private const int OCSessionTimeOutSeconds = 60; //10 TIMED OUT OFTEN (SENDING TO 404 PAGE), TRYING 30 SECONDS. CHANGED TO 60 SECS BECAUSE OF TEMPORARY TIME DIFF BETWEEN THE TWO SERVERS
/// <summary>
/// Authenticates the given user.
/// </summary>
/// <param name="usUserName">The username to check.</param>
/// <param name="usPassword">The password to check.</param>
/// <returns>True if the login info is valid, false otherwise.</returns>
public static bool AuthenticateUser(string usUserName, string usPassword)
{
string sUserName = usUserName.SQLEscape();
string sStoredHash = "";
DBConnect connect = new DBConnect();
try
{
connect.Connect(ConnectionsMgr.GetAuthConnInfo());
using (var queryUserAuthInfo = connect.Select(columnPassword, _Table.Users, string.Format("WHERE {0}='{1}'", columnUserName, sUserName)))
{
if (queryUserAuthInfo.AffectedRows <= 0)
{
connect.Close();
return(false);
}
queryUserAuthInfo.Read();
sStoredHash = Encoding.UTF8.GetString((byte[])queryUserAuthInfo.Field2(0));
}
connect.Close();
return(MD5Crypt.Verify(usPassword, sStoredHash));
}
catch (Exception ex)
{
ProgramLog.LogError(null, "Auth", "AuthenticateUser", ex.Message + " " + ex.StackTrace);
connect.Close();
return(false);
}
}
/// <summary>
/// Fetches user information based on the username.
/// </summary>
/// <param name="user">The user object.</param>
/// <param name="usUserName">The username of the user.</param>
/// <returns>True if successful, false otherwise.</returns>
private static bool GetUserInfo(User user, string usUserName, bool isTest)
{
string sUserName = usUserName.SQLEscape();
List <string> partnerList = new List <string>();
List <PartnerDetail> partnerDetailList = new List <PartnerDetail>();
DBConnect connection = new DBConnect();
try
{
connection.Connect(ConnectionsMgr.GetAuthConnInfo());
using (var res = connection.Select(new[] { columnEmail, columnFirstName, columnLastName, columnLevel, columnOrgID, columnPartnerList }, tableUserInfo, string.Format("WHERE {0}='{1}'", columnUserName, sUserName)))
{
if (!res.Read())
{
connection.Close();
return(false);
}
user.UserName = sUserName;
user.Email = res.Field(0);
user.FirstName = res.Field(1);
user.LastName = res.Field(2);
user.Level = (int)double.Parse(res.Field(3));
user.Customer = res.Field(4).ToUpper();
partnerList.AddRange(res.Field(5).Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries).Select(pt => pt.Trim()));
}
connection.Close();
// Set partner info
connection.Connect(ConnectionsMgr.GetAdminConnInfo());
using (var res = connection.Select(new[] { columnPartner, columnPartnerName }, tablePartnerInfo, string.Format("WHERE {0} IN ({1})", columnPartner, string.Join(",", partnerList.Select(p => "'" + p + "'")))))
{
while (res.Read())
{
partnerDetailList.Add(new PartnerDetail()
{
ID = res.Field(0), FullName = res.Field(1)
});
}
}
connection.Close();
if (partnerDetailList.Count == 0)
{
// No partners?
ProgramLog.LogError(user.UserName, user.Customer, "EDIO", "SessionHandler", "GetUserInfo", string.Format("Unable to find partner list in {0} for user {1}.", tablePartnerInfo, user.UserName));
return(false);
}
user.PartnerList = partnerDetailList;
user.PartnerIndex = 0;
// Set connection IDs
if (!ConnectionsMgr.SetConnIDs(user, isTest))
{
// No Conn IDs?
ProgramLog.LogError(user, "SessionHandler", "GetUserInfo", string.Format("Unable to get connection IDs for customer {0} and partner {1}.", user.Customer, user.ActivePartner));
return(false);
}
// Set extra company info.
connection.Connect(ConnectionsMgr.GetOCConnInfo(user));
using (var res = connection.Select(columnCompanyName, tableCustomerInfo, string.Format("WHERE {0}='{1}'", columnCustomer, user.Customer)))
{
if (res.AffectedRows == 0)
{
// No company name?
ProgramLog.LogError(user, "SessionHandler", "GetUserInfo", string.Format("Unable to find company name in {0} for customer {1}", tableCustomerInfo, user.Customer));
connection.Close();
return(false);
}
res.Read();
user.CompanyName = res.Field(0);
}
connection.Close();
return(true);
}
catch (Exception e)
{
ProgramLog.LogError("", "EDIO", "EDIO", "SessionHandler", "GetUserInfo", e.Message);
return(false);
}
}
