private void ChangePassword(int iUserID, string strUserName, string strCurrentPassword, string strNewPassword)
{
int iReturnVal = 0;
EncryptJKS objEncrypt = new EncryptJKS();
//blocked by kuntalkarar on 31stMay2016
//iReturnVal = objUsers.ChangePassword(iUserID, strUserName, EncryptJKS.EncryptData(strCurrentPassword), EncryptJKS.EncryptData(strNewPassword));
//Added by kuntalkarar on 31stMay2016
iReturnVal = objUsers.ChangePassword(iUserID, strUserName, objEncrypt.RijndaelEncription(strCurrentPassword), objEncrypt.RijndaelEncription(strNewPassword));
if (iReturnVal == -101)
{
//Modified by Mainak 2018-03-15
//lblMessage.Text = "Error changing password.";
lblMessage.Text = "Incorrect Current Password";
}
else
{
if (objUsers.RecordFirstLogin(Convert.ToInt32(Session["UserID"])))
{
lblMessage.Text = "Password changed successfully.";
Session["FirstLoginPageVisited"] = "No";
hdProceedFlag.Value = "1";
}
else
{
lblMessage.Text = "Password changed successfully. Error recording first login.";
}
}
}
private void ChangePassword(int iUserID, string strUserName, string strCurrentPassword, string strNewPassword)
{
int iReturnVal = 0;
//blocked by kuntalkarar on 28thMay2016
//iReturnVal = objUsers.ChangePassword(iUserID, strUserName, EncryptJKS.EncryptData(strCurrentPassword), EncryptJKS.EncryptData(strNewPassword));
//added by kuntalkarar on 28thMay2016
iReturnVal = objUsers.ChangePassword(iUserID, strUserName, objEncrypt.RijndaelEncription(strCurrentPassword), objEncrypt.RijndaelEncription(strNewPassword));
if (iReturnVal == -101)
{
//lblMessage.Text = "Error changing password.";
lblMessage.Text = "ERROR CHANGING PASSWORD.";
}
else
{
//lblMessage.Text = "Password changed successfully.";
lblMessage.Text = "PASSWORD CHANGED SUCCESSFULLY .";
}
}
protected void btnlogin_Click(object sender, EventArgs e)
{
if (cnt == 0)
{
if (IsPostBack)
{
int iLogStatusCount = 0;
txtNetworkID.Text = Convert.ToString("9ae44765-e9");//Changed 9ae44765-e9 of JKS from 0e8e82fa-14 of BBR
// Session["networkID"] = txtNetworkID.Text;// blocked By Rimi on 8th August 2015
Session["networkID"] = Convert.ToString("9ae44765-e9");//Changed 9ae44765-e9 of JKS from 0e8e82fa-14 of BBR
if (txtNetworkID.Text.Length == 0 || txtUserName.Text.Length == 0 || txtPassword.Text.Length == 0)
{
lblValidateMessage.Visible = true;
}
else
{
CBSAppUtils.PrimaryConnectionString = System.Configuration.ConfigurationManager.AppSettings["ConnectionString"];
DataAccess da = new DataAccess(CBSAppUtils.PrimaryConnectionString);
//Modified by kuntalkarar on 28thMay2016 for Rijndael + LOCKOUT system as COOP/WELL
RecordSet rsLogin = da.ExecuteSP("up_security_Login_Encrpyt_JKS", txtNetworkID.Text, txtUserName.Text, txtPassword.Text, objEncrypt.RijndaelEncription(txtPassword.Text));// Commenetd By Rimi on 22nd July 2015
//blocked by kuntalkarar on 28thMay2016 for Rijndael
//RecordSet rsLogin = da.ExecuteSP("userLogInGRH", txtNetworkID.Text, txtUserName.Text, txtPassword.Text, EncryptJKS.EncryptData(txtPassword.Text));// Added By Rimi on 22nd July 2015
//Added by kuntalkarar on 28thMay2016 for Rijndael
//RecordSet rsLogin = da.ExecuteSP("userLogInGRH", txtNetworkID.Text, txtUserName.Text, txtPassword.Text, objEncrypt.RijndaelEncription(txtPassword.Text));// Added By Rimi on 22nd July 2015
/* we will have two resultsets - the first one containing the LoginStatus
