public void HandleLoginRequest(HttpHeader request) { LogonData loginForm = Json.CreateObject <LogonData>(request.Content); LogonResult loginResult = new LogonResult(); if (loginForm == null) { loginResult.AuthenticationState = "LOGIN"; loginResult.ErrorCode = "UNABLE_TO_DECODE"; loginResult.ErrorMessage = "There was an internal error while connecting to Battle.net. Please try again later."; SendResponse(HttpCode.BadRequest, loginResult); return; } string login = ""; string password = ""; for (int i = 0; i < loginForm.Inputs.Count; ++i) { switch (loginForm.Inputs[i].Id) { case "account_name": login = loginForm.Inputs[i].Value; break; case "password": password = loginForm.Inputs[i].Value; break; } } PreparedStatement stmt = DB.Login.GetPreparedStatement(LoginStatements.SelBnetAuthentication); stmt.AddValue(0, login); SQLResult result = DB.Login.Query(stmt); if (!result.IsEmpty()) { uint accountId = result.Read <uint>(0); string pass_hash = result.Read <string>(1); uint failedLogins = result.Read <uint>(2); string loginTicket = result.Read <string>(3); uint loginTicketExpiry = result.Read <uint>(4); bool isBanned = result.Read <ulong>(5) != 0; if (CalculateShaPassHash(login.ToUpper(), password.ToUpper()) == pass_hash) { if (loginTicket.IsEmpty() || loginTicketExpiry < Time.UnixTime) { byte[] ticket = new byte[0].GenerateRandomKey(20); loginTicket = "TC-" + ticket.ToHexString(); } stmt = DB.Login.GetPreparedStatement(LoginStatements.UpdBnetAuthentication); stmt.AddValue(0, loginTicket); stmt.AddValue(1, Time.UnixTime + 3600); stmt.AddValue(2, accountId); DB.Login.Execute(stmt); loginResult.LoginTicket = loginTicket; } else if (!isBanned) { uint maxWrongPassword = ConfigMgr.GetDefaultValue("WrongPass.MaxCount", 0u); if (ConfigMgr.GetDefaultValue("WrongPass.Logging", false)) { Log.outDebug(LogFilter.Network, $"[{request.Host}, Account {login}, Id {accountId}] Attempted to connect with wrong password!"); } if (maxWrongPassword != 0) { SQLTransaction trans = new SQLTransaction(); stmt = DB.Login.GetPreparedStatement(LoginStatements.UpdBnetFailedLogins); stmt.AddValue(0, accountId); trans.Append(stmt); ++failedLogins; Log.outDebug(LogFilter.Network, $"MaxWrongPass : {maxWrongPassword}, failed_login : {accountId}"); if (failedLogins >= maxWrongPassword) { BanMode banType = ConfigMgr.GetDefaultValue("WrongPass.BanType", BanMode.IP); int banTime = ConfigMgr.GetDefaultValue("WrongPass.BanTime", 600); if (banType == BanMode.Account) { stmt = DB.Login.GetPreparedStatement(LoginStatements.InsBnetAccountAutoBanned); stmt.AddValue(0, accountId); } else { stmt = DB.Login.GetPreparedStatement(LoginStatements.InsIpAutoBanned); stmt.AddValue(0, request.Host); } stmt.AddValue(1, banTime); trans.Append(stmt); stmt = DB.Login.GetPreparedStatement(LoginStatements.UpdBnetResetFailedLogins); stmt.AddValue(0, accountId); trans.Append(stmt); } DB.Login.CommitTransaction(trans); } } loginResult.AuthenticationState = "DONE"; SendResponse(HttpCode.Ok, loginResult); } else { loginResult.AuthenticationState = "LOGIN"; loginResult.ErrorCode = "UNABLE_TO_DECODE"; loginResult.ErrorMessage = "There was an internal error while connecting to Battle.net. Please try again later."; SendResponse(HttpCode.BadRequest, loginResult); } }
private void OnNumPadEnterButtonPressed() { if (string.IsNullOrEmpty(this.operatorId)) { // // Read operator ID // if (string.IsNullOrEmpty(this.numUserId.EnteredValue)) { // Invalid credentials using (frmMessage dialog = new frmMessage(1323, MessageBoxButtons.OK, MessageBoxIcon.Information)) { POSFormsManager.ShowPOSForm(dialog); } } else { bool usePassword = true; if (Functions.StaffBarcodeLogOn) { IExtendedLogOnInfo extendedLogOnInfo = new ExtendedLogOnInfo() { LogOnKey = this.numUserId.EnteredValue, LogOnType = ExtendedLogOnType.Barcode, PasswordRequired = Functions.StaffBarcodeLogOnRequiresPassword }; // First see if this is a extended logon key this.operatorId = PosApplication.Instance.Services.Peripherals.LogOnDevice.Identify(extendedLogOnInfo); // If not found, then give a try to legacy barcode mask approch. if (string.IsNullOrWhiteSpace(operatorId)) { IBarcodeInfo barcodeInfo = PosApplication.Instance.Services.Barcode.ProcessBarcode(BarcodeEntryType.ManuallyEntered, this.numUserId.EnteredValue); if (barcodeInfo.InternalType == BarcodeInternalType.Employee) { this.operatorId = barcodeInfo.EmployeeId; } } if (!string.IsNullOrWhiteSpace(operatorId)) { usePassword = extendedLogOnInfo.PasswordRequired; } } if (string.IsNullOrWhiteSpace(operatorId)) { this.operatorId = this.numUserId.EnteredValue; //Standard employee id } if (usePassword) { PromptForPassword(); } else { ValidateCredentials(ApplicationSettings.Terminal.StoreId, this.operatorId, null); } } } else { // // Read password // using (SecureString ss = new SecureString()) { foreach (char c in this.numUserId.EnteredValue) { ss.AppendChar(c); } ss.MakeReadOnly(); ValidateCredentials(ApplicationSettings.Terminal.StoreId, this.operatorId, LogonData.ComputePasswordHash(this.operatorId, ss, ApplicationSettings.Terminal.StaffPasswordHashName)); } } }