/// <summary> /// Registers a new user, using the properties of this class. /// </summary> /// <param name="nickName">Name of the nick.</param> /// <param name="dateOfBirth">The date of birth.</param> /// <param name="emailAddress">The email address.</param> /// <param name="emailAddressIsPublic">flag to signal if the emailaddress is visible for everyone or not</param> /// <param name="iconURL">The icon URL.</param> /// <param name="ipNumber">The ip number.</param> /// <param name="location">The location.</param> /// <param name="occupation">The occupation.</param> /// <param name="signature">The signature.</param> /// <param name="website">The website.</param> /// <param name="emailTemplatePath">The email template path.</param> /// <param name="emailData">The email data.</param> /// <param name="autoSubscribeThreads">Default value when user creates new threads.</param> /// <param name="defaultMessagesPerPage">Messages per page to display</param> /// <returns> /// UserID of new user or 0 if registration failed. /// </returns> public static int RegisterNewUser(string nickName, DateTime?dateOfBirth, string emailAddress, bool emailAddressIsPublic, string iconURL, string ipNumber, string location, string occupation, string signature, string website, string emailTemplatePath, Dictionary <string, string> emailData, ParserData parserData, bool autoSubscribeThreads, short defaultMessagesPerPage) { UserEntity newUser = new UserEntity(); // initialize objects newUser.AmountOfPostings = 0; newUser.DateOfBirth = dateOfBirth; newUser.EmailAddress = emailAddress; newUser.EmailAddressIsPublic = emailAddressIsPublic; newUser.IPNumber = ipNumber; newUser.IconURL = iconURL; newUser.IsBanned = false; newUser.JoinDate = DateTime.Now; newUser.Location = location; newUser.NickName = nickName; newUser.Occupation = occupation; newUser.Signature = signature; newUser.Website = website; string password = HnDGeneralUtils.GenerateRandomPassword(); newUser.Password = HnDGeneralUtils.CreateMD5HashedBase64String(password); //Preferences newUser.AutoSubscribeToThread = autoSubscribeThreads; newUser.DefaultNumberOfMessagesPerPage = defaultMessagesPerPage; if (!string.IsNullOrEmpty(signature)) { newUser.SignatureAsHTML = TextParser.TransformSignatureUBBStringToHTML(signature, parserData); } else { newUser.SignatureAsHTML = ""; } //Fetch the SystemDataEntity to use the "DefaultUserTitleNewUser" as the user title & the "DefaultRoleNewUser" // as the roleID of the newly created RoleUserEntity. SystemDataEntity systemData = SystemGuiHelper.GetSystemSettings(); newUser.UserTitleID = systemData.DefaultUserTitleNewUser; RoleUserEntity roleUser = new RoleUserEntity(); roleUser.RoleID = systemData.DefaultRoleNewUser; roleUser.User = newUser; // first encode fields which could lead to cross-site-scripting attacks EncodeUserTextFields(newUser); // now save the new user entity and the new RoleUser entity recursively in one go. This will create a transaction for us // under the hood so we don't have to do that ourselves. if (newUser.Save(true)) { // all ok, Email the password bool result = HnDGeneralUtils.EmailPassword(password, emailAddress, emailTemplatePath, emailData); } return(newUser.UserID); }
/// <summary> /// Updates the given user's profile data using the values of the properties of this class. /// </summary> /// <param name="userID">The user ID.</param> /// <param name="dateOfBirth">The date of birth.</param> /// <param name="emailAddress">The email address.</param> /// <param name="emailAddressIsPublic">flag to signal if the emailaddress is visible for everyone or not</param> /// <param name="iconURL">The icon URL.</param> /// <param name="location">The location.</param> /// <param name="occupation">The occupation.</param> /// <param name="password">The password.</param> /// <param name="signature">The signature.</param> /// <param name="website">The website.</param> /// <param name="userTitleID">The user title ID.</param> /// <param name="parserData">The parser data.</param> /// <param name="autoSubscribeThreads">Default value when user creates new threads.