public APIResponse RecoverPasswordAction() { string Email = UserProfileObj.GetEmail(); try { string FPToken = SHA256.Instance().GetUniqueKey(100); APIResponse ApiResponseObj = new UserActions(UserProfileObj).RecoverPasswordAction(); if (ApiResponseObj == APIResponse.OK) { // send the mail } return(APIResponse.OK); } catch (MySqlException mse) { Logger.Instance().Log(Warn.Instance(), mse); throw mse; } catch (Exception ex) { Logger.Instance().Log(Warn.Instance(), ex); throw ex; } }
public bool AuthenticateAdmin() { try { if (UserProfileObj.GetIsAdmin() == false) { Logger.Instance().Log(Warn.Instance(), new LogInfo(UserProfileObj.GetEmail().ToString() + " tried to access the admin panel but failed. ")); } return(UserProfileObj.GetIsAdmin()); } catch (ArgumentException AEX) { Logger.Instance().Log(Warn.Instance(), new WarnDebug("Anonymous user tried to access the Admin panel, but failed")); throw AEX; } catch (NullReferenceException nex) { Logger.Instance().Log(Fatal.Instance(), new LogInfo("Unable to authenticate Admin, got exception : " + nex.Message.ToString())); throw nex; } catch (Exception ex) { Logger.Instance().Log(Fatal.Instance(), ex); throw ex; } }
public LoginUserReponse LoginUserAction(IUserProfile UserProfileObj) { bool IsLoggedIn = false; string Email = UserProfileObj.GetEmail(); string Password = UserProfileObj.GetPassword(); string Token = ""; string ErrorText = ""; string DbSalt = ""; string DbHashPassword = ""; string HashPassword = ""; try { DataSet output = new UserActionsDataLayer(UserProfileObj).GetHashedPassword(); if (output.Tables[0].Rows.Count > 0) { DbSalt = output.Tables[0].Rows[0]["salt"].ToString(); DbHashPassword = output.Tables[0].Rows[0]["password"].ToString(); HashPassword = SHA256.Instance().hash(Password + DbSalt); if (DbHashPassword == HashPassword) { Token = SHA256.Instance().hash(Email + Password + DateTime.Now.ToString()); // create a long token Token += SHA256.Instance().hash(Email + Password + DateTime.Now.AddSeconds(200).ToString()); UserProfileObj.SetToken(Token); // update the token value to database so as to authenticate the user for all events new Security(UserProfileObj).AddTokenToDB(); IsLoggedIn = true; } else { IsLoggedIn = false; Logger.Instance().Log(Warn.Instance(), new WarnDebug("Authentication failed for email : " + Email.ToString())); ErrorText = "Invalid Email ID and password combination"; } } else { IsLoggedIn = false; ErrorText = "Invalid Email ID and password combination"; } } catch (Exception ex) { Logger.Instance().Log(Fatal.Instance(), ex); IsLoggedIn = false; ErrorText = "Unable to login to the system, please try again later. This event has been logged"; throw ex; } LoginUserReponse LoginResponse = new LoginUserReponse(); LoginResponse.SetIsLoggedIn(IsLoggedIn); LoginResponse.SetErrorText(ErrorText); LoginResponse.SetToken(Token); return(LoginResponse); }
public void AddTokenToDatabase() { Source = "sp_addToken"; string Email = UserProfileObj.GetEmail(); string Token = UserProfileObj.GetToken(); try { object[] paramToken = { new MySqlParameter("@paramToken", Token), new MySqlParameter("@paramEmail", Email), }; Commands.ExecuteQuery(Source, CommandType.StoredProcedure, paramToken); } catch (Exception ex) { Logger.Instance().Log(Fatal.Instance(), ex); throw ex; } }
public DataSet GetHashedPassword() { Source = "sp_getSaltPass"; String Email = UserProfileObj.GetEmail(); try { object[] parameters = { new MySqlParameter("@paramEmail", Email) }; DataSet output = Commands.ExecuteQuery(Source, CommandType.StoredProcedure, parameters); return(output); } catch (Exception ex) { Logger.Instance().Log(Warn.Instance(), ex); throw ex; } }