protected void btnLogin_Click(object sender, EventArgs e) { string username = txtUserName.Text.Trim(); string password = EncryptionHelper.Encrypt(txtPassword.Text.Trim()); //string password = EncryptionHelper.Encrypt("$january8"); Session[Constant.SESSION_PASSWORD] = password; if (GetClientId(username).ToString() != "0") { Session["clientid"] = GetClientId(username).ToString(); Session["client"] = ClientConfig.ConfigurationsId(HttpContext.Current.Session["clientid"].ToString(), "slug"); Session["configTheme"] = ClientConfig.ConfigurationsId(HttpContext.Current.Session["clientid"].ToString(), "configTheme"); Session["configCompanyName"] = ClientConfig.ConfigurationsId(HttpContext.Current.Session["clientid"].ToString(), "configCompanyName"); Session["ConnectionString"] = Client.ConnectionString(HttpContext.Current.Session["clientid"].ToString()); connstring = Client.ConnectionString(HttpContext.Current.Session["clientid"].ToString()); //Response.Write(Session["ConnectionString"]); //SqlDataReader oReader; ////string connstring = ConfigurationManager.ConnectionStrings["EBidConnectionString"].ConnectionString; //string query; //SqlCommand cmd; //SqlConnection conn; //query = "SELECT UserId FROM tblUsers WHERE UserName=@UserName AND UserPassword=@UserPassword"; //##storedProcedure //using (conn = new SqlConnection(Session["ConnectionString"].ToString())) //{ // using (cmd = new SqlCommand(query, conn)) // { // //cmd.CommandType = CommandType.StoredProcedure; //##storedProcedure // cmd.Parameters.AddWithValue("@UserName", username.Replace("'", "''")); // cmd.Parameters.AddWithValue("@UserPassword", password.Replace("'", "''")); // conn.Open(); // //Process results // oReader = cmd.ExecuteReader(); // if (oReader.HasRows) // { // while (oReader.Read()) // { // Response.Write(oReader["UserId"].ToString()); // } // } // } //} //Response.Write(CheckUserCredentials(username, password, Session["ConnectionString"].ToString())); // check user credentials if (CheckUserCredentials(username, password, Session["ConnectionString"].ToString())) // if ok, proceed { Session[Constant.SESSION_PASSWORD] = password; // check if already authenticated if (Session[Constant.SESSION_ISUSERAUTHENTICATED].ToString() == "YES") { if (GetSessionId() == "") { UpdateUserLoginStatus(Session[Constant.SESSION_USERID].ToString(), 1, Session.SessionID.ToString()); Session["SesId"] = GetSessionId(); RedirectUser(Session[Constant.SESSION_USERNAME].ToString(), int.Parse(Session[Constant.SESSION_USERTYPE].ToString())); } else { txtNote.Text = "<div style='padding:5px; background-color:#f60; color:#fff; font-size:10px; margin-top:10px; width:166px;'>This user is currently logged-in. <br>Do you want to force login?</div>"; lnkForceLogout.Visible = true; lnkForceLogoutNo.Visible = true; lnkForceSeparator.Text = " | "; btnLogin.Visible = false; btnClear.Visible = false; //UpdateUserLoginStatus(Session[Constant.SESSION_USERID].ToString(), 1, Session.SessionID.ToString()); //Session["SesId"] = GetSessionId(); //RedirectUser(Session[Constant.SESSION_USERNAME].ToString(), int.Parse(Session[Constant.SESSION_USERTYPE].ToString())); } } // if not yet authenticated else { mView.ActiveViewIndex = 2; } } // if not, prompt incorrect username/password else { //txtUserName.Text = ""; txtNote.Text = "Invalid username or password."; } } else { //txtUserName.Text = ""; txtNote.Text = "Invalid username or password.."; } }
