public ActionResult SignIn(SignInVM User)
{
//add fullname and userid to vm
if (ModelState.IsValid)
{
Users u = new Users();
if (u.Authenticate(User.Login, User.Passkey))
{
DateTime exDate = User.RememberMe ? DateTime.Now.AddMonths(6) : DateTime.Now.AddDays(1);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, u.UserID,
DateTime.Now,
exDate,
true,
u.Fullname, FormsAuthentication.FormsCookiePath);
AppUtility.SetCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket), exDate, FormsAuthentication.RequireSSL);
AppUtility.SetCookie("UserFName", u.FirstName);
AppUtility.SetCookie("DeviceType", AppUtility.GetDeviceType());
if (string.IsNullOrEmpty(User.ReturnUrl))
{
return(Redirect(FormsAuthentication.DefaultUrl));
}
else
{
return(Redirect("~" + HttpUtility.UrlDecode(User.ReturnUrl)));
}
}
else
{
ModelState.AddModelError("", Users.ReturnMessage);
TempData["SignInMsg"] = Users.ReturnMessage;
return(RedirectToAction("Index", "Home"));
}
}
ModelState.AddModelError("", "Provide login and password");
TempData["SignInMsg"] = "Provide login and password";
return(RedirectToAction("Index", "Home"));
}
public bool Authenticate(string Email, string Passkey)
{
using (var db = new MemberLiteEntities().Init)
{
var u = db.Users.Select(a => new
{
a.UserID,
a.FirstName,
a.Email,
a.Password,
a.Status
})
.Where(a => a.Email == Email)
.FirstOrDefault();
if (u == null)
{
ReturnMessage = "Invalid login or password! Check and try again";
return(false);
}
string userIDHash = Crypto.SHA256Hash(u.UserID);
string pwdHash = Crypto.SHA256Hash(Passkey.ToUpper());
string finalHash = Crypto.SHA256Hash(userIDHash + pwdHash);
if (finalHash == u.Password)
{
//Check account status
var status = (StatusType)u.Status;
if (status == StatusType.Locked)
{
if (LockoutReleaseDate.HasValue)
{
//perform lock action
}
ReturnMessage = "Your account is locked!";
return(false);
}
else if (status == StatusType.Banned)
{
ReturnMessage = "You have been banned!";
return(false);
}
this.UserID = u.UserID;
//Log login history
db.LoginHistory.Add(new LoginHistory
{
UserID = u.UserID,
IP = AppUtility.GetUserIPAddress(),
DeviceType = AppUtility.GetDeviceType(),
DateStamp = DateTime.Now,
UserAgent = HttpContext.Current.Request.Browser.Browser
});
db.SaveChanges();
ReturnMessage = "Login ok!";
return(true);
}
else
{
ReturnMessage = "Invalid login or password! Check and try again.";
return(false);
}
}
}
