示例#1
0
    public static HROne.SaaS.Entities.EUser GetCurUser(HttpSessionState Session)
    {
        DatabaseConnection dbConn = HROne.Common.WebUtility.GetDatabaseConnection(Session);

        HROne.SaaS.Entities.EUser CurrentUser = null;
        if (Session["User"] == null)
        {
            if (Session["LoginID"] != null)
            {
                HROne.CommonLib.Crypto crypto = new HROne.CommonLib.Crypto(HROne.CommonLib.Crypto.SymmProvEnum.Rijndael);
                if (Session["LoginID"].ToString().Equals(crypto.Encrypting("EM", Session.SessionID)))
                {
                    CurrentUser         = new HROne.SaaS.Entities.EUser();
                    CurrentUser.LoginID = "EM";
                    CurrentUser.UserID  = -1;
                }
                if (Session["PasswordEncrypted"] != null)
                {
                    HROne.SaaS.Entities.EUser user = null;
                    if (ValidateUser(dbConn, Session["LoginID"].ToString(), Session["PasswordEncrypted"].ToString(), false, false, out user))
                    {
                        CurrentUser = user;
                    }
                    else
                    {
                        Session.Remove("LoginID");
                        Session.Remove("PasswordEncrypted");
                    }
                }
            }
            if (CurrentUser != null)
            {
                Session["User"] = CurrentUser;
            }
        }
        else
        {
            CurrentUser = (HROne.SaaS.Entities.EUser)Session["User"];
        }
        return(CurrentUser);
    }
示例#2
0
    protected void Page_Load(object sender, EventArgs e)
    {
        user = WebUtils.GetCurUser(Session);

        if (user != null)
        {
            if (!string.IsNullOrEmpty(user.UserName))
            {
                UserName.Text = "[" + user.UserName + "]";
            }
        }

        if (user == null)
        {
            Response.Redirect("~/Login.aspx");
        }

        this.form1.Attributes.Add("AUTOCOMPLETE", "OFF");

        HROne.Common.WebUtility.AddBrowserCompatibilityMeta(Page);
    }
示例#3
0
    //public bool ValidateUser(string username, string encryptedPassword)
    //{
    //    string message = string.Empty;
    //    DBFilter filter = new DBFilter();
    //    filter.add(new Match("LoginID", username));
    //    filter.add(new Match("UserAccountStatus", "<>", "D"));
    //    ArrayList list = EUser.db.select(dbConn, filter);
    //    if (list.Count == 0)
    //    {
    //        message = "Invalid User Name or Password";
    //        throw new Exception(message);
    //        return;
    //    }
    //    EUser user = (EUser)list[0];
    //    if (user.UserPassword == null)
    //        user.UserPassword = "";
    //    if (!(user.UserAccountStatus == "A"))
    //    {
    //        message = "Account is Inactive/Locked";
    //        throw new Exception(message);
    //        return;
    //    }

    //    if (!user.UserPassword.Equals(encryptedPassword))
    //    {
    //        message = "Invalid User Name or Password";
    //        user.FailCount++;
    //        string maxFailCountParameterString = ESystemParameter.getParameter(ESystemParameter.PARAM_CODE_LOGIN_MAX_FAIL_COUNT);
    //        if (!maxFailCountParameterString.Equals(string.Empty))
    //        {
    //            int MaxFailCount = 0;
    //            if (int.TryParse(maxFailCountParameterString, out MaxFailCount))
    //                if (MaxFailCount > 0)
    //                    if (user.FailCount >= MaxFailCount)
    //                    {
    //                        user.UserAccountStatus = "I";
    //                        user.FailCount = 0;
    //                    }
    //                    else if (user.FailCount - MaxFailCount == 1)
    //                    {
    //                        message += "\r\n" + "The account will be locked if you fail to login 1 more time";
    //                    }

    //        }
    //        EUser.db.update(dbConn, user);
    //        throw new Exception(message);
    //        return;
    //    }

    //    Session["User"] = user;

    //    WebUtils.SetSessionLanguage(Session, user);

    //    user.FailCount = 0;
    //    EUser.db.update(dbConn, user);
    //    //WebUtils.RefreshPermission(Session);
    //    bool isForceChangePassword = false;

    //    if (user.UserChangePasswordUnit == "D")
    //    {
    //        if (AppUtils.ServerDateTime() < user.UserChangePasswordDate.AddDays(user.UserChangePasswordPeriod))
    //            isForceChangePassword = false;
    //        else
    //            isForceChangePassword = true;
    //    }
    //    else if (user.UserChangePasswordUnit == "M")
    //    {
    //        if (AppUtils.ServerDateTime() < user.UserChangePasswordDate.AddMonths(user.UserChangePasswordPeriod))
    //            isForceChangePassword = false;
    //        else
    //            isForceChangePassword = true;
    //    }
    //    else if (user.UserChangePasswordUnit == "Y")
    //    {
    //        if (AppUtils.ServerDateTime() < user.UserChangePasswordDate.AddYears(user.UserChangePasswordPeriod))
    //            isForceChangePassword = false;
    //        else
    //            isForceChangePassword = true;
    //    }
    //    else
    //        isForceChangePassword = false;
    //    if (user.UserChangePassword)
    //        isForceChangePassword = true;

    //    //EInbox.GenerateInboxMessage(user.UserID);
    //    if (isForceChangePassword)
    //        Session["ForceChangePassword"] = true;
    //    if (Session["LastURL"] != null)
    //        Response.Redirect(Session["LastURL"].ToString());
    //    else
    //        Response.Redirect("Emp_List.aspx");

