public override bool ValidateUser(string username, string password) { using (var db = new DataAccess.CSSDataContext()) { var login = db.Logins.FirstOrDefault(p => p.Username == username.Trim()); if (login == null) { var alias = DataAccess.Alias.GetAliasByCallsign(db, username); if (alias != null) { login = alias.Login; } } if (login == null) { return(false); } if (Settings.Default.UseIPConverge == true) { var connect = new IPConvergeProvider.Connect(); AuthenticationStatus authenticationStatus; string email; connect.Authenticate(login.Username, password, out authenticationStatus, out email); // Always update the user's email to the IPBoard email if the CSS email is different. // This way if the user uses the forgot password features, then the email will go to // their forum email which is the system of record. if (login.Email != email) { login.Email = email; db.SubmitChanges(); } return(authenticationStatus == AuthenticationStatus.Success); } else { try { // Supports calling this provider from both the CSS Server service and the web interface. return(login != null && (PasswordHash.ValidatePassword(password, login.Password) == true || login.Password == password)); } catch (FormatException) { Log.Write(LogType.AuthenticationServer, "LoginId: " + login.Id + ", loginName: " + login.Username + ", Legacy password couldn't be decoded. This is normal for a beta account."); return(false); } } } }
public override bool ChangePassword(string username, string oldPassword, string newPassword) { using (var db = new DataAccess.CSSDataContext()) { DataAccess.Login login; if (Settings.Default.UseIPConverge == true) { login = DataAccess.Login.FindLoginByUsernameOrCallsign(db, username); if (login == null) { return(false); } var connect = new IPConvergeProvider.Connect(); // TODO: If IP Converge is to be used ever, then working around IPC's MD5 password hashs will need to be done. //connect.ChangePassword(login.Email, newPasswordHash); } else { login = DataAccess.Login.FindLoginByUsernameOrCallsign(db, username); if (login == null) { return(false); } if (PasswordHash.ValidatePassword(oldPassword, login.Password) == false) { return(false); } } login.Password = PasswordHash.CreateHash(newPassword); db.SubmitChanges(); } return(true); }
public override bool ChangePassword(string username, string oldPassword, string newPassword) { using (var db = new DataAccess.CSSDataContext()) { DataAccess.Login login; if (Settings.Default.UseIPConverge == true) { login = DataAccess.Login.FindLoginByUsernameOrCallsign(db, username); if (login == null) return false; var connect = new IPConvergeProvider.Connect(); // TODO: If IP Converge is to be used ever, then working around IPC's MD5 password hashs will need to be done. //connect.ChangePassword(login.Email, newPasswordHash); } else { login = DataAccess.Login.FindLoginByUsernameOrCallsign(db, username); if (login == null) return false; if (PasswordHash.ValidatePassword(oldPassword, login.Password) == false) return false; } login.Password = PasswordHash.CreateHash(newPassword); db.SubmitChanges(); } return true; }
public override bool ValidateUser(string username, string password) { using (var db = new DataAccess.CSSDataContext()) { var login = db.Logins.FirstOrDefault(p => p.Username == username.Trim()); if (login == null) { var alias = DataAccess.Alias.GetAliasByCallsign(db, username); if (alias != null) login = alias.Login; } if (login == null) return false; if (Settings.Default.UseIPConverge == true) { var connect = new IPConvergeProvider.Connect(); AuthenticationStatus authenticationStatus; string email; connect.Authenticate(login.Username, password, out authenticationStatus, out email); // Always update the user's email to the IPBoard email if the CSS email is different. // This way if the user uses the forgot password features, then the email will go to // their forum email which is the system of record. if (login.Email != email) { login.Email = email; db.SubmitChanges(); } return authenticationStatus == AuthenticationStatus.Success; } else { try { // Supports calling this provider from both the CSS Server service and the web interface. return login != null && (PasswordHash.ValidatePassword(password, login.Password) == true || login.Password == password); } catch(FormatException) { Log.Write(LogType.AuthenticationServer, "LoginId: " + login.Id + ", loginName: " + login.Username + ", Legacy password couldn't be decoded. This is normal for a beta account."); return false; } } } }