private const int OCSessionTimeOutSeconds = 60; //10 TIMED OUT OFTEN (SENDING TO 404 PAGE), TRYING 30 SECONDS. CHANGED TO 60 SECS BECAUSE OF TEMPORARY TIME DIFF BETWEEN THE TWO SERVERS /// <summary> /// Authenticates the given user. /// </summary> /// <param name="usUserName">The username to check.</param> /// <param name="usPassword">The password to check.</param> /// <returns>True if the login info is valid, false otherwise.</returns> public static bool AuthenticateUser(string usUserName, string usPassword) { string sUserName = usUserName.SQLEscape(); string sStoredHash = ""; DBConnect connect = new DBConnect(); try { connect.Connect(ConnectionsMgr.GetAuthConnInfo()); using (var queryUserAuthInfo = connect.Select(columnPassword, _Table.Users, string.Format("WHERE {0}='{1}'", columnUserName, sUserName))) { if (queryUserAuthInfo.AffectedRows <= 0) { connect.Close(); return(false); } queryUserAuthInfo.Read(); sStoredHash = Encoding.UTF8.GetString((byte[])queryUserAuthInfo.Field2(0)); } connect.Close(); return(MD5Crypt.Verify(usPassword, sStoredHash)); } catch (Exception ex) { ProgramLog.LogError(null, "Auth", "AuthenticateUser", ex.Message + " " + ex.StackTrace); connect.Close(); return(false); } }
/// <summary> /// Fetches user information based on the username. /// </summary> /// <param name="user">The user object.</param> /// <param name="usUserName">The username of the user.</param> /// <returns>True if successful, false otherwise.</returns> private static bool GetUserInfo(User user, string usUserName, bool isTest) { string sUserName = usUserName.SQLEscape(); List <string> partnerList = new List <string>(); List <PartnerDetail> partnerDetailList = new List <PartnerDetail>(); DBConnect connection = new DBConnect(); try { connection.Connect(ConnectionsMgr.GetAuthConnInfo()); using (var res = connection.Select(new[] { columnEmail, columnFirstName, columnLastName, columnLevel, columnOrgID, columnPartnerList }, tableUserInfo, string.Format("WHERE {0}='{1}'", columnUserName, sUserName))) { if (!res.Read()) { connection.Close(); return(false); } user.UserName = sUserName; user.Email = res.Field(0); user.FirstName = res.Field(1); user.LastName = res.Field(2); user.Level = (int)double.Parse(res.Field(3)); user.Customer = res.Field(4).ToUpper(); partnerList.AddRange(res.Field(5).Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries).Select(pt => pt.Trim())); } connection.Close(); // Set partner info connection.Connect(ConnectionsMgr.GetAdminConnInfo()); using (var res = connection.Select(new[] { columnPartner, columnPartnerName }, tablePartnerInfo, string.Format("WHERE {0} IN ({1})", columnPartner, string.Join(",", partnerList.Select(p => "'" + p + "'"))))) { while (res.Read()) { partnerDetailList.Add(new PartnerDetail() { ID = res.Field(0), FullName = res.Field(1) }); } } connection.Close(); if (partnerDetailList.Count == 0) { // No partners? ProgramLog.LogError(user.UserName, user.Customer, "EDIO", "SessionHandler", "GetUserInfo", string.Format("Unable to find partner list in {0} for user {1}.", tablePartnerInfo, user.UserName)); return(false); } user.PartnerList = partnerDetailList; user.PartnerIndex = 0; // Set connection IDs if (!ConnectionsMgr.SetConnIDs(user, isTest)) { // No Conn IDs? ProgramLog.LogError(user, "SessionHandler", "GetUserInfo", string.Format("Unable to get connection IDs for customer {0} and partner {1}.", user.Customer, user.ActivePartner)); return(false); } // Set extra company info. connection.Connect(ConnectionsMgr.GetOCConnInfo(user)); using (var res = connection.Select(columnCompanyName, tableCustomerInfo, string.Format("WHERE {0}='{1}'", columnCustomer, user.Customer))) { if (res.AffectedRows == 0) { // No company name? ProgramLog.LogError(user, "SessionHandler", "GetUserInfo", string.Format("Unable to find company name in {0} for customer {1}", tableCustomerInfo, user.Customer)); connection.Close(); return(false); } res.Read(); user.CompanyName = res.Field(0); } connection.Close(); return(true); } catch (Exception e) { ProgramLog.LogError("", "EDIO", "EDIO", "SessionHandler", "GetUserInfo", e.Message); return(false); } }