public static void AddUser(User user)
{
Settings.ConnectionString.UsingConnection(conn => conn.UsingCommand("insert into users ([login], [pass], [avatar]) values (@login, @pass, @avatar)",
cmd =>
{
cmd.AddParam("login", user.Login, DbType.String);
cmd.AddParam("pass", user.Pass, DbType.String);
cmd.AddParam("avatar", user.Avatar, DbType.String);
if(cmd.ExecuteNonQuery() > 0)
Log.DebugFormat("Add user '{0}'", user.Login);
}));
}
protected override AjaxResult ProcessRequestInternal(HttpContext context)
{
AntiFlood.CheckFlood($"{context.Request.CurrentExecutionFilePath}:{context.Request.UserHostAddress}", 50);
User user;
if(context.Request.QueryString["signup"] != null)
{
throw new HttpException(403, "Registration is disabled");
var login = context.Request.Form["login"].TrimToNull();
if(login == null)
throw new HttpException(400, "Login is empty");
if(login.Length < 4)
throw new HttpException(400, "Login too short");
if(login.Length > Settings.MaxLoginLength)
throw new HttpException(400, "Login too long");
try
{
user = new User {Login = login, Pass = RandomPass(), Avatar = RandomAvatar()};
DbStorage.AddUser(user);
}
catch(Exception)
{
throw new HttpException(400, "User already exists? Try another login");
}
}
else
{
var pass = context.Request.Form["pass"].TrimToNull();
if(pass == null)
throw new HttpException(403, "Access denied");
user = DbStorage.FindUserByPass(pass);
if(user == null)
throw new HttpException(403, "Access denied");
var utcNow = DateTime.UtcNow;
if(user.StartTime > utcNow)
throw new HttpException(403, $"Start at '{user.StartTime.ToReadable()}'");
if(user.EndTime != DateTime.MinValue && user.EndTime < utcNow)
throw new HttpException(403, "The End");
}
AuthModule.SetAuthLoginCookie(user.Login.Trim());
return new AjaxResult {Text = user.Pass};
}
public static User FindUser(string key, string value)
{
return Settings.ConnectionString.UsingConnection(conn => conn.UsingCommand($"select [login], [pass], [avatar], [startat], [endat] from users where {key} = @val",
cmd =>
{
cmd.AddParam("val", value, DbType.String);
var reader = cmd.ExecuteReader();
if(reader.IsClosed || !reader.Read())
return null;
var user = new User
{
Login = reader.GetString(0),
Pass = reader.GetString(1),
Avatar = reader.TryGetString(2),
StartTime = reader.TryGetDateTime(3),
EndTime = reader.TryGetDateTime(4)
};
Log.DebugFormat("Found user '{0}'", user.Login);
return user;
}));
}
