public bool CheckPasswordForLogin(string passwordEntered, User user)
{
try
{
byte[] hashBytes = Convert.FromBase64String(user.PasswordHash);
byte[] salt = new byte[16];
Array.Copy(hashBytes, 0, salt, 0, 16);
var pbkdf2 = new Rfc2898DeriveBytes(passwordEntered, salt, 10000);
byte[] hash = pbkdf2.GetBytes(20);
for (int i = 0; i < 20; i++)
{
if (hashBytes[i + 16] != hash[i])
{
return false;
}
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
return false;
}
return true;
}
public Deck(string deckId, string deckName, User deckUser, string deckClass)
{
CardList = new List<Card>();
DeckId = deckId;
DeckName = deckName;
DeckUser = deckUser;
DeckClass = deckClass;
}
public bool DeleteUser(User user)
{
NpgsqlConnection conn = _databaseConnection.ConnectToDatabase();
conn.CreateCommand();
NpgsqlCommand command = new NpgsqlCommand("delete from DBUser where username = :value1");
command.Parameters.Add(new NpgsqlParameter("value1", DbType.String));
command.Parameters[0].Value = user.UserName;
command.Connection = conn;
if (_databaseConnection.ExecuteChangeQuery(command, conn))
{
return true;
}
return false;
}
public bool CreateNewDeck(string deckname, User user, string className)
{
NpgsqlConnection conn = databaseConnection.ConnectToDatabase();
conn.CreateCommand();
NpgsqlCommand command = new NpgsqlCommand("insert into dbdeck(deckname, username, deckclass) values(:value1, :value2, :value3)", conn);
command.Parameters.Add(new NpgsqlParameter("value1", DbType.String));
command.Parameters.Add(new NpgsqlParameter("value2", DbType.String));
command.Parameters.Add(new NpgsqlParameter("value3", DbType.String));
command.Parameters[0].Value = deckname;
command.Parameters[1].Value = user.UserName;
command.Parameters[2].Value = className;
command.Connection = conn;
if (databaseConnection.ExecuteChangeQuery(command, conn))
{
return true;
}
return false;
}
public Deck()
{
CardList = new List<Card>();
DeckUser = new User();
}
public Deck getNewestDeckByUser(User user)
{
List<Deck> deckList = deckDatabaseController.GetAllDecksByUser(user);
return deckList.ToArray()[0];
}
public List<Deck> GetAllDecksByUser(User user)
{
List<Deck> deckList = new List<Deck>();
NpgsqlConnection conn = databaseConnection.ConnectToDatabase();
conn.CreateCommand();
NpgsqlCommand command = new NpgsqlCommand("select * from dbdeck where username = :value1", conn);
command.Parameters.Add(new NpgsqlParameter("value1", DbType.String));
command.Parameters[0].Value = user.UserName;
command.Connection = conn;
DataTable result = databaseConnection.ExecuteSelectQuery(command, conn);
if (result != null)
{
for (int i = 0; i < result.Rows.Count; i++)
{
deckList.Add(new Deck(result.Rows[i].ItemArray[0].ToString(), result.Rows[i].ItemArray[1].ToString(), user, result.Rows[i].ItemArray[3].ToString()));
}
}
conn = databaseConnection.ConnectToDatabase();
conn.CreateCommand();
command = new NpgsqlCommand("select ctd.deckid, ctd.cardid, ctd.cardtodeckid from dbcardtodeck as ctd join dbdeck as d on d.deckid = ctd.deckid join dbuser u on u.username = d.username where u.username = :value1", conn);
command.Parameters.Add(new NpgsqlParameter("value1", DbType.String));
command.Parameters[0].Value = user.UserName;
command.Connection = conn;
result = databaseConnection.ExecuteSelectQuery(command, conn);
if (result != null)
{
foreach (Deck d in deckList)
{
for (int i = 0; i < result.Rows.Count; i++)
{
if (result.Rows[i].ItemArray[0].ToString().Equals(d.DeckId))
{
d.CardList.Add(new Card(result.Rows[i].ItemArray[1].ToString(), result.Rows[i].ItemArray[2].ToString()));
}
}
}
}
return deckList;
}
public User GetUser(string username)
{
NpgsqlConnection conn = _databaseConnection.ConnectToDatabase();
conn.CreateCommand();
NpgsqlCommand command = new NpgsqlCommand("select * from DBUser where username = :value1", conn);
command.Parameters.Add(new NpgsqlParameter("value1", DbType.String));
command.Parameters[0].Value = username;
command.Connection = conn;
DataTable result = _databaseConnection.ExecuteSelectQuery(command, conn);
User user = new User();
if (result != null)
{
user.UserName = result.Rows[0].ItemArray[0].ToString();
user.PasswordHash = result.Rows[0].ItemArray[1].ToString();
user.PasswordSalt = result.Rows[0].ItemArray[2].ToString();
}
else
{
Console.WriteLine("Couldn't get user!");
}
return user;
}
public bool UpdateUserPassword(User user, string newPassword)
{
NpgsqlConnection conn = _databaseConnection.ConnectToDatabase();
conn.CreateCommand();
byte[] passwordSalt = CryptoHandler.GeneratePasswordSalt();
string passwordHash = CryptoHandler.HashPassword(newPassword, passwordSalt);
NpgsqlCommand command = new NpgsqlCommand("update DBUser set passwordhash = :value1, passwordsalt = :value2 where username = :value3");
command.Parameters.Add(new NpgsqlParameter("value1", DbType.String));
command.Parameters.Add(new NpgsqlParameter("value2", DbType.String));
command.Parameters.Add(new NpgsqlParameter("value3", DbType.String));
command.Parameters[0].Value = passwordHash;
command.Parameters[1].Value = Convert.ToBase64String(passwordSalt);
command.Parameters[2].Value = user.UserName;
command.Connection = conn;
if (_databaseConnection.ExecuteChangeQuery(command, conn))
{
return true;
}
return false;
}
