public ActionResult Login(UserDTO UserLogin = null)
{
try
{
//remove validation because for login only need username and password
ModelState.Remove("FULL_NAME");
ModelState.Remove("CONFIRM_PASSWORD");
ModelState.Remove("ROLE_ID");
ModelState.Remove("ROLE_NAME");
ModelState.Remove("USER_ID");
if (ModelState.IsValid)
{
if (UserLogin != null)
{
using (DBEntities db = new DBEntities())
{
if (ModelState.IsValid)
{
//encrypt password with sha256
TB_USER user = db.TB_USER.FirstOrDefault(u => u.USERNAME == UserLogin.USERNAME);
//if user is not already in database
if (user == null)
{
TempData.Add("message", "User is not valid");
TempData.Add("type", "warning");
return(Redirect("~/auth/login"));
}
//if user is already in database
else
{
string d = CryptographyUtils.Encrypt(UserLogin.PASSWORD);
if (user.PASSWORD != CryptographyUtils.Encrypt(UserLogin.PASSWORD))
{
TempData.Add("message", "Password Wrong");
TempData.Add("type", "warning");
return(Redirect("~/auth/login"));
}
else
{
//make session is filed by userDTO
UserDTO userDTO = new UserDTO
{
ROLE_ID = user.ROLE_ID,
USER_ID = user.USER_ID,
USERNAME = user.USERNAME,
EMAIL = user.EMAIL,
FULL_NAME = user.FULL_NAME
};
Session.Add("UserLogin", userDTO);
return(Redirect("~/dashboard"));
}
}
}
}
return(Redirect("~/auth/login"));
}
}
return(Redirect("~/auth/login"));
}
catch (Exception)
{
return(Redirect("~/auth/error"));
}
}
