public static DBLoginView VerifyLogin(DB db, string person, string cookie, string ip4)
{
DBLoginView result;
using (IDbCommand cmd = db.CreateCommand()) {
cmd.CommandText = "SELECT * FROM LoginView WHERE cookie = @cookie AND login = @person AND ip4 = @ip4 AND ip4 <> '';";
DB.CreateParameter(cmd, "cookie", cookie);
DB.CreateParameter(cmd, "person", person);
DB.CreateParameter(cmd, "ip4", ip4);
using (IDataReader reader = cmd.ExecuteReader()) {
if (!reader.Read())
{
return(null);
}
result = new DBLoginView(reader);
if (reader.Read())
{
return(null);
}
return(result);
}
}
}
public static void Authenticate(string user_host_address, DB db, WebServiceLogin login, WebServiceResponse response, bool @readonly)
{
int person_id;
DBLoginView view = null;
log.DebugFormat("WebService.Authenticate (Ip4: {0}, UserHostAddress: {1}, User: {2}, Cookie: {3}, Password: {4}", login == null ? null : login.Ip4, user_host_address, login == null ? null : login.User, login == null ? null : login.Cookie, login == null ? null : login.Password);
// Check if credentials were passed in
if (login == null || string.IsNullOrEmpty(login.User) || (string.IsNullOrEmpty(login.Password) && string.IsNullOrEmpty(login.Cookie)))
{
VerifyAnonymousAllowed();
return;
}
string ip = !string.IsNullOrEmpty(login.Ip4) ? login.Ip4 : user_host_address;
if (!string.IsNullOrEmpty(login.Password))
{
DBLogin result = DBLogin_Extensions.LoginUser(db, login.User, login.Password, ip, @readonly);
if (result != null)
{
if (@readonly)
{
person_id = result.person_id;
}
else
{
view = DBLoginView_Extensions.VerifyLogin(db, login.User, result.cookie, ip);
if (view == null)
{
log.Debug("Invalid cookie");
VerifyAnonymousAllowed();
return;
}
person_id = view.person_id;
}
}
else
{
log.Debug("Invalid user/password");
VerifyAnonymousAllowed();
return;
}
}
else
{
view = DBLoginView_Extensions.VerifyLogin(db, login.User, login.Cookie, ip);
if (view == null)
{
log.Debug("Invalid cookie");
VerifyAnonymousAllowed();
return;
}
person_id = view.person_id;
log.DebugFormat("Verifying login, cookie: {0} user: {1} ip: {2}", login.Cookie, login.User, ip);
}
log.Debug("Valid credentials");
if (response == null)
{
return;
}
DBPerson person = DBPerson_Extensions.Create(db, person_id);
LoginResponse login_response = response as LoginResponse;
if (login_response != null)
{
login_response.Cookie = view != null ? view.cookie : null;
login_response.FullName = person.fullname;
login_response.ID = person_id;
}
response.UserName = person.login;
response.UserRoles = person.Roles;
log.DebugFormat("Authenticate2 Roles are: {0}", response.UserRoles == null ? "null" : string.Join(";", response.UserRoles));
}
