protected void btnLogin_Click(object sender, EventArgs e)
{
lblMsg.Text = "";
string strUser = strSafeSqlLiteral(useremail.Text.ToString(), 255);
string strPass = strSafeSqlLiteral(userpassword.Text.ToString(), 127);
if ((strUser.Length > 0) && (!Regex.IsMatch(strUser, @"\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}\b")))
{
//lblMsg.ForeColor = System.Drawing.Color.Red;
msgVal.Attributes["class"] = "alert alert-danger";
lblMsg.Text = "TMHSelf-100, Invalid User.";
return;
}
if ((strPass.Length < 8) || (strUser.Length < 5))
{
//lblMsg.ForeColor = System.Drawing.Color.Red;
msgVal.Attributes["class"] = "alert alert-danger";
lblMsg.Text = "TMHSelf-110, No user account found, or bad password.";
return;
}
string strIPAddress = Request.ServerVariables["REMOTE_ADDR"].ToString().Trim();
if (strIPAddress.Length > 20)
{
strIPAddress = strIPAddress.Substring(0, 20);
}
SDSheriffUtils.SDSheriffCrypto SDSheriffCrypto1 = new SDSheriffUtils.SDSheriffCrypto();
string sPassEnc = SDSheriffCrypto1.Encrypt(strPass);
string sPassDec = SDSheriffCrypto1.Decrypt(sPassEnc).ToString();
//if (strPass != sPassDec) lblMsg.Text = "Enc/Dec not working";
//else lblMsg.Text = "Success";
DataSet ds1 = new DataSet();
StringBuilder strCmd = new StringBuilder();
strCmd.Append("SELECT * ");
strCmd.Append("FROM TMHUsers ");
strCmd.Append("WHERE UserName ='******' AND PassWord = '******' AND STATUS in ('A', 'X')");
db1.mv_OpenConnection2(strIPAddress);
ds1 = db1.mds_ExecuteQuery(strCmd.ToString(), "tblUser");
db1.mv_CloseConnection();
// check to see if error occurred during database connection and sql cmd execution
if (ds1 == null)
{
//lblMsg.ForeColor = System.Drawing.Color.Red;
msgVal.Attributes["class"] = "alert alert-danger";
lblMsg.Text = "TMHSelf-120, Error Occurred - (1) Database Error";
return;
}
if (ds1.Tables["tblUser"].Rows.Count == 0)
{
//lblMsg.ForeColor = System.Drawing.Color.Red;
msgVal.Attributes["class"] = "alert alert-danger";
lblMsg.Text = "TMHSelf-130, Bad user account or password!";
return;
}
if (ds1.Tables["tblUser"].Rows.Count > 1)
{
//lblMsg.ForeColor = System.Drawing.Color.Red;
msgVal.Attributes["class"] = "alert alert-danger";
lblMsg.Text = "TMHSelf-140, Multiple user accounts found - Error.";
return;
}
HttpContext.Current.Session["TMHPasswordAccess"] = "Yes";
HttpContext.Current.Session["TMHUser"] = strUser;
// need internal user id saved in the session variable for inserting new TMH cases for the user
HttpContext.Current.Session["TMHUserId"] = ds1.Tables["tblUser"].Rows[0]["UserId"].ToString().Trim();
HttpContext.Current.Session["TMHUserPIN"] = ds1.Tables["tblUser"].Rows[0]["PIN"].ToString().Trim();
try
{
// reset user IP address with the current IP address
StringBuilder strCmd2 = new StringBuilder();
strCmd2.Append("UPDATE TMHUsers SET [IP] = '" + strIPAddress + "', ");
strCmd2.Append("[LastActivityDate] = GETDATE() ");
strCmd2.Append("WHERE [UserName] = '" + strUser + "'");
db1.mv_OpenConnection2(strIPAddress);
db1.mv_InsertOrUpdate(strCmd2.ToString());
db1.mv_CloseConnection();
// check to see if error occurred during database connection and sql command execution
}
catch (Exception ex)
{
string strErr = ex.Message.ToString();
//lblMsg.ForeColor = System.Drawing.Color.Red;
msgVal.Attributes["class"] = "alert alert-danger";
lblMsg.Text = "TMHSelf-150, Login Error, Take Me Home is not available at this time, Please try later.";
return;
}
string strUserStatus = ds1.Tables["tblUser"].Rows[0]["Status"].ToString().Trim();
if (userremember.Checked)
{
HttpCookie LoginCookie = new HttpCookie("TMHUserId");
LoginCookie.Values.Add("UserName", useremail.Text.ToString().Trim());
LoginCookie.Expires = DateTime.Now.AddYears(100);
Response.Cookies.Add(LoginCookie);
}
// Create the forms authetication ticket
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, useremail.Text, DateTime.Now
, DateTime.Now.AddMinutes(300), false, String.Empty, FormsAuthentication.FormsCookiePath);
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket to the cookie as data.
