diff --git a/src/umbraco.businesslogic/BasePages/BasePage.cs b/src/umbraco.businesslogic/BasePages/BasePage.cs
index c5eb2ce75d..b0e367ebe0 100644
--- a/src/umbraco.businesslogic/BasePages/BasePage.cs
+++ b/src/umbraco.businesslogic/BasePages/BasePage.cs
@@ -2,22 +2,25 @@ using System;
using System.Data;
using System.Web;
using System.Linq;
+using System.Web.Security;
using umbraco.BusinessLogic;
using umbraco.DataLayer;
using umbraco.IO;
using System.Web.UI;
-namespace umbraco.BasePages {
+namespace umbraco.BasePages
+{
///
/// umbraco.BasePages.BasePage is the default page type for the umbraco backend.
/// The basepage keeps track of the current user and the page context. But does not
/// Restrict access to the page itself.
/// The keep the page secure, the umbracoEnsuredPage class should be used instead
///
- public class BasePage : System.Web.UI.Page {
+ public class BasePage : System.Web.UI.Page
+ {
private User _user;
private bool _userisValidated = false;
- private ClientTools m_clientTools;
+ private ClientTools m_clientTools;
// ticks per minute 600,000,000
private static long _ticksPrMinute = 600000000;
@@ -42,70 +45,78 @@ namespace umbraco.BasePages {
/// Gets the SQL helper.
///
/// The SQL helper.
- protected static ISqlHelper SqlHelper {
+ protected static ISqlHelper SqlHelper
+ {
get { return umbraco.BusinessLogic.Application.SqlHelper; }
}
///
/// Initializes a new instance of the class.
///
- public BasePage() {
+ public BasePage()
+ {
}
- ///
- /// Returns the current BasePage for the current request.
- /// This assumes that the current page is a BasePage, otherwise, returns null;
- ///
- public static BasePage Current
- {
- get
- {
- return HttpContext.Current.CurrentHandler as BasePage;
- }
- }
-
- ///
- /// Returns a refernce of an instance of ClientTools for access to the pages client API
- ///
- public ClientTools ClientTools
- {
- get
- {
- if (m_clientTools == null)
- m_clientTools = new ClientTools(this);
- return m_clientTools;
- }
- }
-
- [Obsolete("Use ClientTools instead")]
- public void RefreshPage(int Seconds)
- {
- ClientTools.RefreshAdmin(Seconds);
+ ///
+ /// Returns the current BasePage for the current request.
+ /// This assumes that the current page is a BasePage, otherwise, returns null;
+ ///
+ public static BasePage Current
+ {
+ get
+ {
+ return HttpContext.Current.CurrentHandler as BasePage;
+ }
}
- private void validateUser() {
- if ((umbracoUserContextID != "")) {
+ ///
+ /// Returns a refernce of an instance of ClientTools for access to the pages client API
+ ///
+ public ClientTools ClientTools
+ {
+ get
+ {
+ if (m_clientTools == null)
+ m_clientTools = new ClientTools(this);
+ return m_clientTools;
+ }
+ }
+
+ [Obsolete("Use ClientTools instead")]
+ public void RefreshPage(int Seconds)
+ {
+ ClientTools.RefreshAdmin(Seconds);
+ }
+
+ private void validateUser()
+ {
+ if ((umbracoUserContextID != ""))
+ {
uid = GetUserId(umbracoUserContextID);
timeout = GetTimeout(umbracoUserContextID);
- if (timeout > DateTime.Now.Ticks) {
+ if (timeout > DateTime.Now.Ticks)
+ {
_user = BusinessLogic.User.GetUser(uid);
// Check for console access
if (_user.Disabled || (_user.NoConsole && GlobalSettings.RequestIsInUmbracoApplication(HttpContext.Current) && !GlobalSettings.RequestIsLiveEditRedirector(HttpContext.Current)))
{
throw new ArgumentException("You have no priviledges to the umbraco console. Please contact your administrator");
- }
+ }
else
{
_userisValidated = true;
updateLogin();
}
- } else {
+ }
+ else
+ {
throw new ArgumentException("User has timed out!!");
}
- } else
+ }
+ else
throw new ArgumentException("The user has no umbraco contextid - try logging in");
}
@@ -114,9 +125,12 @@ namespace umbraco.BasePages {
///
/// The umbraco user context ID.
///
- public static int GetUserId(string umbracoUserContextID) {
- try {
- if (System.Web.HttpRuntime.Cache["UmbracoUserContext" + umbracoUserContextID] == null) {
+ public static int GetUserId(string umbracoUserContextID)
+ {
+ try
+ {
+ if (System.Web.HttpRuntime.Cache["UmbracoUserContext" + umbracoUserContextID] == null)
+ {
System.Web.HttpRuntime.Cache.Insert(
"UmbracoUserContext" + umbracoUserContextID,
SqlHelper.ExecuteScalar("select userID from umbracoUserLogins where contextID = @contextId",
@@ -131,7 +145,9 @@ namespace umbraco.BasePages {
return (int)System.Web.HttpRuntime.Cache["UmbracoUserContext" + umbracoUserContextID];
- } catch {
+ }
+ catch
+ {
return -1;
}
}
@@ -143,7 +159,8 @@ namespace umbraco.BasePages {
///
/// The umbraco user context ID.
