public CheckPasswordResult CheckPassword(string userName, string password, string cookieSalt, string ipAddress, TimeSpan strikeBorder, int strikesLimit = 5)
{
string sql = @"SELECT password, salt, username, userId
FROM user
WHERE LOWER(username) = @userName";
var user = db.QueryFirstOrDefault(sql, new { userName });
if (user == null)
{
return(new CheckPasswordResult(LoginResult.UserNotExisting));
}
// COUNT would be enough here. But making GetStrikes generic to list and count would be cause more overhead than the few rows here (which is not called very often)
var strikes = GetStrikes(ipAddress, DateTime.Now.Subtract(strikeBorder));
if (strikes.Count() >= strikesLimit)
{
return(new CheckPasswordResult(LoginResult.StrikesLimitReached));
}
// includes/functions_login.php line 173: iif($password AND !$md5password, md5(md5($password) . $vbulletin->userinfo['salt']), '')
string hash = Hash.Md5($"{Hash.Md5(password)}{user.salt}");
if (hash != user.password)
{
LogStrike(ipAddress, userName);
return(new CheckPasswordResult(LoginResult.BadPassword));
}
var result = new CheckPasswordResult(LoginResult.Success);
result.CookiePassword = Hash.Md5($"{user.password}{cookieSalt}");
result.UserId = (int)user.userId;
return(result);
}
public async Task Run()
{
StringBuilder sb = new();
CheckPasswordService checkPasswordService = new();
CheckPasswordResult result = await checkPasswordService.Check(
Password,
RuleSetName,
RankingSetName,
IsCheckHaveIBeenPwned);
sb.AppendLine("PASSWORD CHECK: " + (result.IsSuccess ? "PASSED" : "FAILED"));
sb.AppendLine($"STRENGTH: {result.Ranking} ({result.Score})");
if (IsDetailedOutput)
{
sb.AppendLine($"RULE SET [{result.RuleSet.Name}]");
sb.AppendLine($"RANKING SET [{result.RankingSet.Name}]");
if (result.RulesPassed?.Any() ?? false)
{
sb.AppendLine($"PASSED:");
var values = result.RulesPassed?.Select(rule => rule.Message);
if (values != null)
{
sb.AppendJoin("\n", values);
}
sb.AppendLine();
}
if (!result.IsSuccess)
{
sb.AppendLine("FAILED:");
var values = result.RulesFailed?.Select(rule => rule.Message);
if (values != null)
{
sb.AppendJoin("\n", values);
}
sb.AppendLine();
}
if (result.RulesRecommendations?.Any() ?? false)
{
sb.AppendLine("RECOMMENDATIONS:");
sb.AppendJoin("\n", result.RulesRecommendations.Select(rule => rule.Message));
sb.AppendLine();
}
}
if (IsCheckHaveIBeenPwned)
{
if (result.PNDPassword != null)
{
sb.AppendLine($"Your password is PWNED ({result.PNDPassword.PNDCount} times), consider changing it!");
}
else
{
sb.AppendLine($"Your password hasn't been PWNED...yet.");
}
}
// Empty string builder to console
Console.Write(sb);
}
