protected void btnLogin_Click(object sender, EventArgs e)
        {
            lblMsg.Text = "";

            string strUser = strSafeSqlLiteral(useremail.Text.ToString(), 255);
            string strPass = strSafeSqlLiteral(userpassword.Text.ToString(), 127);

            if ((strUser.Length > 0) && (!Regex.IsMatch(strUser, @"\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}\b")))
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-100, Invalid User.";
                return;
            }

            if ((strPass.Length < 8) || (strUser.Length < 5))
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-110, No user account found, or bad password.";
                return;
            }

            string strIPAddress = Request.ServerVariables["REMOTE_ADDR"].ToString().Trim();

            if (strIPAddress.Length > 20)
            {
                strIPAddress = strIPAddress.Substring(0, 20);
            }

            SDSheriffUtils.SDSheriffCrypto SDSheriffCrypto1 = new SDSheriffUtils.SDSheriffCrypto();

            string sPassEnc = SDSheriffCrypto1.Encrypt(strPass);
            string sPassDec = SDSheriffCrypto1.Decrypt(sPassEnc).ToString();
            //if (strPass != sPassDec) lblMsg.Text = "Enc/Dec not working";
            //else lblMsg.Text = "Success";

            DataSet ds1 = new DataSet();

            StringBuilder strCmd = new StringBuilder();

            strCmd.Append("SELECT * ");
            strCmd.Append("FROM TMHUsers ");
            strCmd.Append("WHERE UserName ='******' AND PassWord = '******' AND STATUS in ('A', 'X')");

            db1.mv_OpenConnection2(strIPAddress);
            ds1 = db1.mds_ExecuteQuery(strCmd.ToString(), "tblUser");
            db1.mv_CloseConnection();
            // check to see if error occurred during database connection and sql cmd execution
            if (ds1 == null)
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-120, Error Occurred - (1) Database Error";
                return;
            }

            if (ds1.Tables["tblUser"].Rows.Count == 0)
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-130, Bad user account or password!";
                return;
            }

            if (ds1.Tables["tblUser"].Rows.Count > 1)
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-140, Multiple user accounts found - Error.";
                return;
            }

            HttpContext.Current.Session["TMHPasswordAccess"] = "Yes";
            HttpContext.Current.Session["TMHUser"]           = strUser;

            // need internal user id saved in the session variable for inserting new TMH cases for the user
            HttpContext.Current.Session["TMHUserId"]  = ds1.Tables["tblUser"].Rows[0]["UserId"].ToString().Trim();
            HttpContext.Current.Session["TMHUserPIN"] = ds1.Tables["tblUser"].Rows[0]["PIN"].ToString().Trim();

            try
            {
                // reset user IP address with the current IP address
                StringBuilder strCmd2 = new StringBuilder();

                strCmd2.Append("UPDATE TMHUsers SET [IP] = '" + strIPAddress + "', ");
                strCmd2.Append("[LastActivityDate] = GETDATE() ");
                strCmd2.Append("WHERE [UserName] = '" + strUser + "'");
                db1.mv_OpenConnection2(strIPAddress);
                db1.mv_InsertOrUpdate(strCmd2.ToString());
                db1.mv_CloseConnection();
                // check to see if error occurred during database connection and sql command execution
            }
            catch (Exception ex)
            {
                string strErr = ex.Message.ToString();
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-150, Login Error, Take Me Home is not available at this time, Please try later.";
                return;
            }

            string strUserStatus = ds1.Tables["tblUser"].Rows[0]["Status"].ToString().Trim();

            if (userremember.Checked)
            {
                HttpCookie LoginCookie = new HttpCookie("TMHUserId");
                LoginCookie.Values.Add("UserName", useremail.Text.ToString().Trim());
                LoginCookie.Expires = DateTime.Now.AddYears(100);
                Response.Cookies.Add(LoginCookie);
            }

            // Create the forms authetication ticket
            FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, useremail.Text, DateTime.Now
                                                                                 , DateTime.Now.AddMinutes(300), false, String.Empty, FormsAuthentication.FormsCookiePath);

            string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

            // Create a cookie and add the encrypted ticket to the cookie as data.
            HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

            // Add the cookie to the outgoing cookies collection.
            Response.Cookies.Add(authCookie);

            if (Request.QueryString["ReturnUrl"] != null)
            {
                FormsAuthentication.RedirectFromLoginPage(useremail.Text, false);
                //Response.Redirect("default.aspx");
            }

            if (strUserStatus == "X")
            {
                Server.Transfer("ChangePass.aspx");
            }
            else
            {
                Server.Transfer("default.aspx");
            }
        }
示例#2
0
        //---------------------------- Method ---------------------------------------
        protected void btnChangePass_Click(object sender, EventArgs e)
        {
            lblMsg.Text = "";

            string strUser = strSafeSqlLiteral(useremail.Text.ToString(), 255);

            string strPassOld  = strSafeSqlLiteral(userpasswordOld.Text.ToString(), 127);
            string strPassNew  = strSafeSqlLiteral(userpasswordNew.Text.ToString(), 127);
            string strPassNewC = strSafeSqlLiteral(userpasswordNewC.Text.ToString(), 127);

            if (!IsComplexPassword(strPassNew))
            {
                // at least change the message and write to app event log
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-300, Error: Make sure the new password contains numeric, upper and lower case characters and is at least 8 characters long.";
                return;
            }

            if (strPassNew.Length < 8)
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-310, Error: New password length is less than 8 characters long, Please try again.";
                return;
            }

            if (strPassNew != strPassNewC)
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-320, Error: New password and confirm password do not match, Please try again.";
                return;
            }

            string strIPAddress = Request.ServerVariables["REMOTE_ADDR"].ToString().Trim();

            if (strIPAddress.Length > 20)
            {
                strIPAddress = strIPAddress.Substring(0, 20);
            }

            SDSheriffUtils.SDSheriffCrypto SDSheriffCrypto1 = new SDSheriffUtils.SDSheriffCrypto();

            string sPassEncOld = SDSheriffCrypto1.Encrypt(strPassOld);
            string sPassDecOld = SDSheriffCrypto1.Decrypt(sPassEncOld).ToString();
            //if (strPass != sPassDec) lblMsg.Text = "Enc/Dec not working";
            //else lblMsg.Text = "Success";

            DataSet ds1 = new DataSet();

            StringBuilder strCmd = new StringBuilder();

            strCmd.Append("SELECT * ");
            strCmd.Append("FROM TMHUsers ");
            strCmd.Append("WHERE [UserName] ='" + strUser + "' AND [PassWord] = '" + sPassEncOld + "' AND STATUS in ('A', 'X')");

            db1.mv_OpenConnection2(strIPAddress);
            ds1 = db1.mds_ExecuteQuery(strCmd.ToString(), "tblUser");
            db1.mv_CloseConnection();
            // check to see if error occurred during database connection and sql execution
            if (ds1 == null)
            {
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-330, Error: Database Error";
                return;
            }

            if (ds1.Tables["tblUser"].Rows.Count == 0)
            {
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-340, Error: No user account found, or old password bad, Please try again.";
                return;
            }

            string sPassEncNew = SDSheriffCrypto1.Encrypt(strPassNew);

            try
            {
                // change user password with the new password selected by the user
                StringBuilder strCmd2 = new StringBuilder();

                strCmd2.Append("UPDATE TMHUsers SET [PassWord] = " + "'" + sPassEncNew + "', ");
                strCmd2.Append("[LastActivityDate] = GETDATE(), [Status] = 'A', ");
                strCmd2.Append("[IP] = '" + strIPAddress + "' ");
                strCmd2.Append("WHERE [UserName] = '" + strUser + "' AND [PassWord] = '" + sPassEncOld + "'");
                db1.mv_OpenConnection2(strIPAddress);
                db1.mv_InsertOrUpdate(strCmd2.ToString());
                db1.mv_CloseConnection();
                // check to see if error occurred during database connection and sql command execution
            }
            catch (Exception ex)
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                string strErr = ex.Message.ToString();
                lblMsg.Text = "TMHSelf-350, Error: Your Password was not changed!";
                return;
            }


            //lblMsg.ForeColor = System.Drawing.Color.Black;
            msgVal.Attributes["class"] = "alert alert-success";
            lblMsg.Text           = "Your password has been changed.";
            pnlChangePass.Visible = false;
            pnlindexPage.Visible  = true;
        }
示例#3
0
        //---------------------------- Method ---------------------------------------
        protected void btnAddUser_Click(object sender, EventArgs e)
        {
            lblMsg.Text = "";
            string strUser  = strSafeSqlLiteral(useremail.Text.ToString().Trim(), 255);
            string strpin   = strSafeSqlLiteral(userpin.Text.ToString().Trim(), 4);
            string strPass  = strSafeSqlLiteral(userpassword.Text.ToString().Trim(), 127);
            string strPassC = strSafeSqlLiteral(userpasswordC.Text.ToString().Trim(), 127);

