public ActionResult Login(LoginSender msg) { USERS temp = new USERS(); if (msg == null) { ViewBag.Error = "Empty account"; } else { temp = db.USERS.Where(u => u.ACCOUNT == msg.account).Where(u => u.AUTHORITY == "admin").FirstOrDefault(); if (temp == null) { ViewBag.Error = "Account wrong"; } else { //Decode the password from base64 and verify byte[] bytes = Convert.FromBase64String(temp.PASSWORD); var decode_password = Encoding.UTF8.GetString(bytes); if (msg.password == decode_password) { Session["admin_auth"] = true; Session["admin_id"] = temp.ID; Session["admin_account"] = msg.account; return(Redirect("~/Admin/Index")); } else { ViewBag.Error = "Account or password wrong!"; } } } return(Redirect("~/Admin/Login")); }
public ActionResult Index(LoginSender msg) { MUSER temp = new MUSER(); if (msg == null) { ViewBag.Error = "Empty account"; } else { var isuser = db.Database.SqlQuery <int>("select USERID from MUSER where USERID=" + msg.account).FirstOrDefault(); var _password = db.Database.SqlQuery <string>("select USERPASSWORD from MUSER where USERID=" + msg.account).FirstOrDefault(); ViewBag._password = _password; if (isuser == 0) { ViewBag.Error = "Account wrong"; return(View()); } else { ViewBag._password = _password; if (msg.password.CompareTo(_password) == 0) { // Store userID into session //HttpContext.Session["account"] = msg.account; HttpContext.Session.Add("account", isuser); //Object s = HttpContext.Session["account"]; ViewBag.check = 1; return(Redirect("~/Home/Index")); } else { ViewBag.Error = "Account or password wrong!"; return(View()); } } } return(Redirect("~/Home/Index")); }