// public IActionResult Register(User _user)
public IActionResult Register(ModelForLoginPage information)
{
User _user = information.Register;
// Check initial ModelState
if (ModelState.IsValid)
{
// If a User exists with provided email
if (dbContext.Users.Any(u => u.Email == _user.Email))
{
// Manually add a ModelState error to the Email field, with provided
// error message
ModelState.AddModelError("Register.Email", "Email already in use!");
return(View("LoginAndReg"));
// You may consider returning to the View at this point
}
// Initializing a PasswordHasher object, providing our User class as its
PasswordHasher <User> Hasher = new PasswordHasher <User>();
_user.Password = Hasher.HashPassword(_user, _user.Password);
dbContext.Add(_user);
dbContext.SaveChanges();
ViewBag.Email = _user.Email;
return(View("LoginAndReg")); //if registration is successfull, what? return to the first page and wait for the user to login?
//or maybe go to the success page with the user already registered and logged in?
}
else
{
// Oh no! We need to return a ViewResponse to preserve the ModelState, and the errors it now contains!
return(View("LoginAndReg"));
}
}
// public IActionResult Login(LoginUser userSubmission)
public IActionResult Login(ModelForLoginPage information)
{
LoginUser userSubmission = information.Login;
HttpContext.Session.Clear();
if (ModelState.IsValid)
{
// If inital ModelState is valid, query for a user with provided email
var userInDb = dbContext.Users.FirstOrDefault(u => u.Email == userSubmission.Email);
// If no user exists with provided email
if (userInDb == null)
{
// Add an error to ModelState and return to View!
ModelState.AddModelError("Email", "Invalid Email/Password");
return(View("LoginAndReg"));
}
// Initialize hasher object
var hasher = new PasswordHasher <LoginUser>();
// verify provided password against hash stored in db
var result = hasher.VerifyHashedPassword(userSubmission, userInDb.Password, userSubmission.Password);
// result can be compared to 0 for failure
if (result == 0)
{
// handle failure (this should be similar to how "existing email" is handled)
// Add an error to ModelState and return to View!
ModelState.AddModelError("Password", "Invalid Email/Password");
//Clean up the session's user Id:
return(View("LoginAndReg"));
}
if (HttpContext.Session.GetInt32("UserId") == null)
{
HttpContext.Session.SetInt32("UserId", userInDb.UserId);
HttpContext.Session.SetString("UserName", userInDb.UserName);
}
else
{
HttpContext.Session.SetInt32("UserId", userInDb.UserId);
HttpContext.Session.SetString("UserName", userInDb.UserName);
}
return(Redirect("/"));
}
else
{
// Oh no! We need to return a ViewResponse to preserve the ModelState, and the errors it now contains!
return(View("LoginAndReg"));
}
}
