// Get the token by passing him the accountName
private Token _getTokenByAccountName(string pAccount)
{
Log.RemotingServiceLogger.DebugFormat("Call getTokenByAccountName with: {0}", pAccount);
Token token = null;
string sqlText = @"SELECT user_name, password, database_name, active
FROM SqlAccounts
WHERE account_name=@account";
try
{
SqlConnection connection = _getAccountSqlconnection();
SqlCommand command = new SqlCommand(sqlText, connection);
command.Parameters.Add("account", SqlDbType.NVarChar);
command.Parameters["account"].Value = pAccount;
using (SqlDataReader reader = command.ExecuteReader())
{
if (reader.HasRows)
{
reader.Read();
string oUser = reader.GetString(reader.GetOrdinal("user_name"));
string oPass = reader.GetString(reader.GetOrdinal("password"));
string oDbName = reader.GetString(reader.GetOrdinal("database_name"));
bool active = reader.GetBoolean(reader.GetOrdinal("active"));
if (!active)
{
Log.RemotingServiceLogger.ErrorFormat("Account {0} inactive", pAccount);
throw new Exception("AccountInactive.Text");
}
token = new Token(oUser, oPass, oDbName);
}
else
{
Log.RemotingServiceLogger.ErrorFormat("Account {0} incorrect", pAccount);
throw new Exception("AccountNameIncorrect.Text");
}
}
}
catch (Exception e)
{
Log.RemotingServiceLogger.Error("Error during connection to the server", e);
throw;
}
return token;
}
// Check the validity of the login/pass/account
private bool _checkAccount(Token pSqlToken, string pOctoLogin, string pOctoPass)
{
Log.RemotingServiceLogger.Debug("Call CheckAccount");
if (pSqlToken == null)
{
Log.RemotingServiceLogger.Debug("Call CheckAccount with pSqlToken null");
return false;
}
Log.RemotingServiceLogger.DebugFormat("Call check_account user = {0} pass = {1} token = login {2}, pass {3}, account {4}", pOctoLogin, pOctoPass, pSqlToken.Login, pSqlToken.Pass, pSqlToken.Account);
int valid = 0;
string connection_string = "user id=" + pSqlToken.Login + ";password="******";server=" + RemoteServerSettings.GetSettings().ServerName + ";initial catalog=" + pSqlToken.Account;
SqlConnection connection = new SqlConnection(connection_string);
if (connection.State != ConnectionState.Open)
connection.Open();
// CHECK if the pOctoLogin/pOctoPass is a valid octo Account
string sqlText = "select * from dbo.Users where user_name =@username and user_pass =@password ";
SqlCommand command = new SqlCommand(sqlText, connection);
command.Parameters.Add("username", SqlDbType.NVarChar);
command.Parameters["username"].Value = pOctoLogin;
command.Parameters.Add("password", SqlDbType.NVarChar);
command.Parameters["password"].Value = pOctoPass;
try
{
valid = int.Parse(command.ExecuteScalar().ToString());
}
catch
{
return false;
}
return true;
}
