Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using System;
- using System.Collections.Generic;
- using System.Web;
- using System.Web.UI;
- using System.Web.UI.WebControls;
- using System.IO;
- using System.Data.SqlClient;
- using System.Text;
- using System.Security.Cryptography;
- using System.Net.Mail;
- using System.Net;
- public partial class pnas : System.Web.UI.Page {
- protected void Page_Load(object sender, EventArgs e) {
- SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder();
- builder.DataSource = @"(local)\sebastianlawe";
- builder.InitialCatalog = "SebastianLawe";
- builder.UserID = System.Web.Configuration.WebConfigurationManager.AppSettings["DatabaseName"];
- builder.Password = System.Web.Configuration.WebConfigurationManager.AppSettings["DatabasePassword"];
- using (BinaryReader reader = new BinaryReader(Request.InputStream)) {
- using (BinaryWriter writer = new BinaryWriter(Response.OutputStream)) {
- switch (reader.ReadByte()) {
- case 0:
- // Registration
- string nickname = reader.ReadString();
- string username = reader.ReadString();
- string password = reader.ReadString();
- string email = reader.ReadString();
- bool usernameExists = false;
- bool nicknameExists = false;
- bool emailExists = false;
- using (SqlConnection connection = new SqlConnection(builder.ConnectionString)) {
- connection.Open();
- using (SqlCommand command = connection.CreateCommand()) {
- command.CommandText =
- @"SELECT [Username], [Nickname], [Email] FROM [SebastianLawe].[dbo].[ProjectNORLogin]
- WHERE [Username] = @Username OR [Nickname] = @Nickname OR [Email] = @Email";
- command.Parameters.Add(new SqlParameter("@Username", username));
- command.Parameters.Add(new SqlParameter("@Nickname", nickname));
- command.Parameters.Add(new SqlParameter("@Email", email));
- using (SqlDataReader sqlReader = command.ExecuteReader()) {
- while (sqlReader.Read()) {
- if (!usernameExists) {
- usernameExists = username == (sqlReader.GetValue(0) as string);
- break;
- }
- if (!emailExists) {
- emailExists = username == (sqlReader.GetValue(1) as string);
- break;
- }
- if (!nicknameExists) {
- nicknameExists = username == (sqlReader.GetValue(2) as string);
- break;
- }
- }
- writer.Write(usernameExists || emailExists || nicknameExists);
- if (usernameExists) {
- writer.Write("Username Already Exists");
- }
- else if (emailExists) {
- writer.Write("Email Already Exists");
- }
- else if (nicknameExists) {
- writer.Write("Nickname Already Exists");
- }
- writer.Flush();
- }
- }
- connection.Close();
- }
- if (!usernameExists && !nicknameExists && !emailExists) {
- using (SqlConnection connection = new SqlConnection(builder.ConnectionString)) {
- connection.Open();
- using (SqlCommand command = connection.CreateCommand()) {
- Guid salt = Guid.NewGuid();
- Guid verificationKey = Guid.NewGuid();
- command.CommandText =
- @"insert into [SebastianLawe].[dbo].[ProjectNORLogin]
- values (NEWID(), @Nickname, @Username, @Password, @Salt, @Email,
- SYSUTCDATETIME(), SYSUTCDATETIME(), 0, @SecurityQuestion, @SecurityAnswer, @Verification, @PasswordResetKey)";
- command.Parameters.Add(new SqlParameter("@Nickname", nickname));
- command.Parameters.Add(new SqlParameter("@Username", username));
- command.Parameters.Add(new SqlParameter("@Password", sha256_hash(password + salt.ToString())));
- command.Parameters.Add(new SqlParameter("@Salt", salt.ToString()));
- command.Parameters.Add(new SqlParameter("@Email", email));
- command.Parameters.Add(new SqlParameter("@SecurityQuestion", reader.ReadString()));
- command.Parameters.Add(new SqlParameter("@SecurityAnswer", reader.ReadString()));
- command.Parameters.Add(new SqlParameter("@Verification", verificationKey));
- command.Parameters.Add(new SqlParameter("@PasswordResetKey", Guid.Empty));
- try {
- command.ExecuteNonQuery();
- writer.Write("");
