diff --git a/WebsitePanel/Sources/WebsitePanel.WebPortal/Code/PortalUtils.cs b/WebsitePanel/Sources/WebsitePanel.WebPortal/Code/PortalUtils.cs
index 4ab69b01..2b5eb4b0 100644
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/Code/PortalUtils.cs
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/Code/PortalUtils.cs
@@ -268,6 +268,7 @@ namespace WebsitePanel.Portal
authCookie.Secure = FormsAuthentication.RequireSSL;
authCookie.Path = FormsAuthentication.FormsCookiePath;
authCookie.Value = FormsAuthentication.Encrypt(ticket);
+ authCookie.HttpOnly = true;
if (persistent)
authCookie.Expires = DateTime.Now.AddMonths(1);
@@ -500,6 +501,8 @@ namespace WebsitePanel.Portal
// store last successful username in the cookie
HttpCookie cookie = new HttpCookie("WebsitePanelLogin", username);
cookie.Expires = DateTime.Now.AddDays(7);
+ cookie.Secure = FormsAuthentication.RequireSSL;
+ cookie.HttpOnly = true;
HttpContext.Current.Response.Cookies.Add(cookie);
// set language
diff --git a/WebsitePanel/Sources/WebsitePanel.WebPortal/Code/SecureSessionModule.cs b/WebsitePanel/Sources/WebsitePanel.WebPortal/Code/SecureSessionModule.cs
new file mode 100644
index 00000000..41e320f6
--- /dev/null
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/Code/SecureSessionModule.cs
@@ -0,0 +1,153 @@
+using System;
+using System.Web;
+using System.Web.Security;
+using System.Web.Caching;
+using System.Configuration;
+using System.Security.Cryptography;
+using System.Runtime.Serialization;
+using System.Globalization;
+using System.Text;
+using Microsoft.Security.Application;
+
+namespace WebsitePanel.WebPortal
+{
+ public class SecureSessionModule : IHttpModule
+ {
+ public const string DEFAULT_PAGE = "~/Default.aspx";
+ public const string PAGE_ID_PARAM = "pid";
+
+ private static string _ValidationKey = null;
+
+ public void Init(HttpApplication app)
+ {
+ // Initialize validation key if not already initialized
+ if (_ValidationKey == null)
+ _ValidationKey = GetValidationKey();
+
+ // Register handlers for BeginRequest and EndRequest events
+ app.BeginRequest += new EventHandler(OnBeginRequest);
+ app.EndRequest += new EventHandler(OnEndRequest);
+ }
+
+ public void Dispose() { }
+
+ void OnBeginRequest(Object sender, EventArgs e)
+ {
+ // Look for an incoming cookie named "ASP.NET_SessionID"
+ HttpRequest request = ((HttpApplication)sender).Request;
+ HttpCookie cookie = GetCookie(request, "ASP.NET_SessionId");
+
+ if (cookie != null)
+ {
+ // Throw an exception if the cookie lacks a MAC
+ if (cookie.Value.Length <= 24)
+ {
+ FormsAuthentication.SignOut();
+ HttpContext.Current.Response.Redirect(DefaultPage.GetPageUrl(PortalConfiguration.SiteSettings["DefaultPage"]));
+ }
+
+ // Separate the session ID and the MAC
+ string id = cookie.Value.Substring(0, 24);
+ string mac1 = cookie.Value.Substring(24);
+
+ // Generate a new MAC from the session ID and requestor info
+ string mac2 = GetSessionIDMac(id, request.UserHostAddress,
+ request.UserAgent, _ValidationKey);
