public ActionResult Login(LoginModel model)
{
using (DocCommanderEntities db = new DocCommanderEntities())
{
//Get configured values and get the users this template is for an intranet application.
//Note AdminLoginOnlyallowed is commented out as
//bool AdminLoginOnlyAllowed = bool.Parse(System.Configuration.ConfigurationManager.AppSettings["AdminLoginOnlyAllowed"]);
int maxBadLogins = int.Parse(System.Configuration.ConfigurationManager.AppSettings["MaxBadLogins"]);
Account acc = AccountRepos.Get(model.UserName);
//Trap errors
if (acc == null)
{
ModelState.AddModelError("", "Your username or password is not correct.");
}
if (!(bool)acc.IsEnabled)
{
ModelState.AddModelError("", "Your account is not enabled. Please contact your site administrator.");
}
//if(AdminLoginOnlyAllowed && !User.IsInRole("Admin"))
//ModelState.AddModelError("", "This website is being maintained. Normal service will resume shortly.");
//check details submitted
if (ModelState.IsValid)
{
if (WebSecurity.IsConfirmed(model.UserName))
{
if (WebSecurity.Login(acc.UserName, model.Password, persistCookie: model.RememberMe))
{
//use the Enable function to reset the numBad Logins to 0;
AccountRepos.Enable(acc.UserName);
return(RedirectToAction("Dashboard", "Account"));
}
else
{
ModelState.AddModelError("", "Your username or password is not correct");
AccountRepos.AddBadLogin(model.UserName);
RedirectToAction("SendNotifyFailedLoginEmail", "Email", new { username = model.UserName });
if (maxBadLogins > 0 && AccountRepos.GetNumBadLogins(acc.AccountId) > maxBadLogins)
{
AccountRepos.Disable(acc.UserName);
}
}
}
else
{
ModelState.AddModelError("", "Your account is not activated. Please Check Your email and activate your account.");
}
}
}
return(View(model));
}
public ActionResult ChangePassword(ChangePasswordModel model)
{
if (ModelState.IsValid)
{
bool security = WebSecurity.ResetPassword(model.Token, model.NewPassword);
if (security)
{
AccountRepos.Enable(model.UserName);
}
return(RedirectToAction("ChangePasswordSuccess"));
}
return(View(model));
}
public ActionResult ConfirmAccount()
{
//get values from request, verify and activate account.
string username = Request.QueryString["u"];
string token = Request.QueryString["t"];
bool success = WebSecurity.ConfirmAccount(username, token);
if (success)
{
AccountRepos.Enable(username);
return(RedirectToAction("ConfirmationSuccess"));
}
ViewBag.ErrorMessage("We could not confirm your account. The confirmation token is nonly valid for 24Hours. please click here to request another confirmation email.");
return(View("Error"));
}