public IActionResult Login(UindexView patron) { if (ModelState.IsValid) { // I believe this query would prove inefficient for // large sets of data as I am looking at EVERY email. User UserInDb = database.Users .FirstOrDefault(u => u.Email == patron.UserExist.Email); if (UserInDb == null) { ModelState.AddModelError("UserExist.Email", "That Email does not exist"); Console.WriteLine("###### BAD EMAIL"); return(View("UserIndex", patron)); } PasswordHasher <LogUser> hasher = new PasswordHasher <LogUser>(); var result = hasher.VerifyHashedPassword( patron.UserExist, UserInDb.Password, patron.UserExist.Password ); if (result == 0) { ModelState.AddModelError("UserExist.Password", "That password does not exist"); Console.WriteLine("###### BAD PASSWORD"); return(View("UserIndex", patron)); } SessionId = UserInDb.UserId; SessionName = UserInDb.FirstName; return(RedirectToAction("MessageWall", "Wall")); } return(View("UserIndex")); }
public IActionResult Register(UindexView patron) { if (ModelState.IsValid) { // check the email isn't already in the data base if (database.Users.Any(u => u.Email == patron.UserNew.Email)) { ModelState.AddModelError("UserNew.Email", "Email already in use... sorry"); Console.WriteLine("###### BAD EMAIL"); return(View("UserIndex", patron)); } // hash the password PasswordHasher <User> hasher = new PasswordHasher <User>(); string hashedPW = hasher .HashPassword(patron.UserNew, patron.UserNew.Password); patron.UserNew.Password = hashedPW; Console.WriteLine("###### PW HAS BEEN HASHED"); // Add and save to the database database.Add(patron.UserNew); database.SaveChanges(); SessionId = patron.UserNew.UserId; SessionName = patron.UserNew.FirstName; Console.WriteLine("###### VALID"); return(RedirectToAction("MessageWall", "Wall")); } Console.WriteLine("###### INVALID"); return(View("UserIndex", patron)); }