public User ValidLogin(int id, string password, out string message)
{
User user = null;
message = this.GetUser(out user, id);
if (!String.IsNullOrWhiteSpace(message))
{
return(null);
}
return(DBUserShared.ValidLogin(password, user));
}
private string CreateUserDB()
{
SqliteConnection conn = null;
try
{
if (File.Exists(this.UsersFile))
{
return("");
}
conn = new SqliteConnection(@"data source=" + this.UsersFile);
conn.Open();
SqliteCommand cmd = new SqliteCommand(conn);
cmd.CommandText = DBUserShared.GetDBSQL();
cmd.ExecuteNonQuery();
return("");
}
catch (Exception ex)
{
try
{
File.Delete(this.UsersFile);
}
catch
{
return("Please manually remove: " + this.UsersFile + ", " + ex.Message);//should not get in here
}
return("Error creating user database: " + ex.Message);
}
finally
{
if (conn != null)
{
conn.Close();
conn = null;
}
}
}
private string LoadUserBase(out List <User> users, bool single, int id)
{
users = new List <User>();
SqliteConnection conn = null;
SqliteDataReader reader = null;
try
{
conn = new SqliteConnection(@"data source=" + this.UsersFile);
conn.Open();
SqliteCommand cmd = new SqliteCommand(conn);
cmd.CommandText = "SELECT id, description, fullname, password, securityLevel";
for (int i = 0; i < DBUserShared.FingerCount; ++i)
{
cmd.CommandText += String.Format(", fingerprint{0}", i);
}
cmd.CommandText += " FROM User WHERE deleted = 0";
if (single)
{
cmd.CommandText += " AND id = " + id;
}
reader = cmd.ExecuteReader();
while (reader.Read())
{
Dictionary <int, byte[]> lstFingerPrints = new Dictionary <int, byte[]>();
for (int i = 0; i < DBUserShared.FingerCount; ++i)
{
byte[] bytes = null;
int index = 5 + i;
if (!reader.IsDBNull(index))
{
try
{
bytes = DBUserShared.AES_Decrypt((byte[])reader[index]);
lstFingerPrints.Add(i, bytes);
}
catch
{
//ignore but should not get in here
continue;
}
}
}
byte[] password = null;
if (reader[3] != System.DBNull.Value)
{
password = (byte[])reader[3];
}
User user = new User(int.Parse(reader[0].ToString()),
reader[1].ToString(),
reader[2].ToString(),
password,
byte.Parse(reader[4].ToString()),
lstFingerPrints);
users.Add(user);
}
return("");
}
catch (Exception ex)
{
return("Error reading user database: " + ex.Message);
}
finally
{
if (reader != null)
{
reader.Close();
reader = null;
}
if (conn != null)
{
conn.Close();
conn = null;
}
}
}
public string AddEditUser(User user, bool customTransaction, bool updateUserLastUpdated, bool customID)
{
if (user == null)
{
return("User cannot be null.");
}
if (String.IsNullOrWhiteSpace(user.FullName))
{
return("The user's fullname cannot be empty.");
}
if (DefaultUser.DefaultUserName.ToUpper().Equals(user.FullName.ToUpper()))
{
return(String.Format("The user's name cannot be {0}.", DefaultUser.DefaultUserName));
}
if (user.PasswordChanged && (String.IsNullOrWhiteSpace(user.NewPassword) || user.NewPassword.Length > VARCHAR_StandardSize))
{
return("The user's password cannot be empty.");
}
if (user.Description != null && user.Description.Length > VARCHAR_StandardSize)
{
return("The user's description is too long.");
}
SqliteDataReader reader = null;
SqliteConnection conn = null;
try
{
SqliteTransaction transaction = null;
if (customTransaction)
{
if (_tempConn == null)
{
_tempConn = new SqliteConnection(@"data source=" + this.UsersFile);
_tempConn.Open();
_customTransaction = _tempConn.BeginTransaction();
}
conn = _tempConn;
}
else
{
conn = new SqliteConnection(@"data source=" + this.UsersFile);
conn.Open();
transaction = conn.BeginTransaction();
}
SqliteCommand cmd = new SqliteCommand(conn);
