public bool CheckPasswordForLogin(string passwordEntered, User user)
        {
            try
            {
                byte[] hashBytes = Convert.FromBase64String(user.PasswordHash);
                byte[] salt = new byte[16];
                Array.Copy(hashBytes, 0, salt, 0, 16);
                var pbkdf2 = new Rfc2898DeriveBytes(passwordEntered, salt, 10000);
                byte[] hash = pbkdf2.GetBytes(20);
                for (int i = 0; i < 20; i++)
                {
                    if (hashBytes[i + 16] != hash[i])
                    {
                        return false;
                    }
                }
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.Message);
                return false;
            }

            return true;
        }
Exemplo n.º 2
0
 public Deck(string deckId, string deckName, User deckUser, string deckClass)
 {
     CardList = new List<Card>();
     DeckId = deckId;
     DeckName = deckName;
     DeckUser = deckUser;
     DeckClass = deckClass;
 }
        public bool DeleteUser(User user)
        {
            NpgsqlConnection conn = _databaseConnection.ConnectToDatabase();
            conn.CreateCommand();
            NpgsqlCommand command = new NpgsqlCommand("delete from DBUser where username = :value1");
            command.Parameters.Add(new NpgsqlParameter("value1", DbType.String));
            command.Parameters[0].Value = user.UserName;
            command.Connection = conn;
            if (_databaseConnection.ExecuteChangeQuery(command, conn))
            {
                return true;
            }

            return false;
        }
        public bool CreateNewDeck(string deckname, User user, string className)
        {
            NpgsqlConnection conn = databaseConnection.ConnectToDatabase();
            conn.CreateCommand();
            NpgsqlCommand command = new NpgsqlCommand("insert into dbdeck(deckname, username, deckclass) values(:value1, :value2, :value3)", conn);
            command.Parameters.Add(new NpgsqlParameter("value1", DbType.String));
            command.Parameters.Add(new NpgsqlParameter("value2", DbType.String));
            command.Parameters.Add(new NpgsqlParameter("value3", DbType.String));
            command.Parameters[0].Value = deckname;
            command.Parameters[1].Value = user.UserName;
            command.Parameters[2].Value = className;
            command.Connection = conn;
            if (databaseConnection.ExecuteChangeQuery(command, conn))
            {
                return true;
            }

            return false;
        }
Exemplo n.º 5
0
 public Deck()
 {
     CardList = new List<Card>();
     DeckUser = new User();
 }
 public Deck getNewestDeckByUser(User user)
 {
     List<Deck> deckList = deckDatabaseController.GetAllDecksByUser(user);
     return deckList.ToArray()[0];
 }
        public List<Deck> GetAllDecksByUser(User user)
        {
            List<Deck> deckList = new List<Deck>();
            NpgsqlConnection conn = databaseConnection.ConnectToDatabase();
            conn.CreateCommand();
            NpgsqlCommand command = new NpgsqlCommand("select * from dbdeck where username = :value1", conn);
            command.Parameters.Add(new NpgsqlParameter("value1", DbType.String));
            command.Parameters[0].Value = user.UserName;
            command.Connection = conn;
            DataTable result = databaseConnection.ExecuteSelectQuery(command, conn);
            if (result != null)
            {
                for (int i = 0; i < result.Rows.Count; i++)
                {
                    deckList.Add(new Deck(result.Rows[i].ItemArray[0].ToString(), result.Rows[i].ItemArray[1].ToString(), user, result.Rows[i].ItemArray[3].ToString()));
                }
            }

            conn = databaseConnection.ConnectToDatabase();
            conn.CreateCommand();
            command = new NpgsqlCommand("select ctd.deckid, ctd.cardid, ctd.cardtodeckid from dbcardtodeck as ctd join dbdeck as d on d.deckid = ctd.deckid join dbuser u on u.username = d.username where u.username = :value1", conn);
            command.Parameters.Add(new NpgsqlParameter("value1", DbType.String));
            command.Parameters[0].Value = user.UserName;
            command.Connection = conn;
            result = databaseConnection.ExecuteSelectQuery(command, conn);
            if (result != null)
            {
                foreach (Deck d in deckList)
                {
                    for (int i = 0; i < result.Rows.Count; i++)
                    {
                        if (result.Rows[i].ItemArray[0].ToString().Equals(d.DeckId))
                        {
                            d.CardList.Add(new Card(result.Rows[i].ItemArray[1].ToString(), result.Rows[i].ItemArray[2].ToString()));
                        }
                    }
                }
            }

            return deckList;
        }
        public User GetUser(string username)
        {
            NpgsqlConnection conn = _databaseConnection.ConnectToDatabase();
            conn.CreateCommand();
            NpgsqlCommand command = new NpgsqlCommand("select * from DBUser where username = :value1", conn);
            command.Parameters.Add(new NpgsqlParameter("value1", DbType.String));
            command.Parameters[0].Value = username;
            command.Connection = conn;
            DataTable result = _databaseConnection.ExecuteSelectQuery(command, conn);
            User user = new User();
            if (result != null)
            {
                user.UserName = result.Rows[0].ItemArray[0].ToString();
                user.PasswordHash = result.Rows[0].ItemArray[1].ToString();
                user.PasswordSalt = result.Rows[0].ItemArray[2].ToString();
            }
            else
            {
                Console.WriteLine("Couldn't get user!");
            }

            return user;
        }
        public bool UpdateUserPassword(User user, string newPassword)
        {
            NpgsqlConnection conn = _databaseConnection.ConnectToDatabase();
            conn.CreateCommand();
            byte[] passwordSalt = CryptoHandler.GeneratePasswordSalt();
            string passwordHash = CryptoHandler.HashPassword(newPassword, passwordSalt);
            NpgsqlCommand command = new NpgsqlCommand("update DBUser set passwordhash = :value1, passwordsalt = :value2 where username = :value3");
            command.Parameters.Add(new NpgsqlParameter("value1", DbType.String));
            command.Parameters.Add(new NpgsqlParameter("value2", DbType.String));
            command.Parameters.Add(new NpgsqlParameter("value3", DbType.String));
            command.Parameters[0].Value = passwordHash;
            command.Parameters[1].Value = Convert.ToBase64String(passwordSalt);
            command.Parameters[2].Value = user.UserName;
            command.Connection = conn;
            if (_databaseConnection.ExecuteChangeQuery(command, conn))
            {
                return true;
            }

            return false;
        }