public EventInfo GetEventInfo(string eventId, out bool success)
{
if (string.IsNullOrEmpty(eventId))
{
ApiError.Throw(ApiErrorCode.InvalidArgument, server, "Invalid argument: EventID was null.");
success = false;
return(null);
}
string query = "SELECT title, expires, date, time, location, url, image, description FROM Tbl_event WHERE hid = \'" + DatabaseEssentials.Security.Sanitize(eventId) + "\';";
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 8);
SqlDataArrayResponse dataArrayResponse = AwaitDataArrayResponse(sqlRequest, out bool sqlSuccess);
if (!sqlSuccess)
{
success = false;
return(null);
}
if (!dataArrayResponse.Success || dataArrayResponse.Result.Length != 8)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to fetch EventInfo.");
success = false;
return(null);
}
string[] data = dataArrayResponse.Result;
if (!int.TryParse(data[1], out int expirationDate))
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to fetch EventInfo: failed to parse expiration date.");
success = false;
return(null);
}
success = true;
return(new EventInfo(eventId, data[0], expirationDate, data[2], data[3], data[4], data[5], data[6], data[7]));
}
/// <summary>
/// Fetches the specified account from the database
/// </summary>
/// <param name="id">The id of the account</param>
/// <returns></returns>
public Account GetAccount(string id, out bool success)
{
StringBuilder infos = new StringBuilder();
for (int i = 1; i < 11; i++)
{
infos.Append(", info").Append(i.ToString());
}
string query = "SELECT hid, name, occupation" + infos.ToString() + ", location, email, radius, isVisible, showLog FROM Tbl_user WHERE id = " + id + " LIMIT 1;";
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 18);
SqlDataArrayResponse dataArrayResponse = AwaitDataArrayResponse(sqlRequest, out bool sqlSuccess);
if (!sqlSuccess)
{
success = false;
return(null);
}
string[] account = dataArrayResponse.Result;
if (!dataArrayResponse.Success || account.Length != 18)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to fetch account info.");
success = false;
return(null);
}
string userid = account[0];
AesContext aesContext = new AesContext(userid);
string name = aesContext.DecryptOrDefault(account[1]);
string occupation = aesContext.DecryptOrDefault(account[2]);
string info1 = aesContext.DecryptOrDefault(account[3]);
string info2 = aesContext.DecryptOrDefault(account[4]);
string info3 = aesContext.DecryptOrDefault(account[5]);
string info4 = aesContext.DecryptOrDefault(account[6]);
string info5 = aesContext.DecryptOrDefault(account[7]);
string info6 = aesContext.DecryptOrDefault(account[8]);
string info7 = aesContext.DecryptOrDefault(account[9]);
string info8 = aesContext.DecryptOrDefault(account[10]);
string info9 = aesContext.DecryptOrDefault(account[11]);
string info10 = aesContext.DecryptOrDefault(account[12]);
string location = account[13];
string email = account[14];
bool successParse1 = int.TryParse(account[15], out int radius);
bool successParse2 = int.TryParse(account[16], out int isVisible);
bool successParse3 = int.TryParse(account[17], out int showLog);
if (!successParse1 || !successParse2 || !successParse3)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to fetch account info.");
success = false;
return(null);
}
AccountInfo accountInfo = new AccountInfo(name, occupation, info1, info2, info3, info4, info5, info6, info7, info8, info9, info10, location, radius, userid, email, Convert.ToBoolean(isVisible), Convert.ToBoolean(showLog));
success = true;
return(new Account(accountInfo, false, id));
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAccountNull())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
string query = "SELECT isOnline, name, hid, id FROM Tbl_user WHERE email = \'" + DatabaseEssentials.Security.Sanitize(Email) + "\';";
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 4);
SqlDataArrayResponse dataArrayResponse = databaseManager.AwaitDataArrayResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
string[] data = dataArrayResponse.Result;
if (!dataArrayResponse.Success || data.Length != sqlRequest.ExpectedColumns)
{
ApiError.Throw(ApiErrorCode.InvalidUser, server, "No account is associated with this email address.");
return;
}
string isOnline = data[0];
string encryptedName = data[1];
string userid = data[2];
server.Account = new Account(null, false, data[3]);
if (!isOnline.Equals("0"))
{
ApiError.Throw(ApiErrorCode.AlreadyOnline, server, "Already logged in from another device.");
return;
}
AesContext aesContext = new AesContext(userid);
string name = aesContext.DecryptOrDefault(encryptedName);
server.Account = new Account
{
AuthenticationCode = SecurityManager.GenerateSecurityCode(),
AuthenticationId = ApiRequestId.ConfirmPasswordReset,
AuthenticationTime = DatabaseEssentials.GetTimeStamp()
};
EmailManager emailManager = EmailManager.Create(Subject.ResetPassword, Email, string.IsNullOrEmpty(name) ? "user" : name, server.Account.AuthenticationCode);
emailManager.Send();
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.PasswordReset, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override async void Process(SqlServer server)
{
SqlPacket packet = await DatabaseManager.GetDataArray(Query, ExpectedColumns);
ApiResponse response;
if (packet.Success)
{
string[] result = (string[])packet.Data;
response = SqlDataArrayResponse.Create(result);
}
else
{
response = SqlErrorResponse.Create(packet.ErrorMessage);
}
SerializedSqlApiResponse serializedApiResponse = SerializedSqlApiResponse.Create(response);
string data = serializedApiResponse.Serialize();
server.Network.Send(data);
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAccountNull())
{
server.UnitTesting.MethodSuccess = false;
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "SELECT id, password, isOnline FROM Tbl_user WHERE email = \'", Email, "\' LIMIT 1;" });
SqlApiRequest apiRequest = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 3);
SqlDataArrayResponse dataArrayResponse = databaseManager.AwaitDataArrayResponse(apiRequest, out bool success);
string[] data = dataArrayResponse.Result;
if (!success)
{
return;
}
if (!dataArrayResponse.Success || data.Length != 3)
{
ApiError.Throw(ApiErrorCode.InvalidUser, server, "No account is associated with this email address.");
return;
}
string id = data[0];
string hash = data[1];
if (Convert.ToInt32(data[2]) == 1)
{
ApiError.Throw(ApiErrorCode.AlreadyOnline, server, "Already logged in from another device.");
return;
}
bool authenticationSuccessful = SecurityManager.ScryptCheck(Password, hash);
if (!authenticationSuccessful)
{
ApiError.Throw(ApiErrorCode.InvalidCredentials, server, "Incorrect password.");
return;
}
string securityToken = SecurityManager.GenerateSecurityToken();
// Token should expire every month.
int expirationDate = DatabaseEssentials.GetTimeStamp() + MainServer.Config.WamsrvSecurityConfig.SecurityTokenExpirationTime;
query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "INSERT INTO Tbl_cookies (userid, value, expires, info) VALUES (", id, ",\'", securityToken, "\',", expirationDate.ToString(), ",\'", Info, "\');" });
apiRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(apiRequest, out success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to generate security token.");
return;
}
if (!databaseManager.SetupAccount(id))
{
return;
}
Permission permissions = databaseManager.GetUserPermission(server.Account.AccountInfo.UserId, out success);
if (!success)
{
return;
}
CreateCookieResponse apiResponse = new CreateCookieResponse(ResponseId.CreateCookie, securityToken, permissions);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(apiResponse);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
