public static bool AddUser(string username, string password)
{
SaltedHash.SaltedHash sh = new SaltedHash.SaltedHash();
string hash;
string salt;
sh.GetHashAndSaltString(password, out hash, out salt);
int result = Database.Instance.ExecuteNonQuery("INSERT INTO user (username, password, salt) VALUES ('" + username + "','" + hash + "','" + salt + "');");
if (result > 0)
{
/*
ComicListItemFolder userFolder = new ComicListItemFolder(name);
ComicIdListItem readingList = new ComicIdListItem("Reading");
userFolder.Items.Add(readingList);
ComicIdListItem favoritesList = new ComicIdListItem("Favorites");
userFolder.Items.Add(favoritesList);
((ComicLibrary)Program.Database).ComicLists.Add(userFolder);
*/
return true;
}
return false;
}
public static bool AddUser(string username, string password)
{
SaltedHash.SaltedHash sh = new SaltedHash.SaltedHash();
string hash;
string salt;
sh.GetHashAndSaltString(password, out hash, out salt);
int result = Database.Instance.ExecuteNonQuery("INSERT INTO user (username, password, salt) VALUES ('" + username + "','" + hash + "','" + salt + "');");
if (result > 0)
{
/*
* ComicListItemFolder userFolder = new ComicListItemFolder(name);
* ComicIdListItem readingList = new ComicIdListItem("Reading");
* userFolder.Items.Add(readingList);
* ComicIdListItem favoritesList = new ComicIdListItem("Favorites");
* userFolder.Items.Add(favoritesList);
*
* ((ComicLibrary)Program.Database).ComicLists.Add(userFolder);
*/
return(true);
}
return(false);
}
public static bool SetPassword(int userid, string password)
{
// TODO: validate password strength
// TODO: remove active api keys
SaltedHash.SaltedHash sh = new SaltedHash.SaltedHash();
string hash;
string salt;
sh.GetHashAndSaltString(password, out hash, out salt);
int result = Database.Instance.ExecuteNonQuery("UPDATE user SET password='******', salt='" + salt + "' WHERE id=" + userid + ";");
return(result > 0);
}
public static string LoginUser(string username, string password)
{
NameValueCollection result = Database.Instance.QuerySingle("SELECT * FROM user WHERE username = '******' COLLATE NOCASE LIMIT 1;");
if (result == null)
{
return(null);
}
SaltedHash.SaltedHash sh = new SaltedHash.SaltedHash();
if (!sh.VerifyHashString(password, result["password"], result["salt"]))
{
// invalid password
Console.WriteLine("Invalid password for user " + username);
return(null);
}
//now that the user is validated, create an api key that can be used for subsequent requests
var apiKey = Guid.NewGuid().ToString();
Database.Instance.ExecuteNonQuery("INSERT INTO user_apikeys (user_id, apikey) VALUES (" + result["id"] + ", '" + apiKey + "');");
return(apiKey);
}
public static string LoginUser(string username, string password)
{
NameValueCollection result = Database.Instance.QuerySingle("SELECT * FROM user WHERE username = '******' COLLATE NOCASE LIMIT 1;");
if (result == null)
return null;
SaltedHash.SaltedHash sh = new SaltedHash.SaltedHash();
if (!sh.VerifyHashString(password, result["password"], result["salt"]))
{
// invalid password
Console.WriteLine("Invalid password for user " + username);
return null;
}
//now that the user is validated, create an api key that can be used for subsequent requests
var apiKey = Guid.NewGuid().ToString();
Database.Instance.ExecuteNonQuery("INSERT INTO user_apikeys (user_id, apikey) VALUES (" + result["id"] + ", '" + apiKey + "');");
return apiKey;
}
public static bool SetPassword(int userid, string password)
{
// TODO: validate password strength
// TODO: remove active api keys
SaltedHash.SaltedHash sh = new SaltedHash.SaltedHash();
string hash;
string salt;
sh.GetHashAndSaltString(password, out hash, out salt);
int result = Database.Instance.ExecuteNonQuery("UPDATE user SET password='******', salt='" + salt + "' WHERE id=" + userid + ";");
return result > 0;
}