cmd.Parameters.Add(new SqliteParameter("@userID", user.ID));
string description = user.Description;
string fullName = user.FullName;
byte securityLevel = user.SecurityLevel;
if (user.ID > 0)
{
if (!customID)
{
cmd.CommandText = "SELECT id FROM User WHERE id = @userID";
reader = cmd.ExecuteReader();
if (!reader.HasRows)
{
return("Couldn't find a user with the ID " + user.ID);
}
reader.Close();
}
cmd.Parameters.Add(new SqliteParameter("@id", user.ID));
//force the admin properties to stay the same
if (user.ID == DefaultAdminUser.DefaultAdminID)
{
description = DefaultAdminUser.DefaultAdminDescription;
fullName = DefaultAdminUser.DefaultAdminName;
securityLevel = DefaultAdminUser.DefaultAdminSecurityLevel;
}
}
cmd.Parameters.Add(new SqliteParameter("@description", description));
cmd.Parameters.Add(new SqliteParameter("@fullname", fullName));
byte[] password = user.Password;
if (!customID && user.PasswordChanged)
{
if (String.IsNullOrWhiteSpace(user.NewPassword))
{
return("The password cannot be blank.");
}
password = User.GenerateSHA256(user.NewPassword);
cmd.Parameters.Add(new SqliteParameter("password", password));
}
else if (customID)
{
cmd.Parameters.Add(new SqliteParameter("password", user.Password));
}
cmd.Parameters.Add(new SqliteParameter("@securityLevel", securityLevel));
if (user.ID > 0 && !customID)
{
cmd.CommandText = "UPDATE User SET description = @description, fullname = @fullname, securityLevel = @securityLevel";
if (user.PasswordChanged)
{
cmd.CommandText += ", password = @password";
}
}
else
{
cmd.CommandText = "INSERT INTO User(";
if (customID)
{
cmd.CommandText += "id,";
}
cmd.CommandText += "description, fullname, password, securityLevel";
}
for (int i = 0; i < DBUserShared.FingerCount; ++i)
{
if (user.ID > 0 && !customID)
{
cmd.CommandText += String.Format(" ,fingerprint{0} = @fingerprint{0}", i);
}
else
{
cmd.CommandText += String.Format(" ,fingerprint{0}", i);
}
cmd.Parameters.Add(new SqliteParameter(String.Format("@fingerprint{0}", i), DBNull.Value));
}
foreach (FingerPrint fingerprint in user.FingerPrints)
{
string fp = String.Format("@fingerprint{0}", fingerprint.PrintNumber);
if (cmd.Parameters.Contains(fp) && fingerprint.Print != null && fingerprint.Print.Length != 0)
{
cmd.Parameters[fp].Value = DBUserShared.AES_Encrypt(fingerprint.Print);
}
}
if (user.ID > 0 && !customID)
{
cmd.CommandText += " WHERE ID = @id";
}
else
{
cmd.CommandText += ") VALUES(";
if (customID)
{
cmd.CommandText += "@userID,";
}
cmd.CommandText += "@description, @fullname, @password, @securityLevel";
for (int i = 0; i < DBUserShared.FingerCount; ++i)
{
cmd.CommandText += String.Format(" ,@fingerprint{0}", i);
}
cmd.CommandText += ")";
}
cmd.ExecuteNonQuery();
if (user.ID < 0 && !customID)
{
cmd.CommandText = "SELECT last_insert_rowid()";
reader = cmd.ExecuteReader();
while (reader.Read())
{
user.ID = int.Parse(reader[0].ToString());
cmd.Parameters["@userID"].Value = user.ID;
}
reader.Close();
}
if (updateUserLastUpdated)
{
cmd.CommandText = "DELETE FROM UserLastUpdated";
cmd.ExecuteNonQuery();
cmd.CommandText = "INSERT INTO UserLastUpdated(Value) VALUES(@value)";
cmd.Parameters.Add(new SqliteParameter("@value", DateTime.Now));
cmd.ExecuteNonQuery();
}
if (!customTransaction)
{
transaction.Commit();
}
return("");
}
catch (Exception ex)
{
return("Failed to add or edit user: " + ex.Message);
}
finally
{
if (reader != null)
{
reader.Close();
reader = null;
}
if (!customTransaction)
{
if (conn != null)
{
conn.Close();
conn = null;
}
}
}
}
