From c157a4d3d8750ec4fffe8bc867f8206154f6e180 Mon Sep 17 00:00:00 2001 From: Gregory Rudolph Date: Tue, 7 Sep 2021 20:47:57 -0400 Subject: [PATCH] It's finally working properly! --- Account.cs | 1 + Config.cs | 7 ++ Pages/Index.cshtml.cs | 147 +++++++++++++++++++++++++++++++++++------- Program.cs | 10 +++ 4 files changed, 141 insertions(+), 24 deletions(-) diff --git a/Account.cs b/Account.cs index b2f8617..e15de46 100644 --- a/Account.cs +++ b/Account.cs @@ -75,6 +75,7 @@ namespace NightmareCoreWeb2 cmd.Parameters.AddWithValue("id", this.Id); rdr = cmd.ExecuteReader(); this.Characters = new List(); + while (rdr.Read()) { try diff --git a/Config.cs b/Config.cs index 36392b0..edc8a26 100644 --- a/Config.cs +++ b/Config.cs @@ -1,4 +1,5 @@ // MysqlConfig myDeserializedClass = JsonConvert.DeserializeObject(myJsonResponse); + using System.Collections.Generic; public class MysqlConfig { public string MysqlUsername { get; set; } @@ -6,5 +7,11 @@ public string MysqlPort { get; set; } public string MysqlServer { get; set; } public string MysqlDatabase { get; set; } + + public string EmailAddress { get; set; } + public string EmailDomain { get; set; } + public string EmailHost { get; set; } + public string EmailPass { get; set; } + public List AllowedDomains { get; set; } } diff --git a/Pages/Index.cshtml.cs b/Pages/Index.cshtml.cs index c7cbdf3..4e040b6 100644 --- a/Pages/Index.cshtml.cs +++ b/Pages/Index.cshtml.cs @@ -1,5 +1,6 @@ using System; -using System.IO; +using System.Net; +using System.Net.Mail; using System.Collections.Generic; using MySql.Data.MySqlClient; using Microsoft.AspNetCore.Mvc.RazorPages; @@ -77,7 +78,7 @@ namespace NightmareCoreWeb2.Pages { if (name.Equals("all", StringComparison.OrdinalIgnoreCase)) { - + ViewData["Title"] = "All Characters"; string sql = "select username,name,level,race,class from characters.characters join auth.account on characters.characters.account = auth.account.id"; QuerySQL(sql); @@ -91,47 +92,145 @@ namespace NightmareCoreWeb2.Pages public void OnPostActivateAccount() { + + conn.Open(); + bool valid = false; ActivateEmail = Request.Form["ActivateEmail"]; + string Username = ActivateEmail.Substring(0, ActivateEmail.IndexOf("@")); ActivatePassword = Request.Form["ActivatePassword"]; ActivateToken = Request.Form["ActivateToken"]; + string sql = "SELECT token from tokens.active_tokens where email=@email"; + MySqlCommand cmd = new MySqlCommand(sql, conn); + cmd.Parameters.AddWithValue("email", ActivateEmail); + MySqlDataReader rdr = cmd.ExecuteReader(); + while (rdr.Read()) + { + if (ActivateToken.Equals(rdr.GetString(0))) + { + valid = true; + } + } + conn.Close(); + if (valid) + { + conn.Open(); + byte[] salt = new byte[32]; + byte[] verifier = new byte[32]; + (salt, verifier) = Framework.Cryptography.SRP6.MakeRegistrationData(Username, ActivatePassword); + sql = "INSERT INTO auth.account (username,salt,verifier,email) VALUES (@username,@salt,@verifier,@email)"; + cmd = new MySqlCommand(sql, conn); + cmd.Parameters.AddWithValue("email", ActivateEmail); + cmd.Parameters.AddWithValue("username", Username); + cmd.Parameters.AddWithValue("salt", salt); + cmd.Parameters.AddWithValue("verifier", verifier); + cmd.ExecuteNonQuery(); + conn.Close(); + } + } public void OnPostRequestToken() { RequestTokenEmail = Request.Form["RequestTokenEmail"]; - } - public bool RequestToken() - { - return false; - } - public bool CreateAccount() - { - return false; - } - public bool IsTokenValid(string username, string token) - { - return false; + string Username = RequestTokenEmail.Substring(0, RequestTokenEmail.IndexOf("@")); + string UserDomain = RequestTokenEmail.Substring(RequestTokenEmail.IndexOf("@")); + bool valid = false; + foreach (string s in Program.AllowedDomains) + { + if (UserDomain.Contains(s)) + { + valid = true; + } + } + if (!valid) + { + Console.WriteLine($"Invalid Email {RequestTokenEmail}"); + return; + } + try + { + Account a = new Account(Username); + AccountAccess access = a.Access[0]; + Console.WriteLine($"Account already exists {Username}"); + } + catch (Exception) + { + conn.Open(); + string sql = "INSERT INTO tokens.active_tokens (email,token) VALUES (@email,@token)"; + MySqlCommand cmd = new MySqlCommand(sql, conn); + cmd.Parameters.AddWithValue("email", RequestTokenEmail); + var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; + var stringChars = new char[13]; + var random = new Random(); + + for (int i = 0; i < stringChars.Length; i++) + { + stringChars[i] = chars[random.Next(chars.Length)]; + } + + var finalString = new String(stringChars); + cmd.Parameters.AddWithValue("token", $"token_{finalString}"); + cmd.ExecuteNonQuery(); + using (SmtpClient smtpClient = new SmtpClient()) + { + var basicCredential = new NetworkCredential($"{Program.EmailAddress}{Program.EmailDomain}", Program.EmailPass); + using (MailMessage message = new MailMessage()) + { + MailAddress fromAddress = new MailAddress($"{Program.EmailAddress}{Program.EmailDomain}"); + + smtpClient.Host = Program.EmailHost; + smtpClient.UseDefaultCredentials = false; + smtpClient.Credentials = basicCredential; + smtpClient.Port = 587; + smtpClient.EnableSsl = true; + message.From = fromAddress; + message.Subject = "WoTDN Auth Token"; + message.IsBodyHtml = false; + message.Body = $"WoTDN Auth Token for Account {Username}: token_{finalString}"; + message.To.Add(RequestTokenEmail); + + try + { + smtpClient.Send(message); + } + catch (Exception ex) + { + Console.WriteLine("Unable to send message."); + //Error, could not send the message + Console.WriteLine(ex.Message); + } + } + } + + conn.Close(); + } + + } - public ActionResult OnGetAlert() { + public ActionResult OnGetAlert() + { string ret = "SERVERALERT:\n\n\n"; - if (this.OnlineCharacters.Count > 0) { - ret += "