    //}

    protected void Login_Click(object sender, EventArgs e)
    {
        Session.Clear();

        //  re-assign the connection
        HROne.DataAccess.DatabaseConnection mainDBConn = WebUtils.GetDatabaseConnection();
        if (mainDBConn != null)
        {
            WebUtils.SetSessionDatabaseConnection(Session, mainDBConn);
        }

        HROne.SaaS.Entities.EUser user = null;
        string message  = string.Empty;
        bool   hasError = false;

        try
        {
            WebUtils.ValidateUser(mainDBConn, Username.Text, HROne.CommonLib.Hash.PasswordHash(Password.Text), true, true, out user);
        }
        catch (Exception ex)
        {
            hasError = true;
            message  = ex.Message;
        }
        if (!hasError)
        {
            Session["LoginID"]           = user.LoginID;
            Session["PasswordEncrypted"] = user.UserPassword;
            if (mainDBConn is HROne.DataAccess.DatabaseConnectionWithAudit)
            {
                ((HROne.DataAccess.DatabaseConnectionWithAudit)mainDBConn).UserID = user.UserID;
            }

            //WebUtils.RefreshPermission(Session);
            bool isForceChangePassword = false;

            if (user.UserChangePasswordUnit == "D")
            {
                if (AppUtils.ServerDateTime() < user.UserChangePasswordDate.AddDays(user.UserChangePasswordPeriod))
                {
                    isForceChangePassword = false;
                }
                else
                {
                    isForceChangePassword = true;
                }
            }
            else if (user.UserChangePasswordUnit == "M")
            {
                if (AppUtils.ServerDateTime() < user.UserChangePasswordDate.AddMonths(user.UserChangePasswordPeriod))
                {
                    isForceChangePassword = false;
                }
                else
                {
                    isForceChangePassword = true;
                }
            }
            else if (user.UserChangePasswordUnit == "Y")
            {
                if (AppUtils.ServerDateTime() < user.UserChangePasswordDate.AddYears(user.UserChangePasswordPeriod))
                {
                    isForceChangePassword = false;
                }
                else
                {
                    isForceChangePassword = true;
                }
            }
            else
            {
                isForceChangePassword = false;
            }
            if (user.UserChangePassword)
            {
                isForceChangePassword = true;
            }

            //EInbox.GenerateInboxMessage(user.UserID);
            if (isForceChangePassword)
            {
                Session["ForceChangePassword"] = true;
            }

            Response.Redirect("~/Default.aspx");
        }
        //  Remove all item for release session
        Session.Clear();
        Request.Cookies.Remove(HROne.Common.WebUtility.getDefaultSessionCookieName());

        {
            message = message.Replace("\\", "\\\\").Replace("\r", "\\r").Replace("\n", "\\n").Replace("\"", "\\\"");
            message = message.Replace(HROne.Common.WebUtility.GetLocalizedString("validate.prompt"), "");
            ScriptManager.RegisterStartupScript(this, this.GetType(), "errorMessage", "alert(\"" + message + "\");", true);
            System.Threading.Thread.Sleep(1000);
        }
    }
示例#4
0
    public static bool ValidateUser(DatabaseConnection dbConn, string username, string encryptedPassword, bool throwException, bool CheckFailCount, out HROne.SaaS.Entities.EUser user)
    {
        user = null;
        string   message = string.Empty;
        DBFilter filter  = new DBFilter();

        filter.add(new Match("LoginID", username));
        filter.add(new Match("UserAccountStatus", "<>", "D"));
        ArrayList list = HROne.SaaS.Entities.EUser.db.select(dbConn, filter);

        if (list.Count == 0)
        {
            if (throwException)
            {
                message = HROne.Common.WebUtility.GetLocalizedString("Invalid User Name or Password");
                throw new Exception(message);
            }
            return(false);
        }
        user = (HROne.SaaS.Entities.EUser)list[0];
        if (user.UserPassword == null)
        {
            user.UserPassword = "";
        }
        if (!(user.UserAccountStatus == "A"))
        {
            if (throwException)
            {
                message = HROne.Common.WebUtility.GetLocalizedString("Account is Inactive/Locked");
                throw new Exception(message);
            }
            return(false);
        }

        if (!user.UserPassword.Equals(encryptedPassword))
        {
            message = HROne.Common.WebUtility.GetLocalizedString("Invalid User Name or Password");
            if (CheckFailCount)
            {
                user.FailCount++;
                //string maxFailCountParameterString = ESystemParameter.getParameter(dbConn, ESystemParameter.PARAM_CODE_LOGIN_MAX_FAIL_COUNT);
                //if (!maxFailCountParameterString.Equals(string.Empty))
                //{
                //    int MaxFailCount = 0;
                //    if (int.TryParse(maxFailCountParameterString, out MaxFailCount))
                //        if (MaxFailCount > 0)
                //            if (user.FailCount >= MaxFailCount)
                //            {
                //                user.UserAccountStatus = "I";
                //                user.FailCount = 0;
                //                message += "\r\n" + HROne.Common.WebUtility.GetLocalizedString("Account is Locked");
                //            }
                //            else if (MaxFailCount - user.FailCount == 1)
                //            {
                //                message += "\r\n" + HROne.Common.WebUtility.GetLocalizedString("The account will be locked if you fail to login 1 more time");
                //            }


                //}
                HROne.SaaS.Entities.EUser.db.update(dbConn, user);
            }
            if (throwException)
            {
                throw new Exception(message);
            }
            return(false);
        }

        if (CheckFailCount)
        {
            user.FailCount = 0;
            HROne.SaaS.Entities.EUser.db.update(dbConn, user);
        }
        return(true);
    }