public static DBLoginView VerifyLogin(DB db, string person, string cookie, string ip4) { DBLoginView result; using (IDbCommand cmd = db.CreateCommand()) { cmd.CommandText = "SELECT * FROM LoginView WHERE cookie = @cookie AND login = @person AND ip4 = @ip4 AND ip4 <> '';"; DB.CreateParameter(cmd, "cookie", cookie); DB.CreateParameter(cmd, "person", person); DB.CreateParameter(cmd, "ip4", ip4); using (IDataReader reader = cmd.ExecuteReader()) { if (!reader.Read()) { return(null); } result = new DBLoginView(reader); if (reader.Read()) { return(null); } return(result); } } }
public static void Authenticate(string user_host_address, DB db, WebServiceLogin login, WebServiceResponse response, bool @readonly) { int person_id; DBLoginView view = null; log.DebugFormat("WebService.Authenticate (Ip4: {0}, UserHostAddress: {1}, User: {2}, Cookie: {3}, Password: {4}", login == null ? null : login.Ip4, user_host_address, login == null ? null : login.User, login == null ? null : login.Cookie, login == null ? null : login.Password); // Check if credentials were passed in if (login == null || string.IsNullOrEmpty(login.User) || (string.IsNullOrEmpty(login.Password) && string.IsNullOrEmpty(login.Cookie))) { VerifyAnonymousAllowed(); return; } string ip = !string.IsNullOrEmpty(login.Ip4) ? login.Ip4 : user_host_address; if (!string.IsNullOrEmpty(login.Password)) { DBLogin result = DBLogin_Extensions.LoginUser(db, login.User, login.Password, ip, @readonly); if (result != null) { if (@readonly) { person_id = result.person_id; } else { view = DBLoginView_Extensions.VerifyLogin(db, login.User, result.cookie, ip); if (view == null) { log.Debug("Invalid cookie"); VerifyAnonymousAllowed(); return; } person_id = view.person_id; } } else { log.Debug("Invalid user/password"); VerifyAnonymousAllowed(); return; } } else { view = DBLoginView_Extensions.VerifyLogin(db, login.User, login.Cookie, ip); if (view == null) { log.Debug("Invalid cookie"); VerifyAnonymousAllowed(); return; } person_id = view.person_id; log.DebugFormat("Verifying login, cookie: {0} user: {1} ip: {2}", login.Cookie, login.User, ip); } log.Debug("Valid credentials"); if (response == null) { return; } DBPerson person = DBPerson_Extensions.Create(db, person_id); LoginResponse login_response = response as LoginResponse; if (login_response != null) { login_response.Cookie = view != null ? view.cookie : null; login_response.FullName = person.fullname; login_response.ID = person_id; } response.UserName = person.login; response.UserRoles = person.Roles; log.DebugFormat("Authenticate2 Roles are: {0}", response.UserRoles == null ? "null" : string.Join(";", response.UserRoles)); }