zydronium/websitepanel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Websitepanel user account lockout and state management added

Browse source
This commit is contained in:
robvde 2012-07-30 11:19:50 +04:00
parent 008fc296d5
commit 72348041f0
27 changed files with 1705 additions and 373 deletions
Download patch file Download diff file Expand all files Collapse all files

790
WebsitePanel/Database/update_db.sql
View file

@ -1009,6 +1009,15 @@ END
GO
IF NOT EXISTS(select 1 from sys.columns COLS INNER JOIN sys.objects OBJS ON OBJS.object_id=COLS.object_id and OBJS.type='U' AND OBJS.name='Users' AND COLS.name='LoginStatusId')
BEGIN
ALTER TABLE [dbo].[Users] ADD
[LoginStatusId] [int] NULL,
[FailedLogins] [int] NULL
END
GO
IF NOT EXISTS(select 1 from sys.columns COLS INNER JOIN sys.objects OBJS ON OBJS.object_id=COLS.object_id and OBJS.type='U' AND OBJS.name='GlobalDnsRecords' AND COLS.name='SrvPriority')
BEGIN
ALTER TABLE [dbo].[GlobalDnsRecords] ADD
@ -1028,6 +1037,19 @@ UPDATE [dbo].[ResourceGroups] SET ShowGroup=1
GO
ALTER VIEW [dbo].[UsersDetailed]
AS
SELECT U.UserID, U.RoleID, U.StatusID, U.LoginStatusId, U.FailedLogins, U.OwnerID, U.Created, U.Changed, U.IsDemo, U.Comments, U.IsPeer, U.Username, U.FirstName, U.LastName, U.Email,
U.CompanyName, U.FirstName + ' ' + U.LastName AS FullName, UP.Username AS OwnerUsername, UP.FirstName AS OwnerFirstName,
UP.LastName AS OwnerLastName, UP.RoleID AS OwnerRoleID, UP.FirstName + ' ' + UP.LastName AS OwnerFullName, UP.Email AS OwnerEmail, UP.RoleID AS Expr1,
(SELECT COUNT(PackageID) AS Expr1
FROM dbo.Packages AS P
WHERE (UserID = U.UserID)) AS PackagesNumber, U.EcommerceEnabled
FROM dbo.Users AS U LEFT OUTER JOIN
dbo.Users AS UP ON U.OwnerID = UP.UserID
GO
ALTER PROCEDURE [dbo].[AddDnsRecord]
(
@ActorID int,
@ -3920,6 +3942,169 @@ GO
ALTER PROCEDURE [dbo].[AddUser]
(
@ActorID int,
@UserID int OUTPUT,
@OwnerID int,
@RoleID int,
@StatusID int,
@LoginStatusID int,
@IsDemo bit,
@IsPeer bit,
@Comments ntext,
@Username nvarchar(50),
@Password nvarchar(200),
@FirstName nvarchar(50),
@LastName nvarchar(50),
@Email nvarchar(255),
@SecondaryEmail nvarchar(255),
@Address nvarchar(200),
@City nvarchar(50),
@State nvarchar(50),
@Country nvarchar(50),
@Zip varchar(20),
@PrimaryPhone varchar(30),
@SecondaryPhone varchar(30),
@Fax varchar(30),
@InstantMessenger nvarchar(200),
@HtmlMail bit,
@CompanyName nvarchar(100),
@EcommerceEnabled bit
)
AS
-- check if the user already exists
IF EXISTS(SELECT UserID FROM Users WHERE Username = @Username)
BEGIN
SET @UserID = -1
RETURN
END
-- check actor rights
IF dbo.CanCreateUser(@ActorID, @OwnerID) = 0
BEGIN
SET @UserID = -2
RETURN
END
INSERT INTO Users
(
OwnerID,