* and the other one containing the user details in case of successful login
*/
if (rsLogin.ParentDataSet != null)//Added By Rimi on 24thJuly2015
{
rsLogin.ParentTable.TableName = "Users";
if (rsLogin.ParentDataSet.Tables.Count > 1)
{
RecordSet rsUser = new RecordSet(rsLogin.ParentDataSet, 1);
for (int i = 0, j = rsUser.ColumnCount; i < j; i++)
{
string columnName = rsUser.Columns[i].ColumnName;
Session.Add(columnName, rsUser[columnName]);
}
//get the user's security access information and load that into session
RecordSet rsAccess = new RecordSet(rsLogin.ParentDataSet, 2);
Session.Add("Access", rsAccess);
// CBSAppUtils.AppUserId = (int)Session["UserID"];// Commented By Rimi on 24thJuly2015
//========================Added By Rimi on 24thJuly2015=================================
if (!string.IsNullOrEmpty(Convert.ToString(Session["UserID"])))
{
CBSAppUtils.AppUserId = (int)Session["UserID"];
}
else
{
CBSAppUtils.AppUserId = 0;
}
//========================Added By Rimi on 24thJuly2015=================================
Session["JKS"] = 0;
RecordSet rsComp = da.ExecuteQuery("vUserCompany", "UserID= " + CBSAppUtils.AppUserId);
if (rsComp.RecordCount > 0)
{
if (rsComp["ParentCompanyID"] == DBNull.Value)
{
iParentCompanyID = 0;
}
else
{
iParentCompanyID = Convert.ToInt32(rsComp["ParentCompanyID"]);
}
// iParentCompanyID = 116065;
if (rsComp["CompanyName"].ToString().ToLower().Trim() == "JKS" || iParentCompanyID == 116065)
{
Session["CompanyID"] = Convert.ToInt32(rsComp["CompanyID"]);
// Session["CompanyID"] = 116065;
Session["JKS"] = 1;
}
if (rsComp["ParentCompanyID"] == DBNull.Value)
{
Session["ParentCompanyID"] = 0;
}
else
{
Session["ParentCompanyID"] = Convert.ToInt32(rsComp["ParentCompanyID"]);
}
if (rsComp["UserTypeID"] == DBNull.Value)
{
Session["UserTypeID"] = 1;
}
else
{
Session["UserTypeID"] = Convert.ToInt32(rsComp["UserTypeID"]);
}
if (iSession == 0)
{
// Added By Mrinal on 30th December 2013
if (Session["UserTypeID"] != null)
{
int utid = Convert.ToInt32(Session["UserTypeID"]);
if (utid == 3)
{
Session.Timeout = 300;
iSession = 1;
}
else
{
Session.Timeout = 300;
}
}
}
if (rsComp["CompanyTypeID"] != DBNull.Value)
{
Session["CompanyID"] = Convert.ToInt32(rsComp["CompanyID"]);
// Session["CompanyID"] = 116065;
Session["CompanyTypeID"] = Convert.ToInt32(rsComp["CompanyTypeID"]);
}
else
{
Session["CompanyTypeID"] = 0;
}
if (rsComp["New_UserGroup"] != DBNull.Value)
{
Session["UserGroupCode"] = rsComp["New_UserGroup"];
}
}
da.CloseConnection();
if (Convert.ToInt32(Session["UserID"]) != 0)//========================Added By Rimi on 24thJuly2015=================================
{
if (objUser.CheckFirstLogin(Convert.ToInt32(Session["UserID"])))
{
if (Convert.ToInt32(Session["UserTypeID"]) == 11)
{
Response.Redirect(ConfigurationManager.AppSettings["CMS_JKS"].Trim());
}
else
{
Response.Redirect(ConfigurationManager.AppSettings["UserMainPage_JKS"].Trim());
}
}
else
{
Response.Redirect(ConfigurationManager.AppSettings["FirstLoginPage_JKS"].Trim());
}
}
//========================Added By Rimi on 24thJuly2015=================================
else
{
lblValidateMessage.Visible = true;
}
//========================Added By Rimi on 24thJuly2015=================================
}
else
{
//login failed! to inspect what went wrong, we need
//to extract information from the first table inside
//the rsLogin, but we don't need to do that now.