</param> /// <param name="defaultMessagesPerPage">Messages per page to display</param> /// <returns>true if succeeded, false otherwise</returns> public static bool UpdateUserProfile(int userID, DateTime?dateOfBirth, string emailAddress, bool emailAddressIsPublic, string iconURL, string location, string occupation, string password, string signature, string website, int userTitleID, ParserData parserData, bool autoSubscribeThreads, short defaultMessagesPerPage) { UserEntity user = UserGuiHelper.GetUser(userID); if (user == null) { // not found return(false); } user.DateOfBirth = dateOfBirth; user.EmailAddress = emailAddress; user.EmailAddressIsPublic = emailAddressIsPublic; user.IconURL = iconURL; user.Location = location; user.Occupation = occupation; user.UserTitleID = userTitleID; if (!string.IsNullOrEmpty(password)) { user.Password = HnDGeneralUtils.CreateMD5HashedBase64String(password); } user.Signature = signature; if (!string.IsNullOrEmpty(signature)) { user.SignatureAsHTML = TextParser.TransformSignatureUBBStringToHTML(signature, parserData); } else { user.SignatureAsHTML = ""; } user.Website = website; //Preferences user.AutoSubscribeToThread = autoSubscribeThreads; user.DefaultNumberOfMessagesPerPage = defaultMessagesPerPage; // first encode fields which could lead to cross-site-scripting attacks EncodeUserTextFields(user); // Update the record return(user.Save(true)); }
/// <summary> /// Authenticates the user with the given Nickname and the given Password. /// </summary> /// <param name="nickName">Nickname of the user</param> /// <param name="password">Password of the user</param> /// <returns>AuthenticateResult.AllOk if the user could be authenticated, /// AuthenticateResult.WrongUsernamePassword if user couldn't be authenticated given the current credentials, /// AuthenticateResult.IsBanned if the user is banned. </returns> public static AuthenticateResult AuthenticateUser(string nickName, string password, out UserEntity user) { // fetch the Roles related to the user when fetching the user, using a prefetchPath object. PrefetchPath prefetchPath = new PrefetchPath((int)EntityType.UserEntity); prefetchPath.Add(UserEntity.PrefetchPathRoles); // fetch the user data using the nickname which has a unique constraint user = new UserEntity(); bool fetchResult = user.FetchUsingUCNickName(nickName, prefetchPath); if (!fetchResult) { // not found. Simply return that the user has specified a wrong username/password combination. return(AuthenticateResult.WrongUsernamePassword); } // user was found, check if the user can be authenticated and has specified the correct password. if (user.IsBanned) { // user is banned. We'll report that to the caller return(AuthenticateResult.IsBanned); } else { // check password and UserID. We disallow the user with id 0 to login as that's the anonymous coward ID for a user not logged in. string md5HashedPassword = HnDGeneralUtils.CreateMD5HashedBase64String(password); if ((md5HashedPassword == user.Password) && (user.UserID != Globals.UserIDToDenyLogin)) { // correct username/password combination return(AuthenticateResult.AllOk); } else { // something was wrong, report wrong authentication combination return(AuthenticateResult.WrongUsernamePassword); } } }
/// <summary> /// Resets the user's Password by generating a new random password which is mailed to /// the emailaddress specified. Will fail if the nickname doesn't exist or the emailaddress /// doesn't match with the specified emailaddress of the nickname in the database. /// </summary> /// <param name="nickName">Nickname of user which password should be reset</param> /// <param name="emailAddress">Emailaddress of user</param> /// <param name="emailTemplate">The email template.</param> /// <param name="emailData">The email data.</param> /// <returns>true if succeed, false otherwise</returns> /// <exception cref="NickNameNotFoundException">Throws NickNameNotFoundException when the nickname isn't found.</exception> /// <exception cref="EmailAddressDoesntMatchException">Throws EmailAddressDoesntMatchException when the emailaddress of the nickname isn't matching /// with the emailaddress specified.</exception> public static bool ResetPassword(string nickName, string emailAddress, string emailTemplate, Dictionary <string, string> emailData) { UserEntity user = new UserEntity(); // fetch the user using the unique constraint fetch logic on nickname bool fetchResult = user.FetchUsingUCNickName(nickName); if (!fetchResult) { // not found throw new NickNameNotFoundException("Nickname: '" + nickName + "' not found"); } // check emailaddress if (user.EmailAddress.ToLowerInvariant() != emailAddress.ToLowerInvariant()) { // no match throw new EmailAddressDoesntMatchException("Emailaddress '" + emailAddress + "' doesn't match."); } // does match, reset the password string newPassword = HnDGeneralUtils.GenerateRandomPassword(); // hash the password with an MD5 hash and store that hashed value into the database. user.Password = HnDGeneralUtils.CreateMD5HashedBase64String(newPassword); // store it bool result = user.Save(); if (result) { // mail it result = HnDGeneralUtils.EmailPassword(newPassword, emailAddress, emailTemplate, emailData); } //done return(result); }