/// <summary> /// This function takes a password and the userName to /// compare the password with the password asigned to the userName. /// Both passwords, only one or none will exist as md5 hashed. /// </summary> /// <param name="userName"></param> /// <param name="password"></param> /// <returns>user as UserToken.</returns> public static UserToken Login(string userName, string password) { UserToken token = null; SiteSecurityConfig ssc = GetSecurity(); /* * foreach (User user in ssc.Users) * { * if (user.Name.ToUpper() == userName.ToUpper() && user.Active) * { * if ((IsCleanStringEncrypted(user.Password) && IsCleanStringEncrypted(password)) || * (!IsCleanStringEncrypted(user.Password) && !IsCleanStringEncrypted(password))) * { * if (user.Password == password) * { * token = user.ToToken(); * break; * } * else if (user.Password == SiteSecurity.Encrypt(password)) * { * token = user.ToToken(); * break; * } * } * else if ((IsCleanStringEncrypted(user.Password) && !IsCleanStringEncrypted(password))) * { * if (user.Password == Encrypt(password)) * { * token = user.ToToken(); * break; * } * } * else * { * if (Encrypt(user.Password) == password) * { * token = user.ToToken(); * break; * } * } * } * } * */ User user = GetUser(userName); if (user != null && user.Active) { //Make sure password is encrypted if (!IsCleanStringEncrypted(password)) { password = SiteSecurity.Encrypt(password); } //if the stored password is encrypted, test equality, or test equality with the encrypted version of it if ((IsCleanStringEncrypted(user.Password) && user.Password == password) || (SiteSecurity.Encrypt(user.Password) == password)) { token = user.ToToken(); } } Login(token, userName); return(token); }