private static void HttpPostRoot(HttpServerResponse resp, HttpServerRequest req)
        {
            networkLed.High();
            try
            {
                FormParameters Parameters = req.Data as FormParameters;
                if (Parameters == null)
                {
                    throw new HttpException(HttpStatusCode.ClientError_BadRequest);
                }

                string UserName = Parameters ["UserName"];
                string Password = Parameters ["Password"];
                string Hash;
                object AuthorizationObject;

                GetDigestUserPasswordHash(UserName, out Hash, out AuthorizationObject);

                if (AuthorizationObject == null || Hash != CalcHash(UserName, Password))
                {
                    resp.ContentType = "text/html";
                    resp.Encoding    = System.Text.Encoding.UTF8;
                    resp.ReturnCode  = HttpStatusCode.Successful_OK;

                    Log.Warning("Invalid login attempt.", EventLevel.Minor, UserName, req.ClientAddress);
                    OutputLoginForm(resp, "<p>The login was incorrect. Either the user name or the password was incorrect. Please try again.</p>");
                }
                else
                {
                    Log.Information("User logged in.", EventLevel.Minor, UserName, req.ClientAddress);

                    string SessionId = CreateSessionId(UserName);
                    resp.SetCookie("SessionId", SessionId, "/");
                    resp.ReturnCode = HttpStatusCode.Redirection_SeeOther;
                    resp.AddHeader("Location", "/");
                    resp.SendResponse();
                    // PRG pattern, to avoid problems with post back warnings in the browser: http://en.wikipedia.org/wiki/Post/Redirect/Get
                }
            } finally
            {
                networkLed.Low();
            }
        }
Пример #2
0
		private static void HttpPostRoot (HttpServerResponse resp, HttpServerRequest req)
		{
			FormParameters Parameters = req.Data as FormParameters;
			if (Parameters == null)
				throw new HttpException (HttpStatusCode.ClientError_BadRequest);

			string UserName = Parameters ["UserName"];
			string Password = Parameters ["Password"];
			string Hash;
			object AuthorizationObject;

			GetDigestUserPasswordHash (UserName, out Hash, out  AuthorizationObject);

			if (AuthorizationObject == null || Hash != CalcHash (UserName, Password))
			{
				resp.ContentType = "text/html";
				resp.Encoding = System.Text.Encoding.UTF8;
				resp.ReturnCode = HttpStatusCode.Successful_OK;

				Log.Warning ("Invalid login attempt.", EventLevel.Minor, UserName, req.ClientAddress);
				OutputLoginForm (resp, "<p>The login was incorrect. Either the user name or the password was incorrect. Please try again.</p>");
			} else
			{
				Log.Information ("User logged in.", EventLevel.Minor, UserName, req.ClientAddress);

				string SessionId = CreateSessionId (UserName);
				resp.SetCookie ("SessionId", SessionId, "/");
				resp.ReturnCode = HttpStatusCode.Redirection_SeeOther;
				resp.AddHeader ("Location", "/");
				resp.SendResponse ();
				// PRG pattern, to avoid problems with post back warnings in the browser: http://en.wikipedia.org/wiki/Post/Redirect/Get
			}
		}