public AuthenticationModule()
: base()
{
// Login Form
Get["/login"] = parameters => View["views/login.sshtml", new AuthenticationModel(this.Context)];
// Logout URI
Get["/logout"] = parameters => {
// check is user is logged.
if (this.Context != null && this.Context.CurrentUser != null && this.Context.CurrentUser is DOLUserIdentity)
{
DOLUserMapper.LogoutUser(((DOLUserIdentity)this.Context.CurrentUser).UserGuid);
}
return(this.Logout("~/"));
};
// Login Form Posting
Post["/login"] = parameters => {
// Param From Login Form
var loginParams = this.Bind <LoginParams>();
string errorMessage;
Guid guid;
bool ok = DOLUserMapper.ValidateUser(loginParams.Username, loginParams.Password, out guid, out errorMessage);
// Test Anti Brute Force
long lastAttempt;
if (m_loginAttempt.TryGetValue(this.Context.Request.UserHostAddress, out lastAttempt))
{
if ((GameTimer.GetTickCount() - lastAttempt) < ANTI_BRUTEFORCE_TIME_LIMIT)
{
var model = new AuthenticationModel(this.Context);
model.Message = "Please wait some time before trying to Log In again...";
return(View["views/login.sshtml", model]);
}
}
// Wrong login display form with error message
if (!ok)
{
// Register anti brute force
m_loginAttempt[this.Context.Request.UserHostAddress] = GameTimer.GetTickCount();
var model = new AuthenticationModel(this.Context);
model.Message = string.Format("Error While Authenticating User {0} - {1}", loginParams.Username, errorMessage);
return(View["views/login.sshtml", model]);
}
// Login successful redirect and continue !
return(this.Login(guid));
};
}
/// <summary>
/// Validate a User against database and init its GUID.
/// </summary>
/// <param name="username"></param>
/// <param name="password"></param>
/// <param name="errormessage"></param>
/// <returns></returns>
public static bool ValidateUser(string username, string password, out Guid guid, out string errormessage)
{
guid = Guid.NewGuid();
// Validate Fields
if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
{
errormessage = "Empty Username or Password...";
return(false);
}
// Try to find the player
Account playerAccount = null;
try
{
playerAccount = GameServer.Database.FindObjectByKey <Account>(username);
}
catch
{
errormessage = "Error while querying Database !";
return(false);
}
// Validate account
if (playerAccount != null && playerAccount.Password.Equals(LoginRequestHandler.CryptPassword(password)))
{
// Success
DOLUserMapper.AddAuthenticatedUser(guid, new DOLUserIdentity(playerAccount, guid));
errormessage = string.Empty;
return(true);
}
else
{
errormessage = "Wrong Login or Password !";
}
return(false);
}