/// <summary>
/// Checks if supplied password hash is correct for the specified account
/// </summary>
/// <param name="AccountName">The name of the account</param>
/// <param name="PasswordHash">The hashed password to check.</param>
/// <returns>True if the password was correct, false otherwise.</returns>
public bool IsCorrectPassword(string AccountName, byte[] PasswordHash)
{
using (var db = DataAccess.Get())
{
SaltedHash SHash = new SaltedHash(new SHA512Managed(), AccountName.Length);
Account CorrectAccount = db.Accounts.GetByUsername(AccountName);
if (CorrectAccount != null)
{
if (SHash.VerifyHash(Encoding.ASCII.GetBytes(CorrectAccount.Password.ToUpper()), PasswordHash,
Encoding.ASCII.GetBytes(AccountName)))
{
return true;
}
}
}
return false;
}
/// <summary>
/// Callback-function for CheckAccount().
/// </summary>
private static void EndCheckAccount(IAsyncResult AR)
{
DatabaseAsyncObject AsyncObject = AR.AsyncState as DatabaseAsyncObject;
bool FoundAccountName = false;
using (MySqlDataReader Reader = AsyncObject.MySQLCmd.EndExecuteReader(AR))
{
while (Reader.Read())
{
if (((string)Reader[0]).ToUpper() == AsyncObject.AccountName.ToUpper())
{
FoundAccountName = true;
AsyncObject.Password = (string)Reader[1];
}
}
}
if (FoundAccountName == true)
{
//0x01 = InitLoginNotify
PacketStream P = new PacketStream(0x01, 2);
SaltedHash SHash = new SaltedHash(new SHA512Managed(), AsyncObject.AccountName.Length);
if (SHash.VerifyHash(Encoding.ASCII.GetBytes(AsyncObject.Password.ToUpper()), AsyncObject.Hash,
Encoding.ASCII.GetBytes(AsyncObject.AccountName)))
{
AsyncObject.Client.Username = AsyncObject.AccountName.ToUpper();
AsyncObject.Client.Password = AsyncObject.Password.ToUpper();
P.WriteByte(0x01);
P.WriteByte(0x01);
}
else //The client's password was wrong.
{
PacketStream RejectPacket = new PacketStream(0x02, 2);
RejectPacket.WriteByte(0x02);
RejectPacket.WriteByte(0x02);
AsyncObject.Client.Send(RejectPacket.ToArray());
Logger.LogInfo("Bad password - sent SLoginFailResponse!\r\n");
return;
}
AsyncObject.Client.Send(P.ToArray());
Logger.LogInfo("Sent InitLoginNotify!\r\n");
}
else
{
PacketStream P = new PacketStream(0x02, 2);
P.WriteByte(0x02);
P.WriteByte(0x01);
AsyncObject.Client.Send(P.ToArray());
Logger.LogInfo("Bad accountname - sent SLoginFailResponse!\r\n");
//AsyncObject.Client.Disconnect();
}
//If this setting is true, it means an account will be created
//if it doesn't exist.
if (GlobalSettings.Default.CreateAccountsOnLogin == true)
{
if (FoundAccountName == false)
{
//No idea if this call is gonna succeed, given it's called from a callback function...
CreateAccount(AsyncObject.AccountName, AsyncObject.Password);
}
}
}
public static string GetPasswordHash(string password, string salt)
{
SaltedHash SHash = new SaltedHash(new SHA512Managed(), salt.Length);
return Convert.ToBase64String(SHash.ComputePasswordHash(salt.ToUpper(), password.ToUpper()));
}
/// <summary>
/// Checks if supplied password hash is correct for the specified account
/// </summary>
/// <param name="AccountName">The name of the account</param>
/// <param name="PasswordHash">The hashed password to check.</param>
/// <returns>True if the password was correct, false otherwise.</returns>
public static bool IsCorrectPassword(string AccountName, byte[] PasswordHash)
{
using (TSODataContext Context = new TSODataContext(DBConnectionManager.DBConnection))
{
SaltedHash SHash = new SaltedHash(new SHA512Managed(), AccountName.Length);
//WTF?! Acc isn't defined anywhere...
Account CorrectAccount = GetAccount(AccountName);
if (CorrectAccount != null)
{
if (SHash.VerifyHash(Encoding.ASCII.GetBytes(CorrectAccount.Password.ToUpper()), PasswordHash,
Encoding.ASCII.GetBytes(AccountName)))
{
return true;
}
}
}
return false;
}
