public static string LoginUser(string username, string password)
{
NameValueCollection result = Database.Instance.QuerySingle("SELECT * FROM user WHERE username = '" + username + "' COLLATE NOCASE LIMIT 1;");
if (result == null)
return null;
SaltedHash.SaltedHash sh = new SaltedHash.SaltedHash();
if (!sh.VerifyHashString(password, result["password"], result["salt"]))
{
// invalid password
Console.WriteLine("Invalid password for user " + username);
return null;
}
//now that the user is validated, create an api key that can be used for subsequent requests
var apiKey = Guid.NewGuid().ToString();
Database.Instance.ExecuteNonQuery("INSERT INTO user_apikeys (user_id, apikey) VALUES (" + result["id"] + ", '" + apiKey + "');");
return apiKey;
}