public ActionResult ChangePassword(string oldpass,string newpass1,string newpass2)
 {
     if (Request.IsAuthenticated)
     {
         if(newpass1==newpass2)
         {
             PasswordMethods pass = new PasswordMethods();
             UserData userData = UserData.GetUserData();
             User user = new User();
             user.username = User.Identity.Name;
             user.password = pass.Hash(oldpass);
             if (userData.LoginUser(user))
             {
                 userData.ChangePassword(User.Identity.Name, pass.Hash(newpass1));
                 TempData["Message"] = "Şifreniz başarıyla değiştirildi";
                 return RedirectToAction("Index");
             }
             else
             {
                 TempData["Message"] = "Eski şifrenizi yanlış girdiniz";
                 return RedirectToAction("Index");
             }
         }
         else
         {
             TempData["Message"] = "Şifreler birbiriyle uyuşmuyor";
             return RedirectToAction("Index");
         }
     }
     else
     {
         TempData["Message"] = "Giriş yapmamışsınız";
         return RedirectToAction("Index");
     }
 }
        /// <summary>
        /// Yeni kullanıcı ekler.
        /// </summary>
        /// <param name="user"></param>
        /// <returns></returns>
        public void AddUser(User user)
        {
            string query = "insert into user (username,password) values (@username,@password)";

            MySqlCommand cmd = new MySqlCommand(query, con);
            cmd.Parameters.AddWithValue("@username", user.username);
            cmd.Parameters.AddWithValue("@password", user.password);

            Open();
            cmd.ExecuteNonQuery();
            Close();
        }
        /*public bool CheckUserRole(string username, string role)
        {
            string query = "select role from user where username=@username";

            MySqlCommand cmd = new MySqlCommand(query, con);
            cmd.Parameters.AddWithValue("@username", username);

            OpenConnection();
            bool result = (role == Convert.ToString(cmd.ExecuteScalar()));
            CloseConnection();

            return result;
        }*/
        /// <summary>
        /// Kullanıcının şifre ve kullanıcı adının eşleşip eşleşmediğini kontrol eder.
        /// </summary>
        /// <param name="user"></param>
        /// <returns>Bilgiler eşleşiyorsa 'true', eşleşmiyorsa 'false' döndürür.</returns>
        public bool LoginUser(User user)
        {
            string query = "select password from user where username=@username";

            MySqlCommand cmd = new MySqlCommand(query, con);
            cmd.Parameters.AddWithValue("@username",user.username);

            Open();
            bool result = (user.password == Convert.ToString(cmd.ExecuteScalar()));
            Close();

            return result;
        }
        /// <summary>
        /// Tüm kullanıcı adlarını veritabanından çeker.
        /// </summary>
        /// <returns></returns>
        public List<User> GetUsers()
        {
            string query = "select * from user";

            List<User> users = new List<User>();

            MySqlCommand cmd = new MySqlCommand(query, con);

            Open();
            MySqlDataReader reader = cmd.ExecuteReader();
            while (reader.Read())
            {
                User user = new User();
                user.username = Convert.ToString(reader["username"]);
                //user.password = Convert.ToString(reader["password"]);
                users.Add(user);
            }
            Close();

            return users;
        }
        public ActionResult Login(string username, string remember, string password)
        {
            User user = new User();
            user.username = username;
            PasswordMethods pass = new PasswordMethods();
            user.password = pass.Hash(password);

            UserData userData = UserData.GetUserData();
            if (Request.IsAuthenticated)
            {
                TempData["Message"] = "Zaten giriş yapmışsınız";
                return RedirectToAction("Index");
            }
            else
            {
                if (userData.LoginUser(user))
                {
                    if (remember == "on")
                    {
                        HttpCookie hc = new HttpCookie("username");
                        hc.Value = username;
                        Response.Cookies.Add(hc);
                    }
                    else if (remember == null)
                    {
                        if (Request.Cookies["username"] != null)
                        {
                            HttpCookie hc = new HttpCookie("username");
                            hc.Expires = DateTime.Now.AddDays(-1);
                            Response.Cookies.Add(hc);
                        }
                    }

                    RolesData rolesData = RolesData.GetRolesData();
                    string role = rolesData.GetRole(user.username);

                    System.Web.Security.FormsAuthenticationTicket ticket = new System.Web.Security.FormsAuthenticationTicket(
                        1,
                        user.username,
                        DateTime.Now,
                        DateTime.Now.AddMinutes(30),
                        false,
                        role,
                        System.Web.Security.FormsAuthentication.FormsCookiePath);

                    string EncryptedTicket = System.Web.Security.FormsAuthentication.Encrypt(ticket);

                    HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, EncryptedTicket);
                    cookie.HttpOnly = true;
                    Response.Cookies.Add(cookie);

                    //System.Web.Security.FormsAuthentication.SetAuthCookie(user.username, false);
                    TempData["Message"] = "Giriş başarılı";
                    return RedirectToAction("Index");
                }
                else
                {
                    TempData["Message"] = "Yanlış kullanıcı adı veya şifre";
                    return RedirectToAction("Index");
                }
            }
        }