public EventInfo GetEventInfo(string eventId, out bool success) { if (string.IsNullOrEmpty(eventId)) { ApiError.Throw(ApiErrorCode.InvalidArgument, server, "Invalid argument: EventID was null."); success = false; return(null); } string query = "SELECT title, expires, date, time, location, url, image, description FROM Tbl_event WHERE hid = \'" + DatabaseEssentials.Security.Sanitize(eventId) + "\';"; SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 8); SqlDataArrayResponse dataArrayResponse = AwaitDataArrayResponse(sqlRequest, out bool sqlSuccess); if (!sqlSuccess) { success = false; return(null); } if (!dataArrayResponse.Success || dataArrayResponse.Result.Length != 8) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to fetch EventInfo."); success = false; return(null); } string[] data = dataArrayResponse.Result; if (!int.TryParse(data[1], out int expirationDate)) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to fetch EventInfo: failed to parse expiration date."); success = false; return(null); } success = true; return(new EventInfo(eventId, data[0], expirationDate, data[2], data[3], data[4], data[5], data[6], data[7])); }
/// <summary> /// Fetches the specified account from the database /// </summary> /// <param name="id">The id of the account</param> /// <returns></returns> public Account GetAccount(string id, out bool success) { StringBuilder infos = new StringBuilder(); for (int i = 1; i < 11; i++) { infos.Append(", info").Append(i.ToString()); } string query = "SELECT hid, name, occupation" + infos.ToString() + ", location, email, radius, isVisible, showLog FROM Tbl_user WHERE id = " + id + " LIMIT 1;"; SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 18); SqlDataArrayResponse dataArrayResponse = AwaitDataArrayResponse(sqlRequest, out bool sqlSuccess); if (!sqlSuccess) { success = false; return(null); } string[] account = dataArrayResponse.Result; if (!dataArrayResponse.Success || account.Length != 18) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to fetch account info."); success = false; return(null); } string userid = account[0]; AesContext aesContext = new AesContext(userid); string name = aesContext.DecryptOrDefault(account[1]); string occupation = aesContext.DecryptOrDefault(account[2]); string info1 = aesContext.DecryptOrDefault(account[3]); string info2 = aesContext.DecryptOrDefault(account[4]); string info3 = aesContext.DecryptOrDefault(account[5]); string info4 = aesContext.DecryptOrDefault(account[6]); string info5 = aesContext.DecryptOrDefault(account[7]); string info6 = aesContext.DecryptOrDefault(account[8]); string info7 = aesContext.DecryptOrDefault(account[9]); string info8 = aesContext.DecryptOrDefault(account[10]); string info9 = aesContext.DecryptOrDefault(account[11]); string info10 = aesContext.DecryptOrDefault(account[12]); string location = account[13]; string email = account[14]; bool successParse1 = int.TryParse(account[15], out int radius); bool successParse2 = int.TryParse(account[16], out int isVisible); bool successParse3 = int.TryParse(account[17], out int showLog); if (!successParse1 || !successParse2 || !successParse3) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to fetch account info."); success = false; return(null); } AccountInfo accountInfo = new AccountInfo(name, occupation, info1, info2, info3, info4, info5, info6, info7, info8, info9, info10, location, radius, userid, email, Convert.ToBoolean(isVisible), Convert.ToBoolean(showLog)); success = true; return(new Account(accountInfo, false, id)); }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertAccountNull()) { return; } using DatabaseManager databaseManager = new DatabaseManager(server); string query = "SELECT isOnline, name, hid, id FROM Tbl_user WHERE email = \'" + DatabaseEssentials.Security.Sanitize(Email) + "\';"; SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 4); SqlDataArrayResponse dataArrayResponse = databaseManager.AwaitDataArrayResponse(sqlRequest, out bool success); if (!success) { return; } string[] data = dataArrayResponse.Result; if (!dataArrayResponse.Success || data.Length != sqlRequest.ExpectedColumns) { ApiError.Throw(ApiErrorCode.InvalidUser, server, "No account is associated with this email address."); return; } string isOnline = data[0]; string encryptedName = data[1]; string userid = data[2]; server.Account = new Account(null, false, data[3]); if (!isOnline.Equals("0")) { ApiError.Throw(ApiErrorCode.AlreadyOnline, server, "Already logged in from another device."); return; } AesContext aesContext = new AesContext(userid); string name = aesContext.DecryptOrDefault(encryptedName); server.Account = new Account { AuthenticationCode = SecurityManager.GenerateSecurityCode(), AuthenticationId = ApiRequestId.ConfirmPasswordReset, AuthenticationTime = DatabaseEssentials.GetTimeStamp() }; EmailManager emailManager = EmailManager.Create(Subject.ResetPassword, Email, string.IsNullOrEmpty(name) ? "user" : name, server.Account.AuthenticationCode); emailManager.Send(); GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.PasswordReset, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override async void Process(SqlServer server) { SqlPacket packet = await DatabaseManager.GetDataArray(Query, ExpectedColumns); ApiResponse response; if (packet.Success) { string[] result = (string[])packet.Data; response = SqlDataArrayResponse.Create(result); } else { response = SqlErrorResponse.Create(packet.ErrorMessage); } SerializedSqlApiResponse serializedApiResponse = SerializedSqlApiResponse.Create(response); string data = serializedApiResponse.Serialize(); server.Network.Send(data); }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertAccountNull()) { server.UnitTesting.MethodSuccess = false; return; } using DatabaseManager databaseManager = new DatabaseManager(server); string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "SELECT id, password, isOnline FROM Tbl_user WHERE email = \'", Email, "\' LIMIT 1;" }); SqlApiRequest apiRequest = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 3); SqlDataArrayResponse dataArrayResponse = databaseManager.AwaitDataArrayResponse(apiRequest, out bool success); string[] data = dataArrayResponse.Result; if (!success) { return; } if (!dataArrayResponse.Success || data.Length != 3) { ApiError.Throw(ApiErrorCode.InvalidUser, server, "No account is associated with this email address."); return; } string id = data[0]; string hash = data[1]; if (Convert.ToInt32(data[2]) == 1) { ApiError.Throw(ApiErrorCode.AlreadyOnline, server, "Already logged in from another device."); return; } bool authenticationSuccessful = SecurityManager.ScryptCheck(Password, hash); if (!authenticationSuccessful) { ApiError.Throw(ApiErrorCode.InvalidCredentials, server, "Incorrect password."); return; } string securityToken = SecurityManager.GenerateSecurityToken(); // Token should expire every month. int expirationDate = DatabaseEssentials.GetTimeStamp() + MainServer.Config.WamsrvSecurityConfig.SecurityTokenExpirationTime; query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "INSERT INTO Tbl_cookies (userid, value, expires, info) VALUES (", id, ",\'", securityToken, "\',", expirationDate.ToString(), ",\'", Info, "\');" }); apiRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(apiRequest, out success); if (!success) { return; } if (!modifyDataResponse.Success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to generate security token."); return; } if (!databaseManager.SetupAccount(id)) { return; } Permission permissions = databaseManager.GetUserPermission(server.Account.AccountInfo.UserId, out success); if (!success) { return; } CreateCookieResponse apiResponse = new CreateCookieResponse(ResponseId.CreateCookie, securityToken, permissions); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(apiResponse); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }