protected void UpdateLogout(bool hideHeader) { bool isLoggedIn = Session["IsLoggedIn"] != null && Convert.ToBoolean(Session["IsLoggedIn"]); bool isStakeholder = Session["IsStakeholder"] != null && Convert.ToBoolean(Session["IsStakeholder"]); bool isMasterAdmin = Session["IsMasterAdmin"] != null && Convert.ToBoolean(Session["IsMasterAdmin"]); bool isAdmin = Session["IsAdmin"] != null && Convert.ToBoolean(Session["IsAdmin"]); bool isPrincipal = Session["IsPrincipal"] != null && Convert.ToBoolean(Session["IsPrincipal"]); bool isAdminView = isStakeholder || isMasterAdmin || isAdmin; if (!isLoggedIn) { Logout(hideHeader); return; } // if another session logged in - logout here if (!(new List <int> { -5, -7, -8 }).Contains((int)Session["StaffID"])) { UserLogin userlogin = (Session["PatientID"] == null) ? UserLoginDB.GetByUserID(Convert.ToInt32(Session["StaffID"]), -1) : UserLoginDB.GetByUserID(-1, Convert.ToInt32(Session["StaffID"])); if (userlogin == null || userlogin.SessionID != HttpContext.Current.Session.SessionID.ToString()) { Logout(hideHeader); return; } if (Session["SiteID"] == null && !HttpContext.Current.Request.Url.LocalPath.Contains("/Account/LoginV2.aspx") && !HttpContext.Current.Request.Url.LocalPath.Contains("/Account/LogoutV2.aspx") && !HttpContext.Current.Request.Url.LocalPath.Contains("/Account/SelectSiteV2.aspx")) { Response.Redirect("~/Account/SelectSiteV2.aspx?from_url=" + Request.RawUrl); } if (!isAdminView && Session["OrgID"] == null && !HttpContext.Current.Request.Url.LocalPath.Contains("/Account/Login.aspx") && !HttpContext.Current.Request.Url.LocalPath.Contains("/Account/Logout.aspx") && !HttpContext.Current.Request.Url.LocalPath.Contains("/Account/SelectOrg.aspx") && !HttpContext.Current.Request.Url.LocalPath.Contains("/Account/SelectSite.aspx")) { Response.Redirect("~/Account/SelectOrgV2.aspx?from_url=" + Request.RawUrl); } if (!(new List <int> { -5, -7, -8 }).Contains((int)Session["StaffID"])) { UserLoginDB.UpdateLastAccessTime(userlogin.UserloginID, DateTime.Now, Request.RawUrl.Contains("/Account/Logout.aspx") ? "" : Request.RawUrl); } } }
protected void UpdateLogout(bool hideHeader) { UserView userView = UserView.GetInstance(); if (!userView.IsLoggedIn) { Logout(hideHeader); return; } // if another session logged in - logout here if (Session["StaffID"] == null || !(new List <int> { -5, -7, -8 }).Contains((int)Session["StaffID"])) { UserLogin userlogin = null; if (HttpContext.Current.Session != null && HttpContext.Current.Session["DB"] != null) { userlogin = !userView.IsPatient ? UserLoginDB.GetByUserID(Convert.ToInt32(Session["StaffID"]), -1) : UserLoginDB.GetByUserID(-1, Convert.ToInt32(Session["PatientID"])); } if (userlogin == null || userlogin.SessionID != HttpContext.Current.Session.SessionID.ToString()) { Logout(hideHeader); return; } if (Session["SiteID"] == null && !HttpContext.Current.Request.Url.LocalPath.Contains("/Account/LoginV2.aspx") && !HttpContext.Current.Request.Url.LocalPath.Contains("/Account/LogoutV2.aspx") && !HttpContext.Current.Request.Url.LocalPath.Contains("/Account/SelectSiteV2.aspx")) { Response.Redirect("~/Account/SelectSiteV2.aspx?from_url=" + Request.RawUrl); } if (!userView.IsAdminView && Session["OrgID"] == null && !HttpContext.Current.Request.Url.LocalPath.Contains("/Account/LoginV2.aspx") && !HttpContext.Current.Request.Url.LocalPath.Contains("/Account/LogoutV2.aspx") && !HttpContext.Current.Request.Url.LocalPath.Contains("/Account/SelectOrgV2.aspx") && !HttpContext.Current.Request.Url.LocalPath.Contains("/Account/SelectSiteV2.aspx")) { Response.Redirect("~/Account/SelectOrgV2.aspx?from_url=" + Request.RawUrl); } UserLoginDB.UpdateLastAccessTime(userlogin.UserloginID, DateTime.Now, Request.RawUrl.Contains("/Account/Logout.aspx") ? "" : Request.RawUrl); } }
