public static bool CambioPassword(
string username,
string old_password,
string new_password,
string confirm_new_password
)
{
if (new_password != confirm_new_password)
{ // confirmation check in BPL.
return(false); // TODO dettagliare
}// else go on
Entity.BusinessEntities.Utente utente =
new Entity.BusinessEntities.Utente();
utente.username = username;
//utente.password will be filled inside the Entity by a load_SINGLE -> check with old_password.
bool result =
utente.ChangePwd(
old_password,
new_password // used to chek, even if the page is in ~/zonaRiservata, i.e. user logged.
); // to overwrite the existing one.
// ready
return(result);
} // end CambioPassword()
}// end static ctor
/// <summary>
/// NB. wrong usr is a blocking error. Nothing can be said
/// about the password, if the usr is wrong, since no
/// rows comes out from the query.
/// </summary>
/// <param name="web_username"></param>
/// <param name="web_pwd"></param>
/// <returns>
/// 0 == ok.
/// 1 == no db connection.
/// 2 == no such row; i.e. wrong usr.
/// 3 == unexpected data irregularity.
/// 4 == good username, wrong password.
/// </returns>
public static int canLogOn(
string web_username, // username filled on the web-form, NB.filtered_________
string web_pwd // password filled on the web-form. NOT filtered________
)
{
//------------- instantiate Entity -----------------------------
Entity.BusinessEntities.Utente utente =
new Entity.BusinessEntities.Utente();
utente.username = web_username;// unique
//
//------------- make use of instantiated Entity -----------------------------
int login_result =
utente.canLogOn(
web_pwd, // crypted pwd, from the form.
null // trx
);
//----- result analysis----------
if (4 == login_result) //--------------------------------------"good username, wrong password.";
{ // might be an intrusion attempt: write it down.
bool user_row_in_lCrash =
Entity.Proxies.usp_lCrash_CheckLine_SERVICE.usp_lCrash_CheckLine(
utente.id
);
if (!user_row_in_lCrash)
{// stiil without a personal line in lCrash: let's write it down.
Entity.Proxies.usp_lCrash_INSERT_SERVICE.usp_lCrash_INSERT(
utente.id,
1 // first mistake
);
}// end login wrong and no user_row_in_lCrash.
else//---"good username, wrong password." and user already has his row in lCrash.
{
System.Data.DataTable current_crash_level =
Entity.Proxies.usp_lCrash_LOADSINGLE_SERVICE.usp_lCrash_LOADSINGLE(
utente.id
);
int int_current_crash_level =
(Int32)(current_crash_level.Rows[0]["card"]);
int new_current_crash_level = ++int_current_crash_level;// increment and then write down.
Entity.Proxies.usp_lCrash_UPDATE_SERVICE.usp_lCrash_UPDATE(
utente.id,
new_current_crash_level // increment and then write down.
);
if (3 < new_current_crash_level)
{
login_result = 5;// notify the exceeding wrong attemps, if the case.
}// else just say "good username, wrong pwd", i.e. 4.
}// end //---"good username, wrong password." and user already has his row in lCrash.
}// end if(4==login_result)//"good username, wrong password.";
else if (0 == login_result)// login_riuscita
{
bool user_row_in_lCrash =
Entity.Proxies.usp_lCrash_CheckLine_SERVICE.usp_lCrash_CheckLine(
utente.id
);
if (!user_row_in_lCrash)
{// stiil without a personal line in lCrash: let's write it down.
Entity.Proxies.usp_lCrash_INSERT_SERVICE.usp_lCrash_INSERT(
utente.id,
0 // no mistakes yet.
);
}// end if (!user_row_in_lCrash)
else// login ok and user already has his row in lCrash.
{
System.Data.DataTable current_crash_level =
Entity.Proxies.usp_lCrash_LOADSINGLE_SERVICE.usp_lCrash_LOADSINGLE(
utente.id
);
int int_current_crash_level =
(Int32)(current_crash_level.Rows[0]["card"]);
if (3 < int_current_crash_level)
{
// nothing to update, since login was ok; but equally cannot enter since he's got more then 3 mistakes.
login_result = 5; // i.e. "Sono stati fatti piu' di tre tentativi errati. E' necessario contattare l'Amministratore per essere riabilitati al servizio.";
}
else//--valid login, after<=3 mistakes: it clears the mistakes count.
{
Entity.Proxies.usp_lCrash_UPDATE_SERVICE.usp_lCrash_UPDATE(
utente.id,
0 // a valid login resets previous mistakes, iff they were<=3.
);
}// end---//--valid login, after<=3 mistakes: it clears the mistakes count.
}// end---// login ok and user already has his row in lCrash.
}
//
// ready
return(login_result);// user interface interpretes the code and renders the message.
}// end canLogOn()
