime.Today.AddDays(-1) && chdto[2].Login_Attempts < 3) { chlm.DeleteCardHolderLoginInfo(_cardHolderId); } } } chdto = chlm.getCardHolderLoginInfoByID(_cardHolderId); if (chdto.Count > 0) { if (chdto[0].Login_Attempt_FirstDt == System.DateTime.Today && chdto[0].Login_Attempts < 3) { tries = Convert.ToInt32(chdto[0].Login_Attempts) + 1; } if (chdto[0].Login_Attempt_FirstDt != null && chdto[0].Login_Attempts == 3) { if (chdto.Count > 1) { if (chdto[1].Login_Attempt_SecondDt == System.DateTime.Today && chdto[1].Login_Attempts < 3) { tries = Convert.ToInt32(chdto[1].Login_Attempts) + 1; } if (chdto[1].Login_Attempt_SecondDt != null && chdto[1].Login_Attempts == 3) { if (chdto.Count > 2) { if (chdto[2].Login_Attempt_ThirdDt == System.DateTime.Today && chdto[2].Login_Attempts < 3) { tries = Convert.ToInt32(chdto[2].Login_Attempts) + 1; } if (chdto[2].Login_Attempt_ThirdDt != null && chdto[2].Login_Attempts == 3) { //ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.BlockedAccount + "');", true); // viewCheckUsernameError.Text = Constants.BlockedAccount; ClearControls(EnumBlockedAccount); } else { chlm.UpdateCardHolderLoginInfoThird(new CardHolderLogin_InfoDTO() { CardHolder_Id = _cardHolderId, Login_Attempts = tries, Login_Attempt_ThirdDt = System.DateTime.Today }); if (tries == 2) { lblMessage.Text = Constants.Leftwithonly1Attempt; DivMessage.Attributes.CssStyle.Add("display", "block"); } else { chlm.SetCardHolderParmenentDisable(_cardHolderId); // ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.ContinuesBlockedAccount + "');", true); //viewCheckUsernameError.Text = Constants.ContinuesBlockedAccount; ClearControls(EnumContinuesBlockedAccount); } } } else { if (chdto[1].Login_Attempt_SecondDt != System.DateTime.Today) { chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO() { CardHolder_Id = _cardHolderId, Login_Attempts = tries, IP_Address = Request.UserHostAddress, Login_Attempt_ThirdDt = System.DateTime.Today }); lblMessage.Text = Constants.ThirdDayLeftwith2Attempts; DivMessage.Attributes.CssStyle.Add("display", "block"); } } } else { if (chdto[1].Login_Attempt_SecondDt != System.DateTime.Today) { chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO() { CardHolder_Id = _cardHolderId, Login_Attempts = tries, IP_Address = Request.UserHostAddress, Login_Attempt_ThirdDt = System.DateTime.Today }); lblMessage.Text = Constants.ThirdDayLeftwith2Attempts; DivMessage.Attributes.CssStyle.Add("display", "block"); } else { chlm.UpdateCardHolderLoginInfoSecond(new CardHolderLogin_InfoDTO() { CardHolder_Id = _cardHolderId, Login_Attempts = tries, Login_Attempt_SecondDt = System.DateTime.Today }); if (tries == 2) { lblMessage.Text = Constants.SecndDayLeftwith1Attempts; DivMessage.Attributes.CssStyle.Add("display", "block"); } else { chlm.SetCardHolderInActive(_cardHolderId); // ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.InactiveAttempts + "');", true); // viewCheckUsernameError.Text = Constants.InactiveAttempts; ClearControls(EnumInactiveAttempts); } } } } else { if (chdto[0].Login_Attempt_FirstDt != System.DateTime.Today) { chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO() { CardHolder_Id = _cardHolderId, Login_Attempts = tries, IP_Address = Request.UserHostAddress, Login_Attempt_SecondDt = System.DateTime.Today }); lblMessage.Text = Constants.SecndDayLeftwith2Attempts; DivMessage.Attributes.CssStyle.Add("display", "block"); } } } else { if (chdto[0].Login_Attempt_FirstDt != System.DateTime.Today) { chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO() { CardHolder_Id = _cardHolderId, Login_Attempts = tries, IP_Address = Request.UserHostAddress, Login_Attempt_SecondDt = System.DateTime.Today }); lblMessage.Text = Constants.SecndDayLeftwith2Attempts; DivMessage.Attributes.CssStyle.Add("display", "block"); } else { chlm.UpdateCardHolderLoginInfofirst(new CardHolderLogin_InfoDTO() { CardHolder_Id = _cardHolderId, Login_Attempts = tries, Login_Attempt_FirstDt = System.DateTime.Today }); if (tries == 2) { lblMessage.Text = Constants.Leftwith1Attempts; DivMessage.Attributes.CssStyle.Add("display", "block"); } else { chlm.SetCardHolderInActive(_cardHolderId); //ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.InactiveAttempts + "');", true); //viewCheckUsernameError.Text = Constants.InactiveAttempts; ClearControls(EnumInactiveAttempts); } } } } else { chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO() { CardHolder_Id = _cardHolderId, Login_Attempts = tries, IP_Address = Request.UserHostAddress, Login_Attempt_FirstDt = System.DateTime.Today }); lblMessage.Text = Constants.Leftwith2Attempts; DivMessage.Attributes.CssStyle.Add("display", "block"); } } else if (hdnTabIndex.Value == "1" && String.CompareOrdinal(txtOTP.Text, hdnOTP.Value.ToString()) != 0) { lblMessage.Text = Constants.IncorrectOTP; DivMessage.Attributes.CssStyle.Add("display", "block"); divIncorrectOTP.Attributes.CssStyle.Add("display", "flex"); divOTPSent.Attributes.CssStyle.Add("display", "block"); divremaining.Attributes.CssStyle.Add("display", "block"); hideResultMobile.Text = strMobile; txtOTP.Focus(); StartOTPTimer(); return; } else { UserStatus = cmn.AuthenticateUserStatus(cardHolder.creditcard_acc_number.Decrypt()); if (UserStatus) { string blocked = Constants.BlockedAccount; Session["AccountNumber"] = cardHolder.creditcard_acc_number.Decrypt(); if (cardHolder.IsPermanentDisable == true && cardHolder.IsActive == false) { //ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "return Blokalert('" + blocked + "');",true); //hdnErrormsgFromLoginNext.Value = Constants.BlockedAccount; ClearControls(EnumBlockedAccount); } else if (cardHolder.IsPermanentDisable == true) { // ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.BlockedAccount + "');", true); //viewCheckUsernameError.Text = Constants.BlockedAccount; ClearControls(EnumBlockedAccount); } else if (cardHolder.IsActive == false) { // ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.InactiveAccount + "');", true); //viewCheckUsernameError.Text = Constants.InactiveAccount; ClearControls(EnumInactiveAccount); } else { Session["CardHolderId"] = cardHolder.CardHolder_Id; chlm.DeleteCardHolderLoginInfo(_cardHolderId); #region Create Session of IP and AntiFix for Privilege escalation (Horizontal) // Random Token antifix Random random = new Random(); string rndstr = random.Next(100000).ToString(); rndstr = Functions.GenerateHash(rndstr); Session["STTLII"] = rndstr; Response.Cookies["STTLII"].Value = rndstr; Response.Cookies["STTLII"].HttpOnly = true; //IP Of User Session["STTLI"] = Functions.GenerateHash(Functions.GetIP()); Response.Cookies["STTLI"].Value = Functions.GenerateHash(Functions.GetIP()); Response.Cookies["STTLI"].HttpOnly = true; #endregion //Step 3 Submit CardHolder Master Data CardHolderManager chm = new CardHolderManager(); CardHolder_MstDTO user = new CardHolder_MstDTO(); user.CardHolder_Id = _cardHolderId; //chm.UpdateCardHolderLastLoginDetails(user); chm.UpdateCardHolderDetailByID(user); SetCookieAndRedirectToProfilePage(Encoder.HtmlEncode(txtUsername.Text.Trim()), cardHolder.CardHolder_Id.ToString()); } } else { // ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.AccNotInNormalState + "');", true); // viewCheckUsernameError.Text = Constants.AccNotInNormalState; ClearControls(EnumAccNotInNormalState); } } }