public override bool ValidateUser(string username, string password)
{
using (var db = new DataAccess.CSSDataContext())
{
var login = db.Logins.FirstOrDefault(p => p.Username == username.Trim());
if (login == null)
{
var alias = DataAccess.Alias.GetAliasByCallsign(db, username);
if (alias != null)
{
login = alias.Login;
}
}
if (login == null)
{
return(false);
}
if (Settings.Default.UseIPConverge == true)
{
var connect = new IPConvergeProvider.Connect();
AuthenticationStatus authenticationStatus;
string email;
connect.Authenticate(login.Username, password, out authenticationStatus, out email);
// Always update the user's email to the IPBoard email if the CSS email is different.
// This way if the user uses the forgot password features, then the email will go to
// their forum email which is the system of record.
if (login.Email != email)
{
login.Email = email;
db.SubmitChanges();
}
return(authenticationStatus == AuthenticationStatus.Success);
}
else
{
try
{
// Supports calling this provider from both the CSS Server service and the web interface.
return(login != null && (PasswordHash.ValidatePassword(password, login.Password) == true || login.Password == password));
}
catch (FormatException)
{
Log.Write(LogType.AuthenticationServer, "LoginId: " + login.Id + ", loginName: " + login.Username + ", Legacy password couldn't be decoded. This is normal for a beta account.");
return(false);
}
}
}
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
using (var db = new DataAccess.CSSDataContext())
{
DataAccess.Login login;
if (Settings.Default.UseIPConverge == true)
{
login = DataAccess.Login.FindLoginByUsernameOrCallsign(db, username);
if (login == null)
{
return(false);
}
var connect = new IPConvergeProvider.Connect();
// TODO: If IP Converge is to be used ever, then working around IPC's MD5 password hashs will need to be done.
//connect.ChangePassword(login.Email, newPasswordHash);
}
else
{
login = DataAccess.Login.FindLoginByUsernameOrCallsign(db, username);
if (login == null)
{
return(false);
}
if (PasswordHash.ValidatePassword(oldPassword, login.Password) == false)
{
return(false);
}
}
login.Password = PasswordHash.CreateHash(newPassword);
db.SubmitChanges();
}
return(true);
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
using (var db = new DataAccess.CSSDataContext())
{
DataAccess.Login login;
if (Settings.Default.UseIPConverge == true)
{
login = DataAccess.Login.FindLoginByUsernameOrCallsign(db, username);
if (login == null)
return false;
var connect = new IPConvergeProvider.Connect();
// TODO: If IP Converge is to be used ever, then working around IPC's MD5 password hashs will need to be done.
//connect.ChangePassword(login.Email, newPasswordHash);
}
else
{
login = DataAccess.Login.FindLoginByUsernameOrCallsign(db, username);
if (login == null)
return false;
if (PasswordHash.ValidatePassword(oldPassword, login.Password) == false)
return false;
}
login.Password = PasswordHash.CreateHash(newPassword);
db.SubmitChanges();
}
return true;
}
public override bool ValidateUser(string username, string password)
{
using (var db = new DataAccess.CSSDataContext())
{
var login = db.Logins.FirstOrDefault(p => p.Username == username.Trim());
if (login == null)
{
var alias = DataAccess.Alias.GetAliasByCallsign(db, username);
if (alias != null)
login = alias.Login;
}
if (login == null)
return false;
if (Settings.Default.UseIPConverge == true)
{
var connect = new IPConvergeProvider.Connect();
AuthenticationStatus authenticationStatus;
string email;
connect.Authenticate(login.Username, password, out authenticationStatus, out email);
// Always update the user's email to the IPBoard email if the CSS email is different.
// This way if the user uses the forgot password features, then the email will go to
// their forum email which is the system of record.
if (login.Email != email)
{
login.Email = email;
db.SubmitChanges();
}
return authenticationStatus == AuthenticationStatus.Success;
}
else
{
try
{
// Supports calling this provider from both the CSS Server service and the web interface.
return login != null && (PasswordHash.ValidatePassword(password, login.Password) == true || login.Password == password);
}
catch(FormatException)
{
Log.Write(LogType.AuthenticationServer, "LoginId: " + login.Id + ", loginName: " + login.Username + ", Legacy password couldn't be decoded. This is normal for a beta account.");
return false;
}
}
}
}
