/// <summary> /// Checks if supplied password hash is correct for the specified account /// </summary> /// <param name="AccountName">The name of the account</param> /// <param name="PasswordHash">The hashed password to check.</param> /// <returns>True if the password was correct, false otherwise.</returns> public bool IsCorrectPassword(string AccountName, byte[] PasswordHash) { using (var db = DataAccess.Get()) { SaltedHash SHash = new SaltedHash(new SHA512Managed(), AccountName.Length); Account CorrectAccount = db.Accounts.GetByUsername(AccountName); if (CorrectAccount != null) { if (SHash.VerifyHash(Encoding.ASCII.GetBytes(CorrectAccount.Password.ToUpper()), PasswordHash, Encoding.ASCII.GetBytes(AccountName))) { return true; } } } return false; }
/// <summary> /// Callback-function for CheckAccount(). /// </summary> private static void EndCheckAccount(IAsyncResult AR) { DatabaseAsyncObject AsyncObject = AR.AsyncState as DatabaseAsyncObject; bool FoundAccountName = false; using (MySqlDataReader Reader = AsyncObject.MySQLCmd.EndExecuteReader(AR)) { while (Reader.Read()) { if (((string)Reader[0]).ToUpper() == AsyncObject.AccountName.ToUpper()) { FoundAccountName = true; AsyncObject.Password = (string)Reader[1]; } } } if (FoundAccountName == true) { //0x01 = InitLoginNotify PacketStream P = new PacketStream(0x01, 2); SaltedHash SHash = new SaltedHash(new SHA512Managed(), AsyncObject.AccountName.Length); if (SHash.VerifyHash(Encoding.ASCII.GetBytes(AsyncObject.Password.ToUpper()), AsyncObject.Hash, Encoding.ASCII.GetBytes(AsyncObject.AccountName))) { AsyncObject.Client.Username = AsyncObject.AccountName.ToUpper(); AsyncObject.Client.Password = AsyncObject.Password.ToUpper(); P.WriteByte(0x01); P.WriteByte(0x01); } else //The client's password was wrong. { PacketStream RejectPacket = new PacketStream(0x02, 2); RejectPacket.WriteByte(0x02); RejectPacket.WriteByte(0x02); AsyncObject.Client.Send(RejectPacket.ToArray()); Logger.LogInfo("Bad password - sent SLoginFailResponse!\r\n"); return; } AsyncObject.Client.Send(P.ToArray()); Logger.LogInfo("Sent InitLoginNotify!\r\n"); } else { PacketStream P = new PacketStream(0x02, 2); P.WriteByte(0x02); P.WriteByte(0x01); AsyncObject.Client.Send(P.ToArray()); Logger.LogInfo("Bad accountname - sent SLoginFailResponse!\r\n"); //AsyncObject.Client.Disconnect(); } //If this setting is true, it means an account will be created //if it doesn't exist. if (GlobalSettings.Default.CreateAccountsOnLogin == true) { if (FoundAccountName == false) { //No idea if this call is gonna succeed, given it's called from a callback function... CreateAccount(AsyncObject.AccountName, AsyncObject.Password); } } }
/// <summary> /// Checks if supplied password hash is correct for the specified account /// </summary> /// <param name="AccountName">The name of the account</param> /// <param name="PasswordHash">The hashed password to check.</param> /// <returns>True if the password was correct, false otherwise.</returns> public static bool IsCorrectPassword(string AccountName, byte[] PasswordHash) { using (TSODataContext Context = new TSODataContext(DBConnectionManager.DBConnection)) { SaltedHash SHash = new SaltedHash(new SHA512Managed(), AccountName.Length); //WTF?! Acc isn't defined anywhere... Account CorrectAccount = GetAccount(AccountName); if (CorrectAccount != null) { if (SHash.VerifyHash(Encoding.ASCII.GetBytes(CorrectAccount.Password.ToUpper()), PasswordHash, Encoding.ASCII.GetBytes(AccountName))) { return true; } } } return false; }