- MailMessage mail = new MailMessage("no-reply@projectnor.com", email);
- SmtpClient client = new SmtpClient();
- NetworkCredential cred = new NetworkCredential("no-reply@thavea.com", "1am1lwkr");
- client.EnableSsl = true;
- client.Port = 587;
- client.DeliveryMethod = SmtpDeliveryMethod.Network;
- client.UseDefaultCredentials = false;
- client.Host = "smtp.gmail.com";
- client.Credentials = cred;
- mail.Subject = "Project NOR Verification";
- mail.Body = "Thank you for registering to Project NOR!\r\n"
- + "Before you can start playing, you will need enter the following activation key within the game.\r\n\r\n"
- + verificationKey.ToString()
- + "\r\n\r\nThis message is auto generated, any messages received will not get a response.";
- client.Send(mail);
- }
- catch {
- writer.Write("Server Error");
- }
- }
- }
- }
- break;
- case 1:
- // Authenticate
- using (SqlConnection connection = new SqlConnection(builder.ConnectionString)) {
- connection.Open();
- using (SqlCommand command = connection.CreateCommand()) {
- command.CommandText = @"select [Username], [Password], [Salt], [Nickname], [Paid]
- from [SebastianLawe].[dbo].[ProjectNORLogin] where [Username] = @Username";
- command.Parameters.AddWithValue("@Username", reader.ReadString());
- using (SqlDataReader dataReader = command.ExecuteReader()) {
- while (dataReader.Read()) {
- if ((sha256_hash(reader.ReadString()
- + (dataReader.GetValue(2) as string))
- == (dataReader.GetValue(1) as string))) {
- writer.Write(true);
- writer.Write(dataReader.GetValue(3) as string);
- writer.Write((bool)dataReader.GetValue(4));
- }
- else {
- }
- }
- writer.Write(false);
- writer.Flush();
- }
- }
- }
- break;
- case 2:
- // Verify Key
- bool authenticated = false;
- username = reader.ReadString();
- password = reader.ReadString();
- string verification = reader.ReadString();
- using (SqlConnection connection = new SqlConnection(builder.ConnectionString)) {
- connection.Open();
- using (SqlCommand command = connection.CreateCommand()) {
- command.CommandText = @"select [Username], [Password], [Salt], [Paid], [Verification]
- from [SebastianLawe].[dbo].[ProjectNORLogin] where [Username] = @Username and [Verification] = @Verification";
- command.Parameters.Add(new SqlParameter("@Username", username));
- command.Parameters.Add(new SqlParameter("@Verification", Guid.Parse(verification.Replace("-", null))));
- using (SqlDataReader dataReader = command.ExecuteReader()) {
- while (dataReader.Read()) {
- if ((sha256_hash(password
- + (dataReader.GetValue(2) as string))
- == (dataReader.GetValue(1) as string))
- && ((Guid)dataReader.GetValue(4))
- == Guid.Parse(verification)) {
- authenticated = true;
- break;
- }
- }
- }
- }
- }
- if (authenticated) {
- using (SqlConnection connection = new SqlConnection(builder.ConnectionString)) {
- connection.Open();
- using (SqlCommand command = connection.CreateCommand()) {
- command.CommandText = @"update [ProjectNORLogin] set [Paid] = 1 where [Verification] = @Verification";
- command.Parameters.AddWithValue("@Username", username);
- command.Parameters.AddWithValue("@Verification", verification);
- writer.Write((byte)command.ExecuteNonQuery());
- }
- }
- }
- else {
- writer.Write((byte)2);
- }
- break;
- case 3:
- // Get Security Question
- email = reader.ReadString();
- using (SqlConnection connection = new SqlConnection(builder.ConnectionString)) {
- connection.Open();
- using (SqlCommand command = connection.CreateCommand()) {
- command.CommandText = @"select [Email], [SecurityQuestion]
- from [SebastianLawe].[dbo].[ProjectNORLogin] where [Email] = @Email";
- command.Parameters.Add(new SqlParameter("@Email", email));
- using (SqlDataReader dataReader = command.ExecuteReader()) {
- while (dataReader.Read()) {
- writer.Write(dataReader.GetValue(1) as string);
- }
- }
- writer.Write("This name does not exist.");
- }
- }
- break;
- case 4:
- // Check security answer.