RoleID,
StatusID,
LoginStatusID,
Created,
Changed,
IsDemo,
IsPeer,
Comments,
Username,
Password,
FirstName,
LastName,
Email,
SecondaryEmail,
Address,
City,
State,
Country,
Zip,
PrimaryPhone,
SecondaryPhone,
Fax,
InstantMessenger,
HtmlMail,
CompanyName,
EcommerceEnabled
)
VALUES
(
@OwnerID,
@RoleID,
@StatusID,
@LoginStatusID,
GetDate(),
GetDate(),
@IsDemo,
@IsPeer,
@Comments,
@Username,
@Password,
@FirstName,
@LastName,
@Email,
@SecondaryEmail,
@Address,
@City,
@State,
@Country,
@Zip,
@PrimaryPhone,
@SecondaryPhone,
@Fax,
@InstantMessenger,
@HtmlMail,
@CompanyName,
@EcommerceEnabled
)
SET @UserID = SCOPE_IDENTITY()
RETURN
GO
ALTER PROCEDURE [dbo].[GetUserById]
(
@ActorID int,
@UserID int
)
AS
-- user can retrieve his own account, his users accounts
-- and his reseller account (without pasword)
SELECT
U.UserID,
U.RoleID,
U.StatusID,
U.LoginStatusId,
U.FailedLogins,
U.OwnerID,
U.Created,
U.Changed,
U.IsDemo,
U.Comments,
U.IsPeer,
U.Username,
CASE WHEN dbo.CanGetUserPassword(@ActorID, @UserID) = 1 THEN U.Password
ELSE '' END AS Password,
U.FirstName,
U.LastName,
U.Email,
U.SecondaryEmail,
U.Address,
U.City,
U.State,
U.Country,
U.Zip,
U.PrimaryPhone,
U.SecondaryPhone,
U.Fax,
U.InstantMessenger,
U.HtmlMail,
U.CompanyName,
U.EcommerceEnabled,
U.[AdditionalParams]
FROM Users AS U
WHERE U.UserID = @UserID
AND dbo.CanGetUserDetails(@ActorID, @UserID) = 1 -- actor user rights
RETURN
GO
@ -3931,3 +4116,608 @@ GO
ALTER PROCEDURE [dbo].[GetUserByIdInternally]
(
@UserID int
)
AS
SELECT
U.UserID,
U.RoleID,
U.StatusID,
U.LoginStatusId,
U.FailedLogins,
U.OwnerID,
U.Created,
U.Changed,
U.IsDemo,
U.Comments,
U.IsPeer,
U.Username,
U.Password,
U.FirstName,
U.LastName,
U.Email,
U.SecondaryEmail,
U.Address,
U.City,
U.State,
U.Country,
U.Zip,
U.PrimaryPhone,
U.SecondaryPhone,
U.Fax,
U.InstantMessenger,
U.HtmlMail,
U.CompanyName,
U.EcommerceEnabled,
U.[AdditionalParams]
FROM Users AS U
WHERE U.UserID = @UserID
RETURN
GO
ALTER PROCEDURE [dbo].[GetUserByUsername]
(
@ActorID int,
@Username nvarchar(50)
)
AS
SELECT
U.UserID,
U.RoleID,
U.StatusID,
U.LoginStatusId,
U.FailedLogins,
U.OwnerID,
U.Created,
U.Changed,
U.IsDemo,
U.Comments,
U.IsPeer,
U.Username,
CASE WHEN dbo.CanGetUserPassword(@ActorID, UserID) = 1 THEN U.Password
ELSE '' END AS Password,
U.FirstName,
U.LastName,
U.Email,
U.SecondaryEmail,
U.Address,
U.City,
U.State,
U.Country,
U.Zip,
U.PrimaryPhone,
U.SecondaryPhone,
U.Fax,
U.InstantMessenger,
U.HtmlMail,
U.CompanyName,
U.EcommerceEnabled,
U.[AdditionalParams]
FROM Users AS U
WHERE U.Username = @Username
AND dbo.CanGetUserDetails(@ActorID, UserID) = 1 -- actor user rights
RETURN
GO
ALTER PROCEDURE [dbo].[GetUserByUsernameInternally]
(
@Username nvarchar(50)
)
AS
SELECT
U.UserID,
U.RoleID,
U.StatusID,
U.LoginStatusId,
U.FailedLogins,
U.OwnerID,
U.Created,
U.Changed,
U.IsDemo,
U.Comments,
U.IsPeer,
U.Username,
U.Password,
U.FirstName,
U.LastName,
U.Email,
U.SecondaryEmail,
U.Address,
U.City,
U.State,
U.Country,
U.Zip,
U.PrimaryPhone,
U.SecondaryPhone,
U.Fax,
U.InstantMessenger,
U.HtmlMail,
U.CompanyName,
U.EcommerceEnabled,
U.[AdditionalParams]
FROM Users AS U
WHERE U.Username = @Username
RETURN
GO
ALTER PROCEDURE [dbo].[GetUserDomainsPaged]
(
@ActorID int,
@UserID int,
@FilterColumn nvarchar(50) = '',
@FilterValue nvarchar(50) = '',
@SortColumn nvarchar(50),
@StartRow int,
@MaximumRows int
)
AS
-- build query and run it to the temporary table
DECLARE @sql nvarchar(2000)
SET @sql = '
DECLARE @HasUserRights bit
SET @HasUserRights = dbo.CheckActorUserRights(@ActorID, @UserID)
DECLARE @EndRow int
SET @EndRow = @StartRow + @MaximumRows
DECLARE @Users TABLE
(
ItemPosition int IDENTITY(1,1),
UserID int,
DomainID int
)
INSERT INTO @Users (UserID, DomainID)
SELECT
U.UserID,
D.DomainID
FROM Users AS U
INNER JOIN UsersTree(@UserID, 1) AS UT ON U.UserID = UT.UserID
LEFT OUTER JOIN Packages AS P ON U.UserID = P.UserID
LEFT OUTER JOIN Domains AS D ON P.PackageID = D.PackageID
WHERE
U.UserID <> @UserID AND U.IsPeer = 0
AND @HasUserRights = 1 '
IF @FilterColumn <> '' AND @FilterValue <> ''
SET @sql = @sql + ' AND ' + @FilterColumn + ' LIKE @FilterValue '
IF @SortColumn <> '' AND @SortColumn IS NOT NULL
SET @sql = @sql + ' ORDER BY ' + @SortColumn + ' '
SET @sql = @sql + ' SELECT COUNT(UserID) FROM @Users;
SELECT
U.UserID,
U.RoleID,
U.StatusID,
U.LoginStatusId,
U.FailedLogins,
U.OwnerID,
U.Created,
U.Changed,
U.IsDemo,
U.Comments,
U.IsPeer,
U.Username,
U.FirstName,
U.LastName,
U.Email,
D.DomainName
FROM @Users AS TU
INNER JOIN Users AS U ON TU.UserID = U.UserID
LEFT OUTER JOIN Domains AS D ON TU.DomainID = D.DomainID
WHERE TU.ItemPosition BETWEEN @StartRow AND @EndRow'
exec sp_executesql @sql, N'@StartRow int, @MaximumRows int, @UserID int, @FilterValue nvarchar(50), @ActorID int',
@StartRow, @MaximumRows, @UserID, @FilterValue, @ActorID
RETURN
GO
ALTER PROCEDURE [dbo].[GetUserParents]
(
@ActorID int,
@UserID int
)
AS
-- check rights
IF dbo.CheckActorUserRights(@ActorID, @UserID) = 0
RAISERROR('You are not allowed to access this account', 16, 1)
SELECT
U.UserID,
U.RoleID,
U.StatusID,
U.LoginStatusId,
U.FailedLogins,
U.OwnerID,
U.Created,
U.Changed,
U.IsDemo,
U.Comments,
U.IsPeer,
U.Username,
U.FirstName,
U.LastName,
U.Email,
U.CompanyName,
U.EcommerceEnabled
FROM UserParents(@ActorID, @UserID) AS UP
INNER JOIN Users AS U ON UP.UserID = U.UserID
ORDER BY UP.UserOrder DESC
RETURN
GO