private void LogIn(string login, string pwd) { try { Session.Remove("DB"); if (Convert.ToBoolean(ConfigurationManager.AppSettings["UseConfigDB"])) { Session["DB"] = ConfigurationManager.AppSettings["Database"]; } else // Get DB from Mediclinic_Main { UserDatabaseMapper user = UserDatabaseMapperDB.GetByLogin(login); if (user == null) { this.FailureText.Text = "<div class=\"alert alert-danger\" runat=\"server\"><strong>Login Failed.</strong> Please ensure that your username and password are correct and try again.</div>"; return; } Session["DB"] = user.DBName; } Staff staff = StaffDB.GetByLogin(login); Patient patient = PatientDB.GetByLogin(login); bool allowPatientLogins = Convert.ToInt32(SystemVariableDB.GetByDescr("AllowPatientLogins").Value) == 1; bool validStaff = staff != null && staff.Pwd == pwd && !staff.IsFired; bool validPatient = allowPatientLogins && patient != null && patient.Pwd == pwd && !patient.IsDeleted; if (validStaff) { UserLogin curLogin = UserLoginDB.GetCurLoggedIn(staff.StaffID, -1, HttpContext.Current.Session.SessionID, -1); if (curLogin != null) { UserLoginDB.UpdateLastAccessTime(curLogin.UserloginID, DateTime.Now, Request.RawUrl); UserLoginDB.UpdateSetOtherSessionsOfThisUserLoggedOut(curLogin.UserloginID, staff.StaffID, -1); } else { UserLoginDB.UpdateSetAllSessionsLoggedOut(staff.StaffID, -1); UserLoginDB.Insert((staff == null) ? -1 : staff.StaffID, -1, login, -1, validStaff, HttpContext.Current.Session.SessionID, Request.UserHostAddress); } this.FailureText.Text = ""; Session["IsLoggedIn"] = true; Session["IsStakeholder"] = staff.IsStakeholder; Session["IsMasterAdmin"] = staff.IsMasterAdmin; Session["IsAdmin"] = staff.IsAdmin; Session["IsPrincipal"] = staff.IsPrincipal; Session["IsProvider"] = staff.IsProvider; Session["IsExternal"] = staff.IsExternal; Session["StaffID"] = staff.StaffID; Session["StaffFullnameWithoutMiddlename"] = staff.Person.FullnameWithoutMiddlename; Session["StaffFirstname"] = staff.Person.Firstname; Session["NumDaysToDisplayOnBookingScreen"] = staff.NumDaysToDisplayOnBookingScreen; Session["HideBookingNotes"] = staff.HideBookingNotes; Session["ShowOtherProvidersOnBookingScreen"] = false; Session["ShowHeaderOnBookingScreen"] = staff.ShowHeaderOnBookingScreen; Session["SystemVariables"] = SystemVariableDB.GetAll(); Session["OfferingColors"] = OfferingDB.GetColorCodes(); System.Web.Security.FormsAuthentication.SetAuthCookie("--", true); // needed to use forms authentication UserView userView = UserView.GetInstance(); Site[] allowedSites = StaffSiteRestrictionDB.GetSitesNotRestricted(staff.StaffID, -1, false); // // until aged care is running, remove aged care from display // /* * System.Collections.ArrayList list = new System.Collections.ArrayList(); * for (int i = 0; i < allowedSites.Length; i++) * if (allowedSites[i].SiteType.ID == 1 || Utilities.IsDev()) * list.Add(allowedSites[i]); * allowedSites = (Site[])list.ToArray(typeof(Site)); */ Site[] allSites = SiteDB.GetAll(); if (allowedSites.Length == 0 && allSites.Length == 1) { Session["SiteID"] = allSites[0].SiteID; Session["SiteName"] = allSites[0].Name; Session["IsMultipleSites"] = false; Session["SiteIsClinic"] = allSites[0].SiteType.ID == 1; Session["SiteIsAgedCare"] = allSites[0].SiteType.ID == 2; Session["SiteIsGP"] = allSites[0].SiteType.ID == 3; Session["SiteTypeID"] = allSites[0].SiteType.ID; Session["SiteTypeDescr"] = allSites[0].SiteType.Descr; UserLoginDB.UpdateSite(staff.StaffID, -1, allSites[0].SiteID); if (!userView.IsAdminView) // need to choose org { if (Session["OrgID"] == null) // providers need to select an org, need to choose one { Response.Redirect("~/Account/SelectOrgV2.aspx" + GetUrlCarryOverParams(), false); return; } } } if (allowedSites.Length == 