public JsonResult Login(Login loginUser)
        {
            Response.ContentType = "application/json; charset=utf-8";

            if (!ModelState.IsValid)
            {
                Response.StatusCode = 400;
                return(Json(new { message = "Bad request, please check your input and try again." }, JsonRequestBehavior.AllowGet));
            }

            using (CauseDBContext db = new CauseDBContext())
            {
                var matchedUsers = db.Members.FirstOrDefault(a => a.Email.Equals(loginUser.Email));
                if (matchedUsers != null && Crypto.VerifyHashedPassword(matchedUsers.Password, loginUser.Password))
                {
                    Session["UserID"]   = matchedUsers.ID.ToString();
                    Session["UserName"] = matchedUsers.Name.ToString();
                    // don't worry, this isn't actually used for any authorisation logic, just whether to display the admin menu link - the actual route is secured
                    if (matchedUsers.Role == Role.Admin)
                    {
                        Session["admin"] = true;
                    }
                    Response.StatusCode = 200;
                    return(Json(new { message = "Login complete, welcome back." }, JsonRequestBehavior.AllowGet));
                }
                else
                {
                    Response.StatusCode = 403;
                    return(Json(new { message = "The username/password was incorrect. Please try again." }, JsonRequestBehavior.AllowGet));
                }
            }
        }