private void butOK_Click(object sender, System.EventArgs e) { if (!IsInSecurityWindow && Userods.EncryptPassword(textCurrent.Text) != Security.CurUser.Password) { MsgBox.Show(this, "Current password incorrect."); return; } if (PrefC.GetBool(PrefName.PasswordsMustBeStrong)) { string explanation = Userods.IsPasswordStrong(textPassword.Text); if (explanation != "") { MessageBox.Show(explanation); return; } } if (textPassword.Text == "") { hashedResult = ""; } else { hashedResult = Userods.EncryptPassword(textPassword.Text); } //MessageBox.Show(hashedResult); DialogResult = DialogResult.OK; }
private void butOK_Click(object sender, System.EventArgs e) { if (_isPasswordReset) { if (textPassword.Text != textCurrent.Text || string.IsNullOrWhiteSpace(textPassword.Text)) { MsgBox.Show(this, "Passwords much match and not be empty."); return; } } else if (!IsInSecurityWindow && Userods.HashPassword(textCurrent.Text) != Security.CurUser.Password) { MsgBox.Show(this, "Current password incorrect."); return; } string explanation = Userods.IsPasswordStrong(textPassword.Text); if (PrefC.GetBool(PrefName.PasswordsMustBeStrong)) { if (explanation != "") { MessageBox.Show(explanation); return; } } //If the PasswordsMustBeStrong preference is off, still store whether or not the password is strong in case the preference is turned on later PasswordIsStrong = string.IsNullOrEmpty(explanation); if (textPassword.Text == "") { HashedResult = ""; } else { HashedResult = Userods.HashPassword(textPassword.Text); } PasswordTyped = textPassword.Text; //update the stored typed password for middle tier refresh //MessageBox.Show(hashedResult); DialogResult = DialogResult.OK; }
private void butOK_Click(object sender, System.EventArgs e) { if (_isPasswordReset) { if (textPassword.Text != textCurrent.Text || string.IsNullOrWhiteSpace(textPassword.Text)) { MsgBox.Show(this, "Passwords must match and not be empty."); return; } } else if (!IsInSecurityWindow && !Authentication.CheckPassword(Security.CurUser, textCurrent.Text)) { MsgBox.Show(this, "Current password incorrect."); return; } string explanation = Userods.IsPasswordStrong(textPassword.Text); if (PrefC.GetBool(PrefName.PasswordsMustBeStrong)) { if (explanation != "") { MessageBox.Show(explanation); return; } } //If the PasswordsMustBeStrong preference is off, still store whether or not the password is strong in case the preference is turned on later PasswordIsStrong = string.IsNullOrEmpty(explanation); if (Programs.UsingEcwTightOrFullMode()) //Same check as FormLogOn { LoginDetails = Authentication.GenerateLoginDetails(textPassword.Text, HashTypes.MD5_ECW); } else { LoginDetails = Authentication.GenerateLoginDetailsSHA512(textPassword.Text); } PasswordTyped = textPassword.Text; //update the stored typed password for middle tier refresh DialogResult = DialogResult.OK; }
private void butOK_Click(object sender, System.EventArgs e) { bool usingEcw = Programs.UsingEcwTightOrFullMode(); Userod selectedUser = null; if (PrefC.GetBool(PrefName.UserNameManualEntry)) { for (int i = 0; i < listUser.Items.Count; i++) { //Check the user name typed in using ToLower and Trim because Open Dental is case insensitive and does not allow white-space in regards to user names. if (textUser.Text.Trim().ToLower() == listUser.Items[i].ToString().Trim().ToLower()) { selectedUser = (Userod)listUser.Items[i]; //Found the typed username break; } } if (selectedUser == null) { MsgBox.Show(this, "Login failed"); return; } } else { selectedUser = (Userod)listUser.SelectedItem; } string password = textPassword.Text; if (usingEcw) //ecw requires hash, but non-ecw requires actual password { password = Userods.HashPassword(password, true); } if (selectedUser.UserName == "Stay Open" && IsSimpleSwitch && PrefC.IsODHQ) { // No need to check password when changing task users at HQ to user "Stay Open". } else { try { Userods.CheckUserAndPassword(selectedUser.UserName, password, usingEcw); } catch (Exception ex) { MessageBox.Show(ex.Message); return; } } if (RemotingClient.RemotingRole == RemotingRole.ClientWeb && selectedUser.Password == "" && textPassword.Text == "") { MsgBox.Show(this, "When using the web service, not allowed to log in with no password. A password should be added for this user."); return; } //successful login. if (!IsSimpleSwitch) { Security.CurUser = selectedUser.Copy(); Security.IsUserLoggedIn = true; //Jason approved always storing the cleartext password that the user typed in //since this is necessary for Reporting Servers over middle tier and was already happening when a user logged in over middle tier. Security.PasswordTyped = password; if (PrefC.GetBool(PrefName.PasswordsMustBeStrong) && PrefC.GetBool(PrefName.PasswordsWeakChangeToStrong)) { if (Userods.IsPasswordStrong(textPassword.Text) != "") //Password is not strong { MsgBox.Show(this, "You must change your password to a strong password due to the current Security settings."); FormOpenDental FormOD = Application.OpenForms.OfType <FormOpenDental>().ToList()[0]; //There always should be exactly 1. if (!FormOD.ChangePassword(true)) //Failed password update. { return; } } } } else { CurUserSimpleSwitch = selectedUser.Copy(); } if (!IsSimpleSwitch) { SecurityLogs.MakeLogEntry(Permissions.UserLogOnOff, 0, "User: "******" has logged on."); } Plugins.HookAddCode(this, "FormLogOn.butOK_Click_end"); DialogResult = DialogResult.OK; }
