public static bool ChangePassword(User u, string currPassword, string newPassword)
{
if( Hash.GetHash( currPassword + u.PasswordSalt, Config.Manager.Framework.Security.Authentication.HashingMethod ?? "sha512", Encoding.UTF8, "hex" ) != u.Password )
return false;
u.PasswordSalt = GetRandomSalt();
u.Password = Hash.GetHash( newPassword + u.PasswordSalt, Config.Manager.Framework.Security.Authentication.HashingMethod ?? "sha512", Encoding.UTF8, "hex" );
u.Save();
return true;
}
public static User CreateUser(string username, string password, string email, out string error)
{
error = "";
var u = new User();
u.Username = username;
u.Email = email;
u.ResetPasswordGuid = Guid.Empty;
u.LastLogin = DateTime.Now;
string salt = GetRandomSalt();
u.PasswordSalt = salt;
u.Password = Hash.GetHash( password + salt, Config.Manager.Framework.Security.Authentication.HashingMethod ?? "sha512", Encoding.UTF8, "hex" );
u.Save();
return u;
}
public static ReturnObject Profile(HttpContext context, long id, string email, string current_password = null, string new_password = null, string confirm_password = null)
{
var item = new Framework.Security.User( id );
if( id != Framework.Security.Manager.GetUser().ID.Value )
return new ReturnObject() { Error = true, Message = "Invalid user specified." };
item.Email = email;
item.Save();
if( !string.IsNullOrEmpty( current_password ) || !string.IsNullOrEmpty( new_password ) || !string.IsNullOrEmpty( confirm_password ) )
{
if( string.IsNullOrEmpty(current_password) )
return new ReturnObject() { Error = true, Message = "You must enter your current password to change your password." };
if( string.IsNullOrEmpty( new_password ) || string.IsNullOrEmpty( confirm_password ) )
return new ReturnObject() { Error = true, Message = "You must enter a new password and confirm it to change your password." };
if( new_password != confirm_password )
return new ReturnObject() { Error = true, Message = "Your new passwords do not match." };
if( !Framework.Security.Manager.ChangePassword(item,current_password,new_password) )
return new ReturnObject() { Error = true, Message = "You did not enter your current password correctly." };
}
var ret = new ReturnObject()
{
Result = item,
Growl = new ReturnGrowlObject()
{
Type = "default",
Vars = new ReturnGrowlVarsObject()
{
text = "You have successfully updated your profile.",
title = "Profile Saved"
}
}
};
return ret;
}
public override void Run()
{
Drug drug = new Drug(DrugId);
Prescriber prescriber = new Prescriber(PrescriberId);
User user = new User(prescriber.Profile.UserID);
StringBuilder message = new StringBuilder();
message.Append("Your certification for ");
message.Append(drug.GenericName);
message.Append(" needs to be renewed.");
Notification n = Lib.Systems.Notifications.NotificationService.Create(
"Certification renewal notice",
message.ToString(),
true,
Lib.Systems.Notifications.NotificationService.DataType.Drug,
DrugId);
Lib.Systems.Notifications.NotificationService.Send(n, user);
}
public static ReturnObject Edit( HttpContext context, long provider_id, long facility_id, long profile_id, string first_name, string last_name, string email, string phone,
string street_1, string city, string state, string zip, string npi, string state_id, long issuer, long speciality, long prescriber_type, string username, string password, string confirm_password, string street_2 = null, string fax = null)
{
UserProfile userProfile;
PrescriberProfile prescriberProfile;
Data.Prescriber prescriber;
Address address;
Contact contact;
Framework.Security.User user;
if (profile_id > 0)
{
prescriberProfile = new PrescriberProfile(profile_id);
prescriber = prescriberProfile.Prescriber;
userProfile = prescriber.Profile;
user = userProfile.User;
address = userProfile.PrimaryAddress;
contact = userProfile.PrimaryContact;
}
else
{
userProfile = new UserProfile();
userProfile.Created = DateTime.Now;
prescriberProfile = new PrescriberProfile();
prescriber = new Data.Prescriber();
contact = new Contact();
user = new Framework.Security.User();
address = new Address();
}
if (!user.ID.HasValue && string.IsNullOrEmpty(password))
{
return new ReturnObject()
{
Error = true,
StatusCode = 200,
Message = "If you are creating a new prescriber, you must enter a password."
