using System; using System.Data; using System.Data.SqlClient; using System.Security.Cryptography; using System.Text; namespace Launcher_Server.Database { class Query { private SqlConnection Connection; public Query() { try { Connection = new SqlConnection(String.Format(Properties.Settings.Default.DatabaseString, Properties.Settings.Default.SQLName)); OpenConnection(); } catch { } } public string CalculateMD5Hash(string input) { // step 1, calculate MD5 hash from input MD5 md5 = System.Security.Cryptography.MD5.Create(); byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input); byte[] hash = md5.ComputeHash(inputBytes); // step 2, convert byte array to hex string StringBuilder sb = new StringBuilder(); for (int i = 0; i < hash.Length; i++) { sb.Append(hash[i].ToString("X2")); } return sb.ToString().ToLower(); } public String Login(String Username, String Password) { Password = CalculateMD5Hash(Password); try { OpenConnection(); SqlCommand Command = new SqlCommand(); Command.Connection = Connection; Command.CommandText = String.Format("SELECT * FROM {0}..tAccounts WHERE sUsername = '{1}' AND sUserPass = '{2}'", Properties.Settings.Default.SQLAccount, Username, Password); SqlDataReader Reader = Command.ExecuteReader(); Reader.Read(); if (Reader.HasRows) { Reader.Close(); Command.CommandText = String.Format("SELECT nEMID, nAuthID FROM {0}..tAccounts WHERE sUsername = '{1}'", Properties.Settings.Default.SQLAccount, Username); Reader = Command.ExecuteReader(); Reader.Read(); Int32 nEMID = Convert.ToInt32(Reader["nEMID"]); Int32 nAuthID = Convert.ToInt32(Reader["nAuthID"]); Reader.Close(); Command.CommandText = String.Format("DELETE FROM {0}..tTokens WHERE nEMID = '{1}'", Properties.Settings.Default.SQLAccount, nEMID); Command.ExecuteNonQuery(); if (nAuthID == -1) { return "Account Banned!"; } Command.CommandText = String.Format("SELECT * FROM {0}..tAuth WHERE nAuthID = '{1}' AND nLoginable = '0'", Properties.Settings.Default.SQLAccount, nAuthID); Reader = Command.ExecuteReader(); Reader.Read(); if (!Reader.HasRows) { Reader.Close(); String Token = CreateToken(Utility.CreateRandom(50)); InsertToken(nEMID, Token); return String.Format("All Good!#{0}", Token); } else { return "Server Maintenance!"; } } else { return "No Account Found!"; } } catch { } return null; } private String CreateToken(String Token) { OpenConnection(); SqlCommand Command = new SqlCommand(); Command.Connection = Connection; Command.CommandText = String.Format("SELECT * FROM {0}..tTokens WHERE sToken = '{1}'", Properties.Settings.Default.SQLAccount, Token); SqlDataReader Reader = Command.ExecuteReader(); Reader.Read(); if (Reader.HasRows) { Reader.Close(); Token = CreateToken(Utility.CreateRandom(50)); } return Token; } private void InsertToken(Int32 nEMID, String Token) { OpenConnection(); SqlCommand Command = new SqlCommand(); Command.Connection = Connection; Command.CommandText = String.Format("INSERT INTO {0}..tTokens (nEMID, sToken) VALUES ('{1}', '{2}')", Properties.Settings.Default.SQLAccount, nEMID, Token); Command.ExecuteNonQuery(); } private void OpenConnection() { if (Connection.State != ConnectionState.Open) { Connection.Open(); } } public void Dispose() { Connection.Dispose(); } } }