public void Login(string username, string password, string token) { bool loggedIn = false; Account account; string message; do { account = Account.Get(username); if (account == null) { message = "Invalid username or password."; break; } if (Session != null) { message = "You are already logged in."; break; } if (!Util.IsValidUsername(username)) { message = Util.InvalidUsernameMessage; break; } if (string.IsNullOrEmpty(password)) { if (string.IsNullOrEmpty(token)) { message = "Missing password."; break; } var loginToken = LoginToken.Find(account.Id, token); if (loginToken == null) { message = "Automatic login failed. Login with your username and password."; break; } loginToken.UpdateAccessed(UserAgent, Address); IsTokenLogin = true; loggedIn = true; message = $"Logged in as {account.Name}."; } else { if (!Util.IsValidPassword(password)) { message = Util.InvalidPasswordMessage; break; } var givenPassword = Convert.ToBase64String(Util.HashPassword(password, Convert.FromBase64String(account.Salt))); if (givenPassword != account.Password) { account = null; message = "Invalid username or password."; break; } var newToken = new LoginToken { UserId = account.Id, Created = Util.GetCurrentTimestamp(), Accessed = Util.GetCurrentTimestamp(), UserAgent = UserAgent, Address = Address, Token = Util.GenerateLoginToken(), }; newToken.Insert(); IsTokenLogin = false; token = newToken.Token; loggedIn = true; message = $"Logged in as {account.Name}."; } } while (false); if (loggedIn) { Send(new AuthenticateResponse { Name = account.Name, Tokens = token, Success = true }); var session = Program.SessionManager.GetOrCreate(account); session.Add(this); } SendSysMessage(message); }