public ActionResult Login(LoginModel model, string returnUrl)
{
if (ModelState.IsValid)
{
int userID = AccountLogic.Login(model);
if (userID > 0)
{
Session["Username"] = model.UserName;
Session["TeamID"] = AccountLogic.GetTeamID(userID);
Session["IsAdmin"] = AccountLogic.GetIsAdmin(userID);
return RedirectToLocal(returnUrl);
}
}
// If we got this far, something failed, redisplay form
ModelState.AddModelError("", "The user name or password provided is incorrect.");
return View(model);
}
public static int Login(LoginModel user)
{
DataTable data = new DataTable();
int result = 0;
string sql = @"select UserID, Password
from Users
where Username = @Username";
using (SqlConnection conn = new SqlConnection(Main.GetDSN()))
{
SqlCommand command = new SqlCommand(sql, conn);
command.Parameters.AddWithValue("@Username", user.UserName);
new SqlDataAdapter(command).Fill(data);
if (data.Rows.Count > 0)
{
DataRow userRow = data.Rows[0];
string hash = userRow["Password"].ToString();
if (PasswordHash.ValidatePassword(user.Password, hash))
{
result = Convert.ToInt32(userRow["UserID"]);
}
}
}
return result;
}
