private bool LoginUser(Credentials credentials)
{
string connectionString = ConfigurationManager.AppSettings["ConnectionString"];
NpgsqlConnection conn = new NpgsqlConnection(connectionString);
NpgsqlCommand command = new NpgsqlCommand(@"SELECT COUNT(*) FROM clients WHERE email=@email AND password=@password");
command.Parameters.Add("@email", NpgsqlDbType.Varchar, 100).Value = credentials.Email;
command.Parameters.Add("@password", NpgsqlDbType.Varchar, 100).Value = credentials.Password;
command.Connection = conn;
try
{
conn.Open();
int result = Convert.ToInt32(command.ExecuteScalar());
if (result > 0)
return true;
else
return false;
}
catch (NpgsqlException e)
{
return false;
}
finally
{
conn.Close();
}
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
User user = HttpContext.Current.Session[SessionVars.User] as User;
HttpCookie c = httpContext.Request.Cookies.Get(FormsAuthentication.FormsCookieName);
#region Persistent Login
if (user == null && c != null && !string.IsNullOrEmpty(c.Value))
{
FormsAuthenticationTicket t = FormsAuthentication.Decrypt(c.Value);
string email = t.UserData.Split(' ')[0];
string password = t.UserData.Split(' ')[1];
Credentials credentials = new Credentials() { Email = email, Password = password };
if (this.LoginUser(credentials))
{
user = new User() { Email = credentials.Email, Password = credentials.Password };
httpContext.Session["user"] = user;
}
}
#endregion
if (user != null)
return true;
return false;
}
private bool RegisterUser(Credentials credentials)
{
string connectionString = ConfigurationManager.AppSettings["ConnectionString"];
NpgsqlConnection conn = new NpgsqlConnection(connectionString);
NpgsqlCommand command = new NpgsqlCommand(@"INSERT INTO clients (email, password ) VALUES ( @email, @password)");
command.Parameters.Add("@email", NpgsqlDbType.Varchar, 100).Value = credentials.Email;
command.Parameters.Add("@password", NpgsqlDbType.Varchar, 100).Value = credentials.Password;
command.Connection = conn;
try
{
conn.Open();
int result = command.ExecuteNonQuery();
if (result != -1)
return true;
else
return false;
}
catch (NpgsqlException e)
{
return false;
}
finally
{
conn.Close();
}
}
public override object BindForModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
{
var request = controllerContext.HttpContext.Request;
StreamReader r = new StreamReader(request.InputStream);
string s = r.ReadToEnd();
var queryParams = HttpUtility.ParseQueryString(s);
Credentials c = new Credentials();
c.Email = queryParams["email"];
c.Password = queryParams["password"];
return c;
}
public ActionResult IndexPost(Credentials credentials)
{
// Output
Response.ContentType = "application/json";
Response.StatusCode = (int)HttpStatusCode.OK;
if (this.RegisterUser(credentials))
{
return new WebResult(new ResultInfo() { GreatSuccess = true });
}
else
{
return new WebResult(new ResultInfo() { GreatSuccess = false });
}
}
private bool LoginUser(Credentials credentials)
{
string connectionString = ConfigurationManager.AppSettings["ConnectionString"];
NpgsqlConnection conn = new NpgsqlConnection(connectionString);
NpgsqlCommand command = new NpgsqlCommand("SELECT \"internalId\", email, password FROM clients WHERE email=@email AND password=@password");
command.Parameters.Add("@email", NpgsqlDbType.Varchar, 100).Value = credentials.Email;
command.Parameters.Add("@password", NpgsqlDbType.Varchar, 100).Value = credentials.Password;
command.Connection = conn;
try
{
conn.Open();
NpgsqlDataReader reader = command.ExecuteReader();
List<User> users = new List<User>();
while (reader.Read())
{
users.Add(new User()
{
InternalId = reader.GetInt32(reader.GetOrdinal("internalId")),
Email = reader.GetString(reader.GetOrdinal("email")),
Password = reader.GetString(reader.GetOrdinal("password")),
});
}
if (users.Count == 0 || users.Count > 1)
return false;
else
{
this.CreateAuthenticationTicket( users[0] );
return true;
}
}
catch (NpgsqlException e)
{
return false;
}
finally
{
conn.Close();
}
}
public ActionResult IndexPost(Credentials credentials)
{
// Output
Response.ContentType = "application/json";
Response.StatusCode = (int)HttpStatusCode.OK;
if (this.LoginUser(credentials))
{
User user = Session[SessionVars.User] as User;
DataContractJsonSerializer serializer = new DataContractJsonSerializer(typeof(User));
serializer.WriteObject(Response.OutputStream, Session[SessionVars.User]);
return new EmptyResult();
}
else
{
return new WebResult(new ResultInfo() { GreatSuccess = false });
}
}