- email = reader.ReadString();
- bool securityQuestionAnswered = false;
- using (SqlConnection connection = new SqlConnection(builder.ConnectionString)) {
- connection.Open();
- using (SqlCommand command = connection.CreateCommand()) {
- command.CommandText = @"select [SecurityAnswer], [Email]
- from [SebastianLawe].[dbo].[ProjectNORLogin] where [Email] = @Email and [SecurityAnswer] = @SecurityAnswer";
- command.Parameters.Add(new SqlParameter("@Email", email));
- command.Parameters.Add(new SqlParameter("@SecurityAnswer", reader.ReadString()));
- using (SqlDataReader dataReader = command.ExecuteReader()) {
- while (dataReader.Read()) {
- writer.Write(true);
- securityQuestionAnswered = true;
- break;
- }
- }
- writer.Write(false);
- writer.Flush();
- }
- }
- if (securityQuestionAnswered) {
- Guid passwordResetKey = Guid.NewGuid();
- using (SqlConnection connection = new SqlConnection(builder.ConnectionString)) {
- connection.Open();
- using (SqlCommand command = connection.CreateCommand()) {
- command.CommandText = @"update [ProjectNORLogin] set [PasswordResetKey] = @NewKey where [Email] = @Email";
- command.Parameters.Add(new SqlParameter("@Email", email));
- command.Parameters.Add(new SqlParameter("@NewKey", passwordResetKey));
- command.ExecuteNonQuery();
- MailMessage mail = new MailMessage("no-reply@projectnor.com", email);
- SmtpClient client = new SmtpClient();
- NetworkCredential cred = new NetworkCredential("no-reply@thavea.com", "1am1lwkr");
- client.EnableSsl = true;
- client.Port = 587;
- client.DeliveryMethod = SmtpDeliveryMethod.Network;
- client.UseDefaultCredentials = false;
- client.Host = "smtp.gmail.com";
- client.Credentials = cred;
- mail.Subject = "Project NOR Password Reset";
- mail.Body = "Forgot your password? No worries.\r\n"
- + "To reset your password, copy and paste the following code into the games password reset menu.\r\n\r\n"
- + passwordResetKey.ToString()
- + "\r\n\r\nThis message is auto generated, any messages received will not get a response.";
- client.Send(mail);
- }
- }
- }
- break;
- case 5:
- // Reset Password
- Guid passwordKey = Guid.Parse(reader.ReadString());
- bool properResetKeyEntered = false;
- using (SqlConnection connection = new SqlConnection(builder.ConnectionString)) {
- connection.Open();
- using (SqlCommand command = connection.CreateCommand()) {
- command.CommandText = @"select [PasswordResetKey]
- from [SebastianLawe].[dbo].[ProjectNORLogin] where [PasswordResetKey] = @PasswordResetKey";
- command.Parameters.Add(new SqlParameter("@PasswordResetKey", passwordKey));
- using (SqlDataReader dataReader = command.ExecuteReader()) {
- while (dataReader.Read()) {
- writer.Write(true);
- properResetKeyEntered = true;
- break;
- }
- }
- writer.Write(false);
- }
- }
- if (properResetKeyEntered) {
- using (SqlConnection connection = new SqlConnection(builder.ConnectionString)) {
- connection.Open();
- using (SqlCommand command = connection.CreateCommand()) {
- command.CommandText = @"update [ProjectNORLogin] set [Password] = @Password, [PasswordResetKey] = @NewResetKey
- where [PasswordResetKey] = @PasswordResetKey";
- command.Parameters.AddWithValue("@PasswordResetKey", passwordKey);
- command.Parameters.AddWithValue("@Password", reader.ReadString());
- command.Parameters.AddWithValue("@NewResetKey", Guid.NewGuid());
- writer.Write((byte)command.ExecuteNonQuery());
- }
- }
- }
- break;
- }
- }
- }
- }
- public static string sha256_hash(string value) {
- StringBuilder Sb = new StringBuilder();
- using (SHA256 hash = SHA256Managed.Create()) {
- Encoding enc = Encoding.UTF8;
- byte[] result = hash.ComputeHash(enc.GetBytes(value));
- foreach (byte b in result)
- Sb.Append(b.ToString("x2"));
- }
- return Sb.ToString();
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
