/// <summary>
/// This function takes a password and the userName to
/// compare the password with the password asigned to the userName.
/// Both passwords, only one or none will exist as md5 hashed.
/// </summary>
/// <param name="userName"></param>
/// <param name="password"></param>
/// <returns>user as UserToken.</returns>
public static UserToken Login(string userName, string password)
{
UserToken token = null;
SiteSecurityConfig ssc = GetSecurity();
/*
* foreach (User user in ssc.Users)
* {
* if (user.Name.ToUpper() == userName.ToUpper() && user.Active)
* {
* if ((IsCleanStringEncrypted(user.Password) && IsCleanStringEncrypted(password)) ||
* (!IsCleanStringEncrypted(user.Password) && !IsCleanStringEncrypted(password)))
* {
* if (user.Password == password)
* {
* token = user.ToToken();
* break;
* }
* else if (user.Password == SiteSecurity.Encrypt(password))
* {
* token = user.ToToken();
* break;
* }
* }
* else if ((IsCleanStringEncrypted(user.Password) && !IsCleanStringEncrypted(password)))
* {
* if (user.Password == Encrypt(password))
* {
* token = user.ToToken();
* break;
* }
* }
* else
* {
* if (Encrypt(user.Password) == password)
* {
* token = user.ToToken();
* break;
* }
* }
* }
* }
* */
User user = GetUser(userName);
if (user != null && user.Active)
{
//Make sure password is encrypted
if (!IsCleanStringEncrypted(password))
{
password = SiteSecurity.Encrypt(password);
}
//if the stored password is encrypted, test equality, or test equality with the encrypted version of it
if ((IsCleanStringEncrypted(user.Password) && user.Password == password) || (SiteSecurity.Encrypt(user.Password) == password))
{
token = user.ToToken();
}
}
Login(token, userName);
return(token);
}