public static HROne.SaaS.Entities.EUser GetCurUser(HttpSessionState Session)
{
DatabaseConnection dbConn = HROne.Common.WebUtility.GetDatabaseConnection(Session);
HROne.SaaS.Entities.EUser CurrentUser = null;
if (Session["User"] == null)
{
if (Session["LoginID"] != null)
{
HROne.CommonLib.Crypto crypto = new HROne.CommonLib.Crypto(HROne.CommonLib.Crypto.SymmProvEnum.Rijndael);
if (Session["LoginID"].ToString().Equals(crypto.Encrypting("EM", Session.SessionID)))
{
CurrentUser = new HROne.SaaS.Entities.EUser();
CurrentUser.LoginID = "EM";
CurrentUser.UserID = -1;
}
if (Session["PasswordEncrypted"] != null)
{
HROne.SaaS.Entities.EUser user = null;
if (ValidateUser(dbConn, Session["LoginID"].ToString(), Session["PasswordEncrypted"].ToString(), false, false, out user))
{
CurrentUser = user;
}
else
{
Session.Remove("LoginID");
Session.Remove("PasswordEncrypted");
}
}
}
if (CurrentUser != null)
{
Session["User"] = CurrentUser;
}
}
else
{
CurrentUser = (HROne.SaaS.Entities.EUser)Session["User"];
}
return(CurrentUser);
}
protected void Page_Load(object sender, EventArgs e)
{
user = WebUtils.GetCurUser(Session);
if (user != null)
{
if (!string.IsNullOrEmpty(user.UserName))
{
UserName.Text = "[" + user.UserName + "]";
}
}
if (user == null)
{
Response.Redirect("~/Login.aspx");
}
this.form1.Attributes.Add("AUTOCOMPLETE", "OFF");
HROne.Common.WebUtility.AddBrowserCompatibilityMeta(Page);
}
//public bool ValidateUser(string username, string encryptedPassword)
//{
// string message = string.Empty;
// DBFilter filter = new DBFilter();
// filter.add(new Match("LoginID", username));
// filter.add(new Match("UserAccountStatus", "<>", "D"));
// ArrayList list = EUser.db.select(dbConn, filter);
// if (list.Count == 0)
// {
// message = "Invalid User Name or Password";
// throw new Exception(message);
// return;
// }
// EUser user = (EUser)list[0];
// if (user.UserPassword == null)
// user.UserPassword = "";
// if (!(user.UserAccountStatus == "A"))
// {
// message = "Account is Inactive/Locked";
// throw new Exception(message);
// return;
// }
// if (!user.UserPassword.Equals(encryptedPassword))
// {
// message = "Invalid User Name or Password";
// user.FailCount++;
// string maxFailCountParameterString = ESystemParameter.getParameter(ESystemParameter.PARAM_CODE_LOGIN_MAX_FAIL_COUNT);
// if (!maxFailCountParameterString.Equals(string.Empty))
// {
// int MaxFailCount = 0;
// if (int.TryParse(maxFailCountParameterString, out MaxFailCount))
// if (MaxFailCount > 0)
// if (user.FailCount >= MaxFailCount)
// {
// user.UserAccountStatus = "I";
// user.FailCount = 0;
// }
// else if (user.FailCount - MaxFailCount == 1)
// {
// message += "\r\n" + "The account will be locked if you fail to login 1 more time";
// }
// }
// EUser.db.update(dbConn, user);
// throw new Exception(message);
// return;
// }
// Session["User"] = user;
// WebUtils.SetSessionLanguage(Session, user);
// user.FailCount = 0;
// EUser.db.update(dbConn, user);
// //WebUtils.RefreshPermission(Session);
// bool isForceChangePassword = false;
// if (user.UserChangePasswordUnit == "D")
// {
// if (AppUtils.ServerDateTime() < user.UserChangePasswordDate.AddDays(user.UserChangePasswordPeriod))
// isForceChangePassword = false;
// else
// isForceChangePassword = true;
// }
// else if (user.UserChangePasswordUnit == "M")
// {
// if (AppUtils.ServerDateTime() < user.UserChangePasswordDate.AddMonths(user.UserChangePasswordPeriod))
// isForceChangePassword = false;
// else
// isForceChangePassword = true;
// }
// else if (user.UserChangePasswordUnit == "Y")
// {
// if (AppUtils.ServerDateTime() < user.UserChangePasswordDate.AddYears(user.UserChangePasswordPeriod))
// isForceChangePassword = false;
// else
// isForceChangePassword = true;
// }
// else
// isForceChangePassword = false;
// if (user.UserChangePassword)
// isForceChangePassword = true;
// //EInbox.GenerateInboxMessage(user.UserID);
// if (isForceChangePassword)
// Session["ForceChangePassword"] = true;
// if (Session["LastURL"] != null)
// Response.Redirect(Session["LastURL"].ToString());
// else
// Response.Redirect("Emp_List.aspx");
//}
protected void Login_Click(object sender, EventArgs e)
{
Session.Clear();
// re-assign the connection
