public object ChangePassword([FromBody] ChangePasswordAttempt changePasswordAttempt) { try { if (Request.Headers.TryGetValue("Authorization", out Microsoft.Extensions.Primitives.StringValues value) && value.ToString().Contains("Bearer ")) { value = value.ToString().Replace("Bearer ", ""); if (changePasswordAttempt.NewPassword == changePasswordAttempt.RepeatedNewPassword && StaticMethods.IsTokenValid(value) && StaticMethods.GeneratePasswordHash(changePasswordAttempt.CurrentPassword, StaticMethods.GetUserSalt(StaticMethods.GetUserName(value))) == StaticMethods.GetUserPassword(value)) { MySQLObject mysql = new MySQLObject(); string newHash = StaticMethods.GeneratePasswordHash(changePasswordAttempt.NewPassword, StaticMethods.GetUserSalt(StaticMethods.GetUserName(value))); mysql.Update($"update `uzytkownicy` set `haslo` = '{newHash}' where `id_uzytkownika` = '{StaticMethods.GetUserId(value)}' "); return(StatusCode(200)); } else { return(StatusCode(403, @"{""Result"" : ""Wrong data""}")); } } else { return(StatusCode(403, @"{""Result"" : ""Wrong token or password""}")); } } catch { return(StatusCode(500)); } }
public object Login([FromBody] LoginAttempt login) { if (login.Login != "" && login.Password != "") { string token = ""; MySQLObject mySQL = new MySQLObject(Config.ConnectionString); mySQL.Select($@"SELECT `id_uzytkownika` FROM `projekt_mysql`.`uzytkownicy` WHERE `login` = '{login.Login}' AND `haslo` = '{login.Password}'"); if (mySQL.Data.Rows.Count > 0) { token = StaticMethods.GenerateToken(); mySQL.Update($@"UPDATE `projekt_mysql`.`tokeny_logowania` SET `token` = '{token}', `aktywny` = 1, `data_wygasniecia` = ADDTIME(NOW(),'02:00:00') WHERE `id_uzytkownika` = '{mySQL.Data.Rows[0]["id_uzytkownika"].ToString()}' "); return(StatusCode(200, token)); } else { return(StatusCode(403, @"{""Result"" : ""Wrong login or password""}")); } } else { return(StatusCode(400, @"{""Result"" : ""Wrong request""}")); } }