// Get the token by passing him the accountName private Token _getTokenByAccountName(string pAccount) { Log.RemotingServiceLogger.DebugFormat("Call getTokenByAccountName with: {0}", pAccount); Token token = null; string sqlText = @"SELECT user_name, password, database_name, active FROM SqlAccounts WHERE account_name=@account"; try { SqlConnection connection = _getAccountSqlconnection(); SqlCommand command = new SqlCommand(sqlText, connection); command.Parameters.Add("account", SqlDbType.NVarChar); command.Parameters["account"].Value = pAccount; using (SqlDataReader reader = command.ExecuteReader()) { if (reader.HasRows) { reader.Read(); string oUser = reader.GetString(reader.GetOrdinal("user_name")); string oPass = reader.GetString(reader.GetOrdinal("password")); string oDbName = reader.GetString(reader.GetOrdinal("database_name")); bool active = reader.GetBoolean(reader.GetOrdinal("active")); if (!active) { Log.RemotingServiceLogger.ErrorFormat("Account {0} inactive", pAccount); throw new Exception("AccountInactive.Text"); } token = new Token(oUser, oPass, oDbName); } else { Log.RemotingServiceLogger.ErrorFormat("Account {0} incorrect", pAccount); throw new Exception("AccountNameIncorrect.Text"); } } } catch (Exception e) { Log.RemotingServiceLogger.Error("Error during connection to the server", e); throw; } return token; }
// Check the validity of the login/pass/account private bool _checkAccount(Token pSqlToken, string pOctoLogin, string pOctoPass) { Log.RemotingServiceLogger.Debug("Call CheckAccount"); if (pSqlToken == null) { Log.RemotingServiceLogger.Debug("Call CheckAccount with pSqlToken null"); return false; } Log.RemotingServiceLogger.DebugFormat("Call check_account user = {0} pass = {1} token = login {2}, pass {3}, account {4}", pOctoLogin, pOctoPass, pSqlToken.Login, pSqlToken.Pass, pSqlToken.Account); int valid = 0; string connection_string = "user id=" + pSqlToken.Login + ";password="******";server=" + RemoteServerSettings.GetSettings().ServerName + ";initial catalog=" + pSqlToken.Account; SqlConnection connection = new SqlConnection(connection_string); if (connection.State != ConnectionState.Open) connection.Open(); // CHECK if the pOctoLogin/pOctoPass is a valid octo Account string sqlText = "select * from dbo.Users where user_name =@username and user_pass =@password "; SqlCommand command = new SqlCommand(sqlText, connection); command.Parameters.Add("username", SqlDbType.NVarChar); command.Parameters["username"].Value = pOctoLogin; command.Parameters.Add("password", SqlDbType.NVarChar); command.Parameters["password"].Value = pOctoPass; try { valid = int.Parse(command.ExecuteScalar().ToString()); } catch { return false; } return true; }