+
+ // Throw an exception if the MACs don't match
+ if (String.CompareOrdinal(mac1, mac2) != 0)
+ {
+ FormsAuthentication.SignOut();
+ HttpContext.Current.Response.Redirect(DefaultPage.GetPageUrl(PortalConfiguration.SiteSettings["DefaultPage"]));
+ }
+
+ // Strip the MAC from the cookie before ASP.NET sees it
+ cookie.Value = id;
+ }
+ }
+
+ void OnEndRequest(Object sender, EventArgs e)
+ {
+ // Look for an outgoing cookie named "ASP.NET_SessionID"
+ HttpRequest request = ((HttpApplication)sender).Request;
+ HttpCookie cookie = GetCookie( request, "ASP.NET_SessionId");
+
+ if (cookie != null)
+ {
+ // Add a MAC
+ cookie.Value += GetSessionIDMac(cookie.Value,
+ request.UserHostAddress, request.UserAgent,
+ _ValidationKey);
+ }
+ }
+
+ private string GetValidationKey()
+ {
+ string key = ConfigurationManager.AppSettings["SessionValidationKey"];
+ if (key == null || key == String.Empty)
+ throw new InvalidSessionException
+ ("SessionValidationKey missing");
+ return key;
+ }
+
+ private HttpCookie GetCookie(HttpRequest request, string name)
+ {
+ HttpCookieCollection cookies = request.Cookies;
+ return FindCookie(cookies, name);
+ }
+
+ private HttpCookie GetCookie(HttpResponse response, string name)
+ {
+ HttpCookieCollection cookies = response.Cookies;
+ return FindCookie(cookies, name);
+ }
+
+ private HttpCookie FindCookie(HttpCookieCollection cookies,
+ string name)
+ {
+ int count = cookies.Count;
+
+ for (int i = 0; i < count; i++)
+ {
+ if (String.Compare(cookies[i].Name, name, true,
+ CultureInfo.InvariantCulture) == 0)
+ return cookies[i];
+ }
+
+ return null;
+ }
+
+ private string GetSessionIDMac(string id, string ip,
+ string agent, string key)
+ {
+ StringBuilder builder = new StringBuilder(id, 512);
+ builder.Append(ip);
+ builder.Append(agent);
+
+ using (HMACSHA1 hmac = new HMACSHA1
+ (Encoding.UTF8.GetBytes(key)))
+ {
+ return Convert.ToBase64String(hmac.ComputeHash
+ (Encoding.UTF8.GetBytes(builder.ToString())));
+ }
+ }
+ }
+
+ [Serializable]
+ public class InvalidSessionException : Exception
+ {
+ public InvalidSessionException() :
+ base("Session cookie is invalid") { }
+
+ public InvalidSessionException(string message) :
+ base(message) { }
+
+ public InvalidSessionException(string message,
+ Exception inner)
+ : base(message, inner) { }
+
+ protected InvalidSessionException(SerializationInfo info,
+ StreamingContext context)
+ : base(info, context) { }
+ }
+}
\ No newline at end of file
diff --git a/WebsitePanel/Sources/WebsitePanel.WebPortal/Default.aspx b/WebsitePanel/Sources/WebsitePanel.WebPortal/Default.aspx
index eef00c65..de26e6e1 100644
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/Default.aspx
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/Default.aspx
@@ -13,7 +13,7 @@
-
diff --git a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/Ecommerce/WebsitePanel.Portal.Ecommerce.Modules.csproj b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/Ecommerce/WebsitePanel.Portal.Ecommerce.Modules.csproj
