public ActionResult ChangePassword(PasswordModel password) { ViewBag.incorrect = false; Customer customer = db.Customers.Where(x => x.Username == User.Identity.Name).First(); string temppassword = hashString(customer.salt + password.OldPassword); int count = db.Customers.Where(x => x.Username == customer.Username && x.Password == temppassword).Count(); if (count == 1 && password.CurrentPassword == password.ConfirmPassword) { string salt = Crypto.GenerateSalt(); string hash = hashString(salt + password.ConfirmPassword); db.usp_UpdateCustomerPassword(customer.CustomerID, salt, hash); return(RedirectToAction("YourAccount", "Account", null)); } else { ViewBag.incorrect = true; } return(View()); }