public ActionResult Login(UserErrors userModel)
{
if (!ModelState.IsValid) //Checks if input fields have the correct format
{
return(View(userModel)); //Returns the view with the input values so that the user doesn't have to retype again
}
using (ResourcingToolConnection db = new ResourcingToolConnection())
{
// hash the password and compare against database
if (!(userModel.UserName == null || userModel.Password == null))
{
var hashedPassword = Sha256encrypt(userModel.Password);
var userDetails = db.Users.Where(x => x.UserName == userModel.UserName && x.Password == hashedPassword).FirstOrDefault();
if (userDetails != null)
{
var identity = new ClaimsIdentity(new[] {
new Claim(ClaimTypes.Role, userDetails.Role),
new Claim(ClaimTypes.Name, userDetails.Name),
new Claim(ClaimTypes.NameIdentifier, userDetails.Id.ToString())
},
"ApplicationCookie");
// get owin context
var ctx = Request.GetOwinContext();
// get authentication manager
var authManager = ctx.Authentication;
//sign in as claimed identity- in this case the admin
//A user is authenticated by calling AuthenticationManager.SignIn
authManager.SignIn(identity);
//User is authenticated and redirected
return(RedirectToAction("Index", "Projects"));
}
else
{
userModel.ErrorMessage = "The username or password entered is incorrect. Please try again.";
//User authentication failed
}
}
else
{
userModel.ErrorMessage = "The username or password entered is incorrect. Please try again.";
//User authentication failed - blank
}
}
return(View(userModel)); //Should always be declared on the end of an action method
}
public ActionResult ChangePassword(int userId, string currentPassword, string newPassword, UserErrors userModel)
{
if (!ModelState.IsValid) //Checks if input fields have the correct format
{
return(View()); //Returns the view with the input values so that the user doesn't have to retype again
}
using (ResourcingToolConnection db = new ResourcingToolConnection())
{
// hash the password and compare against database
if (!(userId == null || currentPassword == null))
{
var hashedPassword = Sha256encrypt(currentPassword);
var leaderDetails = db.Users.Where(x => x.Id == userId && x.Password == hashedPassword).FirstOrDefault();
if (leaderDetails != null)
{
var newHashedPassword = Sha256encrypt(newPassword);
db.Set <User>().SingleOrDefault(o => o.Id == userId).Password = newHashedPassword;
db.SaveChanges();
return(RedirectToAction("Index", "Projects"));
}
else
{
//User authentication failed
userModel.ErrorMessage = "The current password you've entered is incorrect. Please try again.";
return(View(userModel));
}
}
else
{
userModel.ErrorMessage = "Please enter your current password and your new password.";
//User authentication failed - blank
}
}
return(View(userModel)); //Should always be declared on the end of an action method
}