1) { Session["SiteID"] = allowedSites[0].SiteID; Session["SiteName"] = allowedSites[0].Name; Session["IsMultipleSites"] = false; Session["SiteIsClinic"] = allowedSites[0].SiteType.ID == 1; Session["SiteIsAgedCare"] = allowedSites[0].SiteType.ID == 2; Session["SiteIsGP"] = allowedSites[0].SiteType.ID == 3; Session["SiteTypeID"] = allowedSites[0].SiteType.ID; Session["SiteTypeDescr"] = allowedSites[0].SiteType.Descr; UserLoginDB.UpdateSite(staff.StaffID, -1, allowedSites[0].SiteID); if (!userView.IsAdminView) // need to choose org { if (Session["OrgID"] == null) // providers need to select an org, need to choose one { Response.Redirect("~/Account/SelectOrgV2.aspx" + GetUrlCarryOverParams(), false); return; } } } else // if more than one site, go to choose. if no sites this page will say to contact admin { if (Session["SiteID"] == null) // admins if yet to login to a site, need to choose one { Session["IsMultipleSites"] = true; Response.Redirect("~/Account/SelectSiteV2.aspx" + GetUrlCarryOverParams(), false); return; } } /* * * if (!staff.IsAdmin) * { * // provs only login to clinic site * Site site = SiteDB.GetByID(2); * Session["SiteID"] = site.SiteID; * Session["SiteName"] = site.Name; * * if (Session["OrgID"] == null) // providers et to login to select an org, need to choose one * { * if (Request.QueryString["from_url"] != null) * { * Response.Redirect("~/Account/SelectOrgV2.aspx?" + Request.RawUrl.Substring(Request.RawUrl.IndexOf("from_url=")), false); * return; * } * else * { * Response.Redirect("~/Account/SelectOrgV2.aspx", false); * return; * } * } * } * else * { * if (Session["SiteID"] == null) // admins if yet to login to a site, need to choose one * { * if (Request.QueryString["from_url"] != null) * { * Response.Redirect("~/Account/SelectSiteV2.aspx?" + Request.RawUrl.Substring(Request.RawUrl.IndexOf("from_url=")), false); * return; * } * else * { * Response.Redirect("~/Account/SelectSiteV2.aspx", false); * return; * } * } * } * */ if (Request.QueryString["from_url"] != null) { Response.Redirect(Server.UrlDecode(Request.RawUrl.Substring(Request.RawUrl.IndexOf("from_url=") + 9)), false); return; } else { Response.Redirect(Convert.ToInt32(Session["StaffID"]) >= 0 ? "~/Default.aspx" : "~/StaffLoginsV2.aspx", false); return; } } else if (validPatient) { UserLogin curLogin = UserLoginDB.GetCurLoggedIn(-1, patient.PatientID, HttpContext.Current.Session.SessionID, -1); if (curLogin != null) { UserLoginDB.UpdateLastAccessTime(curLogin.UserloginID, DateTime.Now, Request.RawUrl); UserLoginDB.UpdateSetOtherSessionsOfThisUserLoggedOut(curLogin.UserloginID, -1, patient.PatientID); } else { UserLoginDB.UpdateSetAllSessionsLoggedOut(-1, patient.PatientID); UserLoginDB.Insert(-1, (patient == null) ? -1 : patient.PatientID, login, -1, validPatient, HttpContext.Current.Session.SessionID, Request.UserHostAddress); } this.FailureText.Text = ""; Session["IsLoggedIn"] = true; Session["IsStakeholder"] = false; Session["IsMasterAdmin"] = false; Session["IsAdmin"] = false; Session["IsPrincipal"] = false; Session["IsProvider"] = false; Session["IsExternal"] = false; Session["PatientID"] = patient.PatientID; Session["StaffFullnameWithoutMiddlename"] = patient.Person.FullnameWithoutMiddlename; Session["StaffFirstname"] = patient.Person.Firstname; Session["NumDaysToDisplayOnBookingScreen"] = 3; Session["ShowOtherProvidersOnBookingScreen"] = false; Session["ShowHeaderOnBookingScreen"] = true; Session["SystemVariables"] = SystemVariableDB.GetAll(); Session["OfferingColors"] = OfferingDB.GetColorCodes(); System.Web.Security.FormsAuthentication.SetAuthCookie("--", true); // needed to use forms authentication Site[] allSites = SiteDB.GetAll(); Site[] allowedSites = SiteDB.GetAll(); // // remove aged care from display // System.Collections.ArrayList list = new System.Collections.ArrayList(); for (int i = 0; i < allSites.Length; i++) { if (allSites[i].SiteType.ID == 1) { list.Add(allSites[i]); } } allowedSites = (Site[])list.ToArray(typeof(Site)); if (allowedSites.Length == 0 && allSites.Length == 1) { Session["SiteID"] = allSites[0].SiteID; Session["SiteName"] = allSites[0].Name; Session["SiteIsClinic"] = allSites[0].SiteType.ID == 1; Session["SiteIsAgedCare"] = allSites[0].SiteType.ID == 2; Session["SiteIsGP"] = allSites[0].SiteType.ID == 3; Session["SiteTypeID"] = allSites[0].SiteType.ID; Session["SiteTypeDescr"] = allSites[0].SiteType.Descr; UserLoginDB.UpdateSite(-1, patient.PatientID, allSites[0].SiteID); if (Session["OrgID"] == null) // providers, ext staff, patient logins need to select an org, need to choose one { if (Request.QueryString["from_url"] != null) { string from_url = Server.UrlDecode(Request.RawUrl.Substring(Request.RawUrl.IndexOf("from_url=") + 9)); if (from_url.Contains("BookingsV2.aspx?") && from_url.Contains("orgs=")) { Uri theRealURL = new Uri(HttpContext.Current.Request.Url.Scheme + "://" + HttpContext.Current.Request.Url.Authority + from_url); string orgs = HttpUtility.ParseQueryString(theRealURL.Query).Get("orgs"); if (Regex.IsMatch(orgs, @"^\d+$")) { Organisation org = OrganisationDB.GetByID(Convert.ToInt32(orgs)); if (org != null) { Session["OrgID"] = org.OrganisationID.ToString(); Session["OrgName"] = org.Name; Response.Redirect(from_url, false); return; } } } } Response.Redirect("~/Account/SelectOrgV2.aspx" + GetUrlCarryOverParams(), false); return; } } if (allowedSites.Length == 1) { Session["SiteID"] = allowedSites[0].SiteID; Session["SiteName"] = allowedSites[0].Name; Session["SiteIsClinic"] = allowedSites[0].SiteType.ID == 1; Session["SiteIsAgedCare"] = allowedSites[0].SiteType.ID == 2; Session["SiteIsGP"] = allowedSites[0].SiteType.ID == 3; Session["SiteTypeID"] = allowedSites[0].SiteType.ID; Session["SiteTypeDescr"] = allowedSites[0].SiteType.Descr; UserLoginDB.UpdateSite(-1, patient.PatientID, allowedSites[0].SiteID); if (Session["OrgID"] == null) // providers need to select an org, need to choose one { if (Request.QueryString["from_url"] != null) { string from_url = Server.UrlDecode(Request.RawUrl.Substring(Request.RawUrl.IndexOf("from_url=") + 9)); if (from_url.Contains("BookingsV2.aspx?") && from_url.Contains("orgs=")) { Uri theRealURL = new Uri(HttpContext.Current.Request.Url.Scheme + "://" + HttpContext.Current.Request.Url.Authority + from_url); string orgs = HttpUtility.ParseQueryString(theRealURL.Query).Get("orgs"); if (Regex.IsMatch(orgs, @"^\d+$")) { Organisation org = OrganisationDB.GetByID(Convert.ToInt32(orgs)); if (org != null) { Session["OrgID"] = org.OrganisationID.ToString(); Session["OrgName"] = org.Name; Response.Redirect(from_url, false); return; } } } } Response.Redirect("~/Account/SelectOrgV2.aspx" + GetUrlCarryOverParams(), false); return; } } else // if more than one site, go to choose. if no sites this page will say to contact admin { if (Session["SiteID"] == null) // admins if yet to login to a site, need to choose one { Response.Redirect("~/Account/SelectSiteV2.aspx" + GetUrlCarryOverParams(), false); return; } } if (Request.QueryString["from_url"] != null) { Response.Redirect(Server.UrlDecode(Request.RawUrl.Substring(Request.RawUrl.IndexOf("from_url=") + 9)), false); return; } else { Response.Redirect(Convert.ToInt32(Session["StaffID"]) >= 0 ? "~/Default.aspx" : "~/StaffLoginsV2.aspx", false); return; } } else { //UserLoginDB.Insert((staff == null) ? -1 : staff.StaffID, login, -1, validStaff, HttpContext.Current.Session.SessionID, Request.UserHostAddress); this.FailureText.Text = "Login Failed."; } } catch (Exception ex) { Logger.LogException(ex); if (Utilities.IsDev()) { FailureText.Text = ex.ToString(); } else { throw; } } }