index cf0ab446..89669cd7 100644
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/Ecommerce/WebsitePanel.Portal.Ecommerce.Modules.csproj
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/Ecommerce/WebsitePanel.Portal.Ecommerce.Modules.csproj
@@ -112,36 +112,42 @@
BillingCycles.ascx
+ ASPXCodeBehind
BillingCycles.ascx
BillingCyclesAddCycle.ascx
+ ASPXCodeBehind
BillingCyclesAddCycle.ascx
BillingCyclesEditCycle.ascx
+ ASPXCodeBehind
BillingCyclesEditCycle.ascx
Categories.ascx
+ ASPXCodeBehind
Categories.ascx
CategoriesAddCategory.ascx
+ ASPXCodeBehind
CategoriesAddCategory.ascx
CategoriesEditCategory.ascx
+ ASPXCodeBehind
CategoriesEditCategory.ascx
@@ -153,8 +159,12 @@
ASPXCodeBehind
-
-
+
+ ASPXCodeBehind
+
+
+ ASPXCodeBehind
+
@@ -181,150 +191,175 @@
CustomerPaymentProfile.ascx
+ ASPXCodeBehind
CustomerPaymentProfile.ascx
CustomersInvoices.ascx
+ ASPXCodeBehind
CustomersInvoices.ascx
CustomersInvoicesViewInvoice.ascx
+ ASPXCodeBehind
CustomersInvoicesViewInvoice.ascx
CustomersPayments.ascx
+ ASPXCodeBehind
CustomersPayments.ascx
CustomersServices.ascx
+ ASPXCodeBehind
CustomersServices.ascx
CustomersServicesUpgradeService.ascx
+ ASPXCodeBehind
CustomersServicesUpgradeService.ascx
CustomersServicesViewService.ascx
+ ASPXCodeBehind
CustomersServicesViewService.ascx
DomainNames.ascx
+ ASPXCodeBehind
DomainNames.ascx
DomainNamesAddDomain.ascx
+ ASPXCodeBehind
DomainNamesAddDomain.ascx
DomainNamesEditDomain.ascx
+ ASPXCodeBehind
DomainNamesEditDomain.ascx
DomainRegistrarDirecti.ascx
+ ASPXCodeBehind
DomainRegistrarDirecti.ascx
DomainRegistrarEnom.ascx
+ ASPXCodeBehind
DomainRegistrarEnom.ascx
EcommerceSystemSettings.ascx
+ ASPXCodeBehind
EcommerceSystemSettings.ascx
HostingAddons.ascx
+ ASPXCodeBehind
HostingAddons.ascx
HostingAddonsAddAddon.ascx
+ ASPXCodeBehind
HostingAddonsAddAddon.ascx
HostingAddonsEditAddon.ascx
+ ASPXCodeBehind
HostingAddonsEditAddon.ascx
HostingPlans.ascx
+ ASPXCodeBehind
HostingPlans.ascx
HostingPlansAddPlan.ascx
+ ASPXCodeBehind
HostingPlansAddPlan.ascx
HostingPlansEditPlan.ascx
+ ASPXCodeBehind
HostingPlansEditPlan.ascx
NotificationNewInvoice.ascx
+ ASPXCodeBehind
NotificationNewInvoice.ascx
NotificationPaymentReceived.ascx
+ ASPXCodeBehind
NotificationPaymentReceived.ascx
NotificationServiceActivated.ascx
+ ASPXCodeBehind
NotificationServiceActivated.ascx
NotificationServiceCancelled.ascx
+ ASPXCodeBehind
NotificationServiceCancelled.ascx
NotificationServiceSuspended.ascx
+ ASPXCodeBehind
NotificationServiceSuspended.ascx
OrderFailed.ascx
+ ASPXCodeBehind
OrderFailed.ascx
@@ -338,48 +373,56 @@
PaymentMethod2Checkout.ascx
+ ASPXCodeBehind
PaymentMethod2Checkout.ascx
PaymentMethodCreditCard.ascx
+ ASPXCodeBehind
PaymentMethodCreditCard.ascx
PaymentMethodOffline.ascx
+ ASPXCodeBehind
PaymentMethodOffline.ascx
PaymentMethodPayPalAccount.ascx
+ ASPXCodeBehind
PaymentMethodPayPalAccount.ascx
2CO_Payment.ascx
+ ASPXCodeBehind
2CO_Payment.ascx
CreditCard_Payment.ascx
+ ASPXCodeBehind
