protected void Page_Load(object sender, EventArgs e) { Response.Expires = -1; bool localCall = false; string[] local = (Request.ServerVariables["LOCAL_ADDR"]).Split(new char[] { '.' }); string remoteaddr = (Request.ServerVariables["REMOTE_ADDR"]); string[] remote = remoteaddr.Split(new char[] { '.' }); if (local[0] == remote[0] && local[1] == remote[1]) { localCall = true; } redirectURL = Request["redirect"] != null ? Request["redirect"].ToString() : ""; redirectURLParams = ""; foreach (string s in Request.Form.Keys) { if (s != "redirect" && s != "username" && s != "password") { redirectURLParams += "&" + s + "=" + Server.UrlEncode(Request.Form[s]); } } string loginToken = Request["username"] != null ? Request["username"].ToString() : ""; string password = Request["password"] != null ? Request["password"].ToString() : ""; lock (lockObject) { if ((localCall == false) && lastcallers.ContainsKey(remoteaddr) && lastcallers[remoteaddr] > DateTime.Now) { lastcallers[remoteaddr] = DateTime.Now.AddSeconds(10); DoFail("4", "EPIC FAIL"); } else { lastcallers[remoteaddr] = DateTime.Now.AddSeconds(4); if (!string.IsNullOrEmpty(loginToken.Trim()) && !string.IsNullOrEmpty(password.Trim())) { try { BasicPerson authenticatedPerson = PirateWeb.Logic.Security.Authentication.Authenticate(loginToken, password); if (authenticatedPerson == null) { throw new Exception("Wrong UserId/Password"); } string ticket = Convert.ToBase64String(new System.Security.Cryptography.MD5CryptoServiceProvider().ComputeHash(Guid.NewGuid().ToByteArray())); Regex re = new Regex(@"[^a-z0-9]", RegexOptions.IgnoreCase); ticket = re.Replace(ticket, ""); InternalLoginTicket ticketObj = new InternalLoginTicket(); ticketObj.created = DateTime.Now; ticketObj.validatedUserID = authenticatedPerson.Identity; Dictionary <string, InternalLoginTicket> openTickets = new Dictionary <string, InternalLoginTicket>(); Application.Lock(); if (Application["SubSystem_LoginTickets"] != null) { openTickets = (Dictionary <string, InternalLoginTicket>)Application["SubSystem_LoginTickets"]; List <string> toremove = new List <string>(); foreach (string key in openTickets.Keys) { if (openTickets[key].created.AddMinutes(2) < DateTime.Now) { toremove.Add(key); } } foreach (string key in toremove) { openTickets.Remove(key); } } openTickets.Add(ticket, ticketObj); Application["SubSystem_LoginTickets"] = openTickets; Application.UnLock(); Response.Redirect(redirectURL + "?result=success&ticket=" + Server.UrlEncode(ticket.ToString()) + redirectURLParams, false); } catch (Exception exc) { DoFail("1", exc.Message); } } else { DoFail("2", "Invalid Parameter"); } } if (lastcallers.Count > 10) { string[] keys = (new List <string>(lastcallers.Keys)).ToArray(); foreach (string key in keys) { if (lastcallers[key] < DateTime.Now.AddMinutes(-5)) { lastcallers.Remove(key); } } } } Session.Abandon(); }
protected void Page_Load (object sender, EventArgs e) { Response.Expires = -1; bool localCall = false; string[] local = (Request.ServerVariables["LOCAL_ADDR"]).Split(new char[] { '.' }); string remoteaddr = (Request.ServerVariables["REMOTE_ADDR"]); string[] remote = remoteaddr.Split(new char[] { '.' }); if (local[0] == remote[0] && local[1] == remote[1]) localCall = true; redirectURL = Request["redirect"] != null ? Request["redirect"].ToString() : ""; redirectURLParams = ""; foreach (string s in Request.Form.Keys) { if (s != "redirect" && s != "username" && s != "password") redirectURLParams += "&" + s + "=" + Server.UrlEncode(Request.Form[s]); } string loginToken = Request["username"] != null ? Request["username"].ToString() : ""; string password = Request["password"] != null ? Request["password"].ToString() : ""; lock (lockObject) { if ((localCall == false) && lastcallers.ContainsKey(remoteaddr) && lastcallers[remoteaddr] > DateTime.Now) { lastcallers[remoteaddr] = DateTime.Now.AddSeconds(10); DoFail("4", "EPIC FAIL"); } else { lastcallers[remoteaddr] = DateTime.Now.AddSeconds(4); if (!string.IsNullOrEmpty(loginToken.Trim()) && !string.IsNullOrEmpty(password.Trim())) { try { BasicPerson authenticatedPerson = PirateWeb.Logic.Security.Authentication.Authenticate(loginToken, password); if (authenticatedPerson == null) throw new Exception("Wrong UserId/Password"); string ticket = Convert.ToBase64String(new System.Security.Cryptography.MD5CryptoServiceProvider().ComputeHash(Guid.NewGuid().ToByteArray())); Regex re = new Regex(@"[^a-z0-9]", RegexOptions.IgnoreCase); ticket = re.Replace(ticket,""); InternalLoginTicket ticketObj = new InternalLoginTicket(); ticketObj.created = DateTime.Now; ticketObj.validatedUserID = authenticatedPerson.Identity; Dictionary<string, InternalLoginTicket> openTickets = new Dictionary<string, InternalLoginTicket>(); Application.Lock(); if (Application["SubSystem_LoginTickets"] != null) { openTickets = (Dictionary<string, InternalLoginTicket>)Application["SubSystem_LoginTickets"]; List<string> toremove = new List<string>(); foreach (string key in openTickets.Keys) { if (openTickets[key].created.AddMinutes(2) < DateTime.Now) toremove.Add(key); } foreach (string key in toremove) { openTickets.Remove(key); } } openTickets.Add(ticket, ticketObj); Application["SubSystem_LoginTickets"] = openTickets; Application.UnLock(); Response.Redirect(redirectURL + "?result=success&ticket=" + Server.UrlEncode(ticket.ToString()) + redirectURLParams, false); } catch (Exception exc) { DoFail("1", exc.Message); } } else { DoFail("2", "Invalid Parameter"); } } if (lastcallers.Count > 10) { string[] keys = (new List<string>(lastcallers.Keys)).ToArray(); foreach (string key in keys) { if (lastcallers[key] < DateTime.Now.AddMinutes(-5)) { lastcallers.Remove(key); } } } } Session.Abandon(); }