void IRequest.Execute(Session session)
{
AttemptLoginResult attemptLoginResult;
if (!Security.IsStruckOut(session.GetIPAddress()))
{
if (Database.DoesUsernameExist(Username))
{
int userID = Database.GetUserIDFromUsername(Username);
// Decrypt password
string decryptedPassword = Security.DecryptPassword(Password);
// Get the real password hash
string realPasswordHash = Database.GetPasswordHash(userID);
// Check if hash matches stored hash for user
if (realPasswordHash == Security.CreatePasswordHash(Encoding.ASCII.GetBytes(decryptedPassword)))
{
session.Authenticate(userID);
attemptLoginResult = new AttemptLoginResult(AttemptLoginResult.ResultType.Success);
}
else
{
// Wrong password
attemptLoginResult = new AttemptLoginResult(AttemptLoginResult.ResultType.Failure);
}
}
else
{
// Account not found
attemptLoginResult = new AttemptLoginResult(AttemptLoginResult.ResultType.Failure);
}
Security.Strike(session.GetIPAddress());
}
else
{
attemptLoginResult = new AttemptLoginResult(AttemptLoginResult.ResultType.TooManyAttempts);
}
session.SendPost(attemptLoginResult);
}
public static Result Login(TcpClient tcpClient, string username, string password)
{
IRequest request = new AttemptLogin(username, Encoding.ASCII.GetBytes(password));
// Get Json from sending request
string content = JsonRequestRoundtrip(tcpClient, request);
// Get post
AttemptLoginResult post = JsonSerializer.Deserialize <AttemptLoginResult>(content);
if (post.Result == AttemptLoginResult.ResultType.Success)
{
return(Result.Success);
}
else if (post.Result == AttemptLoginResult.ResultType.TooManyAttempts)
{
return(Result.TooManyAttempts);
}
else
{
return(Result.Failure);
}
}