ALTER PROCEDURE [dbo].[GetUserPeers]
(
@ActorID int,
@UserID int
)
AS
DECLARE @CanGetDetails bit
SET @CanGetDetails = dbo.CanGetUserDetails(@ActorID, @UserID)
SELECT
U.UserID,
U.RoleID,
U.StatusID,
U.LoginStatusId,
U.FailedLogins,
U.OwnerID,
U.Created,
U.Changed,
U.IsDemo,
U.Comments,
U.IsPeer,
U.Username,
U.FirstName,
U.LastName,
U.Email,
U.FullName,
(U.FirstName + ' ' + U.LastName) AS FullName,
U.CompanyName,
U.EcommerceEnabled
FROM UsersDetailed AS U
WHERE U.OwnerID = @UserID AND IsPeer = 1
AND @CanGetDetails = 1 -- actor rights
RETURN
GO
ALTER PROCEDURE [dbo].[GetUsers]
(
@ActorID int,
@OwnerID int,
@Recursive bit = 0
)
AS
DECLARE @CanGetDetails bit
SET @CanGetDetails = dbo.CanGetUserDetails(@ActorID, @OwnerID)
SELECT
U.UserID,
U.RoleID,
U.StatusID,
U.LoginStatusId,
U.FailedLogins,
U.OwnerID,
U.Created,
U.Changed,
U.IsDemo,
U.Comments,
U.IsPeer,
U.Username,
U.FirstName,
U.LastName,
U.Email,
U.FullName,
U.OwnerUsername,
U.OwnerFirstName,
U.OwnerLastName,
U.OwnerRoleID,
U.OwnerFullName,
U.PackagesNumber,
U.CompanyName,
U.EcommerceEnabled
FROM UsersDetailed AS U
WHERE U.UserID <> @OwnerID AND
((@Recursive = 1 AND dbo.CheckUserParent(@OwnerID, U.UserID) = 1) OR
(@Recursive = 0 AND U.OwnerID = @OwnerID))
AND U.IsPeer = 0
AND @CanGetDetails = 1 -- actor user rights
RETURN
GO
ALTER PROCEDURE [dbo].[GetUsersPaged]
(
@ActorID int,
@UserID int,
@FilterColumn nvarchar(50) = '',
@FilterValue nvarchar(50) = '',
@StatusID int,
@RoleID int,
@SortColumn nvarchar(50),
@StartRow int,
@MaximumRows int,
@Recursive bit
)
AS
-- build query and run it to the temporary table
DECLARE @sql nvarchar(2000)
SET @sql = '
DECLARE @HasUserRights bit
SET @HasUserRights = dbo.CheckActorUserRights(@ActorID, @UserID)
DECLARE @EndRow int
SET @EndRow = @StartRow + @MaximumRows
DECLARE @Users TABLE
(
ItemPosition int IDENTITY(0,1),
UserID int
)
INSERT INTO @Users (UserID)
SELECT
U.UserID
FROM UsersDetailed AS U
WHERE
U.UserID <> @UserID AND U.IsPeer = 0 AND
(
(@Recursive = 0 AND OwnerID = @UserID) OR
(@Recursive = 1 AND dbo.CheckUserParent(@UserID, U.UserID) = 1)
)
AND ((@StatusID = 0) OR (@StatusID > 0 AND U.StatusID = @StatusID))
AND ((@RoleID = 0) OR (@RoleID > 0 AND U.RoleID = @RoleID))
AND @HasUserRights = 1 '
IF @FilterColumn <> '' AND @FilterValue <> ''
SET @sql = @sql + ' AND ' + @FilterColumn + ' LIKE @FilterValue '
IF @SortColumn <> '' AND @SortColumn IS NOT NULL
SET @sql = @sql + ' ORDER BY ' + @SortColumn + ' '
SET @sql = @sql + ' SELECT COUNT(UserID) FROM @Users;
SELECT
U.UserID,
U.RoleID,
U.StatusID,
U.LoginStatusId,
U.FailedLogins,
U.OwnerID,
U.Created,
U.Changed,
U.IsDemo,
dbo.GetItemComments(U.UserID, ''USER'', @ActorID) AS Comments,
U.IsPeer,
U.Username,