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
if (Request.QueryString["ReturnUrl"] != null)
{
FormsAuthentication.RedirectFromLoginPage(useremail.Text, false);
//Response.Redirect("default.aspx");
}
if (strUserStatus == "X")
{
Server.Transfer("ChangePass.aspx");
}
else
{
Server.Transfer("default.aspx");
}
}
//---------------------------- Method ---------------------------------------
protected void btnChangePass_Click(object sender, EventArgs e)
{
lblMsg.Text = "";
string strUser = strSafeSqlLiteral(useremail.Text.ToString(), 255);
string strPassOld = strSafeSqlLiteral(userpasswordOld.Text.ToString(), 127);
string strPassNew = strSafeSqlLiteral(userpasswordNew.Text.ToString(), 127);
string strPassNewC = strSafeSqlLiteral(userpasswordNewC.Text.ToString(), 127);
if (!IsComplexPassword(strPassNew))
{
// at least change the message and write to app event log
//lblMsg.ForeColor = System.Drawing.Color.Red;
msgVal.Attributes["class"] = "alert alert-danger";
lblMsg.Text = "TMHSelf-300, Error: Make sure the new password contains numeric, upper and lower case characters and is at least 8 characters long.";
return;
}
if (strPassNew.Length < 8)
{
//lblMsg.ForeColor = System.Drawing.Color.Red;
msgVal.Attributes["class"] = "alert alert-danger";
lblMsg.Text = "TMHSelf-310, Error: New password length is less than 8 characters long, Please try again.";
return;
}
if (strPassNew != strPassNewC)
{
//lblMsg.ForeColor = System.Drawing.Color.Red;
msgVal.Attributes["class"] = "alert alert-danger";
lblMsg.Text = "TMHSelf-320, Error: New password and confirm password do not match, Please try again.";
return;
}
string strIPAddress = Request.ServerVariables["REMOTE_ADDR"].ToString().Trim();
if (strIPAddress.Length > 20)
{
strIPAddress = strIPAddress.Substring(0, 20);
}
SDSheriffUtils.SDSheriffCrypto SDSheriffCrypto1 = new SDSheriffUtils.SDSheriffCrypto();
string sPassEncOld = SDSheriffCrypto1.Encrypt(strPassOld);
string sPassDecOld = SDSheriffCrypto1.Decrypt(sPassEncOld).ToString();
//if (strPass != sPassDec) lblMsg.Text = "Enc/Dec not working";
//else lblMsg.Text = "Success";
DataSet ds1 = new DataSet();
StringBuilder strCmd = new StringBuilder();
strCmd.Append("SELECT * ");
strCmd.Append("FROM TMHUsers ");
strCmd.Append("WHERE [UserName] ='" + strUser + "' AND [PassWord] = '" + sPassEncOld + "' AND STATUS in ('A', 'X')");
db1.mv_OpenConnection2(strIPAddress);
ds1 = db1.mds_ExecuteQuery(strCmd.ToString(), "tblUser");
db1.mv_CloseConnection();
// check to see if error occurred during database connection and sql execution
if (ds1 == null)
{
msgVal.Attributes["class"] = "alert alert-danger";
lblMsg.Text = "TMHSelf-330, Error: Database Error";
return;
}
if (ds1.Tables["tblUser"].Rows.Count == 0)
{
msgVal.Attributes["class"] = "alert alert-danger";
lblMsg.Text = "TMHSelf-340, Error: No user account found, or old password bad, Please try again.";
return;
}
string sPassEncNew = SDSheriffCrypto1.Encrypt(strPassNew);
try
{
// change user password with the new password selected by the user
StringBuilder strCmd2 = new StringBuilder();
strCmd2.Append("UPDATE TMHUsers SET [PassWord] = " + "'" + sPassEncNew + "', ");
strCmd2.Append("[LastActivityDate] = GETDATE(), [Status] = 'A', ");
strCmd2.Append("[IP] = '" + strIPAddress + "' ");
strCmd2.Append("WHERE [UserName] = '" + strUser + "' AND [PassWord] = '" + sPassEncOld + "'");
db1.mv_OpenConnection2(strIPAddress);
db1.mv_InsertOrUpdate(strCmd2.ToString());
db1.mv_CloseConnection();
// check to see if error occurred during database connection and sql command execution
}
catch (Exception ex)
{
//lblMsg.ForeColor = System.Drawing.Color.Red;
msgVal.Attributes["class"] = "alert alert-danger";
string strErr = ex.Message.ToString();
lblMsg.Text = "TMHSelf-350, Error: Your Password was not changed!";
return;
}
//lblMsg.ForeColor = System.Drawing.Color.Black;
msgVal.Attributes["class"] = "alert alert-success";
lblMsg.Text = "Your password has been changed.";
pnlChangePass.Visible = false;
pnlindexPage.Visible = true;
}
//---------------------------- Method ---------------------------------------
protected void btnAddUser_Click(object sender, EventArgs e)
{
lblMsg.Text = "";
string strUser = strSafeSqlLiteral(useremail.Text.ToString().Trim(), 255);
