Ejemplo n.º 1
0
        protected void btnlogin_Click(object sender, EventArgs e)
        {
            Pages.Database.Entities.User user = Pages.Database.ConnectionPlayerDB.LoginUser(txtUserName.Text, txtPassword.Text);

            if (user != null)
            {
                if (user.user_type != "wait_time")
                {
                    Session["login"] = user.username;
                    Session["type"]  = user.user_type;
                    lblResult.Text   = "login successful! " + user.username;

                    FormsAuthentication.SetAuthCookie(user.username, true);
                    Response.Redirect("~/Default.aspx");
                }
                else
                {
                    lblResult.Text = user.username + ": please wait: " + user.wait_time.ToString() + " before trying again";
                }
            }
            else
            {
                lblResult.Text = "login Failed!";
            }
        }
        /// <summary>
        /// returns null if no user found,,
        /// returns usertype = "wait_time" means to many trie.
        /// returns User(username, user_type, currenttime); if found,,
        /// check so user is NOT NULL,,
        ///
        /// </summary>
        /// <param name="username"></param>
        /// <param name="password"></param>
        /// <returns></returns>
        public static Pages.Database.Entities.User LoginUser(string username, string password)
        {
            string query = string.Format("SELECT COUNT(*) FROM Login WHERE username = @username ");

            command.CommandText = query;

            try
            {
                connection.Open();

                command.Parameters.Add(new SqlParameter("@username", username));

                int amountOFUsers = (int)command.ExecuteScalar();


                if (amountOFUsers == 1) // only one
                {
                    // now get password. password salt, Date and tries to see if locked out
                    query = string.Format("SELECT password, pass_salt,tries, wait_time FROM Login WHERE username = @username");
                    command.CommandText = query;
                    SqlDataReader reader = command.ExecuteReader();

                    string   Hashed_Pass_salt = null;
                    string   Hashed_password  = null;
                    int      tries            = 0;
                    DateTime storeddate       = DateTime.Now;
                    DateTime currenttime      = DateTime.Now;

                    currenttime.ToLocalTime();
                    while (reader.Read())
                    {
                        Hashed_password  = reader.GetString(0);
                        Hashed_Pass_salt = reader.GetString(1);
                        tries            = reader.GetInt32(2);
                        storeddate       = reader.GetDateTime(3);
                    }
                    reader.Close();

                    if (0 < DateTime.Compare(currenttime, storeddate)) // T1 if later than T2 = greater than zero IF FAIL CANT LOGIN at this time
                    {
                        Security.Hasher hasher = new Security.Hasher();

                        if (hasher.TestPassword(password, Hashed_Pass_salt, Hashed_password)) // pasword check.
                        {
                            // reset user tries on successfull login
                            tries = 0;
                            query = string.Format("UPDATE Login SET tries = @tries WHERE username =@username");
                            command.Parameters.Add(new SqlParameter("@tries", System.Data.SqlDbType.Int));
                            command.Parameters["@tries"].Value = tries;
                            command.CommandText = query;
                            command.ExecuteNonQuery();  // update


                            // get user information going to be more info so suing reader.
                            query = string.Format("SELECT user_type FROM Login WHERE username = @username");
                            command.CommandText = query;

                            SqlDataReader reader2   = command.ExecuteReader();
                            string        user_type = "user";
                            while (reader2.Read())
                            {
                                user_type = reader2.GetString(0);
                            }
                            reader2.Close();
                            command.Parameters.Clear();
                            // create return of user
                            Pages.Database.Entities.User user = null;

                            user = new Entities.User(username, user_type, currenttime);

                            return(user);
                        }
                        else
                        {
                            tries++; // Incriment the tries by one
                            query = string.Format("UPDATE Login SET tries = @tries WHERE username =@username");
                            command.Parameters.Add(new SqlParameter("@tries", System.Data.SqlDbType.Int));
                            command.Parameters["@tries"].Value = tries;

                            if (tries > 3)                                       // three strikes your out add 1*tries min , change Query
                            {
                                currenttime = currenttime.AddMinutes(1 * tries); // the more you fail the longer this is gona take.

                                query = string.Format("UPDATE Login SET tries = @tries, wait_time=@wait_time WHERE username =@username");
                                command.Parameters.Add(new SqlParameter("@wait_time", System.Data.SqlDbType.DateTime));
                                command.Parameters["@wait_time"].Value = currenttime;
                            }

                            command.CommandText = query;
                            command.ExecuteNonQuery();
                            command.Parameters.Clear();
                            ///YOU ARE HERE add parameters

                            return(null);
                        }
                    }
                    else
                    {
                        Pages.Database.Entities.User user = null;

                        user = new Entities.User(username, "wait_time", storeddate);
                        command.Parameters.Clear();
                        return(user);
                    }
                }
                else // no user
                {
                    return(null);
                }
            }


            finally
            {
                command.Parameters.Clear();
                connection.Close();
            }
        }