void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e) { if (DateTime.UtcNow.Subtract(lastPollCheck).TotalMinutes > 15) { PollController.AutoClosePolls(); lastPollCheck = DateTime.UtcNow; } Account acc = null; if (Request[GlobalConst.ASmallCakeCookieName] != null) { var testAcc = Account.AccountByName(new ZkDataContext(), Request[GlobalConst.ASmallCakeLoginCookieName]); if (testAcc != null) { if (AuthTools.ValidateSiteAuthToken(testAcc.Name, testAcc.Password, Request[GlobalConst.ASmallCakeCookieName])) { acc = testAcc; } } } if (acc == null) { if (Request[GlobalConst.LoginCookieName] != null) { acc = AuthServiceClient.VerifyAccountHashed(Request[GlobalConst.LoginCookieName], Request[GlobalConst.PasswordHashCookieName]); } } if (acc != null) { var ip = GetUserIP(); using (var db = new ZkDataContext()) { var penalty = Punishment.GetActivePunishment(acc.AccountID, ip, null, x => x.BanSite, db); if (penalty != null) { Response.Write(string.Format("You are banned! (IP match to account {0})\n", penalty.AccountByAccountID.Name)); Response.Write(string.Format("Ban expires: {0} UTC\n", penalty.BanExpires)); Response.Write(string.Format("Reason: {0}\n", penalty.Reason)); Response.End(); } else { HttpContext.Current.User = acc; // todo replace with safer permanent cookie Response.SetCookie(new HttpCookie(GlobalConst.LoginCookieName, acc.Name) { Expires = DateTime.Now.AddMonths(12) }); Response.SetCookie(new HttpCookie(GlobalConst.PasswordHashCookieName, acc.Password) { Expires = DateTime.Now.AddMonths(12) }); } } } }
private void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e) { if (DateTime.UtcNow.Subtract(lastPollCheck).TotalMinutes > 60) { PollController.AutoClosePolls(); // this is silly here, should be a seaprate timer/thread lastPollCheck = DateTime.UtcNow; } Account acc = null; if (FormsAuthentication.IsEnabled && User.Identity.IsAuthenticated) { acc = Account.AccountByName(new ZkDataContext(), User.Identity.Name); } else if (Request[GlobalConst.SessionTokenVariable] != null) { int id = 0; if (Global.Server?.SessionTokens.TryRemove(Request[GlobalConst.SessionTokenVariable], out id) == true) { acc = new ZkDataContext().Accounts.Find(id); } } if (acc != null) { var ip = Request.UserHostAddress; var lastLogin = acc.AccountUserIDs.OrderByDescending(x => x.LastLogin).FirstOrDefault(); var userID = lastLogin?.UserID; var installID = lastLogin?.InstallID; var penalty = Punishment.GetActivePunishment(acc.AccountID, ip, userID, installID, x => x.BanSite); if (penalty != null) { Response.Write(string.Format("You are banned! (IP match to account {0})\n", penalty.AccountByAccountID.Name)); Response.Write(string.Format("Ban expires: {0} UTC\n", penalty.BanExpires)); Response.Write(string.Format("Reason: {0}\n", penalty.Reason)); Response.End(); } else { HttpContext.Current.User = acc; FormsAuthentication.SetAuthCookie(acc.Name, true); } } // remove cake from URL var removeCake = Regex.Replace(Request.Url.ToString(), $"([?|&])({GlobalConst.SessionTokenVariable}=[^&?]+[?|&]*)", m => m.Groups[1].Value); if (removeCake != Request.Url.ToString()) { Response.Redirect(removeCake, true); } }