protected string GetConnectionString()
{
string sConn = string.Empty;
SaltUtility saltTool = new SaltUtility();
StringBuilder myStr = new StringBuilder();
// ########### TODO: This is a good place for a static variable #####################
if (sWebServer.ToLower().Contains("localhost"))
{
// THESE ARE MOST SECURE BECAUSE THE PLAIN TEXT PASSWORDS ARE IN MY HEAD...not hardcoded
string password = saltTool.deSeasonIt("vhpYqqpTT7SGOE82jW26+A==");
myStr.Append("server=localhost;");
myStr.Append("userid=webUser;");
myStr.Append("password="******";");
myStr.Append("database=rockstarseating");
}
else
{
// THESE ARE MOST SECURE BECAUSE THE PLAIN TEXT PASSWORDS ARE IN MY HEAD...not hardcoded
string password = saltTool.deSeasonIt("yHXCcF0CU0rdI5WkR5O5gQ==");
myStr.Append("server=rockstarseating.db.8117053.hostedresource.com;");
myStr.Append("userid=rockstarseating;");
myStr.Append("password="******";");
myStr.Append("database=rockstarseating");
}
sConn = myStr.ToString();
saltTool = null;
return sConn;
}
protected Boolean authenticateUser(string loginId, string loginPass, bool checkOnly = false)
{
//create a mySql command object
MySqlCommand cmd = new MySqlCommand("usp_getUserInfo", mySqlConn);
cmd.CommandType = System.Data.CommandType.StoredProcedure;
MySqlParameter pLoginID;
pLoginID = new MySqlParameter("?loginId", MySqlDbType.VarChar);
pLoginID.Value = loginId;
pLoginID.Direction = System.Data.ParameterDirection.Input;
cmd.Parameters.Add(pLoginID);
MySqlParameter pGetFullDetails;
pGetFullDetails = new MySqlParameter("?getFullDetails", MySqlDbType.Bit);
pGetFullDetails.Value = false;
pGetFullDetails.Direction = System.Data.ParameterDirection.Input;
cmd.Parameters.Add(pGetFullDetails);
//try
//{
if (!isInitialized())
{
cmd.Connection.Open();
}
MySqlDataReader dr = cmd.ExecuteReader(CommandBehavior.CloseConnection);
if (dr.HasRows)
{
// exit here if checking db for registerUser
//10-10-11 I'm not even sure what this variable was intended for, but its... [useless now??]
if (checkOnly)
{
return true;
}
while (dr.Read())
{
UserObj.FirstName = Convert.ToString(dr["firstname"]);
UserObj.LastName = Convert.ToString(dr["lastname"]);
UserObj.Email = Convert.ToString(dr["emailAddress"]);
UserObj.UserPass = Convert.ToString(dr["userPass"]);
UserObj.LoginHash = Convert.ToString(dr["userPassP"]);
UserObj.LoginV = Convert.ToString(dr["userPassV"]);
UserObj.isConsignor = Convert.ToBoolean(dr["isConsignor"]);
UserObj.isAdmin = Convert.ToBoolean(dr["isAdmin"]);
UserObj.UserId = Convert.ToInt32(dr["userId"]);
}
if (UserObj.UserId > 39)
{
//connErrMsg = "Logins are turned off for site maintenance. Sorry...";
//return false;
}
SaltUtility saltTool = new SaltUtility();
if (loginPass == saltTool.deSeasonIt(UserObj.UserPass, UserObj.LoginHash, UserObj.LoginV))
{
//clear password from memory
UserObj.UserPass = "";
UserObj.LoginHash = "";
UserObj.LoginV = "";
//close dataReader obj
dr.Close();
//user validated
return true;
}
else
{
connErrMsg = "Email and Password combination are incorrect";
}
}
else
{
connErrMsg = "Account not found. Please register in order to login.";
}
dr.Close();
return false;
//}
//catch (Exception ee)
//{
// connErrMsg = ee.Message.ToString();
// return false;
//}
}