Exemple #1
0
        public JsonResult Login(PlayerLoginInfo login)
        {
            var success = true;
            var errors  = new List <string>();
            var userId  = -1;
            var handle  = "";
            var token   = "";

            // Sanitize the handle and password before doing anything
            if (!base.SanitizeHandle(login.Handle))
            {
                success = false;
                errors.Add("Handles can only contain letters, numbers, _ and -.");
            }

            if (!base.SanitizePassword(login.Password))
            {
                success = false;
                errors.Add("Passwords can only contain letters, numbers, and the following characters: _ - ! ? @ $ &");
            }

            // If the handle/password are clean, then we can use them in our DB methods
            if (success)
            {
                if (base.HandleExists(login.Handle))                     // If the handle does not exist, there is no login for it
                {
                    var playerInfo = base.GetUserByHandle(login.Handle); // DB call for the player information
                    var dbPass     = playerInfo.Password;
                    var dbSalt     = playerInfo.Salt;

                    // Salt and hash the password the user provided in the login form
                    var hashedPassword = base.HashPassword(login.Password, dbSalt);

                    // Check the hashed password against the one in the db
                    if (hashedPassword == dbPass)
                    {
                        userId = playerInfo.Player_Id;
                        handle = playerInfo.Handle;

                        var userIpAddressString = base.GetRequestIP();

                        if (String.IsNullOrEmpty(userIpAddressString) || userIpAddressString.Equals(""))
                        {
                            success = false;
                            errors.Add("Null or empty IP address.");
                        }
                        else
                        {
                            var tokenGenerator = new Token(userId, userIpAddressString);
                            token = tokenGenerator.GenerateToken();

                            _playerRepo.SetIpAddress(tokenGenerator.RemoveChars(userIpAddressString), userId); // Set the IP address for the user in the DB to check the token later
                        }
                    }
                    else
                    {
                        success = false;
                        errors.Add("Invalid login attempt.");
                    }
                }
                else
                {
                    success = false;
                    errors.Add("Invalid login attempt");
                }
            }

            var result = new
            {
                success,
                errors,
                userId,
                handle,
                token
            };

            return(Json(result));
        }