public static void UpdatePassword(int userID, string newPassword)
{
using (SqlConnection cn = DBUtils.GetNewOpenConnection())
{
cn.Execute(
"UPDATE " + _usersDbTableName + " SET Password=@Password WHERE UserID=@UserID",
new { Password = CryptoUtils.MD5Hash(newPassword), UserID = userID });
}
}
/// <summary>
/// adds script to a partial view ONLY ONCE
/// </summary>
/// <param name="path">script path</param>
public static IHtmlString AddScriptFile(this HtmlHelper htmlHelper, string path)
{
string scriptkey = "js" + CryptoUtils.MD5Hash(path);
if (htmlHelper.ViewContext.HttpContext.Items[scriptkey] != null) //already exists on page
{
return(MvcHtmlString.Create(""));
}
else
{
htmlHelper.ViewContext.HttpContext.Items.Add(scriptkey, true);
return(MvcHtmlString.Create("<script type='text/javascript' src='" + path + "'></script>"));
}
}
public static bool VerifyAutoLogin(string username, string pswHash, string email, string userHash, string sharedSecret, out string result, Func <int> addUserMethod)
{
result = "";
if (LoginUtils.IsBruteForce(System.Web.HttpContext.Current, true))
{
return(false);
}
if (username == null) //username not passed - get out
{
LoginUtils.LogInvalidLoginAttempt(System.Web.HttpContext.Current, true);
return(false);
}
if (pswHash == null && (email == null || userHash == null)) //pswHash not passwed AND email/userHash not passed - get out
{
LoginUtils.LogInvalidLoginAttempt(System.Web.HttpContext.Current, true);
return(false);
}
//logging in an existing user with his password hash
if (pswHash != null)
{
int userId;
string password;
if (UserHelpers.GetUserIdAndPswByUsername(username, Instance.CurrentInstanceID, out userId, out password))
{
if (CryptoUtils.MD5Hash(password).ToLower() == pswHash.ToLower() || password.ToLower() == pswHash.ToLower())
{
UserHelpers.CurrentUserID = userId;
LoginUtils.ResetBruteForceCounter(System.Web.HttpContext.Current, true);
LoginUtils.FormsAuthLogin(username, false, System.Web.HttpContext.Current);
return(true);
}
else
{
result = "Invalid parameters passed. Wait 5 minutes and try again.";
}
}
else
{
result = "Invalid parameters passed. Wait 5 minutes and try again.";
}
LoginUtils.LogInvalidLoginAttempt(System.Web.HttpContext.Current, true);
return(false);
}
//logging in a user (either new or existing) with the app "shared secret"
if (email != null && userHash != null)
{
if (string.IsNullOrEmpty(sharedSecret))
{
result = "No shared key specified.";
return(false);
}
string computedHash = CryptoUtils.MD5Hash(username + email + sharedSecret);
if (userHash.ToLower() != computedHash.ToLower())
{
LoginUtils.LogInvalidLoginAttempt(System.Web.HttpContext.Current, true);
result = "Invalid parameters passed. Wait 5 minutes and try again.";
return(false);
}
int userId = UserHelpers.GetUserIDByUsername(username, Instance.CurrentInstanceID);
if (userId == 0) //user not found - lets add him (call delegate)
{
try
{
userId = addUserMethod();
}
catch (Exception ex)
{
result = ex.Message;
return(false);
}
}
UserHelpers.CurrentUserID = userId;
LoginUtils.ResetBruteForceCounter(System.Web.HttpContext.Current, true);
LoginUtils.FormsAuthLogin(username, false, System.Web.HttpContext.Current);
return(true);
}
return(false);
}
