using DevExpress.Web.Mvc; using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Web; using System.Web.Mvc; using System.Web.Security; using OSS.Models; using Microsoft.Security.Application; using OSS.Repositories; using System.Net; using System.Net.Mail; namespace OSS.Controllers { public class HomeController : Controller { private OSSDBContext myContext = new OSSDBContext(); public ActionResult Index(string msg = null) { if (msg != null) { ViewBag.Success = "Succcessfully registered, please login"; } return View(); } public ActionResult ResetPassword( string _status) { if(_status =="new") { ViewBag.Success = ""; ViewBag.Error = ""; } if(_status=="Success") { ViewBag.Success = "Success"; } if (_status == "Error") { ViewBag.Error = "Error"; } if (_status == "Invalid") { ViewBag.Error = "Invalid"; } return View(); } public ActionResult Register() { var _countryObject = new InvestorRepository(); var _listofCountry = _countryObject.CreateCountry(); return View("Register",_listofCountry); } public static string getHashedMD5Password(string input) { using (System.Security.Cryptography.MD5 md5 = System.Security.Cryptography.MD5.Create()) { byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input); byte[] hashBytes = md5.ComputeHash(inputBytes); StringBuilder sb = new StringBuilder(); for (int i = 0; i < hashBytes.Length; i++) { sb.Append(hashBytes[i].ToString("X2")); } return sb.ToString(); } } [HttpPost] [ValidateAntiForgeryToken] public ActionResult login(LoginViewModel model, string ReturnUrl) { try { var encryptedPass = getHashedMD5Password(Sanitizer.GetSafeHtmlFragment(model.Password)); var getUserEmail = Sanitizer.GetSafeHtmlFragment(model.CompanyEmail); var getUser = myContext.InvestorExternl.SingleOrDefault(t => t.CompanyEmail == model.CompanyEmail && t.LoginPassword == encryptedPass && t.Status == true); if (getUser != null) { if (Url.IsLocalUrl(ReturnUrl)) { return Redirect(ReturnUrl); } else { Session["CompanyTIN"] = getUser.CompanyTIN; Session["CompanyEmail"] = getUser.CompanyEmail; FormsAuthentication.RedirectFromLoginPage(model.CompanyEmail, true); FormsAuthentication.SetAuthCookie(model.CompanyEmail, true); return RedirectToAction("Index", "Welcome"); } } ViewBag.Error = "Invalid login attempt. or Account is locked"; return View("Index"); } catch(Exception ex) { ViewBag.Error = "Invalid operation . or Account is locked"; return View("Index"); } } public ActionResult Logout() { Session.RemoveAll(); Session.Abandon(); Session.Clear(); FormsAuthentication.SignOut(); return RedirectToAction("Index", "Home"); } public ActionResult RegisterUser(string usr) { if(usr=="new") { ViewBag.Error = ""; } var _countryObject = new InvestorRepository(); var _listofCountry = _countryObject.CreateCountry(); return View("RegisterUser", _listofCountry); } public string GenerateRandom() { Random Ino = new Random(); long ran_no = Ino.Next(1, 100); DateTime now = DateTime.Now; return "Inv"+"@"+ran_no.ToString() + now.Month + now.Day; } public ActionResult GetCountry() { var repo = new Countries(); IEnumerable regions = repo.GetCountries(); return Json(regions, JsonRequestBehavior.AllowGet); } [ValidateAntiForgeryToken] [ValidateInput(true)] public ActionResult ProcessRegistration(InvestorProfileExternal model) { if (ModelState.IsValid) { var UserPass = getHashedMD5Password(model.LoginPassword); InvestorProfileExternal addnewProfile = new InvestorProfileExternal(); var checkIfExists = myContext.InvestorExternl.SingleOrDefault(t => t.CompanyEmail == model.CompanyEmail); if (checkIfExists == null) { addnewProfile.CompanyEmail = Sanitizer.GetSafeHtmlFragment(model.CompanyEmail); addnewProfile.CompanyName = Sanitizer.GetSafeHtmlFragment(model.CompanyName); addnewProfile.FirstName = Sanitizer.GetSafeHtmlFragment(model.FirstName); addnewProfile.MiddleName= Sanitizer.GetSafeHtmlFragment(model.FirstName); addnewProfile.LastName = Sanitizer.GetSafeHtmlFragment(model.LastName); addnewProfile.LoginPassword = getHashedMD5Password(model.LoginPassword); addnewProfile.Position = Sanitizer.GetSafeHtmlFragment(model.Position); addnewProfile.Mobile = Sanitizer.GetSafeHtmlFragment(model.Mobile); addnewProfile.AlternativeEmail= Sanitizer.GetSafeHtmlFragment(model.AlternativeEmail); addnewProfile.NIDAOrPassport = Sanitizer.GetSafeHtmlFragment(model.NIDAOrPassport); addnewProfile.CreatedDate = DateTime.Now; addnewProfile.Status = true; addnewProfile.VerificationStatus = "Waiting"; addnewProfile.UpdatedDate = DateTime.Now; addnewProfile.Nationality= Sanitizer.GetSafeHtmlFragment(model.Nationality); myContext.InvestorExternl.Add(addnewProfile); myContext.SaveChanges(); return RedirectToAction("Index", "Home", new { msg = "Login using the username and password created" }); } else { ViewBag.Error = "Account Already Exists"; var _countryObject = new InvestorRepository(); var _listofCountry = _countryObject.CreateCountry(); return View("RegisterUser", _listofCountry); } } else { ViewBag.Error = "Error! invalid input detected , please fill proper details when creating user account"; var _countryObject = new InvestorRepository(); var _listofCountry = _countryObject.CreateCountry(); return View("RegisterUser", _listofCountry); } } [ValidateAntiForgeryToken] [ValidateInput(true)] public ActionResult ProcessResetPassword(InvestorProfileExternal model) { try { string UserPass = getHashedMD5Password(GenerateRandom()); var fromAddress = new MailAddress("noreply@tic.go.tz", "Onestop shop system"); var toAddress = new MailAddress(model.AlternativeEmail, "To Name"); const string fromPassword = "Ticpass@12"; const string subject = "TIC Onestopshop password reset"; string body = "Your password has been successfully change : Please use " + GenerateRandom() + " as your password and remeber to change your password" ; var smtp = new SmtpClient { Host = "smtp4.eganet.go.tz", Port = 25, EnableSsl = false, Credentials = new NetworkCredential("noreply@tic.go.tz", fromPassword) }; using (var message = new MailMessage(fromAddress, toAddress) { Subject = subject, Body = body }) { var checkIfAExists = myContext.InvestorExternl.SingleOrDefault(t => t.CompanyEmail == model.CompanyEmail & t.Mobile== model.Mobile); if(checkIfAExists!=null) { smtp.Send(message); checkIfAExists.LoginPassword = UserPass; myContext.SaveChanges(); return RedirectToAction("ResetPassword", "Home", new { _status = "Success" }); } else { return RedirectToAction("ResetPassword", "Home", new { _status = "Invalid" }); } } } catch (Exception ex) { return RedirectToAction("ResetPassword", "Home", new { _status = "Error" }); } } } }