protected void Page_Load(object sender, EventArgs e) { if ((Request.QueryString["clientid"] != null && Request.QueryString["clientid"] != "") || (Request.QueryString["client"] != null && Request.QueryString["client"] != "")) { if (Request.QueryString["clientid"] != null && Request.QueryString["clientid"] != "") { Response.Cookies["clientidCookie"].Value = System.Web.HttpContext.Current.Request.QueryString["clientid"].ToString(); Response.Cookies["clientidCookie"].Expires = DateTime.Now.AddDays(30); Session["client"] = ClientConfig.ConfigurationsId(HttpContext.Current.Request.QueryString["clientid"].ToString(), "slug"); Session["clientid"] = System.Web.HttpContext.Current.Request.QueryString["clientid"].ToString(); Session["configTheme"] = ClientConfig.ConfigurationsId(HttpContext.Current.Request.QueryString["clientid"].ToString(), "configTheme"); Session["configCompanyName"] = ClientConfig.ConfigurationsId(HttpContext.Current.Request.QueryString["clientid"].ToString(), "configCompanyName"); Session["ConnectionString"] = Client.ConnectionString(HttpContext.Current.Session["clientid"].ToString()); Response.Cookies["clientid"].Value = System.Web.HttpContext.Current.Session["clientid"].ToString(); Response.Cookies["clientid"].Expires = DateTime.Now.AddDays(30); } else if (Request.QueryString["client"] != null && Request.QueryString["client"] != "") { Response.Cookies["clientCookie"].Value = System.Web.HttpContext.Current.Request.QueryString["client"].ToString(); Response.Cookies["clientCookie"].Expires = DateTime.Now.AddDays(30); Session["client"] = System.Web.HttpContext.Current.Request.QueryString["client"].ToString(); Session["clientid"] = ClientConfig.ConfigurationsSlug(HttpContext.Current.Request.QueryString["client"].ToString(), "clientid"); Session["configTheme"] = ClientConfig.ConfigurationsSlug(HttpContext.Current.Session["client"].ToString(), "configTheme"); Session["configCompanyName"] = ClientConfig.ConfigurationsSlug(HttpContext.Current.Session["client"].ToString(), "configCompanyName"); Session["ConnectionString"] = Client.ConnectionString(HttpContext.Current.Session["clientid"].ToString()); Response.Cookies["clientidCookie"].Value = System.Web.HttpContext.Current.Session["clientid"].ToString(); Response.Cookies["clientidCookie"].Expires = DateTime.Now.AddDays(30); } } else { if (Request.Cookies["clientidCookie"] != null) { Response.Redirect("login.aspx?clientid=" + Request.Cookies["clientidCookie"].Value.ToString()); } else if (Session["clientid"] == null || Session["clientid"].ToString() == "") { Response.Redirect("err_default.htm"); } } connstring = Client.ConnectionString(HttpContext.Current.Session["clientid"].ToString()); //connstring = ConfigurationManager.ConnectionStrings["EBidConnectionString"].ConnectionString; //Response.Write(connstring + ":" + ConfigurationManager.ConnectionStrings["EBidConnectionString"].ConnectionString); if (connstring == "Data Source=COMPSERVER;Initial Catalog=ebid;User ID=sa;Password=Sqldbo@2012") { Response.Redirect("err_default.htm"); } if (!IsPostBack) { if (!String.IsNullOrEmpty(User.Identity.Name)) { FormsAuthenticationHelper.SignOut(); } } if (Request.QueryString["t"] != null) { if (Request.QueryString["t"] != "") { int i = int.Parse(Request.QueryString["t"]); mView.ActiveViewIndex = i < mView.Views.Count ? i : 0; if ((IsPostBack) && (i == 1)) { btnSend_Click(null, null); } } else { mView.ActiveViewIndex = 0; } } else { mView.ActiveViewIndex = 0; } if (!IsPostBack) { if (Session["msg"] != null) { txtNote2.Text = Session["msg"].ToString(); Session["msg"] = null; } } }