CreditCard_Payment.ascx
Offline_Payment.ascx
+ ASPXCodeBehind
Offline_Payment.ascx
PPAccount_Payment.ascx
+ ASPXCodeBehind
PPAccount_Payment.ascx
@@ -393,30 +436,35 @@
DomainName_ServiceDetails.ascx
+ ASPXCodeBehind
DomainName_ServiceDetails.ascx
HostingAddon_ServiceDetails.ascx
+ ASPXCodeBehind
HostingAddon_ServiceDetails.ascx
HostingPlan_Brief.ascx
+ ASPXCodeBehind
HostingPlan_Brief.ascx
HostingPlan_Highlights.ascx
+ ASPXCodeBehind
HostingPlan_Highlights.ascx
HostingPlan_ServiceDetails.ascx
+ ASPXCodeBehind
HostingPlan_ServiceDetails.ascx
@@ -424,24 +472,28 @@
ProvisioningSettingsEdit.ascx
+ ASPXCodeBehind
ProvisioningSettingsEdit.ascx
QuickSignup.ascx
+ ASPXCodeBehind
QuickSignup.ascx
OrderComplete.ascx
+ ASPXCodeBehind
OrderComplete.ascx
OrderCheckout.ascx
+ ASPXCodeBehind
OrderCheckout.ascx
@@ -453,102 +505,119 @@
CatalogBreadCrumb.ascx
+ ASPXCodeBehind
CatalogBreadCrumb.ascx
StorefrontMenu.ascx
+ ASPXCodeBehind
StorefrontMenu.ascx
StorefrontOrderProduct.ascx
+ ASPXCodeBehind
StorefrontOrderProduct.ascx
StorefrontViewCategory.ascx
+ ASPXCodeBehind
StorefrontViewCategory.ascx
StorefrontWelcome.ascx
+ ASPXCodeBehind
StorefrontWelcome.ascx
StorefrontWelcomeEdit.ascx
+ ASPXCodeBehind
StorefrontWelcomeEdit.ascx
2Checkout_Settings.ascx
+ ASPXCodeBehind
2Checkout_Settings.ascx
AuthorizeNet_Settings.ascx
+ ASPXCodeBehind
AuthorizeNet_Settings.ascx
OfflinePayment_Settings.ascx
+ ASPXCodeBehind
OfflinePayment_Settings.ascx
PayPalPro_Settings.ascx
+ ASPXCodeBehind
PayPalPro_Settings.ascx
PayPalStandard_Settings.ascx
+ ASPXCodeBehind
PayPalStandard_Settings.ascx
Taxations.ascx
+ ASPXCodeBehind
Taxations.ascx
TaxationsAddTax.ascx
+ ASPXCodeBehind
TaxationsAddTax.ascx
TaxationsEditTax.ascx
+ ASPXCodeBehind
TaxationsEditTax.ascx
TermsAndConditions.ascx
+ ASPXCodeBehind
TermsAndConditions.ascx
TermsAndConditionsEdit.ascx
+ ASPXCodeBehind
TermsAndConditionsEdit.ascx
AddonProducts.ascx
+ ASPXCodeBehind
AddonProducts.ascx
@@ -565,120 +634,140 @@
ChoosePaymentMethod.ascx
+ ASPXCodeBehind
ChoosePaymentMethod.ascx
CreateUserAccount.ascx
+ ASPXCodeBehind
CreateUserAccount.ascx
CustomerInvoiceTemplated.ascx
+ ASPXCodeBehind
CustomerInvoiceTemplated.ascx
DomainNameBillingCycles.ascx
+ ASPXCodeBehind
DomainNameBillingCycles.ascx
EmailNotificationEditor.ascx
+ ASPXCodeBehind
EmailNotificationEditor.ascx
HostingAddonOneTimeFee.ascx
+ ASPXCodeBehind
HostingAddonOneTimeFee.ascx
HostingPlanBillingCycles.ascx
+ ASPXCodeBehind
HostingPlanBillingCycles.ascx
HostingPlanQuotas.ascx
+ ASPXCodeBehind
HostingPlanQuotas.ascx
LoginUserAccount.ascx
+ ASPXCodeBehind
LoginUserAccount.ascx
ManualPaymentAdd.ascx
+ ASPXCodeBehind
ManualPaymentAdd.ascx
PlanDomainOption.ascx
+ ASPXCodeBehind
PlanDomainOption.ascx
PlanHostingAddons.ascx
+ ASPXCodeBehind
PlanHostingAddons.ascx
ProductHighlights.ascx
+ ASPXCodeBehind
ProductHighlights.ascx
QuickHostingAddon.ascx
+ ASPXCodeBehind
QuickHostingAddon.ascx
QuickHostingPlanCycles.ascx
+ ASPXCodeBehind
QuickHostingPlanCycles.ascx
