/// <summary>
/// Lookup a username. Returns an UserObj with the userId.
/// </summary>
/// <param name="name">Username to be looked up.</param>
static public UserObj LookupUser(string name)
{
using (MySqlConnection conn = new MySqlConnection(_connString))
{
UserObj cmdResult = null;
using (MySqlCommand cmd = new MySqlCommand("SELECT * FROM `Users` WHERE `Name` = @name;", conn))
{
// Add parameterized parameters to prevent SQL injection.
cmd.Parameters.AddWithValue("@name", name);
try
{
conn.Open();
// Execute SQL command.
MySqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
cmdResult = new UserObj();
cmdResult.ID = (int)reader["ID"];
//cmdResult.Name = (string)reader["Name"];
//cmdResult.Online = (bool)reader["Online"];
//cmdResult.StringSocket(reader["Socket"].ToString());
//cmdResult.LastOnline = (DateTime)reader["LastOnline"];//, _ci);
//cmdResult.Registered = (DateTime)reader["Registered"];//, _ci);
// Don't think I need anything other than the ID nummber here.
}
}
finally
{
Close(conn);
}
}
return(cmdResult);
}
}
/// <summary>
/// Returns an UserObj containing the username and the userId. Returns null if username/password is incorrect.
/// </summary>
/// <param name="name">User's username.</param>
/// <param name="password">Base64 hash string of the password.</param>
static public UserObj LoginUser(string name, string password)
{
using (MySqlConnection conn = new MySqlConnection(_connString))
{
UserObj cmdResult = null;
using (MySqlCommand cmd = new MySqlCommand("SELECT `ID`, `Name` FROM `Users` WHERE `Name` = @name AND `Password` = @password;", conn))
{
// Add parameterized parameters to prevent SQL injection.
cmd.Parameters.AddWithValue("@name", name);
cmd.Parameters.AddWithValue("@password", password);
try
{
conn.Open();
// Execute SQL command.
MySqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
cmdResult = new UserObj();
cmdResult.ID = (int)reader["ID"];
cmdResult.Name = reader["Name"].ToString();
}
}
finally
{
Close(conn);
}
}
return(cmdResult);
}
}
/// <summary>
/// Read all database information about a user. Returns an UserObj with all the informatioin.
/// </summary>
/// <param name="id">ID number of the requested user.</param>
static public UserObj ReadUser(int id)
{
using (MySqlConnection conn = new MySqlConnection(_connString))
{
UserObj cmdResult = null;
using (MySqlCommand cmd = new MySqlCommand("SELECT * FROM `Users` WHERE `ID` = @id;", conn))
{
// Add parameterized parameters to prevent SQL injection.
cmd.Parameters.AddWithValue("@id", id);
try
{
conn.Open();
// Execute SQL command.
MySqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
cmdResult = new UserObj();
cmdResult.ID = (int)reader["ID"];
cmdResult.Name = (string)reader["Name"];
cmdResult.Online = (bool)reader["Online"];
cmdResult.StringSocket(reader["Socket"].ToString());
cmdResult.LastOnline = (DateTime)reader["LastOnline"]; //, _ci);
cmdResult.Registered = (DateTime)reader["Registered"]; //, _ci);
}
}
finally
{
Close(conn);
}
}
return(cmdResult);
}
}
private void ReadUser_Click(object sender, EventArgs e)
{
UserObj user = DatabaseCommunication.ReadUser((int)numericUpDown1.Value);
if (user != null)
{
WriteLog(user.ToString(), Color.Purple.ToArgb());
}
else
{
WriteLog("user[" + (int)numericUpDown1.Value + "] Does not exist.", Color.Red.ToArgb());
}
}
public static void UserConnect(UserObj user)
{
DatabaseCommunication.UpdateUser(user.ID, user.Socket);
TellMutualContactsAboutUserStatusChange(user.ID);
SendAllContacts(user.ID);
}
public static void MessageReceivedHandler(object sender, PacketReceivedEventArgs args)
{
if (!DatabaseCommunication.Active)
#if DEBUG
{ throw new NotImplementedException("Database connection was not active and a reply for this have not been implemented yet."); }
// Need to add a simple debug message here, but this works as a great breakpoint until then.
// Also need to make some kind of error message I can send back to the client.
#else
{ return; }
#endif
if (args.Data[0] == 0x92)
{
string sharedSecret;
// Position of the Type byte is 30 (SignatureByteLength + MacByteLength + TimezByteLength + UserIdByteLength).
ChatTwo_Protocol.MessageType type = (ChatTwo_Protocol.MessageType)args.Data[ChatTwo_Protocol.SignatureByteLength + ByteHelper.HashByteLength + 4 + 4];
// Position of the UserID bytes is 26 (SignatureByteLength + MacByteLength + TimezByteLength) with a length of 4.
int userId = ByteHelper.ToInt32(args.Data, ChatTwo_Protocol.SignatureByteLength + ByteHelper.HashByteLength + 4);
if (type == ChatTwo_Protocol.MessageType.CreateUser)
{
sharedSecret = ChatTwo_Protocol.DefaultSharedSecret;
}
else if (type == ChatTwo_Protocol.MessageType.Login)
{
#if DEBUG
byte[] test = ByteHelper.SubArray(args.Data, ChatTwo_Protocol.SignatureByteLength + ByteHelper.HashByteLength + 4);
#endif
// Don't take the Timez as part of the sharedSecret. This is mostly because of a problem I have in the client where I make the sharedSecrt before I add the Timez.
sharedSecret = ByteHelper.GetHashString(ByteHelper.SubArray(args.Data, ChatTwo_Protocol.SignatureByteLength + ByteHelper.HashByteLength + 4));
}
else
{
if (!_users.Any(x => x.ID == userId))
{
return; // This is mostly to prevent clients with a connection to a previces server instants from crashing the server. Need to fix this.
