public HttpResponseMessage AlterUser(string email, string oldPassword, string newPassword)
{
string connectionString = ConfigurationManager.ConnectionStrings["ApplicationServices"].ConnectionString;
using (MySqlConnection conn = new MySqlConnection(connectionString))
{
conn.Open();
try
{
var rdr = GetUserDataReader(conn, email, null);
while (rdr.Read())
{
if (rdr[2].ToString() == "1")
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Usuário Bloqueado"));
}
if (!UserRules.VerifyHash(oldPassword, "MD5", rdr[1].ToString()))
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Usuário e Senha Não Conferem"));
}
rdr.Close();
newPassword = UserRules.ComputeHash(newPassword, "MD5", null);
MySqlCommand comandoAlterUser = new MySqlCommand("UPDATE TB_USUARIO SET SENHA = @SENHA WHERE EMAIL = @EMAIL;", conn);
comandoAlterUser.Parameters.AddWithValue("@EMAIL", email);
comandoAlterUser.Parameters.AddWithValue("@SENHA", newPassword);
try
{
var exec = comandoAlterUser.ExecuteNonQuery();
if (exec == 1)
{
var newToken = Convert.ToBase64String(Guid.NewGuid().ToByteArray());
UserLoginController.AdicionarToken(rdr[0].ToString(), newToken, conn);
return(Request.CreateResponse(HttpStatusCode.OK, newToken));
}
else
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Houve um Erro ao Alterar seu Usário. Por Favor Entre em Contato com Nossa Central de Atendimento"));
}
}
finally { }
}
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Usuário e Senha Não Conferem"));
}
finally
{
conn.Close();
}
}
}
public HttpResponseMessage Login(string email, string password, string crm = null)
{
HttpResponseMessage retorno = new HttpResponseMessage();
string connectionString = ConfigurationManager.ConnectionStrings["ApplicationServices"].ConnectionString;
using (MySqlConnection conn = new MySqlConnection(connectionString))
{
try
{
conn.Open();
var rdr = GetUserDataReader(conn, email, crm);
if (rdr.Read())
{
if (rdr[2].ToString() == "1")
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Usuário Bloqueado."));
}
if (!UserRules.VerifyHash(password, "MD5", rdr[1].ToString()))
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Usuário/Senha Inválido."));
}
else
{
var id_user = rdr[0].ToString();
rdr.Close();
var newToken = Convert.ToBase64String(Guid.NewGuid().ToByteArray());
UserLoginController.AdicionarToken(id_user, newToken, conn);
return(Request.CreateResponse(HttpStatusCode.OK, newToken));
}
}
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Usuário/Senha Inválido."));
}
finally
{
conn.Close();
}
}
}
public HttpResponseMessage AlterRememberUser(string email, string novaSenha, string token)
{
string connectionString = ConfigurationManager.ConnectionStrings["ApplicationServices"].ConnectionString;
using (MySqlConnection conn = new MySqlConnection(connectionString))
{
conn.Open();
MySqlCommand comandoVerificarEmail = new MySqlCommand("SELECT ID FROM TB_USUARIO WHERE EMAIL=@EMAIL", conn);
comandoVerificarEmail.Parameters.AddWithValue("@EMAIL", email);
try
{
MySqlDataReader rdr = comandoVerificarEmail.ExecuteReader();
while (rdr.Read())
{
try
{
var id_user = rdr[0].ToString();
rdr.Close();
MySqlCommand comandoGetToken = new MySqlCommand("SELECT TOKEN FROM TB_RECUPERAR_SENHA WHERE ID_USUARIO=@IDUSUARIO", conn);
comandoGetToken.Parameters.AddWithValue("@IDUSUARIO", id_user);
rdr = comandoGetToken.ExecuteReader();
if (rdr.HasRows)
{
while (rdr.Read())
{
if (UserRules.VerifyHash(token, "MD5", rdr[0].ToString()))
{
rdr.Close();
MySqlCommand comandoDeletarToken = new MySqlCommand("DELETE FROM TB_RECUPERAR_SENHA WHERE ID_USUARIO=@IDUSUARIO", conn);
comandoDeletarToken.Parameters.AddWithValue("@IDUSUARIO", id_user);
comandoDeletarToken.ExecuteNonQuery();
MySqlCommand comandoAlterUser = new MySqlCommand("UPDATE TB_USUARIO SET SENHA = @SENHA WHERE EMAIL = @EMAIL;", conn);
comandoAlterUser.Parameters.AddWithValue("@EMAIL", email);
comandoAlterUser.Parameters.AddWithValue("@SENHA", UserRules.ComputeHash(novaSenha, "MD5", null));
try
{
var exec = comandoAlterUser.ExecuteNonQuery();
if (exec == 1)
{
UserLoginController.DeletarToken(id_user, conn);
return(Request.CreateResponse(HttpStatusCode.OK, "Usuário Alterado com Sucesso"));
}
else
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Houve um Erro ao Alterar seu Usário. Por Favor Entre em Contato com Nossa Central de Atendimento"));
}
}
catch
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Houve um Erro ao Alterar seu Usário. Por Favor Entre em Contato com Nossa Central de Atendimento"));
}
}
else
{
return(Request.CreateResponse(HttpStatusCode.Forbidden, "Token inválido. Verifique se o digitou corretamente."));
}
}
}
else
{
RememberUser(email);
return(Request.CreateResponse(HttpStatusCode.Forbidden, "Não há token para seu Usuário. Foi enviado um ao seu email."));
}
}
catch (Exception e)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Erro ao enviar emai. Por favor verifique seu usuário."));
}
}
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Erro ao enviar emai. Por favor verifique seu usuário."));
}
finally
{
conn.Close();
}
}
}