protected override bool ProcessSection(IHttpRequest request, IHttpResponse response, IHttpSession session)
{
IHttpInput input = (request.Method.ToLower() == "post") ? request.Form : request.QueryString;
/*if (request.Method.ToLower() != "post")
* return false;*/
if (!input.Contains("username") || !input.Contains("password"))
{
WriteAndFlush(response, "{ \"error\": \"Invalid request\" }");
return(true);
}
var result = Connections.SendAndReceive <LoginResultMessage> (
new LoginMessage {
Username = input["username"].Value, Password = input["password"].Value
}, session);
if (!result.Result.Succeeded)
{
WriteAndFlush(response, JsonConvert.SerializeObject(new { result.Result, SessionId = session.Id }));
}
else
{
var pmsg = Connections.Receive <PermissionsMessage> (session);
if (pmsg.Permissions.CheckPermission(PermissionName.AdminPanel))
{
session["loggedIn"] = true;
Connections.SaveSession(session);
WriteAndFlush(response, JsonConvert.SerializeObject(new { result.Result, SessionId = session.Id, pmsg.Permissions }));
}
else
{
WriteAndFlush(response, "{ \"error\": \"Insufficient permissions\" }");
}
}
return(true);
}
/// <summary>
/// Checks whether the form or querystring has the specified value
/// </summary>
/// <param name="name">Name, case sensitive</param>
/// <returns>true if found; otherwise false.</returns>
public bool Contains(string name)
{
return(_form.Contains(name) || _query.Contains(name));
}
public static bool ContainsAndNotNull(this IHttpInput self, params string[] fieldNames)
{
return(fieldNames.All(n => self.Contains(n) && self[n].Value != null));
}