}
sharedSecret = _users.Find(x => x.ID == userId).Secret;
}
if (ChatTwo_Protocol.ValidateMac(args.Data, sharedSecret))
{
Message message = ChatTwo_Protocol.MessageReceivedHandler(args);
switch (message.Type)
{
case ChatTwo_Protocol.MessageType.CreateUser:
{
string passwordHash = Convert.ToBase64String(message.Data, 0, ByteHelper.HashByteLength);
string username = Encoding.Unicode.GetString(ByteHelper.SubArray(message.Data, ByteHelper.HashByteLength));
if (username.Length < 1 || username.Length > 30)
{
// Username is too short or too long.
MessageToIp(message.Ip, ChatTwo_Protocol.MessageType.CreateUserReply, new byte[] { 0x02 });
return;
}
bool worked = DatabaseCommunication.CreateUser(username, passwordHash);
if (!worked)
{
// Some error prevented the user from being created. Best guess is that a user with that name already exist.
MessageToIp(message.Ip, ChatTwo_Protocol.MessageType.CreateUserReply, new byte[] { 0x01 });
return;
}
// Uesr creation was successful!
MessageToIp(message.Ip, ChatTwo_Protocol.MessageType.CreateUserReply, new byte[] { 0x00 });
break;
}
case ChatTwo_Protocol.MessageType.Login:
{
string passwordHash = Convert.ToBase64String(message.Data, 0, ByteHelper.HashByteLength);
string username = Encoding.Unicode.GetString(ByteHelper.SubArray(message.Data, ByteHelper.HashByteLength));
UserObj user = DatabaseCommunication.LoginUser(username, passwordHash);
if (user == null)
{
// Have to send back a LoginReply message here with a "wrong username/password" error.
_tempUsers.Add(message.Ip, sharedSecret);
MessageToIp(message.Ip, ChatTwo_Protocol.MessageType.LoginReply, new byte[] { 0x01 });
return;
}
if (_users.Any(x => x.ID == user.ID))
{
// Have to send back a LoginReply message here with a "User is already online" error.
_tempUsers.Add(message.Ip, sharedSecret);
MessageToIp(message.Ip, ChatTwo_Protocol.MessageType.LoginReply, new byte[] { 0x02 });
return;
}
user.Secret = sharedSecret;
user.Socket = message.Ip;
user.Online = true;
_users.Add(user);
MessageToUser(user.ID, ChatTwo_Protocol.MessageType.LoginReply, ByteHelper.ConcatinateArray(new byte[] { 0x00 }, BitConverter.GetBytes(user.ID)), user.Name);
UserConnect(user);
break;
}
case ChatTwo_Protocol.MessageType.Status:
{
UserObj user = _users.Find(x => x.ID == message.From);
if (user != null) // If the user is not found, don't do anything. (Can this happen?)
{
if (!IPEndPoint.Equals(user.Socket, message.Ip))
{
user.Socket = message.Ip;
// Message all contacts of the user with the new IP change.
TellMutualContactsAboutUserStatusChange(user.ID);
}
DatabaseCommunication.UpdateUser(user.ID, user.Socket);
}
break;
}
case ChatTwo_Protocol.MessageType.ContactRequest:
{
string username = Encoding.Unicode.GetString(message.Data);
UserObj user = DatabaseCommunication.LookupUser(username);
if (user == null)
{
// Have to send back a ContactRequestReply message here with a "No user with that name" error.
MessageToUser(message.From, ChatTwo_Protocol.MessageType.ContactRequestReply, new byte[] { 0x01 });
return;
}
if (user.ID == message.From)
{
// Have to send back a ContactRequestReply message here with a "You can't add your self" error.
MessageToUser(message.From, ChatTwo_Protocol.MessageType.ContactRequestReply, new byte[] { 0x02 });
return;
}
bool added = DatabaseCommunication.AddContact(message.From, user.ID);
if (!added)
{
// Have to send back a ContactRequestReply message here with a "User is already a contact" error.
MessageToUser(message.From, ChatTwo_Protocol.MessageType.ContactRequestReply, new byte[] { 0x03 });
return;
}
MessageToUser(message.From, ChatTwo_Protocol.MessageType.ContactRequestReply, new byte[] { 0x00 });
//if (_users.Any(x => x.ID == user.ID))
// TellContactsAboutUserStatusChange(message.From, true); // Need to figure this out.
break;
}
}
}
#if DEBUG
else
{
throw new NotImplementedException("Could not validate the MAC of the received message.");
}
// Need to add a simple debug message here, but this works as a great breakpoint until then.
#endif
}
#if DEBUG
else
{
throw new NotImplementedException("Could not validate the signature of the received message. The signature was \"0x" + args.Data[0] + "\" but only \"0x92\" is allowed.");
}
// Need to add a simple debug message here, but this works as a great breakpoint until then.
#endif
}