public ActionResult UpdatePassword(UpdatePasswordVM form)
{
ActionResult response = new ViewResult();
if (ModelState.IsValid)
{
UserPO user = Mapper.Mapper.UserDOtoPO(_UserDAO.ViewByUserName(Session["UserName"].ToString()));
byte[] oldPassword = Hashing.GenerateSHA256Hash(form.OldPassword, user.Salt);
bool passwordsMatch = Hashing.CompareByteArray(oldPassword, user.Password);
if (passwordsMatch)
{
if (form.NewPassword == form.PasswordConfirmation)
{
user.Salt = Hashing.CreateSalt(10);
user.Password = Hashing.GenerateSHA256Hash(form.NewPassword, user.Salt);
}
try
{
UserDO userDO = Mapper.Mapper.UserPOtoDO(user);
_UserDAO.UpdateUser(userDO);
response = RedirectToAction("AccountView", "Account");
}
catch (SqlException sqlEx)
{
if (sqlEx.Data.Contains("Logged"))
{
if ((bool)sqlEx.Data["Logged"] == false)
{
Logger.LogSqlException(sqlEx);
}
}
response = View(form);
}
catch (Exception ex)
{
if (!ex.Data.Contains("Logged") || (bool)ex.Data["Logged"] == false)
{
Logger.LogException(ex);
}
response = View(form);
}
}
}
else
{
ModelState.AddModelError("PasswordConfirmation", "Invalid entry. Please check your entries and try again.");
return(View(form));
}
return(response);
}
public ActionResult Login(Login form)
{
ActionResult response;
//checks to see if username and password were properly filled out
if (ModelState.IsValid)
{
//try to connect to the db and aquire user information, based on username entered
try
{
UserPO user = Mapper.Mapper.UserDOtoPO(_UserDAO.ViewByUserName(form.UserName));
//if user marked banned or inactive, returns view, passing back the form and error message
//if user id = 0, user does not exist. returns to view, passing back the form and error message
if (user.UserID != 0)
{
byte[] tempHash = Hashing.GenerateSHA256Hash(form.Password, user.Salt);
bool passwordsMatch = Hashing.CompareByteArray(user.Password, tempHash);
//ToDo: unhash password
//tests if users stored password matches the one entered. if false, returns to view passing back the form and error message
if (passwordsMatch)
{
if (!user.Banned && !user.Inactive)
{
//setting all Session information required.
Session["UserName"] = user.UserName;
Session["Role"] = user.Role;
Session["RoleName"] = user.RoleName;
Session["FirstName"] = user.FirstName;
Session["LastName"] = user.LastName;
Session["Banned"] = user.Banned;
//redirecting to home page
response = RedirectToAction("Index", "Home");
}
else
{
//Provides an error message, informing the user the account they attempted to access is banned
string errorMessage = "User: "******" has been banned, or marked inactive!";
ModelState.AddModelError("Password", errorMessage);
response = View(form);
}
}
else
{
//providing an error message if username or password is incorrect and returning to view
ModelState.AddModelError("Password", "Username or password was incorrect");
response = View(form);
}
}
else
{
//providing an error message if username or password is incorrect and returning to view
ModelState.AddModelError("Password", "Username or Password was incorrect");
response = View(form);
}
}
//catch and log sqlExceptions encountered
catch (SqlException sqlEx)
{
if (!((bool)sqlEx.Data["Logged"] == true) || !sqlEx.Data.Contains("Logged"))
{
Logger.LogSqlException(sqlEx);
}
response = View(form);
}
catch (Exception ex)
{
if (!ex.Data.Contains("Logged") || (bool)ex.Data["Logged"] == false)
{
Logger.LogException(ex);
}
response = View(form);
}
}
else
{
//returning to view if modelstate invalid
ModelState.AddModelError("Password", "Username or Password is incorrect!");
response = View(form);
}
return(response);
}
