public IActionResult LogIn(LogInViewModel logViewModel)
{
if (ModelState.IsValid)
{
var password = PasswordEncodingService.GetHashSha256(logViewModel.Password);
SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService();
if (sQLInjectionProtectionService.HasMaliciousCharacters(logViewModel.UserName))
{
ViewData["MaliciousSymbols"] = Constant.MaliciousSymbols;
return(View());
}
if (db.Accounts.FirstOrDefault(x => x.UserName == logViewModel.UserName && x.Password == password) != null)
{
var user = db.Accounts.FirstOrDefault(x => x.UserName == logViewModel.UserName && x.Password == password);
HttpContext.Session.SetString("CurrentUser", user.UserName);
HttpContext.Session.SetString("CurrentUserId", user.Id.ToString());
if (user.Role == Role.Admin)
{
HttpContext.Session.SetString("CurrentUserIsAdmin", "true");
}
else
{
HttpContext.Session.SetString("CurrentUserIsAdmin", "false");
}
return(RedirectToAction("Index", "Home"));
}
else
{
ViewData["InvalidUser"] = Constant.LogInInvalidUserCredentialsError;
return(View());
}
}
return(View());
}
public IActionResult Register(AccountViewModel accViewModel)
{
if (ModelState.IsValid)
{
SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService();
List <string> dataList = new List <string> {
accViewModel.UserName, accViewModel.Email, accViewModel.Password, accViewModel.ConfirmPassword
};
if (sQLInjectionProtectionService.HasMaliciousCharacters(dataList))
{
ViewData["MaliciousSymbols"] = Constant.MaliciousSymbols;
return(View());
}
if (db.Accounts.FirstOrDefault(x => x.UserName == accViewModel.UserName) != null)
{
ViewData["UsernameError"] = Constant.UsernameAlreadyExists;
}
if (db.Accounts.FirstOrDefault(x => x.Email == accViewModel.Email) != null)
{
ViewData["EmailError"] = Constant.EmailAlreadyExists;
}
if (ViewData["UsernameError"] != null || ViewData["EmailError"] != null)
{
return(View());
}
int termsCheckBox = Request.Form["TermsCheckBox"].Count;
int ageCheckBox = Request.Form["AgeCheckBox"].Count;
if (termsCheckBox == 1 && ageCheckBox == 1)
{
Account account = new Account
{
UserName = accViewModel.UserName,
Password = PasswordEncodingService.GetHashSha256(accViewModel.Password),
Email = accViewModel.Email,
Role = Role.User
};
db.Accounts.Add(account);
db.SaveChanges();
this.TempData["SuccessfullyRegistered"] = Constant.SuccessfullyRegistered;
return(View());
}
else
{
ViewData["LoginError"] = Constant.LogInError;
return(View());
}
}
return(View());
}
public IActionResult UpdatePassword(ProfileViewModel profileViewModel)
{
if (ModelState.IsValid)
{
if (profileViewModel.CurrentPassword == null || profileViewModel.NewPassword == null)
{
this.TempData["NoDataEntered"] = Constant.NoDataEntered;
return(RedirectToAction("Profile"));
}
else if (profileViewModel.CurrentPassword != null && profileViewModel.NewPassword != null)
{
var userName = HttpContext.Session.GetString("CurrentUser");
var account = db.Accounts.FirstOrDefault(x => x.UserName == userName);
var password = PasswordEncodingService.GetHashSha256(profileViewModel.CurrentPassword);
var newPassword = PasswordEncodingService.GetHashSha256(profileViewModel.NewPassword);
if (password == newPassword)
{
this.TempData["MatchingPassword"] = Constant.MatchingPassword;
return(RedirectToAction("Profile"));
}
else if (password == account.Password)
{
account.Password = PasswordEncodingService.GetHashSha256(profileViewModel.NewPassword);
db.SaveChanges();
this.TempData["MadeChangesToPass"] = Constant.MadeChangesToPass;
return(RedirectToAction("Profile"));
}
else
{
this.TempData["ErrorChanges"] = Constant.ErrorChanges;
return(RedirectToAction("Profile"));
}
}
}
this.TempData["ErrorComplexity"] = Constant.ErrorComplexity;
return(RedirectToAction("Profile"));
}
