public ActionResult Login(LoginModel model, string returnUrl)
        {
            if (ModelState.IsValid)
            {
                int userID = AccountLogic.Login(model);
                if (userID > 0)
                {
                    Session["Username"] = model.UserName;
                    Session["TeamID"] = AccountLogic.GetTeamID(userID);
                    Session["IsAdmin"] = AccountLogic.GetIsAdmin(userID);
                    return RedirectToLocal(returnUrl);
                }
            }

            // If we got this far, something failed, redisplay form
            ModelState.AddModelError("", "The user name or password provided is incorrect.");
            return View(model);
        }
        public static int Login(LoginModel user)
        {
            DataTable data = new DataTable();
            int result = 0;
            string sql = @"select UserID, Password
                            from Users
                            where Username = @Username";

            using (SqlConnection conn = new SqlConnection(Main.GetDSN()))
            {
                SqlCommand command = new SqlCommand(sql, conn);
                command.Parameters.AddWithValue("@Username", user.UserName);
                new SqlDataAdapter(command).Fill(data);

                if (data.Rows.Count > 0)
                {
                    DataRow userRow = data.Rows[0];
                    string hash = userRow["Password"].ToString();
                    if (PasswordHash.ValidatePassword(user.Password, hash))
                    {
                        result = Convert.ToInt32(userRow["UserID"]);
                    }
                }
            }

            return result;
        }