ASP.NET Razor website for https://wotdn.nightmare.haus
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
177 lines
6.2 KiB
177 lines
6.2 KiB
using System; |
|
using System.Collections.Generic; |
|
using MySql.Data.MySqlClient; |
|
|
|
namespace NightmareCoreWeb2 |
|
{ |
|
|
|
public class Account |
|
{ |
|
public UInt32 Id { get; set; } |
|
public bool IsGM { get; set; } |
|
public string Username { get; set; } |
|
public string Email { get; set; } |
|
public string LastIP { get; set; } |
|
public byte[] Verifier { get; set; } |
|
public DateTime LastLogin { get; set; } |
|
public List<Character> Characters { get; set; } |
|
public List<AccountAccess> Access { get; set; } |
|
|
|
public Account(int id) |
|
{ |
|
|
|
MySqlConnection conn = new MySqlConnection(Program.connStr); |
|
conn.Open(); |
|
string sql = "select username from account where id=@id"; |
|
MySqlCommand cmd = new MySqlCommand(sql, conn); |
|
cmd.Parameters.AddWithValue("id", id); |
|
MySqlDataReader rdr = cmd.ExecuteReader(); |
|
while (rdr.Read()) |
|
{ |
|
try |
|
{ |
|
new Account(rdr.GetString(0)); |
|
|
|
} |
|
catch (Exception e) |
|
{ |
|
Console.WriteLine(e); |
|
} |
|
} |
|
} |
|
|
|
|
|
public Account(string username) |
|
{ |
|
MySqlConnection conn = new MySqlConnection(Program.connStr); |
|
conn.Open(); |
|
|
|
string sql = "select id,username,email,last_ip,last_login,verifier from account where username=@username"; |
|
MySqlCommand cmd = new MySqlCommand(sql, conn); |
|
cmd.Parameters.AddWithValue("username", username); |
|
MySqlDataReader rdr = cmd.ExecuteReader(); |
|
this.Verifier = new byte[32]; |
|
while (rdr.Read()) |
|
{ |
|
try |
|
{ |
|
this.Id = rdr.GetUInt32(0); |
|
this.Username = rdr.GetString(1); |
|
this.Email = rdr.GetString(2); |
|
this.LastIP = rdr.GetString(3); |
|
this.LastLogin = rdr.GetDateTime(4); |
|
rdr.GetBytes(5, 0, this.Verifier, 0, 32); |
|
} |
|
catch (Exception e) |
|
{ |
|
Console.WriteLine(e); |
|
} |
|
} |
|
rdr.Close(); |
|
sql = "select guid,username,name,level,race,class from characters.characters join auth.account on characters.characters.account = auth.account.id where characters.characters.account=@id"; |
|
cmd = new MySqlCommand(sql, conn); |
|
cmd.Parameters.AddWithValue("id", this.Id); |
|
rdr = cmd.ExecuteReader(); |
|
this.Characters = new List<Character>(); |
|
|
|
while (rdr.Read()) |
|
{ |
|
try |
|
{ |
|
Character c = new Character(); |
|
c.guid = (int)rdr.GetUInt32(0); |
|
c.Username = rdr.GetString(1); |
|
c.Name = rdr.GetString(2); |
|
c.Level = rdr.GetByte(3); |
|
c.Race = rdr.GetByte(4); |
|
c.Class = rdr.GetByte(5); |
|
this.Characters.Add(c); |
|
} |
|
catch (Exception e) |
|
{ |
|
Console.WriteLine(e); |
|
} |
|
} |
|
rdr.Close(); |
|
sql = "select SecurityLevel,RealmID from account_access where AccountID=@id"; |
|
cmd = new MySqlCommand(sql, conn); |
|
cmd.Parameters.AddWithValue("id", this.Id); |
|
rdr = cmd.ExecuteReader(); |
|
this.Access = new List<AccountAccess>(); |
|
while (rdr.Read()) |
|
{ |
|
try |
|
{ |
|
AccountAccess acctA = new AccountAccess(); |
|
acctA.SecurityLevel = rdr.GetByte(0); |
|
acctA.RealmID = rdr.GetInt32(1); |
|
this.Access.Add(acctA); |
|
} |
|
catch (Exception e) |
|
{ |
|
Console.WriteLine(e); |
|
} |
|
} |
|
foreach (var access in this.Access) |
|
{ |
|
if (access.RealmID == -1 && access.RealmID >= 1) |
|
{ |
|
this.IsGM = true; |
|
} |
|
} |
|
rdr.Close(); |
|
|
|
conn.Close(); |
|
} |
|
public bool AuthenticateAccount(string password) |
|
{ |
|
MySqlConnection conn = new MySqlConnection(Program.connStr); |
|
conn.Open(); |
|
string sql = "select salt,verifier from account where username=@username"; |
|
MySqlCommand cmd = new MySqlCommand(sql, conn); |
|
cmd.Parameters.AddWithValue("username", this.Username); |
|
MySqlDataReader rdr = cmd.ExecuteReader(); |
|
byte[] salt = new byte[32]; |
|
byte[] verifier = new byte[32]; |
|
while (rdr.Read()) |
|
{ |
|
try |
|
{ |
|
rdr.GetBytes(0, 0, salt, 0, 32); |
|
rdr.GetBytes(1, 0, verifier, 0, 32); |
|
} |
|
catch (Exception) { } |
|
} |
|
byte[] calculatedVerifier = Framework.Cryptography.SRP6.CalculateVerifier(this.Username, password, salt); |
|
return calculatedVerifier.Compare(verifier); |
|
} |
|
public bool AuthenticateAccount(byte[] verifier) |
|
{ |
|
return verifier.Compare(this.Verifier); |
|
} |
|
public void ChangePassword(string NewPassword) |
|
{ |
|
MySqlConnection conn = new MySqlConnection(Program.connStr); |
|
conn.Open(); |
|
byte[] salt = new byte[32]; |
|
byte[] verifier = new byte[32]; |
|
(salt, verifier) = Framework.Cryptography.SRP6.MakeRegistrationData(this.Username, NewPassword); |
|
|
|
string sql = "UPDATE auth.account SET salt=@salt, verifier=@verifier where username=@username"; |
|
MySqlCommand cmd = new MySqlCommand(sql, conn); |
|
cmd.Parameters.AddWithValue("username", Username); |
|
cmd.Parameters.AddWithValue("salt", salt); |
|
cmd.Parameters.AddWithValue("verifier", verifier); |
|
cmd.ExecuteNonQuery(); |
|
conn.Close(); |
|
} |
|
|
|
} |
|
|
|
public class AccountAccess |
|
{ |
|
public int SecurityLevel { get; set; } |
|
public int RealmID { get; set; } |
|
} |
|
|
|
} |