private void butOK_Click(object sender, EventArgs e) { bool isEcw = Programs.UsingEcwTightOrFullMode(); string userName = ""; if (PrefC.GetBool(PrefName.UserNameManualEntry)) { //Check the user name using ToLower and Trim because Open Dental is case insensitive and does not allow white-space in regards to user names. userName = listUser.Items.Cast <string>().FirstOrDefault(x => x.Trim().ToLower() == textUser.Text.Trim().ToLower()); } else { userName = listUser.SelectedItem?.ToString(); } if (string.IsNullOrEmpty(userName)) { MsgBox.Show(this, "Login failed"); return; } string passwordTyped = textPassword.Text; if (RemotingClient.RemotingRole == RemotingRole.ClientWeb && string.IsNullOrEmpty(passwordTyped)) { MsgBox.Show(this, "When using the web service, not allowed to log in with no password. A password should be added for this user."); return; } Userod userCur = null; if (isEcw) //ecw requires hash, but non-ecw requires actual password { passwordTyped = Authentication.HashPasswordMD5(passwordTyped, true); } if (userName == "Stay Open" && _isSimpleSwitch && PrefC.IsODHQ) { // No need to check password when changing task users at HQ to user "Stay Open". userCur = Userods.GetUserByNameNoCache(userName); } else //Not HQ (most common scenario) //Middle Tier sessions should not fire the CheckUserAndPasswordFailed exception code in FormLogOn. //That event would cause a second login window to pop with strange behavior. //Invoke the overload for CheckUserAndPassword that does not throw exceptions and give the user a generic error message if necessary. { if (RemotingClient.RemotingRole == RemotingRole.ClientWeb) { userCur = Userods.CheckUserAndPassword(userName, passwordTyped, isEcw, false); if (userCur == null) { MsgBox.Show("Userods", "Invalid username, password, or the account has been locked due to failed log in attempts."); return; } } else //Directly connected to the database. This code will give a more accurate error message to the user when failing to log in. { try { userCur = Userods.CheckUserAndPassword(userName, passwordTyped, isEcw); } catch (Exception ex) { MessageBox.Show(ex.Message); return; } } } //successful login. if (_isSimpleSwitch) { CurUserSimpleSwitch = userCur; } else //Not a temporary login. { Security.CurUser = userCur; //Need to set for SecurityL.ChangePassword and calls. if (PrefC.GetBool(PrefName.PasswordsMustBeStrong) && PrefC.GetBool(PrefName.PasswordsWeakChangeToStrong)) { if (Userods.IsPasswordStrong(passwordTyped) != "") //Password is not strong { MsgBox.Show(this, "You must change your password to a strong password due to the current Security settings."); if (!SecurityL.ChangePassword(true, _doRefreshSecurityCache)) { return; //Failed password update. } _refreshSecurityCache = true; //Indicate to calling method that they should manually refresh the Security cache. } } Security.IsUserLoggedIn = true; //Jason approved always storing the cleartext password that the user typed in //since this is necessary for Reporting Servers over middle tier and was already happening when a user logged in over middle tier. Security.PasswordTyped = passwordTyped; SecurityLogs.MakeLogEntry(Permissions.UserLogOnOff, 0, Lan.g(this, "User:"******" " + Security.CurUser.UserName + " " + Lan.g(this, "has logged on.")); UserOdPrefs.SetThemeForUserIfNeeded(); } Plugins.HookAddCode(this, "FormLogOn.butOK_Click_end"); DialogResult = DialogResult.OK; }
private void butLogin_Click(object sender, EventArgs e) { Userod userEntered; string password; try { bool useEcwAlgorithm = Programs.UsingEcwTightOrFullMode(); //ecw requires hash, but non-ecw requires actual password password = textPassword.Text; if (useEcwAlgorithm) { //Userods.HashPassword explicitly goes over to middle tier in order to use it's MD5 algorithm. //It doesn't matter what Security.CurUser is when it is null because we are technically trying to set it for the first time. //It cannot be null before invoking HashPassword because middle needs it to NOT be null when creating the credentials for DtoGetString. if (Security.CurUser == null) { Security.CurUser = new Userod(); } password = Userods.HashPassword(password, true); } string username = textUser.Text; #if DEBUG if (username == "") { username = "******"; password = "******"; } #endif userEntered = Userods.CheckUserAndPassword(username, password, useEcwAlgorithm); } catch (Exception ex) { MessageBox.Show(ex.Message); return; } //successful login. Security.CurUser = userEntered; Security.PasswordTyped = password; Security.IsUserLoggedIn = true; RemotingClient.HasLoginFailed = false; if (RemotingClient.RemotingRole == RemotingRole.ClientWeb && string.IsNullOrEmpty(userEntered.Password) && string.IsNullOrEmpty(textPassword.Text)) { MsgBox.Show(this, "When using the web service, not allowed to log in with no password. A password should be added for this user."); FormOpenDental FormOD = Application.OpenForms.OfType <FormOpenDental>().ToList()[0]; //There always should be exactly 1. if (!FormOD.ChangePassword(true)) //Failed password update. { return; } } if (PrefC.GetBool(PrefName.PasswordsMustBeStrong) && PrefC.GetBool(PrefName.PasswordsWeakChangeToStrong) && Userods.IsPasswordStrong(textPassword.Text) != "") //Password is not strong { MsgBox.Show(this, "You must change your password to a strong password due to the current Security settings."); FormOpenDental FormOD = Application.OpenForms.OfType <FormOpenDental>().ToList()[0]; //There always should be exactly 1. if (!FormOD.ChangePassword(true)) //Failed password update. { return; } } SecurityLogs.MakeLogEntry(Permissions.UserLogOnOff, 0, "User: "******" has logged on."); DialogResult = DialogResult.OK; }