public ActionResult CheckUserPass(string name, string pass)
{
int userID = repo.GetUserID(name);
string db_saltHashed = repo.GetSaltHashedPassword(userID);
string db_salt = repo.GetSalt(userID);
SaltHashPassword shp = new SaltHashPassword();
string saltHashed = db_salt + shp.GetHashedPassword(pass);
// check if password is correct
if (saltHashed != db_saltHashed)
{
return new JsonResult() { Data = false };
}
return new JsonResult() { Data = true };
}
public ActionResult Register(UsersViewModel updateModel)
{
string user = updateModel.User.Username;
if (repo.CheckUserExist(user))
{
Session["User"] = user;
return RedirectToAction("Register", "Admin");
}
UsersViewModel uvm = new UsersViewModel();
uvm.User = new User();
SaltHashPassword shPass = new SaltHashPassword();
string pwd = updateModel.User.Password;
uvm.User.Username = updateModel.User.Username;
uvm.User.FirstName = updateModel.User.FirstName;
uvm.User.LastName = updateModel.User.LastName;
uvm.User.SecretQuestion = updateModel.User.SecretQuestion;
uvm.User.SecretAnswer = updateModel.User.SecretAnswer;
uvm.User.PasswordSalt = shPass.GetSaltPassword();
uvm.User.Password = shPass.GetHashedPassword(pwd);
uvm.User.Created = DateTime.Now;
if (ModelState.IsValid)
{
repo.AddNewUser(uvm.User);
//repo.Save();
}
return View(uvm);
}
public ActionResult Index(User login)
{
string user = login.Username;
if (repo.CheckUserExist(user))
{
int userID = repo.GetUserID(user);
string db_saltHashed = repo.GetSaltHashedPassword(userID);
string db_salt = repo.GetSalt(userID);
SaltHashPassword shp = new SaltHashPassword();
string password = login.Password;
string saltHashed = db_salt + shp.GetHashedPassword(password);
// check if password is correct
if (saltHashed == db_saltHashed)
{
Session["Username"] = user;
Session["UserID"] = userID;
return RedirectToAction("Create", "Admin");
}
else
{
Session["Message"] = "Password Incorrect!";
return RedirectToAction("Index", "Admin");
}
}
Session["Message"] = "Username does not exist!";
return RedirectToAction("Index", "Admin");
}