public void HandleLoginRequest(HttpHeader request)
{
LogonData loginForm = Json.CreateObject <LogonData>(request.Content);
LogonResult loginResult = new LogonResult();
if (loginForm == null)
{
loginResult.AuthenticationState = "LOGIN";
loginResult.ErrorCode = "UNABLE_TO_DECODE";
loginResult.ErrorMessage = "There was an internal error while connecting to Battle.net. Please try again later.";
SendResponse(HttpCode.BadRequest, loginResult);
return;
}
string login = "";
string password = "";
for (int i = 0; i < loginForm.Inputs.Count; ++i)
{
switch (loginForm.Inputs[i].Id)
{
case "account_name":
login = loginForm.Inputs[i].Value;
break;
case "password":
password = loginForm.Inputs[i].Value;
break;
}
}
PreparedStatement stmt = DB.Login.GetPreparedStatement(LoginStatements.SelBnetAuthentication);
stmt.AddValue(0, login);
SQLResult result = DB.Login.Query(stmt);
if (!result.IsEmpty())
{
uint accountId = result.Read <uint>(0);
string pass_hash = result.Read <string>(1);
uint failedLogins = result.Read <uint>(2);
string loginTicket = result.Read <string>(3);
uint loginTicketExpiry = result.Read <uint>(4);
bool isBanned = result.Read <ulong>(5) != 0;
if (CalculateShaPassHash(login.ToUpper(), password.ToUpper()) == pass_hash)
{
if (loginTicket.IsEmpty() || loginTicketExpiry < Time.UnixTime)
{
byte[] ticket = new byte[0].GenerateRandomKey(20);
loginTicket = "TC-" + ticket.ToHexString();
}
stmt = DB.Login.GetPreparedStatement(LoginStatements.UpdBnetAuthentication);
stmt.AddValue(0, loginTicket);
stmt.AddValue(1, Time.UnixTime + 3600);
stmt.AddValue(2, accountId);
DB.Login.Execute(stmt);
loginResult.LoginTicket = loginTicket;
}
else if (!isBanned)
{
uint maxWrongPassword = ConfigMgr.GetDefaultValue("WrongPass.MaxCount", 0u);
if (ConfigMgr.GetDefaultValue("WrongPass.Logging", false))
{
Log.outDebug(LogFilter.Network, $"[{request.Host}, Account {login}, Id {accountId}] Attempted to connect with wrong password!");
}
if (maxWrongPassword != 0)
{
SQLTransaction trans = new SQLTransaction();
stmt = DB.Login.GetPreparedStatement(LoginStatements.UpdBnetFailedLogins);
stmt.AddValue(0, accountId);
trans.Append(stmt);
++failedLogins;
Log.outDebug(LogFilter.Network, $"MaxWrongPass : {maxWrongPassword}, failed_login : {accountId}");
if (failedLogins >= maxWrongPassword)
{
BanMode banType = ConfigMgr.GetDefaultValue("WrongPass.BanType", BanMode.IP);
int banTime = ConfigMgr.GetDefaultValue("WrongPass.BanTime", 600);
if (banType == BanMode.Account)
{
stmt = DB.Login.GetPreparedStatement(LoginStatements.InsBnetAccountAutoBanned);
stmt.AddValue(0, accountId);
}
else
{
stmt = DB.Login.GetPreparedStatement(LoginStatements.InsIpAutoBanned);
stmt.AddValue(0, request.Host);
}
stmt.AddValue(1, banTime);
trans.Append(stmt);
stmt = DB.Login.GetPreparedStatement(LoginStatements.UpdBnetResetFailedLogins);
stmt.AddValue(0, accountId);
trans.Append(stmt);
}
DB.Login.CommitTransaction(trans);
}
}
loginResult.AuthenticationState = "DONE";
SendResponse(HttpCode.Ok, loginResult);
}
else
{
loginResult.AuthenticationState = "LOGIN";
loginResult.ErrorCode = "UNABLE_TO_DECODE";
loginResult.ErrorMessage = "There was an internal error while connecting to Battle.net. Please try again later.";
SendResponse(HttpCode.BadRequest, loginResult);
}
}
private void OnNumPadEnterButtonPressed()
{
if (string.IsNullOrEmpty(this.operatorId))
{
//
// Read operator ID
//
if (string.IsNullOrEmpty(this.numUserId.EnteredValue))
{
// Invalid credentials
using (frmMessage dialog = new frmMessage(1323, MessageBoxButtons.OK, MessageBoxIcon.Information))
{
POSFormsManager.ShowPOSForm(dialog);
}
}
else
{
bool usePassword = true;
if (Functions.StaffBarcodeLogOn)
{
IExtendedLogOnInfo extendedLogOnInfo = new ExtendedLogOnInfo()
{
LogOnKey = this.numUserId.EnteredValue,
LogOnType = ExtendedLogOnType.Barcode,
PasswordRequired = Functions.StaffBarcodeLogOnRequiresPassword
};
// First see if this is a extended logon key
this.operatorId = PosApplication.Instance.Services.Peripherals.LogOnDevice.Identify(extendedLogOnInfo);
// If not found, then give a try to legacy barcode mask approch.
if (string.IsNullOrWhiteSpace(operatorId))
{
IBarcodeInfo barcodeInfo = PosApplication.Instance.Services.Barcode.ProcessBarcode(BarcodeEntryType.ManuallyEntered, this.numUserId.EnteredValue);
if (barcodeInfo.InternalType == BarcodeInternalType.Employee)
{
this.operatorId = barcodeInfo.EmployeeId;
}
}
if (!string.IsNullOrWhiteSpace(operatorId))
{
usePassword = extendedLogOnInfo.PasswordRequired;
}
}
if (string.IsNullOrWhiteSpace(operatorId))
{
this.operatorId = this.numUserId.EnteredValue; //Standard employee id
}
if (usePassword)
{
PromptForPassword();
}
else
{
ValidateCredentials(ApplicationSettings.Terminal.StoreId, this.operatorId, null);
}
}
}
else
{
//
// Read password
//
using (SecureString ss = new SecureString())
{
foreach (char c in this.numUserId.EnteredValue)
{
ss.AppendChar(c);
}
ss.MakeReadOnly();
ValidateCredentials(ApplicationSettings.Terminal.StoreId, this.operatorId, LogonData.ComputePasswordHash(this.operatorId, ss, ApplicationSettings.Terminal.StaffPasswordHashName));
}
}
}