//blocked by kuntalkarar on 30thMay2016
//lblValidateMessage.Visible = true;
//addedby kuntalkarar on 30thMay2016 for lockout msg after 6 failed log in
DataSet ds = new DataSet();
DataTable dtnew = new DataTable();
SqlConnection sqlConn = new SqlConnection(CBSAppUtils.PrimaryConnectionString);
SqlDataAdapter sqlDA = new SqlDataAdapter("CheckFailedLogIn", sqlConn);
sqlDA.SelectCommand.CommandType = CommandType.StoredProcedure;
sqlDA.SelectCommand.Parameters.Add("@username", Convert.ToString(txtUserName.Text));
sqlDA.SelectCommand.Parameters.Add("@networkId", Convert.ToString(txtNetworkID.Text));
sqlConn.Open();
sqlDA.Fill(dtnew);
if (dtnew.Rows.Count > 0)
{
iLogStatusCount = Convert.ToInt32(dtnew.Rows[0]["lockout"].ToString());
sqlConn.Close();
if (iLogStatusCount >= 6)
{
//string sScript = "<SCRIPT language='javascript'>alert('Your account has been locked out following 3 successive failed log-ins. Please contact your business nominated IS Helpdesk and request a password reset'); </SCRIPT>";
//Page.RegisterStartupScript("Focus",sScript);
Page.RegisterStartupScript("Reg", "<script>LoginFailureMessage();</script>");
}
else
{
lblValidateMessage.Visible = true;
}
}
else
{
lblValidateMessage.Visible = true;
}
//addition ends by kuntalkarar on 2ndJune2016 for lockout msg after 6 failed log in
}
//========================Added By Rimi on 24thJuly2015=================================
}
else
{
lblValidateMessage.Visible = true;
}
//========================Added By Rimi on 24thJuly2015=================================
}
}
cnt += 1;
}
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
//added by kuntal karar on 26thMay 2016to make user force to change password
JKS.Users objUsers = new JKS.Users();
string strResetAnswer = string.Empty;
if (txtResetQuestionAnswer.Text.Trim().Length == 0)
{
this.RegisterClientScriptBlock("clientScript", "<script language=javascript>alert('Please enter Answer.'); </script>");
return;
}
else
{
// Salting Password Needed
SimpleHash objSimpleHash = new SimpleHash();
string salt = ConfigurationManager.AppSettings["SaltingKey"].Trim().ToString();
strResetAnswer = objSimpleHash.ComputeHash(txtResetQuestionAnswer.Text.Trim().ToString().ToUpper(), "SHA1", System.Text.Encoding.ASCII.GetBytes(salt));
// strResetAnswer=txtResetQuestionAnswer.Text.Trim().ToString().ToUpper();
}
int UserID = 0;
if (Request.QueryString["UserID"] != null)
{
UserID = Convert.ToInt32(Request.QueryString["UserID"]);
}
int iReturnValue = 0;
//blocked by kuntalkarar on 26thMay2016
// List<PasswordReset> lstSaltedPassword = objPasswordReset.checkSaltedPassword(UserID, txtResetQuestionAnswer.Text);//strResetAnswer
//added by kuntalkarar on 26thMay2016
List <PasswordReset> lstSaltedPassword = objPasswordReset.checkSaltedPassword(UserID, strResetAnswer);
if (lstSaltedPassword.Count > 0)
{
iReturnValue = lstSaltedPassword[0].iReturnValue;
}
if (iReturnValue == 1)
{
string strPassword = Guid.NewGuid().ToString().Substring(0, 8);
int strDbUserID = Convert.ToInt32(Request.QueryString["UserID"]);
ChangePassword(strDbUserID, strPassword);
// Change Password Section
int iReturnVal = 0;
//blocked by kuntal karar on 28thMay 2016 for RijnDael encryption.
//iReturnVal = ForgotChangePassword(strDbUserID, EncryptJKS.EncryptData(strPassword));
//Added by kuntal karar on 28thMay 2016 for RijnDael encryption.
iReturnVal = ForgotChangePassword(strDbUserID, objEncrypt.RijndaelEncription(strPassword));
if (iReturnVal == -101)
{
this.RegisterClientScriptBlock("clientScript", "<script language=javascript>alert('Error Changing Password.'); </script>");
return;
}
else
{
//added by kuntal karar on 26thMay 2016 to make user force to change password
objUsers.PasswordChangeRequired(strDbUserID);
}
string Email = FetchUserEmail(strDbUserID);
SendMailInfo(strDbUserID, Email, strPassword);
Response.Redirect("JKSSecurityIntermediate.aspx"); // need to create this page..
}
else if (iReturnValue == -501)
{
Page.RegisterStartupScript("Reg", "<script>PopulateMessage(-501);</script>");
return;
}
else if (iReturnValue == -500)
{
Page.RegisterStartupScript("Reg", "<script>PopulateMessage(-500);</script>");
return;
}
}