Esempio n. 1
0
        public override bool CheckUserPassword(string user, string password)
        {
            DataCommand cmd            = _catalog.NewQuery(string.Format("SELECT password FROM {1}users WHERE username='******' AND block=0 LIMIT 1", DataCommand.MakeSqlSafe(user), _prefix));
            string      remotePassword = cmd.Read();

            if (remotePassword == null)
            {
                return(false);
            }
            if (remotePassword == password)
            {
                return(true);
            }

            if (remotePassword.Contains(":"))
            {
                // Extract Salt password
                string[] split = remotePassword.Split(':');
                // Encode in MD5
                byte[] textBytes = Encoding.UTF8.GetBytes(password + split[1]);
                byte[] hash      = MD5.Create().ComputeHash(textBytes);
                // Create hash to Hex string
                StringBuilder s = new StringBuilder();
                foreach (byte a in hash)
                {
                    s.Append(a.ToString("x2").ToLower());
                }

                if (String.Compare(split[0], s.ToString(), true) == 0)
                {
                    return(true);
                }
            }
            return(false);
        }
        public override User GetUser(string user)
        {
            DataCommand cmd   = _catalog.NewQuery(string.Format("SELECT {1}usergroup.title FROM {1}user LEFT JOIN {1}usergroup ON {1}user.usergroupid={1}usergroup.usergroupid WHERE {1}user.username='******' AND {1}usergroup.forumpermissions!=0", DataCommand.MakeSqlSafe(user.ToLowerInvariant()), _tablePrefix));
            string      title = cmd.Read();

            if (title == null)
            {
                return(null);
            }
            return(new User(user, string.Empty, new Group[] { new Group(title) }));
        }
Esempio n. 3
0
        public override User GetUser(string user)
        {
            DataCommand user_cmd    = _catalog.NewQuery(string.Format("SELECT {1}user.username FROM {1}user WHERE username = '******'", DataCommand.MakeSqlSafe(user.ToLowerInvariant()), _tablePrefix));
            string      user_result = user_cmd.Read();

            if (user_result == null)
            {
                return(null);
            }
            List <Group> group_result = new List <Group>();

            _catalog.NewQuery(string.Format("SELECT {1}groups.name FROM {1}groups WHERE {1}groups.id IN (SELECT {1}groups_members.groupid FROM {1}groups_members WHERE {1}groups_members.userid = (SELECT {1}user.id FROM {1}user WHERE {1}user.username ='******'))", DataCommand.MakeSqlSafe(user.ToLowerInvariant()), _tablePrefix)).Execute(delegate(IDataReader reader) {
                while (reader.Read())
                {
                    group_result.Add(new Group(SysUtil.ChangeType <string>(reader[0])));
                }
            });
            if (group_result.Count == 0)
            {
                return(new User(user, string.Empty, new Group[] { _defaultGroup }));
            }
            return(new User(user, string.Empty, group_result.ToArray()));
        }