public ActionResult Login(LoginViewModel model) { model.message = ""; model.errMessage = ""; // If username and password are blank, display an error msg. if (model.uname == null || model.psw == null) { model.errMessage = "Please enter valid username and password."; return(View(model)); } Account activatedAccount = AccountDB.FindActivatedAccount(model.uname); // If account not found, displays an error msg. if (activatedAccount == null) { model.errMessage = "Please enter valid username and password."; return(View(model)); } else { model.name = activatedAccount.Name; } // Create a string to store entered passwordHash from user. string userHash = AccountDB.CreateHash(model.psw, activatedAccount.PasswordSalt); model.role = activatedAccount.Role; // Compare entered on screen username + passsword with the ones stored in DB. if (model.uname == activatedAccount.Username && userHash == activatedAccount.PasswordHash) { // Validate Roles, if staff then goes to Story2. if (activatedAccount.Role == Role.Employee || activatedAccount.Role == Role.Manager) { model.message = "Hi staff!"; Thread thread = new Thread(() => { Form mainForm = new MainForm(activatedAccount); mainForm.ShowDialog(); }); thread.Start(); } // Validate Roles, if subscriber then promts a success login message. else if (activatedAccount.Role == Role.Subscriber) { // Special object to store login user in session Session["account"] = activatedAccount; return(RedirectToAction("UserAccount")); } } // Validate entered username in login. else if (model.uname != activatedAccount.Username) { model.errMessage = "Please enter valid username and password."; } // Validate entered password in login. else if (userHash != activatedAccount.PasswordHash) { model.errMessage = "Please enter valid username and password."; } else { // display an error message if username and password not found in DB. model.errMessage = "Please enter valid username and password."; } return(View(model)); }