///
- public static bool ValidateUserContextID(string currentUmbracoUserContextID) {
+ public static bool ValidateUserContextID(string currentUmbracoUserContextID)
+ {
if ((currentUmbracoUserContextID != ""))
{
int uid = GetUserId(currentUmbracoUserContextID);
@@ -153,14 +170,16 @@ namespace umbraco.BasePages {
{
return true;
}
-
+
BusinessLogic.Log.Add(BusinessLogic.LogTypes.Logout, BusinessLogic.User.GetUser(uid), -1, "");
}
return false;
}
- private static long GetTimeout(string umbracoUserContextID) {
- if (System.Web.HttpRuntime.Cache["UmbracoUserContextTimeout" + umbracoUserContextID] == null) {
+ private static long GetTimeout(string umbracoUserContextID)
+ {
+ if (System.Web.HttpRuntime.Cache["UmbracoUserContextTimeout" + umbracoUserContextID] == null)
+ {
System.Web.HttpRuntime.Cache.Insert(
"UmbracoUserContextTimeout" + umbracoUserContextID,
GetTimeout(true),
@@ -171,8 +190,8 @@ namespace umbraco.BasePages {
}
object timeout = HttpRuntime.Cache["UmbracoUserContextTimeout" + umbracoUserContextID];
- if(timeout != null)
- return (long) timeout;
+ if (timeout != null)
+ return (long)timeout;
return 0;
@@ -198,25 +217,58 @@ namespace umbraco.BasePages {
/// Gets or sets the umbraco user context ID.
///
/// The umbraco user context ID.
- public static string umbracoUserContextID {
+ public static string umbracoUserContextID
+ {
get
{
- // zb-00004 #29956 : refactor cookies names & handling
- if (StateHelper.Cookies.HasCookies && StateHelper.Cookies.UserContext.HasValue)
- return StateHelper.Cookies.UserContext.GetValue();
- else
- return "";
- }
- set {
- // zb-00004 #29956 : refactor cookies names & handling
- if (StateHelper.Cookies.HasCookies)
- {
- // Clearing all old cookies before setting a new one.
- if (StateHelper.Cookies.UserContext.HasValue)
- StateHelper.Cookies.ClearAll();
+ // zb-00004 #29956 : refactor cookies names & handling
+ if (StateHelper.Cookies.HasCookies && StateHelper.Cookies.UserContext.HasValue)
+ {
+ try
+ {
+ string encTicket = StateHelper.Cookies.UserContext.GetValue();
+ if (!String.IsNullOrEmpty(encTicket))
+ return FormsAuthentication.Decrypt(encTicket).UserData;
+ }
+ catch (HttpException ex)
+ {
+ // we swallow this type of exception as it happens if a legacy (pre 4.8.1) cookie is set
+ }
+ }
- // Create new cookie.
- StateHelper.Cookies.UserContext.SetValue(value, 1);
+ return "";
+ }
+ set
+ {
+ // zb-00004 #29956 : refactor cookies names & handling
+ if (StateHelper.Cookies.HasCookies)
+ {
+ // Clearing all old cookies before setting a new one.
+ if (StateHelper.Cookies.UserContext.HasValue)
+ StateHelper.Cookies.ClearAll();
+
+ if (!String.IsNullOrEmpty(value))
+ {
+ FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
+ value,
+ DateTime.Now,
+ DateTime.Now.AddDays(1),
+ false,
+ value,
+ FormsAuthentication.FormsCookiePath);
+
+ // Encrypt the ticket.
+ string encTicket = FormsAuthentication.Encrypt(ticket);
+
+
+ // Create new cookie.
+ StateHelper.Cookies.UserContext.SetValue(encTicket, 1);
+
+
+ } else
+ {
+ StateHelper.Cookies.UserContext.Clear();
+ }
}
}
}
@@ -261,7 +313,8 @@ namespace umbraco.BasePages {
/// Logs a user in.
///
/// The user
- public static void doLogin(User u) {
+ public static void doLogin(User u)
+ {
Guid retVal = Guid.NewGuid();
SqlHelper.ExecuteNonQuery(
"insert into umbracoUserLogins (contextID, userID, timeout) values (@contextId,'" + u.Id + "','" +
@@ -277,7 +330,8 @@ namespace umbraco.BasePages {
/// Gets the user.
///
///
- public User getUser() {
+ public User getUser()
+ {
if (!_userisValidated) validateUser();
return _user;
}
@@ -285,26 +339,28 @@ namespace umbraco.BasePages {
///
/// Ensures the page context.
///
- public void ensureContext() {
+ public void ensureContext()
+ {
validateUser();
}
-
- [Obsolete("Use ClientTools instead")]
- public void speechBubble(speechBubbleIcon i, string header, string body)
- {
- ClientTools.ShowSpeechBubble(i, header, body);
+
+ [Obsolete("Use ClientTools instead")]
+ public void speechBubble(speechBubbleIcon i, string header, string body)
+ {
+ ClientTools.ShowSpeechBubble(i, header, body);
}
- //[Obsolete("Use ClientTools instead")]
- //public void reloadParentNode()
- //{
- // ClientTools.ReloadParentNode(true);
- //}
+ //[Obsolete("Use ClientTools instead")]
+ //public void reloadParentNode()
+ //{
+ // ClientTools.ReloadParentNode(true);
+ //}
///
/// a collection of available speechbubble icons
///
- public enum speechBubbleIcon {
+ public enum speechBubbleIcon
+ {
///
/// Save icon
///
@@ -331,10 +387,12 @@ namespace umbraco.BasePages {
/// Raises the event.
///
/// The object that contains the event data.
- protected override void OnLoad(EventArgs e) {
+ protected override void OnLoad(EventArgs e)
+ {
base.OnLoad(e);
-
- if (!Request.IsSecureConnection && GlobalSettings.UseSSL) {
+
+ if (!Request.IsSecureConnection && GlobalSettings.UseSSL)
+ {
string serverName = HttpUtility.UrlEncode(Request.ServerVariables["SERVER_NAME"]);
Response.Redirect(string.Format("https://{0}{1}", serverName, Request.FilePath));
}