Example #1
0
    /// <summary>
    /// Checks if supplied password hash is correct for the specified account
    /// </summary>
    /// <param name="AccountName">The name of the account</param>
    /// <param name="PasswordHash">The hashed password to check.</param>
    /// <returns>True if the password was correct, false otherwise.</returns>
    public bool IsCorrectPassword(string AccountName, byte[] PasswordHash)
    {
        using (var db = DataAccess.Get())
        {
            SaltedHash SHash = new SaltedHash(new SHA512Managed(), AccountName.Length);

            Account CorrectAccount = db.Accounts.GetByUsername(AccountName);

            if (CorrectAccount != null)
            {
                if (SHash.VerifyHash(Encoding.ASCII.GetBytes(CorrectAccount.Password.ToUpper()), PasswordHash,
                    Encoding.ASCII.GetBytes(AccountName)))
                {
                    return true;
                }
            }
        }

        return false;
    }
        /// <summary>
        /// Callback-function for CheckAccount().
        /// </summary>
        private static void EndCheckAccount(IAsyncResult AR)
        {
            DatabaseAsyncObject AsyncObject = AR.AsyncState as DatabaseAsyncObject;
            bool FoundAccountName = false;

            using (MySqlDataReader Reader = AsyncObject.MySQLCmd.EndExecuteReader(AR))
            {
                while (Reader.Read())
                {
                    if (((string)Reader[0]).ToUpper() == AsyncObject.AccountName.ToUpper())
                    {
                        FoundAccountName = true;

                        AsyncObject.Password = (string)Reader[1];
                    }
                }
            }

            if (FoundAccountName == true)
            {
                //0x01 = InitLoginNotify
                PacketStream P = new PacketStream(0x01, 2);

                SaltedHash SHash = new SaltedHash(new SHA512Managed(), AsyncObject.AccountName.Length);

                if (SHash.VerifyHash(Encoding.ASCII.GetBytes(AsyncObject.Password.ToUpper()), AsyncObject.Hash,
                    Encoding.ASCII.GetBytes(AsyncObject.AccountName)))
                {
                    AsyncObject.Client.Username = AsyncObject.AccountName.ToUpper();
                    AsyncObject.Client.Password = AsyncObject.Password.ToUpper();
                    P.WriteByte(0x01);
                    P.WriteByte(0x01);
                }
                else //The client's password was wrong.
                {
                    PacketStream RejectPacket = new PacketStream(0x02, 2);
                    RejectPacket.WriteByte(0x02);
                    RejectPacket.WriteByte(0x02);
                    AsyncObject.Client.Send(RejectPacket.ToArray());

                    Logger.LogInfo("Bad password - sent SLoginFailResponse!\r\n");

                    return;
                }

                AsyncObject.Client.Send(P.ToArray());

                Logger.LogInfo("Sent InitLoginNotify!\r\n");
            }
            else
            {
                PacketStream P = new PacketStream(0x02, 2);
                P.WriteByte(0x02);
                P.WriteByte(0x01);
                AsyncObject.Client.Send(P.ToArray());

                Logger.LogInfo("Bad accountname - sent SLoginFailResponse!\r\n");
                //AsyncObject.Client.Disconnect();
            }

            //If this setting is true, it means an account will be created
            //if it doesn't exist.
            if (GlobalSettings.Default.CreateAccountsOnLogin == true)
            {
                if (FoundAccountName == false)
                {
                    //No idea if this call is gonna succeed, given it's called from a callback function...
                    CreateAccount(AsyncObject.AccountName, AsyncObject.Password);
                }
            }
        }
Example #3
0
        /// <summary>
        /// Checks if supplied password hash is correct for the specified account
        /// </summary>
        /// <param name="AccountName">The name of the account</param>
        /// <param name="PasswordHash">The hashed password to check.</param>
        /// <returns>True if the password was correct, false otherwise.</returns>
        public static bool IsCorrectPassword(string AccountName, byte[] PasswordHash)
        {
            using (TSODataContext Context = new TSODataContext(DBConnectionManager.DBConnection))
            {
                SaltedHash SHash = new SaltedHash(new SHA512Managed(), AccountName.Length);

                //WTF?! Acc isn't defined anywhere...
                Account CorrectAccount = GetAccount(AccountName);

                if (CorrectAccount != null)
                {
                    if (SHash.VerifyHash(Encoding.ASCII.GetBytes(CorrectAccount.Password.ToUpper()), PasswordHash,
                        Encoding.ASCII.GetBytes(AccountName)))
                    {
                        return true;
                    }
                }
            }

            return false;
        }