public void Login(string username, string password, string token)
{
bool loggedIn = false;
Account account;
string message;
do
{
account = Account.Get(username);
if (account == null)
{
message = "Invalid username or password.";
break;
}
if (Session != null)
{
message = "You are already logged in.";
break;
}
if (!Util.IsValidUsername(username))
{
message = Util.InvalidUsernameMessage;
break;
}
if (string.IsNullOrEmpty(password))
{
if (string.IsNullOrEmpty(token))
{
message = "Missing password.";
break;
}
var loginToken = LoginToken.Find(account.Id, token);
if (loginToken == null)
{
message = "Automatic login failed. Login with your username and password.";
break;
}
loginToken.UpdateAccessed(UserAgent, Address);
IsTokenLogin = true;
loggedIn = true;
message = $"Logged in as {account.Name}.";
}
else
{
if (!Util.IsValidPassword(password))
{
message = Util.InvalidPasswordMessage;
break;
}
var givenPassword = Convert.ToBase64String(Util.HashPassword(password, Convert.FromBase64String(account.Salt)));
if (givenPassword != account.Password)
{
account = null;
message = "Invalid username or password.";
break;
}
var newToken = new LoginToken
{
UserId = account.Id,
Created = Util.GetCurrentTimestamp(),
Accessed = Util.GetCurrentTimestamp(),
UserAgent = UserAgent,
Address = Address,
Token = Util.GenerateLoginToken(),
};
newToken.Insert();
IsTokenLogin = false;
token = newToken.Token;
loggedIn = true;
message = $"Logged in as {account.Name}.";
}
} while (false);
if (loggedIn)
{
Send(new AuthenticateResponse
{
Name = account.Name,
Tokens = token,
Success = true
});
var session = Program.SessionManager.GetOrCreate(account);
session.Add(this);
}
SendSysMessage(message);
}
