private void btLogin_Click(object sender, System.EventArgs e) { string sUserData; string[] roles; string roleStr = ""; DataTable dtGroups = null; int iReturn; try { user = new clsUsers(); user.sEmail = tbEmail.Text; user.sPass = tbPassword.Text; iReturn = user.Authenticate(); switch(iReturn) { case 0: lbErr.Visible = false; sUserData = user.iId.Value.ToString() + ":" + user.iOrgId.Value.ToString(); dtGroups = user.GetUserGroupsList(); foreach (DataRow dr in dtGroups.Rows) { roleStr += String.Format("{0};", dr["vchDesc"]); } roleStr = roleStr.Remove(roleStr.Length - 1, 1); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, sUserData, DateTime.Now, DateTime.Now.AddHours(1), false, roleStr ); roles = roleStr.Split(new char[] {';'}); string cookieStr = FormsAuthentication.Encrypt(ticket); Response.Cookies["bfp_roles"].Value = cookieStr; Response.Cookies["bfp_roles"].Path = "/"; Response.Cookies["bfp_roles"].Expires = DateTime.Now.AddHours(1); FormsAuthentication.SetAuthCookie(sUserData, true); Response.Redirect("main.aspx", false); break; case 1: tblLogin.Rows[0].Visible = true; tblLogin.Rows[1].Visible = true; tblLogin.Rows[2].Visible = false; tblLogin.Rows[3].Visible = false; tblLogin.Rows[4].Visible = false; ViewState["UserId"] = user.iId.Value; dgOrgs.DataSource = new DataView(user.GetOrgListFromUser()); dgOrgs.DataBind(); lbErr.Visible = false; break; case -1: lbErr.Visible = true; break; default: lbErr.Visible = true; break; } } catch(Exception ex) { _functions.Log(ex, "", "default.aspx.cs"); lbErr.Visible = true; lbErr.Text = ex.Message; } finally { if(user != null) { user.Dispose(); } } }
/// <summary> /// Login /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void btLogin_Click(object sender, System.EventArgs e) { string sUserData; string[] roles; string roleStr = ""; DataTable dtGroups = null; int iReturn; try { lbErr.Visible = false; user = new clsUsers(); user.sEmail = tbEmail.Text; // User authenticating if(user.Authenticate() == -1) { lbErr.Visible = true; } else { if(!user.bActiveStatus.Value) { lbErr.Visible = true; lbErr.Text = _functions.ErrorMessage(202); return; } string dbPasswordHash = user.sPass.Value; string salt = user.sSalt.Value; // Now take the salt and the password entered by the user // and concatenate them together. string passwordAndSalt = String.Concat(tbPassword.Text, salt); // Now hash them string hashedPasswordAndSalt = FormsAuthentication.HashPasswordForStoringInConfigFile( passwordAndSalt, "SHA1"); // Now verify them. Returns true if they are equal if(!hashedPasswordAndSalt.Equals(dbPasswordHash)) { lbErr.Visible = true; } else { // Getting info about user iReturn = user.LoginInfo(); switch(iReturn) { case 0: Response.Cookies["bfp_logo"].Value = user.sLogo.Value; Response.Cookies["bfp_logo"].Path = "/"; Response.Cookies["bfp_logo"].Expires = DateTime.Now.AddYears(1); // The authenticate was done successfully lbErr.Visible = false; // Creating the user's identifying string sUserData = user.iId.Value.ToString() + ":" + user.iOrgId.Value.ToString(); // creating the roles's string for user from groups list dtGroups = user.GetUserGroupsList(); foreach (DataRow dr in dtGroups.Rows) { roleStr += String.Format("{0};", dr["vchDesc"]); } roleStr = roleStr.Remove(roleStr.Length - 1, 1); // creating a ticket for user with his roles FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, sUserData, DateTime.Now, DateTime.Now.AddYears(1), false, roleStr ); roles = roleStr.Split(new char[] {';'}); // encrypting ticket for setting to cookie string cookieStr = FormsAuthentication.Encrypt(ticket); Response.Cookies["bfp_roles"].Value = cookieStr; Response.Cookies["bfp_roles"].Path = "/"; Response.Cookies["bfp_roles"].Expires = DateTime.Now.AddYears(1); // setting the user's identifying string to cookie FormsAuthentication.SetAuthCookie(sUserData, true); if(Request.QueryString["ReturnUrl"] != null) Response.Redirect(Request.QueryString["ReturnUrl"], false); else Response.Redirect("selectMode.aspx", false); break; case 1: // if there are many organization for current user then we are showing they on screen for choosing tblLogin.Rows[0].Visible = true; tblLogin.Rows[1].Visible = true; tblLogin.Rows[2].Visible = false; tblLogin.Rows[3].Visible = false; tblLogin.Rows[4].Visible = false; ViewState["UserId"] = user.iId.Value; dgOrgs.DataSource = new DataView(user.GetOrgListFromUser()); dgOrgs.DataBind(); lbErr.Visible = false; break; case -1: lbErr.Visible = true; break; default: lbErr.Visible = true; break; } } } } catch(Exception ex) { _functions.Log(ex, "", SourcePageName); lbErr.Visible = true; lbErr.Text = ex.Message; } finally { if(user != null) { user.Dispose(); } } }