U.FirstName,
U.LastName,
U.Email,
U.FullName,
U.OwnerUsername,
U.OwnerFirstName,
U.OwnerLastName,
U.OwnerRoleID,
U.OwnerFullName,
U.OwnerEmail,
U.PackagesNumber,
U.CompanyName,
U.EcommerceEnabled
FROM @Users AS TU
INNER JOIN UsersDetailed AS U ON TU.UserID = U.UserID
WHERE TU.ItemPosition BETWEEN @StartRow AND @EndRow'
exec sp_executesql @sql, N'@StartRow int, @MaximumRows int, @UserID int, @FilterValue nvarchar(50), @ActorID int, @Recursive bit, @StatusID int, @RoleID int',
@StartRow, @MaximumRows, @UserID, @FilterValue, @ActorID, @Recursive, @StatusID, @RoleID
RETURN
GO
ALTER PROCEDURE [dbo].[UpdateUser]
(
@ActorID int,
@UserID int,
@RoleID int,
@StatusID int,
@LoginStatusId int,
@IsDemo bit,
@IsPeer bit,
@Comments ntext,
@FirstName nvarchar(50),
@LastName nvarchar(50),
@Email nvarchar(255),
@SecondaryEmail nvarchar(255),
@Address nvarchar(200),
@City nvarchar(50),
@State nvarchar(50),
@Country nvarchar(50),
@Zip varchar(20),
@PrimaryPhone varchar(30),
@SecondaryPhone varchar(30),
@Fax varchar(30),
@InstantMessenger nvarchar(200),
@HtmlMail bit,
@CompanyName nvarchar(100),
@EcommerceEnabled BIT,
@AdditionalParams NVARCHAR(max)
)
AS
-- check actor rights
IF dbo.CanUpdateUserDetails(@ActorID, @UserID) = 0
BEGIN
RETURN
END
IF @LoginStatusId = 0
BEGIN
UPDATE Users SET
FailedLogins = 0
WHERE UserID = @UserID
END
UPDATE Users SET
RoleID = @RoleID,
StatusID = @StatusID,
LoginStatusId = @LoginStatusId,
Changed = GetDate(),
IsDemo = @IsDemo,
IsPeer = @IsPeer,
Comments = @Comments,
FirstName = @FirstName,
LastName = @LastName,
Email = @Email,
SecondaryEmail = @SecondaryEmail,
Address = @Address,
City = @City,
State = @State,
Country = @Country,
Zip = @Zip,
PrimaryPhone = @PrimaryPhone,
SecondaryPhone = @SecondaryPhone,
Fax = @Fax,
InstantMessenger = @InstantMessenger,
HtmlMail = @HtmlMail,
CompanyName = @CompanyName,
EcommerceEnabled = @EcommerceEnabled,
[AdditionalParams] = @AdditionalParams
WHERE UserID = @UserID
RETURN
GO
IF NOT EXISTS (SELECT * FROM sys.objects WHERE type_desc = N'SQL_STORED_PROCEDURE' AND name = N'UpdateUserFailedLoginAttempt')
BEGIN
EXEC sp_executesql N' CREATE PROCEDURE [dbo].[UpdateUserFailedLoginAttempt]
(
@UserID int,
@LockOut int,
@Reset int
)
AS
IF (@Reset = 1)
BEGIN
UPDATE Users SET FailedLogins = 0 WHERE UserID = @UserID
END
ELSE
BEGIN
IF (@LockOut <= (SELECT FailedLogins FROM USERS WHERE UserID = @UserID))
BEGIN
UPDATE Users SET LoginStatusId = 2 WHERE UserID = @UserID
END
ELSE
BEGIN
IF ((SELECT FailedLogins FROM Users WHERE UserID = @UserID) IS NULL)
BEGIN
UPDATE Users SET FailedLogins = 1 WHERE UserID = @UserID
END
ELSE
UPDATE Users SET FailedLogins = FailedLogins + 1 WHERE UserID = @UserID
END
END'
END
GO