public void VerifyAccess(params string[] permissionPrefix) { //verify permission bool hasPermission = SessionProps.HasPermission("ADMIN_SYSTEM"); if (!hasPermission) { foreach (var permission in permissionPrefix) { //one of the required permissions is enough if (SessionProps.HasPermission(permission)) { hasPermission = true; } } } if (!hasPermission) { //log the attempted breach MailAndLog.SendMessage("Försök att öppna säkrad sida", String.Format("Användaren: {0} med guid: {1} försökte öppna sidan: {2}.", SessionProps.UserName, SessionProps.UserGuid.ToString(), GetType().BaseType.FullName), Parameters.Instance.MailSender, Parameters.Instance.SupportMail); throw new AccessViolationException("Attempt to open restricted page"); } }
protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { var team = new UserTeamManagement(Global.ConnectionString, SessionProps).GetTeam(TeamId); //check that it's the users team //verify team owner if (team.UserGUID != SessionProps.UserGuid && !SessionProps.HasPermission("ADMIN")) { //log the attempted breach MailAndLog.SendMessage("Försök att sabba lag", String.Format("Användaren: {0} med guid: {1} försökte ändra bild på laget: {2} med guid: {3}", SessionProps.UserName, SessionProps.UserGuid.ToString(), team.Name, team.GUID), Parameters.Instance.MailSender, Parameters.Instance.SupportMail); throw new AccessViolationException("Attempt to tamper with other users team"); } if (!String.IsNullOrEmpty(team.Picture)) { uploadImage.UploadUserImage(team.Picture); } else { uploadImage.UploadUserImage(); } } }
public static void SendAndLogErrorMessage(Exception exception, string mailSender, string mailRecipient) { //info on current session var messageBody = String.Empty; //info of the session messageBody += "<h4>Session info:</h4>"; if (Global.SessionProperties.UserName != null) { messageBody += "<p>Username: "******"</p>"; } else { messageBody += "<p>Anonymous</p>"; } //info of the request/browser if (HttpContext.Current != null) { var request = HttpContext.Current.Request; messageBody += "<h4>Request/browser info:</h4>"; messageBody += "<ul>"; messageBody += "<li>Path: "; messageBody += request.Url; messageBody += "</li>"; messageBody += "<li>UserAgent: "; messageBody += request.UserAgent; messageBody += "</li>"; messageBody += "<li>UserHostAddress: "; messageBody += request.UserHostAddress; messageBody += "</li>"; messageBody += "</ul>"; } //info of the error messageBody += "<h4>Error info:</h4>"; messageBody += "<p>" + HttpUtility.HtmlEncode(exception.Message).Replace("\n", "<br/>") + "</p>"; messageBody += "<p><small>" + HttpUtility.HtmlEncode(exception.StackTrace).Replace("\n", "<br/>") + "<small></p>"; MailAndLog.SendMessage("IntiFel (" + exception.GetType().Name + ")", messageBody, mailSender, mailRecipient); }
private void LoadTournament() { var tournamentGUID = this.GetRedirectParameter("tournamentGUID", false); if (tournamentGUID != null) { using (var db = Global.GetConnection()) { var tournament = db.Ext_PrivateTournament.Single(t => t.GUID == new Guid(tournamentGUID.ToString())); //verify tournament owner if (tournament.Sys_User.GUID != SessionProps.UserGuid && !SessionProps.HasPermission("ADMIN")) { //log the attempted breach MailAndLog.SendMessage("Försök att sabba turnering", String.Format("Användaren: {0} med guid: {1} försökte öppna turneringen: {2} med guid: {3}", SessionProps.UserName, SessionProps.UserGuid.ToString(), tournament.Name, tournament.GUID), Parameters.Instance.MailSender, Parameters.Instance.SupportMail); throw new AccessViolationException("Attempt to open other users tournament"); } Name.Text = tournament.Name; Description.Text = tournament.Description; IsVisibleForAll.Checked = (tournament.IsLimitedInTime ?? false); if (tournament.IsLimitedInTime ?? true) { rblDateLimitation.SelectedValue = "datum"; pnlDateLimitation.Visible = true; pnlDayLimitation.Visible = false; StartDate.Text = (tournament.StartDate ?? DateTime.Now).ToShortDateString(); EndDate.Text = (tournament.EndDate ?? DateTime.Now).ToShortDateString(); } else { rblDateLimitation.SelectedValue = "omg"; pnlDateLimitation.Visible = false; pnlDayLimitation.Visible = true; drpStartDay.SelectedIndex = (tournament.StartDay ?? 2) - 1; drpEndDay.SelectedIndex = (tournament.EndDay ?? 2) - 1; } LoadParticipants(tournament.GUID, db); } } }