HROne.DataAccess.DatabaseConnection mainDBConn = WebUtils.GetDatabaseConnection();
if (mainDBConn != null)
{
WebUtils.SetSessionDatabaseConnection(Session, mainDBConn);
}
HROne.SaaS.Entities.EUser user = null;
string message = string.Empty;
bool hasError = false;
try
{
WebUtils.ValidateUser(mainDBConn, Username.Text, HROne.CommonLib.Hash.PasswordHash(Password.Text), true, true, out user);
}
catch (Exception ex)
{
hasError = true;
message = ex.Message;
}
if (!hasError)
{
Session["LoginID"] = user.LoginID;
Session["PasswordEncrypted"] = user.UserPassword;
if (mainDBConn is HROne.DataAccess.DatabaseConnectionWithAudit)
{
((HROne.DataAccess.DatabaseConnectionWithAudit)mainDBConn).UserID = user.UserID;
}
//WebUtils.RefreshPermission(Session);
bool isForceChangePassword = false;
if (user.UserChangePasswordUnit == "D")
{
if (AppUtils.ServerDateTime() < user.UserChangePasswordDate.AddDays(user.UserChangePasswordPeriod))
{
isForceChangePassword = false;
}
else
{
isForceChangePassword = true;
}
}
else if (user.UserChangePasswordUnit == "M")
{
if (AppUtils.ServerDateTime() < user.UserChangePasswordDate.AddMonths(user.UserChangePasswordPeriod))
{
isForceChangePassword = false;
}
else
{
isForceChangePassword = true;
}
}
else if (user.UserChangePasswordUnit == "Y")
{
if (AppUtils.ServerDateTime() < user.UserChangePasswordDate.AddYears(user.UserChangePasswordPeriod))
{
isForceChangePassword = false;
}
else
{
isForceChangePassword = true;
}
}
else
{
isForceChangePassword = false;
}
if (user.UserChangePassword)
{
isForceChangePassword = true;
}
//EInbox.GenerateInboxMessage(user.UserID);
if (isForceChangePassword)
{
Session["ForceChangePassword"] = true;
}
Response.Redirect("~/Default.aspx");
}
// Remove all item for release session
Session.Clear();
Request.Cookies.Remove(HROne.Common.WebUtility.getDefaultSessionCookieName());
{
message = message.Replace("\\", "\\\\").Replace("\r", "\\r").Replace("\n", "\\n").Replace("\"", "\\\"");
message = message.Replace(HROne.Common.WebUtility.GetLocalizedString("validate.prompt"), "");
ScriptManager.RegisterStartupScript(this, this.GetType(), "errorMessage", "alert(\"" + message + "\");", true);
System.Threading.Thread.Sleep(1000);
}
}
public static bool ValidateUser(DatabaseConnection dbConn, string username, string encryptedPassword, bool throwException, bool CheckFailCount, out HROne.SaaS.Entities.EUser user)
{
user = null;
string message = string.Empty;
DBFilter filter = new DBFilter();
filter.add(new Match("LoginID", username));
filter.add(new Match("UserAccountStatus", "<>", "D"));
ArrayList list = HROne.SaaS.Entities.EUser.db.select(dbConn, filter);
if (list.Count == 0)
{
if (throwException)
{
message = HROne.Common.WebUtility.GetLocalizedString("Invalid User Name or Password");
throw new Exception(message);
}
return(false);
}
user = (HROne.SaaS.Entities.EUser)list[0];
if (user.UserPassword == null)
{
user.UserPassword = "";
}
if (!(user.UserAccountStatus == "A"))
{
if (throwException)
{
message = HROne.Common.WebUtility.GetLocalizedString("Account is Inactive/Locked");
throw new Exception(message);
}
return(false);
}
if (!user.UserPassword.Equals(encryptedPassword))
{
message = HROne.Common.WebUtility.GetLocalizedString("Invalid User Name or Password");
if (CheckFailCount)
{
user.FailCount++;
//string maxFailCountParameterString = ESystemParameter.getParameter(dbConn, ESystemParameter.PARAM_CODE_LOGIN_MAX_FAIL_COUNT);
//if (!maxFailCountParameterString.Equals(string.Empty))
//{
// int MaxFailCount = 0;
// if (int.TryParse(maxFailCountParameterString, out MaxFailCount))
// if (MaxFailCount > 0)
// if (user.FailCount >= MaxFailCount)
// {
// user.UserAccountStatus = "I";
// user.FailCount = 0;
// message += "\r\n" + HROne.Common.WebUtility.GetLocalizedString("Account is Locked");
// }
// else if (MaxFailCount - user.FailCount == 1)
// {
// message += "\r\n" + HROne.Common.WebUtility.GetLocalizedString("The account will be locked if you fail to login 1 more time");
// }
//}
HROne.SaaS.Entities.EUser.db.update(dbConn, user);
}
if (throwException)
{
throw new Exception(message);
}
return(false);
}
if (CheckFailCount)
{
user.FailCount = 0;
HROne.SaaS.Entities.EUser.db.update(dbConn, user);
}
return(true);
}