void IRequest.Execute(Session session) { AttemptLoginResult attemptLoginResult; if (!Security.IsStruckOut(session.GetIPAddress())) { if (Database.DoesUsernameExist(Username)) { int userID = Database.GetUserIDFromUsername(Username); // Decrypt password string decryptedPassword = Security.DecryptPassword(Password); // Get the real password hash string realPasswordHash = Database.GetPasswordHash(userID); // Check if hash matches stored hash for user if (realPasswordHash == Security.CreatePasswordHash(Encoding.ASCII.GetBytes(decryptedPassword))) { session.Authenticate(userID); attemptLoginResult = new AttemptLoginResult(AttemptLoginResult.ResultType.Success); } else { // Wrong password attemptLoginResult = new AttemptLoginResult(AttemptLoginResult.ResultType.Failure); } } else { // Account not found attemptLoginResult = new AttemptLoginResult(AttemptLoginResult.ResultType.Failure); } Security.Strike(session.GetIPAddress()); } else { attemptLoginResult = new AttemptLoginResult(AttemptLoginResult.ResultType.TooManyAttempts); } session.SendPost(attemptLoginResult); }
public static Result Login(TcpClient tcpClient, string username, string password) { IRequest request = new AttemptLogin(username, Encoding.ASCII.GetBytes(password)); // Get Json from sending request string content = JsonRequestRoundtrip(tcpClient, request); // Get post AttemptLoginResult post = JsonSerializer.Deserialize <AttemptLoginResult>(content); if (post.Result == AttemptLoginResult.ResultType.Success) { return(Result.Success); } else if (post.Result == AttemptLoginResult.ResultType.TooManyAttempts) { return(Result.TooManyAttempts); } else { return(Result.Failure); } }