public AdministratorLogin loginDetails()
 {
     AdministratorLogin tmplogin = new AdministratorLogin();
     tmplogin.Email = this.Email;
     tmplogin.Password = this.Password;
     tmplogin.UserId = this.UserId;
     return tmplogin;
 }
        public ActionResult Login(AdministratorLogin administrator)
        {
            if (IsValid(ref administrator))

            {

                //FormsAuthenticationTicket with the supplied username & persistence options, serializes it,

                FormsAuthentication.SetAuthCookie(administrator.Email, false);
                //Roles.AddUserToRole(administrator.Email, "Admin");
                //http://stackoverflow.com/questions/23301445/formsauthentication-setauthcookie-vs-formsauthentication-encrypt
                Session["logged_in"] = true;
                Session["AdministratorLogin"] = administrator;
                //set users roles

                //return RedirectToAction("Index", "Home");

                if (Request.QueryString["fromUrl"] != null)
                {

                    return Redirect(Request.QueryString["fromUrl"]);
                }

                return RedirectToAction("Index", "Home");
            }
            else
            {
                ModelState.AddModelError("", "Login details are wrong.");
            }

            return View(administrator);
        }
        /// <summary>
        ///  IsValid checks a email and password against the database
        ///  @todo encrypt or salt password
        /// </summary>
        /// <param name="AdministratorLogin">by ref pass AdministratorLogin details</param>
        /// <returns>returns true or false</returns>
        private bool IsValid(ref AdministratorLogin administrator)
        {
            StudentRegistrationsModel db = new StudentRegistrationsModel();
            bool IsValid = false;
            string admin_email = administrator.Email;
            //grab the user
            var user = db.Administrators.FirstOrDefault(theUser => theUser.Email == admin_email);

                if (user != null)
                {
                    if (PasswordHashing.passwordValid(administrator.Password, user.Password))
                    {
                        //account is valid we need to update our admin account with the ID
                        administrator.UserId = user.UserId;
                        IsValid = true;

                    }
                }

            return IsValid;
        }
        public ActionResult ChangePassword(AdministratorLogin theAdmin)
        {
            StudentRegistrationsModel db = new StudentRegistrationsModel();
            //passing back from session so no injection of userID or email can happen we also need to clear the model state and re-validate
            ModelState.Clear();
            theAdmin.Email = this.AdminSession().Email;
            theAdmin.UserId = this.AdminSession().UserId;
            TryValidateModel(theAdmin);

            //ModelState.Clear();
            //check password match
            if (theAdmin.Password != Request.Form["password_match"])
            {
                //clear the viewbag password so they re-type
                ViewBag.password_match = String.Empty;
                ModelState.AddModelError("Password", "Passwords don't match");
            }
            if (!ModelState.IsValid)
            {
                foreach (ModelState modelState in ViewData.ModelState.Values)
                {
                    foreach (ModelError error in modelState.Errors)
                    {
                        Console.Write(error);
                    }
                }
                return View(theAdmin);
            }

            //grab the current admin session and update password
            //process the update
            AdministratorLogin thisUser = this.AdminSession();

            var change = (from a in db.Administrators
                          where a.UserId == thisUser.UserId
                            select a).SingleOrDefault();
            //rehash password
            change.Password = PasswordHashing.Encrypt(theAdmin.Password);

            //clean up from recovery
            if (Session["AdministratorRecovery"] != null)
            {
                Session.Remove("AdministratorRecovery");
                //remove any recovery options that are set
                var recovery = (from b in db.Recoveries where b.UserId == change.UserId select b);
                foreach (var entry in recovery)
                    db.Recoveries.Remove(entry);
            }

            db.Entry(change).State = EntityState.Modified;
            db.SaveChanges();

            return RedirectToAction("Index");
        }