public bool authenticate(string n, string p, bool r)
{
bool rtn = false;
string hp = "";
#region get user data
DataTable dt = new DataTable();
try
{
using (MySqlConnection conn = new MySqlConnection(ConfigurationManager.ConnectionStrings["denpone"].ToString()))
{
using (MySqlCommand comm = new MySqlCommand("SELECT * FROM users WHERE uname = @n", conn))
{
conn.Open();
comm.Parameters.AddWithValue("@n", n);
//comm.Parameters.AddWithValue("@p", p);
using (MySqlDataReader sdr = comm.ExecuteReader())
{
dt.Load(sdr);
}
}
}
}
catch (Exception ex)
{
logError("authenticate", ex);
}
#endregion
#region Authenticate and fill session
if (dt.Rows.Count == 1)
{
foreach (DataRow dr in dt.Rows)
{
hp = dr["pwd"].ToString();
bool v = BCrypt.Net.BCrypt.Verify(p, hp);
if (v)
{
try
{
int uid = int.Parse(dr["user_id"].ToString());
user u = new user();
u.set_uname(dr["uname"].ToString());
u.set_uid(uid);
//u.set_admin(adm);
HttpContext.Current.Session["user"] = u;
if (r)
{
writeCookie(uid);
}
rtn = true;
}
catch (Exception ex)
{
logError("authenticate/write cookie", ex);
}
}
}
}
#endregion
return rtn;
}
public bool getUserFromCookie(string cookieNme)
{
bool rtn = false;
DataTable dt = new DataTable();
string id = HttpContext.Current.Request.Cookies[cookieNme].Value;
if (id != null)
{
try
{
using (MySqlConnection conn = new MySqlConnection(ConfigurationManager.ConnectionStrings["denpone"].ToString()))
{
//do the select here based on the ID
//reconstitute the user session and move on
using (MySqlCommand comm = new MySqlCommand("Select * FROM users WHERE user_id = @uid", conn))
{
conn.Open();
comm.Parameters.AddWithValue("@uid", id);
using (MySqlDataReader sdr = comm.ExecuteReader())
{
dt.Load(sdr);
}
}
}
}
catch (Exception ex)
{
logError("getUserFromCookie", ex);
}
if (dt.Rows.Count == 1)
{
foreach (DataRow dr in dt.Rows)
{
//bool adm = false;
//if (dr["admin"].ToString() == "1" || dr["admin"].ToString().ToLower() == "true")
//{
// adm = true;
//}
user u = new user();
u.set_uname(dr["uname"].ToString());
u.set_uid(tryInt(dr["user_id"].ToString()));
//u.set_admin(adm);
HttpContext.Current.Session["user"] = u;
}
rtn = true;
}
}
return rtn;
}