示例#1
0
        private static IHttpResponse SignIn(IHttpHeaders query)
        {
            if (query.TryGetByName("UserName", out string userName) &&
                query.TryGetByName("Password", out string password))
            {
                var rows = DBHolderSQL.GetRange("Account", null, 0, 1, true, false, false, false,
                                                ("UserName", userName),
                                                ("Password", password)).Rows;

                if (rows.Count == 1)
                {
                    return(new HttpResponse(HttpResponseCode.Ok, CreateToken(int.Parse(rows[0]["ID"].ToString()), userName, password), true));
                }
                else if (rows.Count > 1)
                {
                    DBHolderSQL.Log($"[КОНФЛИКТ] Конфликт аккаунтов {userName}.",
                                    $"Попытка входа при наличии более одного аккаунта с одинаковым именем пользователя ({userName}).\n" +
                                    $"Измените имя пользователя для одного из аккаунтов.");
                    return(new HttpResponse(HttpResponseCode.InternalServerError, "Ошибка! Найдено более 1 аккаунта. Обратитесь к администратору.", false));
                }
                else
                {
                    DBHolderSQL.Log($"[НЕВЕРНЫЙ ВВОД] Ошибка авторизации пользователя {userName}.",
                                    $"Пользователь ввел неверные данные. Осторожно! Это может означать попытку взлома \"Грубой силой\"(BruteForce)");
                    return(new HttpResponse(HttpResponseCode.Forbidden, "Ошибка! Пользователь с таким именем пользователя и паролем не найден.", false));
                }
            }
            else
            {
                return(new HttpResponse(HttpResponseCode.Forbidden, "Укажите 'UserName' и 'Password'!", false));
            }
        }
示例#2
0
        static HttpResponse GetStudyResultsProcessor(IHttpHeaders query, Account account)
        {
            if (account.Approved)
            {
                if (account.AccountType == AccountType.Student)
                {
                    var range = DBHolderSQL.GetRange(nameof(StatementResult), null, -1, -1, true, false, false, false, (nameof(StatementResult.StudentID), account.ID));
                    range.Columns.Add(nameof(StatementResult.SubjectName_STUDENT_MODE));
                    foreach (DataRow current in range.Rows)
                    {
                        current[nameof(StatementResult.SubjectName_STUDENT_MODE)] = DBHolderSQL.GetByID(nameof(Subject), (int)(long)current[nameof(StatementResult.SubjectID)])[nameof(Subject.SubjectName)];
                    }

                    return(new HttpResponse(HttpResponseCode.Ok, JsonConvert.SerializeObject(range, new JsonSerializerSettings {
                        NullValueHandling = NullValueHandling.Ignore
                    }), true));
                }
                else
                {
                    return(new HttpResponse(HttpResponseCode.BadRequest, "Увы, это доступно только для студентов.", false));
                }
            }
            else
            {
                return(new HttpResponse(HttpResponseCode.Forbidden, "Аккаунт не подтвержден!", false));
            }
        }
示例#3
0
        public static (bool valid, object account) VerifyToken(string tokenString, bool deSerializeAccount, bool wipePassword)
        {
            var data = GetToken(tokenString);

            if (data.id == -1 || string.IsNullOrWhiteSpace(data.userName))
            {
                return(false, null);
            }

            DataTable table = DBHolderSQL.GetRange("Account", null, 0, 1, true, false, false, false,
                                                   ("ID", data.id),
                                                   ("UserName", data.userName == "_default_" ? string.Empty : data.userName),
                                                   ("Password", data.password == "_default_" ? string.Empty : data.password));

            if (table.Rows.Count == 1)
            {
                if (wipePassword)
                {
                    table.Rows[0]["Password"] = null;
                }
                return(true, deSerializeAccount ?
                       (object)new Account
                {
                    ID = (int)(long)table.Rows[0]["ID"],
                    AccountType = (AccountType)(int)(long)table.Rows[0]["AccountType"],
                    Approved = ((long)table.Rows[0]["Approved"] == 1),
                    LastAction = table.Rows[0]["LastAction"] == DBNull.Value ? null : (DateTime?)table.Rows[0]["LastAction"],
                    Password = table.Rows[0]["Password"] == DBNull.Value ? null : (string)table.Rows[0]["Password"],
                } :
                       JsonConvert.SerializeObject(table, new JsonSerializerSettings()
                {
                    NullValueHandling = NullValueHandling.Ignore
                }));
            }
            else if (table.Rows.Count > 1)
            {
                return(false, null);
            }
            else
            {
                return(false, null);
            }
        }
示例#4
0
        private static IHttpResponse SignUp(IHttpHeaders query)
        {
            if (query.TryGetByName("UserName", out string userName) &&
                query.TryGetByName("Password", out string password) &&
                query.TryGetByName("AccountType", out byte accountType) &&
                query.TryGetByName("BirthDate", out string birthDateString) &&
                DateTime.TryParseExact(birthDateString, Core.CommonVariables.DateFormatString, CultureInfo.InvariantCulture, DateTimeStyles.None, out DateTime birthDate) &&

                query.TryGetByName("FullName", out string fullName))
            {
                var validationResult = Account.Validate(userName, password, birthDate, fullName);
                if (validationResult == AccountValidationResult.OK)
                {
                    var rows = DBHolderSQL.GetRange("Account", null, 0, 1, true, false, false, false, ("UserName", userName)).Rows;
                    if (rows.Count == 0)
                    {
                        query.TryGetByName("ProfileImage", out byte[] profileImage);
                        return(new HttpResponse(HttpResponseCode.Ok, CreateToken(DBHolderSQL.Save("Account",
                                                                                                  ("UserName", userName),
                                                                                                  ("Password", password),
                                                                                                  ("AccountType", accountType),
                                                                                                  ("BirthDate", birthDate),
                                                                                                  ("ProfileImage", profileImage),
                                                                                                  ("FullName", fullName),
                                                                                                  ("Approved", false),
                                                                                                  ("IsLocal", true),
                                                                                                  ("ID", -1)),
                                                                                 userName, password), true));
                    }
                    else
                    {
                        return(new HttpResponse(HttpResponseCode.BadRequest, "Ошибка! Регистрация невозможна, т.к. пользователь с этим именем пользователя уже зарегистирован в системе!", false));
                    }
                }
                else
                {
                    return(new HttpResponse(HttpResponseCode.BadRequest, ErrorMessages[validationResult], false));
                }
            }
            return(null);
        }