// public IActionResult Register(User _user) public IActionResult Register(ModelForLoginPage information) { User _user = information.Register; // Check initial ModelState if (ModelState.IsValid) { // If a User exists with provided email if (dbContext.Users.Any(u => u.Email == _user.Email)) { // Manually add a ModelState error to the Email field, with provided // error message ModelState.AddModelError("Register.Email", "Email already in use!"); return(View("LoginAndReg")); // You may consider returning to the View at this point } // Initializing a PasswordHasher object, providing our User class as its PasswordHasher <User> Hasher = new PasswordHasher <User>(); _user.Password = Hasher.HashPassword(_user, _user.Password); dbContext.Add(_user); dbContext.SaveChanges(); ViewBag.Email = _user.Email; return(View("LoginAndReg")); //if registration is successfull, what? return to the first page and wait for the user to login? //or maybe go to the success page with the user already registered and logged in? } else { // Oh no! We need to return a ViewResponse to preserve the ModelState, and the errors it now contains! return(View("LoginAndReg")); } }
// public IActionResult Login(LoginUser userSubmission) public IActionResult Login(ModelForLoginPage information) { LoginUser userSubmission = information.Login; HttpContext.Session.Clear(); if (ModelState.IsValid) { // If inital ModelState is valid, query for a user with provided email var userInDb = dbContext.Users.FirstOrDefault(u => u.Email == userSubmission.Email); // If no user exists with provided email if (userInDb == null) { // Add an error to ModelState and return to View! ModelState.AddModelError("Email", "Invalid Email/Password"); return(View("LoginAndReg")); } // Initialize hasher object var hasher = new PasswordHasher <LoginUser>(); // verify provided password against hash stored in db var result = hasher.VerifyHashedPassword(userSubmission, userInDb.Password, userSubmission.Password); // result can be compared to 0 for failure if (result == 0) { // handle failure (this should be similar to how "existing email" is handled) // Add an error to ModelState and return to View! ModelState.AddModelError("Password", "Invalid Email/Password"); //Clean up the session's user Id: return(View("LoginAndReg")); } if (HttpContext.Session.GetInt32("UserId") == null) { HttpContext.Session.SetInt32("UserId", userInDb.UserId); HttpContext.Session.SetString("UserName", userInDb.UserName); } else { HttpContext.Session.SetInt32("UserId", userInDb.UserId); HttpContext.Session.SetString("UserName", userInDb.UserName); } return(Redirect("/")); } else { // Oh no! We need to return a ViewResponse to preserve the ModelState, and the errors it now contains! return(View("LoginAndReg")); } }