QuickHostingPlans.ascx
+ ASPXCodeBehind
QuickHostingPlans.ascx
PathBreadCrumb.ascx
+ ASPXCodeBehind
PathBreadCrumb.ascx
ProductCategories.ascx
+ ASPXCodeBehind
ProductCategories.ascx
UserAccountDetails.ascx
+ ASPXCodeBehind
UserAccountDetails.ascx
ViewProductDetails.ascx
+ ASPXCodeBehind
ViewProductDetails.ascx
diff --git a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/Code/Framework/PanelSecurity.cs b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/Code/Framework/PanelSecurity.cs
index b780836c..ce154b60 100644
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/Code/Framework/PanelSecurity.cs
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/Code/Framework/PanelSecurity.cs
@@ -130,6 +130,7 @@ namespace WebsitePanel.Portal
HttpContext.Current.Items[key] = s;
HttpCookie cookie = new HttpCookie(key, s);
+ cookie.HttpOnly = true;
HttpContext.Current.Response.Cookies.Remove(key);
HttpContext.Current.Response.Cookies.Add(cookie);
}
diff --git a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/Login.ascx.cs b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/Login.ascx.cs
index a4169f60..6bfa3f57 100644
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/Login.ascx.cs
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/Login.ascx.cs
@@ -1,4 +1,4 @@
-// Copyright (c) 2012, Outercurve Foundation.
+// Copyright (c) 2011, Outercurve Foundation.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification,
@@ -33,129 +33,154 @@ using WebsitePanel.EnterpriseServer;
namespace WebsitePanel.Portal
{
- public partial class Login : WebsitePanelModuleBase
- {
- string ipAddress;
+ public partial class Login : WebsitePanelModuleBase
+ {
+ string ipAddress;
- private string RedirectUrl
- {
- get
- {
- string redirectUrl = "";
- if (Request["returnurl"] != null)
- {
- // return to the url passed to signin
- redirectUrl = HttpUtility.UrlDecode(Request["returnurl"]);
- }
- else
- {
- redirectUrl = PortalUtils.LoginRedirectUrl;
- }
- return redirectUrl;
- }
- }
+ private bool IsLocalUrl(string url)
+ {
+ if (string.IsNullOrEmpty(url))
+ {
+ return false;
+ }
- protected void Page_Load(object sender, EventArgs e)
- {
- if (!IsPostBack)
- {
- EnsureSCPA();
- //
- BindControls();
- }
+ Uri absoluteUri;
+ if (Uri.TryCreate(url, UriKind.Absolute, out absoluteUri))
+ {
+ return String.Equals(this.Request.Url.Host, absoluteUri.Host, StringComparison.OrdinalIgnoreCase);
+ }
+ else
+ {
+ bool isLocal = !url.StartsWith("http:", StringComparison.OrdinalIgnoreCase)
+ && !url.StartsWith("https:", StringComparison.OrdinalIgnoreCase)
+ && Uri.IsWellFormedUriString(url, UriKind.Relative);
+ return isLocal;
+ }
+ }
- // capture Enter key
- //DotNetNuke.UI.Utilities.ClientAPI.RegisterKeyCapture(this.Parent, btnLogin, 13);
+ private string RedirectUrl
+ {
+ get
+ {
+ string redirectUrl = "";
+ if (Request["returnurl"] != null)
+ {
+ // return to the url passed to signin
+ redirectUrl = HttpUtility.UrlDecode(Request["returnurl"]);
+ if (!IsLocalUrl(redirectUrl))
