Exemplo n.º 1
0
        // Get the token by passing him the accountName
        private Token _getTokenByAccountName(string pAccount)
        {
            Log.RemotingServiceLogger.DebugFormat("Call getTokenByAccountName with: {0}", pAccount);

            Token token = null;

            string sqlText = @"SELECT user_name, password, database_name, active
                               FROM SqlAccounts
                               WHERE account_name=@account";

            try
            {
                SqlConnection connection = _getAccountSqlconnection();
                SqlCommand command = new SqlCommand(sqlText, connection);
                command.Parameters.Add("account", SqlDbType.NVarChar);
                command.Parameters["account"].Value = pAccount;

                using (SqlDataReader reader = command.ExecuteReader())
                {
                    if (reader.HasRows)
                    {
                        reader.Read();

                        string oUser = reader.GetString(reader.GetOrdinal("user_name"));
                        string oPass = reader.GetString(reader.GetOrdinal("password"));
                        string oDbName = reader.GetString(reader.GetOrdinal("database_name"));
                        bool active = reader.GetBoolean(reader.GetOrdinal("active"));

                        if (!active)
                        {
                            Log.RemotingServiceLogger.ErrorFormat("Account {0} inactive", pAccount);
                            throw new Exception("AccountInactive.Text");
                        }

                        token = new Token(oUser, oPass, oDbName);
                    }
                    else
                    {
                        Log.RemotingServiceLogger.ErrorFormat("Account {0} incorrect", pAccount);
                        throw new Exception("AccountNameIncorrect.Text");
                    }
                }
            }
            catch (Exception e)
            {
                Log.RemotingServiceLogger.Error("Error during connection to the server", e);
                throw;
            }
            return token;
        }
Exemplo n.º 2
0
        // Check the validity of the login/pass/account
        private bool _checkAccount(Token pSqlToken, string pOctoLogin, string pOctoPass)
        {
            Log.RemotingServiceLogger.Debug("Call CheckAccount");

            if (pSqlToken == null)
            {
                Log.RemotingServiceLogger.Debug("Call CheckAccount with pSqlToken null");
                return false;
            }

            Log.RemotingServiceLogger.DebugFormat("Call check_account user = {0} pass = {1} token = login {2}, pass {3}, account {4}", pOctoLogin, pOctoPass, pSqlToken.Login, pSqlToken.Pass, pSqlToken.Account);
            int valid = 0;
            string connection_string = "user id=" + pSqlToken.Login + ";password="******";server=" + RemoteServerSettings.GetSettings().ServerName + ";initial catalog=" + pSqlToken.Account;
            SqlConnection connection = new SqlConnection(connection_string);

            if (connection.State != ConnectionState.Open)
                connection.Open();

            // CHECK if the pOctoLogin/pOctoPass is a valid octo Account
            string sqlText = "select * from dbo.Users where user_name =@username and user_pass =@password ";
            SqlCommand command = new SqlCommand(sqlText, connection);

            command.Parameters.Add("username", SqlDbType.NVarChar);
            command.Parameters["username"].Value = pOctoLogin;
            command.Parameters.Add("password", SqlDbType.NVarChar);
            command.Parameters["password"].Value = pOctoPass;
            try
            {
                valid = int.Parse(command.ExecuteScalar().ToString());
            }
            catch
            {
                return false;
            }
            return true;
        }