using System;

using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Security.Cryptography;
using System.IO;
using System.Text;
using System.Web.Security;

public partial class Login : System.Web.UI.Page

{
string var_Username;
//string var_Password;
string var_Rights;
string var_Department;
SqlConnection con = new
SqlConnection(ConfigurationManager.ConnectionStrings["conn"].ConnectionString);
SqlCommand com = new SqlCommand();
SqlDataReader dr;
protected void Page_Load(object sender, EventArgs e)
{
txt_UserID.Focus();
Response.Buffer = true;
Response.Expires = 0;
Response.ExpiresAbsolute = DateTime.Now.AddDays(-1);
Response.CacheControl = "no-cache";
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.Now);
FormsAuthentication.SignOut();
if (!
string.IsNullOrEmpty(Convert.ToString(HttpContext.Current.Request.QueryString["empi
d"])) && !
string.IsNullOrEmpty(Convert.ToString(HttpContext.Current.Request.QueryString["logi
nid"])))
{
txt_UserID.Text =
ASCIIEncoding.ASCII.GetString(Convert.FromBase64String(Request.QueryString["empid"]
));
lnklogin_click(sender, e);
}
else

//Redirect to common lapizportal page encr

//Response.Redirect("http://10.10.10.30/LapizPortal/login.aspx");

txt_UserID.Focus();
Response.Buffer = true;
Response.Expires = 0;
Response.ExpiresAbsolute = DateTime.Now.AddDays(-1);
Response.CacheControl = "no-cache";
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.Now);
Session["userid"] = "";
Session["username"] = "";
 Session["rights"] = "";
con.Close();
}
protected void lnklogin_click(object sender, EventArgs e)
{
try
{
Session["Userid"] = "";
Session["UserName"] = "";
Session["Department"] = "";

con.Close();
con.Open();
com.Connection = con;
com.CommandText = "select userid,username,password,rights,Department
from tbl_PMIS_Usermaster where UserID = '" + txt_UserID.Text + "'";
dr = com.ExecuteReader();
if (dr.HasRows)
{
while (dr.Read())
{

var_Username = (Convert.ToString(dr["userid"]));
//var_Password =
Decrypt((Convert.ToString(dr["password"]))).ToLower();
var_Rights = (Convert.ToString(dr["rights"]));
var_Department = Convert.ToString(dr["Department"]);
Session["Userid"] = Convert.ToString(dr["userid"]);
Session["UserName"] = Convert.ToString(dr["username"]);
Session["Rights"] = Convert.ToString(dr["rights"]);
Session["Department"] = Convert.ToString(dr["Department"]);

if (var_Username.ToLower() == txt_UserID.Text.ToLower())
{
if (Session["Rights"].ToString().Trim() == "Administrator")
{
Session["sessiontype"] = "PM";
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(1, "1", DateTime.Now, DateTime.Now.AddMinutes(10), false,
"1");
string sMyCookie = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName, sMyCookie);
Response.Cookies.Add(cookie);
txt_UserID.Text = string.Empty;
txt_Password.Value = string.Empty;
Response.Redirect("Dashboard.aspx");
}

else if (Session["Rights"].ToString().Trim() ==
"Developer")
{
Session["sessiontype"] = "Admin";
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(1, "1", DateTime.Now, DateTime.Now.AddMinutes(10), false,
"1");
string sMyCookie = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName, sMyCookie);
 Response.Cookies.Add(cookie);
txt_UserID.Text = string.Empty;
txt_Password.Value = string.Empty;
Response.Redirect("Dashboard.aspx");

}
else if (Session["Rights"].ToString().Trim() ==
"Requester")
{
Session["sessiontype"] = "Admin";
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(1, "1", DateTime.Now, DateTime.Now.AddMinutes(10), false,
"1");
string sMyCookie = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName, sMyCookie);
Response.Cookies.Add(cookie);
txt_UserID.Text = string.Empty;
txt_Password.Value = string.Empty;
Response.Redirect("Dashboard.aspx");

}
else if (Session["Rights"].ToString().Trim() == "Team
Leader")
{
Session["sessiontype"] = "TL";
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(1, "1", DateTime.Now, DateTime.Now.AddMinutes(10), false,
"1");
string sMyCookie = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName, sMyCookie);
Response.Cookies.Add(cookie);
txt_UserID.Text = string.Empty;
txt_Password.Value = string.Empty;
Response.Redirect("Dashboard.aspx");
}
else if (Session["Rights"].ToString().Trim() ==
"Requester/Manager")
{
Session["sessiontype"] = "Mngr";
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(1, "1", DateTime.Now, DateTime.Now.AddMinutes(10), false,
"1");
string sMyCookie = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName, sMyCookie);
Response.Cookies.Add(cookie);
txt_UserID.Text = string.Empty;
txt_Password.Value = string.Empty;
Response.Redirect("Dashboard.aspx");
}
}
else
{
ScriptManager.RegisterStartupScript(this, GetType(),
"mismatch", "swal('Password is Incorrect!')", true);
txt_Password.Focus();
}
 }
}
else
{
//ScriptManager.RegisterStartupScript(this, GetType(), "showalert",
"alert('UserID is Incorrect');", true);
ScriptManager.RegisterStartupScript(this, GetType(), "mismatch",
"swal('UserID is Incorrect!')", true);
}
}
catch (Exception ex)
{
ScriptManager.RegisterStartupScript(this, GetType(), "showalert",
"swal(" + ex + ");", true);
}
}
private string Encrypt(string clearText)
{
string EncryptionKey = "$321SeCiVrEsLaTiGiDZiPaL";
byte[] clearBytes = Encoding.Unicode.GetBytes(clearText);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new
byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65,
0x76 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms,
encryptor.CreateEncryptor(), CryptoStreamMode.Write))
{
cs.Write(clearBytes, 0, clearBytes.Length);
cs.Close();
}
clearText = Convert.ToBase64String(ms.ToArray());
}
}
return clearText;
}
/// <summary>
/// Decryption For Login Password
/// </summary>
/// <param name="cipherText"></param>
/// <returns></returns>
private string Decrypt(string cipherText)
{
string EncryptionKey = "$321SeCiVrEsLaTiGiDZiPaL";
byte[] cipherBytes = Convert.FromBase64String(cipherText);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new
byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65,
0x76 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms,
encryptor.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(cipherBytes, 0, cipherBytes.Length);
cs.Close();
}
cipherText = Encoding.Unicode.GetString(ms.ToArray());
}
}
return cipherText;
}
}