public structSecurityWebsite GetSecurityForWebsite(int userId, int websiteId, int ownerId) { var sqlUser = new SqlQueries.User(S); var security = new structSecurityWebsite(); var items = new Dictionary<string, bool[]>(); security.websiteId = websiteId; security.ownerId = ownerId; var reader = sqlUser.GetWebsiteSecurity(websiteId, userId); if(reader.Rows.Count > 0) { while (reader.Read()) { var data = reader.Get("security"); var d = new string[] { }; var b = new List<bool>(); if(data != "") { d = data.Split(','); foreach(var v in d) { if(v == "1") { b.Add(true); }else { b.Add(false); } } } items.Add(reader.Get("feature"), b.ToArray()); } } security.security = items; return security; }
public bool UpdatePassword(int userId, string password) { var update = false; //security check var emailAddr = email; if(S.Server.resetPass == true && userId == 1) { //securely change admin password //get admin email address from database var parameters = new List<SqlParameter>(); parameters.Add(new SqlParameter("$userId", userId.ToString(), 0, enumSqlParameterType.isNumber)); emailAddr = (string)S.Sql.ExecuteScalar("EXEC GetUserEmail @userId=$userId", parameters); if (emailAddr != "" && emailAddr != null) { update = true; } } if(update == true) { var bCrypt = new BCrypt.Net.BCrypt(); var encrypted = BCrypt.Net.BCrypt.HashPassword(password, S.Server.bcrypt_workfactor); var sqlUser = new SqlQueries.User(S); sqlUser.UpdatePassword(userId, encrypted); S.Server.resetPass = false; } return false; }
/// <summary> /// Authenticate user credentials and log into user account /// </summary> /// <param name="email"></param> /// <param name="pass"></param> /// <returns></returns> public bool LogIn(string email, string password, int websiteId, int ownerId) { saveSession = true; var sqlUser = new SqlQueries.User(S); var dbpass = sqlUser.GetPassword(email); if(dbpass == "") { return false; } if(BCrypt.Net.BCrypt.Verify(password, dbpass)) { //password verified by Bcrypt var user = sqlUser.AuthenticateUser(email, dbpass); if (user.Rows.Count > 0) { user.Read(); userId = user.GetInt("userId"); this.email = email; photo = user.Get("photo"); displayName = user.Get("displayname"); //get initial security for this website if(!security.Any(a => a.websiteId == websiteId)){ security.Add(GetSecurityForWebsite(userId, websiteId, ownerId)); } return true; } } return false; }