public APIResponse RecoverPasswordAction()
{
string Email = UserProfileObj.GetEmail();
try
{
string FPToken = SHA256.Instance().GetUniqueKey(100);
APIResponse ApiResponseObj = new UserActions(UserProfileObj).RecoverPasswordAction();
if (ApiResponseObj == APIResponse.OK)
{
// send the mail
}
return(APIResponse.OK);
}
catch (MySqlException mse)
{
Logger.Instance().Log(Warn.Instance(), mse);
throw mse;
}
catch (Exception ex)
{
Logger.Instance().Log(Warn.Instance(), ex);
throw ex;
}
}
public bool AuthenticateAdmin()
{
try
{
if (UserProfileObj.GetIsAdmin() == false)
{
Logger.Instance().Log(Warn.Instance(), new LogInfo(UserProfileObj.GetEmail().ToString() + " tried to access the admin panel but failed. "));
}
return(UserProfileObj.GetIsAdmin());
}
catch (ArgumentException AEX)
{
Logger.Instance().Log(Warn.Instance(), new WarnDebug("Anonymous user tried to access the Admin panel, but failed"));
throw AEX;
}
catch (NullReferenceException nex)
{
Logger.Instance().Log(Fatal.Instance(), new LogInfo("Unable to authenticate Admin, got exception : " + nex.Message.ToString()));
throw nex;
}
catch (Exception ex)
{
Logger.Instance().Log(Fatal.Instance(), ex);
throw ex;
}
}
public LoginUserReponse LoginUserAction(IUserProfile UserProfileObj)
{
bool IsLoggedIn = false;
string Email = UserProfileObj.GetEmail();
string Password = UserProfileObj.GetPassword();
string Token = "";
string ErrorText = "";
string DbSalt = "";
string DbHashPassword = "";
string HashPassword = "";
try
{
DataSet output = new UserActionsDataLayer(UserProfileObj).GetHashedPassword();
if (output.Tables[0].Rows.Count > 0)
{
DbSalt = output.Tables[0].Rows[0]["salt"].ToString();
DbHashPassword = output.Tables[0].Rows[0]["password"].ToString();
HashPassword = SHA256.Instance().hash(Password + DbSalt);
if (DbHashPassword == HashPassword)
{
Token = SHA256.Instance().hash(Email + Password + DateTime.Now.ToString());
// create a long token
Token += SHA256.Instance().hash(Email + Password + DateTime.Now.AddSeconds(200).ToString());
UserProfileObj.SetToken(Token);
// update the token value to database so as to authenticate the user for all events
new Security(UserProfileObj).AddTokenToDB();
IsLoggedIn = true;
}
else
{
IsLoggedIn = false;
Logger.Instance().Log(Warn.Instance(), new WarnDebug("Authentication failed for email : " + Email.ToString()));
ErrorText = "Invalid Email ID and password combination";
}
}
else
{
IsLoggedIn = false;
ErrorText = "Invalid Email ID and password combination";
}
}
catch (Exception ex)
{
Logger.Instance().Log(Fatal.Instance(), ex);
IsLoggedIn = false;
ErrorText = "Unable to login to the system, please try again later. This event has been logged";
throw ex;
}
LoginUserReponse LoginResponse = new LoginUserReponse();
LoginResponse.SetIsLoggedIn(IsLoggedIn);
LoginResponse.SetErrorText(ErrorText);
LoginResponse.SetToken(Token);
return(LoginResponse);
}
public void AddTokenToDatabase()
{
Source = "sp_addToken";
string Email = UserProfileObj.GetEmail();
string Token = UserProfileObj.GetToken();
try
{
object[] paramToken =
{
new MySqlParameter("@paramToken", Token),
new MySqlParameter("@paramEmail", Email),
};
Commands.ExecuteQuery(Source, CommandType.StoredProcedure, paramToken);
}
catch (Exception ex)
{
Logger.Instance().Log(Fatal.Instance(), ex);
throw ex;
}
}
public DataSet GetHashedPassword()
{
Source = "sp_getSaltPass";
String Email = UserProfileObj.GetEmail();
try
{
object[] parameters =
{
new MySqlParameter("@paramEmail", Email)
};
DataSet output = Commands.ExecuteQuery(Source, CommandType.StoredProcedure, parameters);
return(output);
}
catch (Exception ex)
{
Logger.Instance().Log(Warn.Instance(), ex);
throw ex;
}
}