+ {
+ redirectUrl = PortalUtils.LoginRedirectUrl;
+ }
+ }
+ else
+ {
+ redirectUrl = PortalUtils.LoginRedirectUrl;
+ }
+ return redirectUrl;
+ }
+ }
- // get user IP
- if (Request.UserHostAddress != null)
- ipAddress = Request.UserHostAddress;
+ protected void Page_Load(object sender, EventArgs e)
+ {
+ if (!IsPostBack)
+ {
+ EnsureSCPA();
+ //
+ BindControls();
+ }
- // update password control
- txtPassword.Attributes["value"] = txtPassword.Text;
+ // capture Enter key
+ //DotNetNuke.UI.Utilities.ClientAPI.RegisterKeyCapture(this.Parent, btnLogin, 13);
- // autologin
- string usr = Request["u"];
- if (String.IsNullOrEmpty(usr))
- usr = Request["user"];
+ // get user IP
+ if (Request.UserHostAddress != null)
+ ipAddress = Request.UserHostAddress;
- string psw = Request["p"];
- if (String.IsNullOrEmpty(psw))
- psw = Request["pwd"];
- if (String.IsNullOrEmpty(psw))
- psw = Request["password"];
+ // update password control
+ txtPassword.Attributes["value"] = txtPassword.Text;
- if (!String.IsNullOrEmpty(usr) && !String.IsNullOrEmpty(psw))
- {
- // perform login
- LoginUser(usr, psw, chkRemember.Checked, String.Empty, String.Empty);
- }
- }
+ // autologin
+ string usr = Request["u"];
+ if (String.IsNullOrEmpty(usr))
+ usr = Request["user"];
- private void EnsureSCPA()
- {
- var enabledScpa = ES.Services.Authentication.GetSystemSetupMode();
- //
- if (enabledScpa == false)
- {
- return;
- }
- //
- Response.Redirect(EditUrl("scpa"), true);
- }
+ string psw = Request["p"];
+ if (String.IsNullOrEmpty(psw))
+ psw = Request["pwd"];
+ if (String.IsNullOrEmpty(psw))
+ psw = Request["password"];
- private void BindControls()
- {
- // load languages
- PortalUtils.LoadCultureDropDownList(ddlLanguage);
+ if (!String.IsNullOrEmpty(usr) && !String.IsNullOrEmpty(psw))
+ {
+ // perform login
+ LoginUser(usr, psw, chkRemember.Checked, String.Empty, String.Empty);
+ }
+ }
- // load themes
- PortalUtils.LoadThemesDropDownList(ddlTheme);
+ private void EnsureSCPA()
+ {
+ var enabledScpa = ES.Services.Authentication.GetSystemSetupMode();
+ //
+ if (enabledScpa == false)
+ {
+ return;
+ }
+ //
+ Response.Redirect(EditUrl("scpa"), true);
+ }
- // try to get the last login name from cookie
- HttpCookie cookie = Request.Cookies["WebsitePanelLogin"];
- if (cookie != null)
- {
- txtUsername.Text = cookie.Value;
- }
- }
+ private void BindControls()
+ {
+ // load languages
+ PortalUtils.LoadCultureDropDownList(ddlLanguage);
- protected void cmdForgotPassword_Click(object sender, EventArgs e)
- {
- Response.Redirect(EditUrl("forgot_password"), true);
- }
+ // load themes
+ PortalUtils.LoadThemesDropDownList(ddlTheme);
- protected void btnLogin_Click(object sender, EventArgs e)
- {
- // validate input
- if (!Page.IsValid)
- return;
+ // try to get the last login name from cookie
+ HttpCookie cookie = Request.Cookies["WebsitePanelLogin"];
+ if (cookie != null)
+ {
+ txtUsername.Text = cookie.Value;
+ }
+ }
- // perform login
