public ActionResult SelectUser(string userEmail, string userPassword, string P1, string P2) { SelectionOptionID user = new SelectionOptionID(IDnotFound, ""); person _person = new person(); if (userEmail != null && userPassword != null) { var _session = sessionService.GetSession(this.HttpContext, false, false); bool personFound = false; bool userAuthor = false; string xP1 = _session.sessionGUID.Substring(0, 12); string xP2 = _session.sessionGUID.Substring(11, 12); if (P1 == xP1 && P2 == xP2) { try //checks if person is in database { _person = persons.GetAll().Where(u => u.email == userEmail). FirstOrDefault(); personFound = !(_person.Equals(default(person))); } catch (Exception e) { Console.WriteLine("An error occurred: '{0}'", e); } } // Person found in database if (personFound) { userAuthor = sessionService.VerifyHash(_person.ID, userPassword); } // User is authorized if (userAuthor) { user.ID = _person.ID; user.Label = userEmail; _session.idStaff = user.ID; } else { user.ID = IDnotFound; user.Label = string.Empty; _session.idStaff = null; } sessions.Update(_session); sessions.Commit(); } return Json(user); }
public ActionResult ResetPassword(long personID) { var sessionID = sessionService.GetSessionID(this.HttpContext, true, true); person _person = new person(); bool personFound = false; try //checks if person is in database { _person = persons.GetById(personID); personFound = !(_person.Equals(default(person))); } catch (Exception e) { Console.WriteLine("An error occurred: '{0}'", e); } // Person has been found, reset password if (personFound) { _person.password = sessionService.GetHash("012345"); persons.Update(_person); persons.Commit(); } return RedirectToAction("ResetPassword","Staff"); }