public ActionResult Authenticate(MultipleModelsView multipleMview) { Users usr = multipleMview.usersModel; //specific model usr.UserName = Encoder.HtmlEncode(usr.UserName); //xss protection usr.Password = Encoder.HtmlEncode(usr.Password); //xss protection Model1 db = new Model1(); if (ModelState.IsValid) { //LINQ to SQL will prevent any SQL Injection List <Users> userValidated = (from u in db.Users where (u.UserName == usr.UserName) && (u.Password == usr.Password) select u).ToList <Users>(); if (userValidated.Count == 1) { //FormsAuthentication.SetAuthCookie("cookie", true); if (usr.UserName == "admin")// Admin Permissions, to control users, edit etc.. { return(RedirectToAction("Index", "Admin")); } Session["UserId"] = userValidated[0].Id;//user found Session["UserName"] = userValidated[0].UserName; return(RedirectToAction("Index", "Movies")); } else { ViewBag.result = "The user is not on DataBase ,You Need to Accept permissions! >> please Registration First!"; return(View("Index", multipleMview));//for stay value of entering } } else { return(View("Index", multipleMview));//for stay value of entering } }
public ActionResult Registation(MultipleModelsView multipleMview) { Registration usr = multipleMview.registrationModel;//specific model //usr.UserName = Encoder.JavaScriptEncode(usr.UserName);//xss protection usr.UserName = Encoder.HtmlEncode(usr.UserName);//xss protection usr.Password = Encoder.HtmlEncode(usr.Password); usr.Email = Encoder.HtmlEncode(usr.Email); usr.Date = DateTime.Now; //Model1 db = new Model1(); if (ModelState.IsValid) { using (Model1 db = new Model1()) { List <Users> userValidated = (from u in db.Users where (u.UserName == usr.UserName) select u).ToList <Users>(); if (userValidated.Count >= 1) // check if has one or more user { ViewBag.Message = "UnSuccessfully!!!, choice another User name!"; } else { ////////////////////// //MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider(); //UTF8Encoding utf8 = new UTF8Encoding(); //byte[] data = md5.ComputeHash(utf8.GetBytes(usr.Password)); //usr.Password = Convert.ToBase64String(data); db.Registration.Add(usr); Users userUpdate = new Users { UserName = usr.UserName, Password = usr.Password }; db.Users.Add(userUpdate); db.SaveChanges(); ModelState.Clear(); multipleMview = null; ViewBag.Message = "Successfully Registration Done!"; /// sent Email try { MailMessage mail = new MailMessage("*****@*****.**", usr.Email); SmtpClient client = new SmtpClient(); client.Port = 25; client.DeliveryMethod = SmtpDeliveryMethod.Network; client.UseDefaultCredentials = false; client.EnableSsl = true; client.Host = "smtp.gmail.com"; client.Credentials = new System.Net.NetworkCredential("*****@*****.**", "greatchat123"); mail.Subject = "Welcome To Movie Rental!"; mail.Body = "Welcome To Movie Rental, start to orders movie!\n http://MovieRental.com"; client.Send(mail); } catch { ViewBag.Message = "something wrong"; } } } return(View("Index")); } else { //ViewBag.Message = "UnSuccessfully Registration!"; return(View("Index", multipleMview));//for stay value of entering } }