- LoginUser(txtUsername.Text.Trim(), txtPassword.Text, chkRemember.Checked,
- ddlLanguage.SelectedValue, ddlTheme.SelectedValue);
- }
+ protected void cmdForgotPassword_Click(object sender, EventArgs e)
+ {
+ Response.Redirect(EditUrl("forgot_password"), true);
+ }
- private void LoginUser(string username, string password, bool rememberLogin,
- string preferredLocale, string theme)
- {
- // status
- int loginStatus = PortalUtils.AuthenticateUser(username, password, ipAddress,
- rememberLogin, preferredLocale, theme);
+ protected void btnLogin_Click(object sender, EventArgs e)
+ {
+ // validate input
+ if (!Page.IsValid)
+ return;
- if (loginStatus < 0)
- {
+ // perform login
+ LoginUser(txtUsername.Text.Trim(), txtPassword.Text, chkRemember.Checked,
+ ddlLanguage.SelectedValue, ddlTheme.SelectedValue);
+ }
+
+ private void LoginUser(string username, string password, bool rememberLogin,
+ string preferredLocale, string theme)
+ {
+ // status
+ int loginStatus = PortalUtils.AuthenticateUser(username, password, ipAddress,
+ rememberLogin, preferredLocale, theme);
+
+ if (loginStatus < 0)
+ {
ShowWarningMessage("WrongLogin");
- }
- else
- {
+ }
+ else
+ {
// redirect by shortcut
ShortcutRedirect();
// standard redirect
- Response.Redirect(RedirectUrl, true);
- }
- }
+ Response.Redirect(RedirectUrl, true);
+ }
+ }
private void ShortcutRedirect()
{
@@ -223,22 +248,22 @@ namespace WebsitePanel.Portal
}
}
- private void SetCurrentLanguage()
- {
+ private void SetCurrentLanguage()
+ {
PortalUtils.SetCurrentLanguage(ddlLanguage.SelectedValue);
Response.Redirect(Request.Url.ToString());
-
- }
-
- protected void ddlLanguage_SelectedIndexChanged(object sender, EventArgs e)
- {
- SetCurrentLanguage();
+
}
- protected void ddlTheme_SelectedIndexChanged(object sender, EventArgs e)
- {
- PortalUtils.SetCurrentTheme(ddlTheme.SelectedValue);
- Response.Redirect(Request.Url.ToString());
- }
- }
+ protected void ddlLanguage_SelectedIndexChanged(object sender, EventArgs e)
+ {
+ SetCurrentLanguage();
+ }
+
+ protected void ddlTheme_SelectedIndexChanged(object sender, EventArgs e)
+ {
+ PortalUtils.SetCurrentTheme(ddlTheme.SelectedValue);
+ Response.Redirect(Request.Url.ToString());
+ }
+ }
}
\ No newline at end of file
diff --git a/WebsitePanel/Sources/WebsitePanel.WebPortal/Web.config b/WebsitePanel/Sources/WebsitePanel.WebPortal/Web.config
index 48f0315d..01cb22c8 100644
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/Web.config
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/Web.config
@@ -4,6 +4,7 @@
+
@@ -19,7 +20,7 @@
-
+
@@ -47,5 +48,8 @@
-
+
+
+
+
\ No newline at end of file
diff --git a/WebsitePanel/Sources/WebsitePanel.WebPortal/WebsitePanel.WebPortal.csproj b/WebsitePanel/Sources/WebsitePanel.WebPortal/WebsitePanel.WebPortal.csproj
index 8e5646ec..00a1c8b1 100644
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/WebsitePanel.WebPortal.csproj
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/WebsitePanel.WebPortal.csproj
@@ -157,6 +157,7 @@
+
ASPXCodeBehind