};
}
if (!string.IsNullOrEmpty(password) )
{
if (password != confirm_password)
{
return new ReturnObject()
{
Error = true,
StatusCode = 200,
Message = "The passwords you entered do no match."
};
}
else
{
user.PasswordSalt = Framework.Security.Manager.GetRandomSalt();
user.Password = Framework.Security.Hash.GetSHA512(password + user.PasswordSalt);
}
}
user.Username = username;
user.Email = email;
user.Save();
IList<Framework.Security.Group> userGroups = user.GetGroups();
if(!userGroups.Any(x => x.ID == 2))
user.AddGroup(new Framework.Security.Group(2));
if(!userGroups.Any(x => x.ID == 3))
user.AddGroup(new Framework.Security.Group(3));
contact.Email = email;
contact.Phone = phone;
contact.FirstName = first_name;
contact.LastName = last_name;
contact.Save();
address.Street1 = street_1;
address.Street2 = street_2;
address.City = city;
address.State = state;
address.Zip = zip;
address.Country = "United States";
address.Save();
userProfile.UserID = user.ID.Value;
userProfile.UserTypeID = 0;
userProfile.PrimaryAddressID = address.ID.Value;
userProfile.PrimaryContactID = contact.ID.Value;
userProfile.Save();
prescriber.ProfileID = userProfile.ID.Value;
prescriber.SpecialityID = speciality;
prescriber.NpiId = npi;
prescriber.StateId = state_id;
prescriber.StateIdIssuer = issuer;
prescriber.Save();
prescriberProfile.PrescriberID = prescriber.ID;
prescriberProfile.ProviderID = provider_id;
prescriberProfile.AddressID = address.ID.Value;
prescriberProfile.ContactID = contact.ID.Value;
prescriberProfile.PrescriberTypeID = prescriber_type;
prescriberProfile.PrimaryFacilityID = facility_id;
prescriberProfile.Expires = DateTime.Now.AddYears(1);
prescriberProfile.OrganizationId = provider_id;
prescriberProfile.Save();
return new ReturnObject()
{
Result = prescriber,
Growl = new ReturnGrowlObject()
{
Type = "default",
Vars = new ReturnGrowlVarsObject()
{
text = "You have successfully saved this Prescriber.",
title = "Prescriber Saved"
}
}
};
}
public static bool ResetPassword(ref User u)
{
if (u == null || u.ID == null)
return false;
u.ResetPasswordGuid = Guid.NewGuid();
u.Save();
return true;
}
public static bool Login(string username, string password)
{
var db = Data.Database.Get( Config.Manager.Framework.Security.Authentication.Connection );
string sql = "SELECT * " +
"FROM " + db.Delim( Config.Manager.Framework.Security.Authentication.User.Table, Data.DelimType.Table ) + " " +
"WHERE " + db.Delim( "Username", Data.DelimType.Column ) + " = @un OR " + db.Delim( "Email", Data.DelimType.Column ) + " = @e";
var parameters = new List<Data.Parameter>();
parameters.Add(new Data.Parameter("un", username));
parameters.Add(new Data.Parameter("e", username));
var rows = db.ExecuteQuery( sql, parameters.ToArray() );
if( rows != null && rows.Count == 1 )
{
var row = rows[0];
string salt = (string)row["PasswordSalt"];
if( ((string)row["Password"]) == Hash.GetHash( password + salt, Config.Manager.Framework.Security.Authentication.HashingMethod ?? "sha512", Encoding.UTF8, "hex" ) )
{
var user = new User( row );
user.LastLogin = DateTime.Now;
user.Save();
// Set to Session
HttpContext.Current.Session["User"] = user;
return true;
}
}
return false;
}
public static bool Login(User u)
{
if (u == null || !u.ID.HasValue)
return false;
HttpContext.Current.Session["User"] = u;
return true;
}