public ActionResult Login([Bind(Include = "UserName,Password,Role,LeaderName,LeaderId")] LeaderErrors leaderModel)
{
if (!ModelState.IsValid) //Checks if input fields have the correct format
{
return(View(leaderModel)); //Returns the view with the input values so that the user doesn't have to retype again
}
using (RumourMillEntities db = new RumourMillEntities())
{
// hash the password and compare against database
if (!(leaderModel.UserName == null || leaderModel.Password == null))
{
var hashedPassword = Sha256encrypt(leaderModel.Password);
var leaderDetails = db.Leaders.Where(x => x.UserName == leaderModel.UserName && x.Password == hashedPassword).FirstOrDefault();
if (leaderDetails != null)
{
var identity = new ClaimsIdentity(new[] {
new Claim(ClaimTypes.Role, leaderDetails.Role),
new Claim(ClaimTypes.Name, leaderDetails.LeaderName),
new Claim(ClaimTypes.NameIdentifier, leaderDetails.LeaderId.ToString())
},
"ApplicationCookie");
// get owin context
var ctx = Request.GetOwinContext();
// get authentication manager
var authManager = ctx.Authentication;
//sign in as claimed identity- in this case the admin
//A user is authenticated by calling AuthenticationManager.SignIn
authManager.SignIn(identity);
//User is authenticated and redirected
return(RedirectToAction("Index", "Home"));
}
else
{
leaderModel.ErrorMessage = "The username or password entered is incorrected. Please try again.";
//User authentication failed
}
}
else
{
leaderModel.ErrorMessage = "The username or password entered is incorrected. Please try again.";
//User authentication failed - blank
}
}
return(View(leaderModel)); //Should always be declared on the end of an action method
}
public ActionResult ChangePassword([Bind(Include = "currentPassword,newPassword,LeaderId,Password,ErrorMessage")] string currentPassword, string newPassword, LeaderErrors leaderModel)
{
if (!ModelState.IsValid) //Checks if input fields have the correct format
{
return(View()); //Returns the view with the input values so that the user doesn't have to retype again
}
using (RumourMillEntities db = new RumourMillEntities())
{
int id = Convert.ToInt32(User.Identity.GetUserId());
// hash the password and compare against database
if (!(id == null || currentPassword == null))
{
var hashedPassword = Sha256encrypt(currentPassword);
var leaderDetails = db.Leaders.Where(x => x.LeaderId == id && x.Password == hashedPassword).FirstOrDefault();
if (leaderDetails != null)
{
var newHashedPassword = Sha256encrypt(newPassword);
db.Set <Leader>().SingleOrDefault(o => o.LeaderId == id).Password = newHashedPassword;
db.SaveChanges();
return(RedirectToAction("Index", "Home"));
}
else
{
//User authentication failed
leaderModel.ErrorMessage = "The current password you've entered is incorrect. Please try again.";
return(View(leaderModel));
}
}
else
{
leaderModel.ErrorMessage = "Please enter your current password and your new password.";
//User authentication failed - blank
}
}
return(View(leaderModel)); //Should always be declared on the end of an action method
}