string strpin = strSafeSqlLiteral(userpin.Text.ToString().Trim(), 4);
string strPass = strSafeSqlLiteral(userpassword.Text.ToString().Trim(), 127);
string strPassC = strSafeSqlLiteral(userpasswordC.Text.ToString().Trim(), 127);
if (!IsValidPIN(strpin))
{
//lblMsg.ForeColor = System.Drawing.Color.Red;
msgVal.Attributes["class"] = "alert alert-danger";
lblMsg.Text = "TMHSelf-200, Error: Invalid PIN, 4 digits please!";
return;
}
if (!IsComplexPassword(strPass))
{
// at least change the message and write to app event log
//lblMsg.ForeColor = System.Drawing.Color.Red;
msgVal.Attributes["class"] = "alert alert-danger";
lblMsg.Text = "TMHSelf-210, Error: Make sure the new password contains numeric, upper and lower case characters and is at least 8 characters long.";
return;
}
if ((strPass != strPassC) || (strPass == "") || (strPass.Length < 8) || (strpin.Length != 4) || (strUser.Length < 5))
{
//lblMsg.ForeColor = System.Drawing.Color.Red;
msgVal.Attributes["class"] = "alert alert-danger";
lblMsg.Text = "TMHSelf-220, Error: Required fields are missing, or Password and Password Confirmation do not match, or bad PIN, try again!";
return;
}
if ((strUser.Length > 0) && (!Regex.IsMatch(strUser, @"\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}\b")))
{
//lblMsg.ForeColor = System.Drawing.Color.Red;
msgVal.Attributes["class"] = "alert alert-danger";
lblMsg.Text = "TMHSelf-230, Error: Invalid User.";
return;
}
string strIPAddress = Request.ServerVariables["REMOTE_ADDR"].ToString().Trim();
if (strIPAddress.Length > 20)
{
strIPAddress = strIPAddress.Substring(0, 20);
}
SDSheriffUtils.SDSheriffCrypto SDSheriffCrypto1 = new SDSheriffUtils.SDSheriffCrypto();
string sPassEnc = SDSheriffCrypto1.Encrypt(strPass);
string sPassDec = SDSheriffCrypto1.Decrypt(sPassEnc).ToString();
//if (strPass != sPassDec) lblMsg.Text = "Enc/Dec not working";
//else lblMsg.Text = "Success";
DataSet ds1 = new DataSet();
StringBuilder strCmd = new StringBuilder();
strCmd.Append("SELECT * ");
strCmd.Append("FROM TMHUsers ");
strCmd.Append("WHERE UserName ='******'");
db1.mv_OpenConnection2(strIPAddress);
ds1 = db1.mds_ExecuteQuery(strCmd.ToString(), "tblUser");
db1.mv_CloseConnection();
// check to see if error occurred during database connection and sql command execution
if (ds1 == null)
{
lblMsg.Text = "TMHSelf-240, Error: Error Occurred - (1) Database Error";
return;
}
if (ds1.Tables["tblUser"].Rows.Count != 0)
{
lblMsg.Text = "TMHSelf-250, Error: A user account already exist for the email address you entered.";
return;
}
else
{
try
{
// register new user account
StringBuilder strCmd2 = new StringBuilder();
strCmd2.Append("INSERT INTO TMHUsers ([UserName],[PassWord],[CreatedWhen],[LastActivityDate],[Status],[PIN],[IP])");
strCmd2.Append("VALUES ('" + strUser + "','" + sPassEnc + "', GETDATE(), GETDATE(),'A','" + strpin + "','" + strIPAddress + "')");
db1.mv_OpenConnection2(strIPAddress);
db1.mv_InsertOrUpdate(strCmd2.ToString());
db1.mv_CloseConnection();
// check to see if error occurred during database connection and sql command execution
}
catch (Exception ex)
{
string strErr = ex.Message.ToString();
lblMsg.Text = "TMHSelf-260, Error: Error Occurred - (1) User Account not Created.";
return;
}
}
msgVal.Attributes["class"] = "alert alert-info";
lblMsg.Text = "Your user account has been created, and you are logged in.";
pnlAddUser.Visible = false;
pnlindexPage.Visible = true;
HttpContext.Current.Session["TMHPasswordAccess"] = "Yes";
HttpContext.Current.Session["TMHUser"] = strUser;
HttpContext.Current.Session["TMHUserPIN"] = strpin;
// need internal user id saved in the session variable for inserting new TMH cases for the user
HttpContext.Current.Session["TMHUserId"] = strGetUserId(strUser);
// Create the forms authetication ticket
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, strUser, DateTime.Now
, DateTime.Now.AddMinutes(300), false, String.Empty, FormsAuthentication.FormsCookiePath);
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket to the cookie as data.
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
if (Request.QueryString["ReturnUrl"] != null)
{
FormsAuthentication.RedirectFromLoginPage(strUser, false);
//Response.Redirect("default.aspx");
}
}