public string CheckLogin(string username, string password)
{
var result = db.Accounts
.Include(a => a.Role)
.Where(a => a.Username == username && a.IsActive == true)
.Select(a => new { a.Username, a.Password, a.PasswordSalt, a.Role.RoleName, a.RoleId, a.FirstName, a.LastName })
.FirstOrDefault();
if (result == null)
{
return(null);
}
string saltKey = result.PasswordSalt;
string encryptPassword = EncryptPasswordUtil.EncryptPassword(password, saltKey);
//compared with encrypt password stored in database
if (encryptPassword == result.Password)
{
//password is correct
//Manage session
//serialize username and role name to add to session
//return to admin dashboard if admin
var loginInfo = new
{
Username = username,
RoleId = result.RoleId,
RoleName = result.RoleName,
FullName = result.LastName + " " + result.FirstName
};
return(JsonConvert.SerializeObject(loginInfo, Formatting.Indented));
}
return(null);
}
public bool UpdateAccountPassword(string username, string password, string newPassword)
{
Account account = db.Accounts.Find(username);
string encryptedPassword = EncryptPasswordUtil.EncryptPassword(password, account.PasswordSalt);
if (encryptedPassword != account.Password)
{
//incorrect password
return(false);
}
db.Accounts.Attach(account);
account.Password = EncryptPasswordUtil.EncryptPassword(newPassword, out string key);
account.PasswordSalt = key;
int result = db.SaveChanges();
if (db.Entry(account).State == EntityState.Unchanged || result > 0)
{
return(true);
}
return(false);
}
public ActionResult Register([Bind(Include = "username, email, firstName, lastName, phone, dob")] Account registerAccount)
{
if (ModelState.IsValid)
{
registerAccount.Gender = Request["gender"] == "male";
//ModelState.IsValid: whether auto binding request
//parameter to object account field is correct
registerAccount.Username = registerAccount.Username.ToLower();
registerAccount.Email = registerAccount.Email.ToLower();
//Step 1 check if username exists ?
string duplicateUsername = "";
string duplicateEmail = "";
bool canAdd = true;
if (accountService.IsDuplicatedUsername(registerAccount.Username))
{
duplicateUsername = "******" + registerAccount.Username + "' is duplicated";
canAdd = false;
}
if (accountService.IsDuplicatedEmail(registerAccount.Email))
{
duplicateEmail = "Email '" + registerAccount.Email + "' is duplicated";
canAdd = false;
}
if (!canAdd)
{
var viewModel = new AccountRegisterViewModel
{
Username = registerAccount.Username,
Email = registerAccount.Email,
FirstName = registerAccount.FirstName,
LastName = registerAccount.LastName,
Gender = registerAccount.Gender,
Dob = registerAccount.DOB,
Phone = registerAccount.Phone,
DuplicateEmailErrorMessage = duplicateEmail,
DuplicateUsernameErrorMessage = duplicateUsername
};
ViewBag.message = @"<script>$('.login-form').css('display', 'none');$('.register-form').css('display', 'block');$('.show-login-form').removeClass('active');$('.show-register-form').addClass('active');</script>";
return(View("~/Views/Home/login.cshtml", viewModel));
}
//halting password to store in database
//NOTE: do not auto binding password at first
registerAccount.Password = EncryptPasswordUtil.EncryptPassword(Request["password"], out string key);
registerAccount.PasswordSalt = key;
//set roleID, startDate, isActive
registerAccount.StartDate = DateTime.Now;
registerAccount.IsActive = true;
registerAccount.RoleId = 2; // default is member
if (accountService.AddNewAccount(registerAccount))
{
//auto login and redirect based on role
var loginAccount = new
{
Username = registerAccount.Username,
RoleName = accountService.GetRoleName(registerAccount.Username),
RoleId = registerAccount.RoleId,
FullName = registerAccount.LastName + " " + registerAccount.FirstName
};
Session["CURRENT_USER_ID"] = JsonConvert.SerializeObject(loginAccount, Formatting.Indented);
bool resultMerge = shoppingService.MergeCartSessionAnddDDB(Session.GetCurrentUserInfo("Username"));
if (resultMerge) //done => remove cart in session
{
Session["CART"] = null;
}
return(Redirect(Request.UrlReferrer.ToString()));
}
return(Content("Unexpected error"));
}
//return unexpected error please try again
//will have a 404 not found page default for all error
return(Content("Unexpected error"));
}