Online Players

\n"; - foreach (Character c in OnlineCharacters) { - ret += $"

{c.Username}: Level {c.Level} {c.GetRace()} {c.GetClass()}, {c.Name}

"; - } + if (this.OnlineCharacters.Count > 0) + { + ret += "

Online Players

\n"; + foreach (Character c in OnlineCharacters) + { + ret += $"

{c.Username}: Level {c.Level} {c.GetRace()} {c.GetClass()}, {c.Name}

"; + } } - if (System.IO.File.Exists("announce.html")) { + if (System.IO.File.Exists("announce.html")) + { ret += "
"; ret += System.IO.File.ReadAllText("announce.html"); } ret += "\n\n\r"; - + return Content(ret); - + } - + } } diff --git a/Program.cs b/Program.cs index 46c989d..c473dcb 100644 --- a/Program.cs +++ b/Program.cs @@ -18,6 +18,11 @@ namespace NightmareCoreWeb2 public static string MysqlDatabase; public static string MysqlPort; public static string MysqlPassword; + public static string EmailAddress; + public static string EmailDomain; + public static string EmailHost; + public static string EmailPass; + public static List AllowedDomains; public static string connStr; public static void Main(string[] args) { @@ -30,6 +35,11 @@ namespace NightmareCoreWeb2 Program.MysqlDatabase = config.MysqlDatabase; Program.MysqlPassword = config.MysqlPassword; Program.MysqlPort = config.MysqlPort; + Program.EmailAddress = config.EmailAddress; + Program.EmailDomain = config.EmailDomain; + Program.EmailHost = config.EmailHost; + Program.EmailPass = config.EmailPass; + Program.AllowedDomains = config.AllowedDomains; connStr = $"SslMode=None;server={Program.MysqlServer};user={Program.MysqlUser};database={Program.MysqlDatabase};port={Program.MysqlPort};password={Program.MysqlPassword}";