            if (!IsValidPIN(strpin))
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-200, Error: Invalid PIN, 4 digits please!";
                return;
            }

            if (!IsComplexPassword(strPass))
            {
                // at least change the message and write to app event log
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-210, Error: Make sure the new password contains numeric, upper and lower case characters and is at least 8 characters long.";
                return;
            }


            if ((strPass != strPassC) || (strPass == "") || (strPass.Length < 8) || (strpin.Length != 4) || (strUser.Length < 5))
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-220, Error: Required fields are missing, or Password and Password Confirmation do not match, or bad PIN, try again!";
                return;
            }

            if ((strUser.Length > 0) && (!Regex.IsMatch(strUser, @"\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}\b")))
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-230, Error: Invalid User.";
                return;
            }

            string strIPAddress = Request.ServerVariables["REMOTE_ADDR"].ToString().Trim();

            if (strIPAddress.Length > 20)
            {
                strIPAddress = strIPAddress.Substring(0, 20);
            }

            SDSheriffUtils.SDSheriffCrypto SDSheriffCrypto1 = new SDSheriffUtils.SDSheriffCrypto();

            string sPassEnc = SDSheriffCrypto1.Encrypt(strPass);
            string sPassDec = SDSheriffCrypto1.Decrypt(sPassEnc).ToString();
            //if (strPass != sPassDec) lblMsg.Text = "Enc/Dec not working";
            //else lblMsg.Text = "Success";

            DataSet ds1 = new DataSet();

            StringBuilder strCmd = new StringBuilder();

            strCmd.Append("SELECT * ");
            strCmd.Append("FROM TMHUsers ");
            strCmd.Append("WHERE UserName ='******'");

            db1.mv_OpenConnection2(strIPAddress);
            ds1 = db1.mds_ExecuteQuery(strCmd.ToString(), "tblUser");
            db1.mv_CloseConnection();
            // check to see if error occurred during database connection and sql command execution
            if (ds1 == null)
            {
                lblMsg.Text = "TMHSelf-240, Error: Error Occurred - (1) Database Error";
                return;
            }

            if (ds1.Tables["tblUser"].Rows.Count != 0)
            {
                lblMsg.Text = "TMHSelf-250, Error: A user account already exist for the email address you entered.";
                return;
            }

            else
            {
                try
                {
                    // register new user account
                    StringBuilder strCmd2 = new StringBuilder();

                    strCmd2.Append("INSERT INTO TMHUsers ([UserName],[PassWord],[CreatedWhen],[LastActivityDate],[Status],[PIN],[IP])");
                    strCmd2.Append("VALUES ('" + strUser + "','" + sPassEnc + "', GETDATE(), GETDATE(),'A','" + strpin + "','" + strIPAddress + "')");
                    db1.mv_OpenConnection2(strIPAddress);
                    db1.mv_InsertOrUpdate(strCmd2.ToString());
                    db1.mv_CloseConnection();
                    // check to see if error occurred during database connection and sql command execution
                }
                catch (Exception ex)
                {
                    string strErr = ex.Message.ToString();
                    lblMsg.Text = "TMHSelf-260, Error: Error Occurred - (1) User Account not Created.";
                    return;
                }
            }

            msgVal.Attributes["class"] = "alert alert-info";
            lblMsg.Text          = "Your user account has been created, and you are logged in.";
            pnlAddUser.Visible   = false;
            pnlindexPage.Visible = true;

            HttpContext.Current.Session["TMHPasswordAccess"] = "Yes";
            HttpContext.Current.Session["TMHUser"]           = strUser;
            HttpContext.Current.Session["TMHUserPIN"]        = strpin;

            // need internal user id saved in the session variable for inserting new TMH cases for the user
            HttpContext.Current.Session["TMHUserId"] = strGetUserId(strUser);

            // Create the forms authetication ticket
            FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, strUser, DateTime.Now
                                                                                 , DateTime.Now.AddMinutes(300), false, String.Empty, FormsAuthentication.FormsCookiePath);

            string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

            // Create a cookie and add the encrypted ticket to the cookie as data.
            HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

            // Add the cookie to the outgoing cookies collection.
            Response.Cookies.Add(authCookie);

            if (Request.QueryString["ReturnUrl"] != null)
            {
                FormsAuthentication.RedirectFromLoginPage(strUser, false);
                //Response.Redirect("default.aspx");
            }
        }