public object ChangePassword([FromBody] ChangePasswordAttempt changePasswordAttempt)
{
try
{
if (Request.Headers.TryGetValue("Authorization", out Microsoft.Extensions.Primitives.StringValues value) && value.ToString().Contains("Bearer "))
{
value = value.ToString().Replace("Bearer ", "");
if (changePasswordAttempt.NewPassword == changePasswordAttempt.RepeatedNewPassword &&
StaticMethods.IsTokenValid(value) &&
StaticMethods.GeneratePasswordHash(changePasswordAttempt.CurrentPassword, StaticMethods.GetUserSalt(StaticMethods.GetUserName(value))) == StaticMethods.GetUserPassword(value))
{
MySQLObject mysql = new MySQLObject();
string newHash = StaticMethods.GeneratePasswordHash(changePasswordAttempt.NewPassword, StaticMethods.GetUserSalt(StaticMethods.GetUserName(value)));
mysql.Update($"update `uzytkownicy` set `haslo` = '{newHash}' where `id_uzytkownika` = '{StaticMethods.GetUserId(value)}' ");
return(StatusCode(200));
}
else
{
return(StatusCode(403, @"{""Result"" : ""Wrong data""}"));
}
}
else
{
return(StatusCode(403, @"{""Result"" : ""Wrong token or password""}"));
}
}
catch
{
return(StatusCode(500));
}
}
public object Login([FromBody] LoginAttempt login)
{
if (login.Login != "" && login.Password != "")
{
string token = "";
MySQLObject mySQL = new MySQLObject(Config.ConnectionString);
mySQL.Select($@"SELECT `id_uzytkownika` FROM `projekt_mysql`.`uzytkownicy` WHERE `login` = '{login.Login}' AND `haslo` = '{login.Password}'");
if (mySQL.Data.Rows.Count > 0)
{
token = StaticMethods.GenerateToken();
mySQL.Update($@"UPDATE `projekt_mysql`.`tokeny_logowania` SET `token` = '{token}', `aktywny` = 1, `data_wygasniecia` = ADDTIME(NOW(),'02:00:00') WHERE `id_uzytkownika` = '{mySQL.Data.Rows[0]["id_uzytkownika"].ToString()}' ");
return(StatusCode(200, token));
}
else
{
return(StatusCode(403, @"{""Result"" : ""Wrong login or password""}"));
}
}
else
{
return(StatusCode(400, @"{""Result"" : ""Wrong request""}"));
}
}
