public ActionResult Create(user user) { if (ModelState.IsValid) { // Add the customer role to the new user object user.user_role = (int)SiteRoles.Customer; // Encrypt the user's password AES aes = new AES(); user.password = aes.EncryptToString(user.password); user.ConfirmPassword = aes.EncryptToString(user.ConfirmPassword); // Try to add the user to the database and save the changes // Exception is thrown in case of errors (ex: unique field value is not respected) try { if (!om.Create(user)) { return View("Create"); } } catch (DbUpdateException e) { HandleDbUpdateException(e); // Return to the original page we were at. Any errors added into the model will be shown automatically by the view return View("Create"); } catch (Exception) { ViewBag.Error = Global.ServerError; return View("Create"); } // Create a cookie with our user information FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.username, DateTime.Now, DateTime.Now.AddDays(1), false, user.id.ToString(), FormsAuthentication.FormsCookiePath); // Now that the user was properly created we can add the customer role to the session HttpContext.Session["role"] = SiteRoles.Customer; // Encrypt the ticket string hashedTicket = FormsAuthentication.Encrypt(ticket); // Create the new cookie and add it into the response Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, hashedTicket)); return RedirectToAction("Index", "Home"); } // If we got to this point then something went wrong ViewBag.Error = Global.ServerError; return View("Create"); }
/// <summary> /// Creates an entry of type user in the database. /// </summary> /// <param name="username">A unique string to represent the user.</param> /// <param name="currentTable">A table in the restaurant.</param> /// <param name="userRole">The role of the user (ex: Administrator, Client)</param> /// <returns>The created user entity.</returns> public user AddUser(string email, table currentTable, int userRole) { //Initialise db = new touch_for_foodEntities(); user testUser = new user(); //Set attributes testUser.username = email; // Make sure the password is encrypted AES aes = new AES(); testUser.password = aes.EncryptToString(email); testUser.ConfirmPassword = aes.EncryptToString(email); testUser.first_name = email; testUser.last_name = email; testUser.email = email; testUser.image_url = email; testUser.current_table_id = currentTable.id; testUser.version = 1; testUser.user_role = userRole; //Save db.users.Add(testUser); db.SaveChanges(); db.Dispose(); return testUser; }
public ActionResult LogOn(string username, string password) { if (ModelState.IsValid) { // Create our AES object so we can encrypt the password and compare AES aes = new AES(); password = aes.EncryptToString(password); user user = db.users.FirstOrDefault(m => m.username.Equals(username, StringComparison.Ordinal) && m.password.Equals(password, StringComparison.Ordinal)); if (user != null) { FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.username, DateTime.Now, DateTime.Now.AddDays(1), false, user.id.ToString(), FormsAuthentication.FormsCookiePath); // Encrypt the ticket string hashedTicket = FormsAuthentication.Encrypt(ticket); // Create the new cookie and add it into the response Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, hashedTicket)); // Add the custom role HttpContext.Session["role"] = user.user_role; return RedirectToAction("Index", "Home"); } else { ModelState.AddModelError(string.Empty, Global.UsernamePasswordIncorrect); return View("LogOn"); } } return RedirectToAction("LogOn"); }
public ActionResult Edit(user user, HttpPostedFileBase file) { // Get array of errors (if any) var errors = ModelState.Where(x => x.Value.Errors.Count > 0) .Select(x => new { x.Key, x.Value.Errors }) .ToArray(); // Only allow entry if the ModelState is valid or if we have an invalid ModelState that's caused by a blank (null) password if (ModelState.IsValid || (!ModelState.IsValid && errors.Length == 1 && errors[0].Key.Equals("password", StringComparison.Ordinal) && (user.password == null && user.ConfirmPassword == null))) { try { if (file != null && file.ContentLength > 0) { var fileName = Path.GetFileName(file.FileName); var path = Path.Combine(Server.MapPath("~/uploads/user_images/"), "user_" + user.id + Path.GetExtension(fileName)); //Save the file in given location file.SaveAs(path); //Update the db to show where profile image is located user.image_url = Path.Combine("~/uploads/user_images/", "user_" + user.id + Path.GetExtension(fileName)); } // If the user did enter passwords, we hash them if (user.password != null && user.ConfirmPassword != null) { // Encrypt the user's password AES aes = new AES(); user.password = aes.EncryptToString(user.password); user.ConfirmPassword = aes.EncryptToString(user.ConfirmPassword); } if (om.edit(user)) return RedirectToAction("Index", "Home"); else { ViewBag.Error = Global.VersioningError; } } catch (Exception) { ViewBag.Error = Global.ServerError; } } return View(user); }