public IActionResult Authorization(string login, string password)
{
var user = from us in db.Users
where us.Login == login
select new Users
{
UserId = us.UserId,
Login = us.Login,
AccessLevelId = us.AccessLevelId,
PasswordHash = us.PasswordHash,
PasswordSalt = us.PasswordSalt
};
foreach (Users item in user)
{
_checkUser = item;
}
if (_checkUser == null)
{
ViewBag.ErrMessage = "Пользователь с таким логином не найден";
return(View());
}
//доступ для пользоавтелей закрыт
if (_checkUser.AccessLevelId > 3)
{
ViewBag.ErrMessage = "В доступе отказано";
return(View());
}
_password.PasswordHash = _checkUser.PasswordHash;
_password.PasswordSalt = _checkUser.PasswordSalt;
if (!_password.ComparePassword(password))
{
ViewBag.ErrMessage = "Неверный пароль";
return(View());
}
UserSession.Instance(_checkUser.UserId);
switch (_checkUser.AccessLevelId)
{
case 1:
return(Redirect("~/StudentHomePage/Index"));
case 2:
return(Redirect("~/StudentHomePage/Index"));
case 3:
return(Redirect("~/TeacherHomePage/Index"));
default:
break;
}
return(View());
}
public bool?TestarSenha(string _senha, string _email)
{
try
{
// string senhaCriptografada;
string senha = (from user in vetDb.Autenticacao
where user.Email == _email
select user.Senha).Single();
Password password = new Password();
//senhaCriptografada = password.ComparePassword(_senha);
return(password.ComparePassword(senha, _senha));
}
catch (ArgumentNullException e)
{
throw;
}
catch (InvalidOperationException e)
{
throw;
}
}
public ActionResult Authenticate(FormCollection formCollection)
{
string enteredEmail = formCollection["Email"];
bool passwordMatched;
byte[] storedHashBytes;
byte[] storedSaltBytes = new byte[16];
var userEmails = from data in db.TblUsers select data.Email;
if (enteredEmail == "" || formCollection["Password"] == "")
{
return(Content("<script language='javascript' type='text/javascript'>alert('Email and Password must not be empty!')</script >"));
}
foreach (string email in userEmails)
{
if (email.Equals(enteredEmail))
{
var user = from data in db.TblUsers where data.Email.Equals(email) select data;
var sysData = from data in db.TblSysCredentials select data;
if (!user.FirstOrDefault().ValidateEmail)
{
Email.Email.BuildEmailTemplate(user.FirstOrDefault().UserId, user.FirstOrDefault().Email, sysData.FirstOrDefault().Email, sysData.FirstOrDefault().Password);
return(Content("<script language='javascript' type='text/javascript'>alert('Account is not verified!Please verify your account from your email.')</script >"));
}
else
{
var userData = from data in db.TblUsers
where data.Email.Equals(email)
select data;
string enteredPassword = formCollection["password"];
storedHashBytes = Convert.FromBase64String(userData.FirstOrDefault().Hash);
storedSaltBytes = Convert.FromBase64String(userData.FirstOrDefault().Salt);
passwordMatched = Password.ComparePassword(enteredPassword, storedHashBytes, storedSaltBytes);
if (passwordMatched == true)
{
if (userData.FirstOrDefault().UserType.Equals("Donor"))
{
Session["UserId"] = userData.FirstOrDefault().UserId;
if (Session["UserId"] != null)
{
return(RedirectToAction("Index", "Response"));
}
}
else
{
Session["UserId"] = userData.FirstOrDefault().UserId;
if (Session["UserId"] != null)
{
return(RedirectToAction("Index", "Request"));
}
}
}
else
{
return(Content("<script language='javascript' type='text/javascript'>alert('Email or Password does not match!')</script >"));
}
}
}
}
return(Content("<script language='javascript' type='text/javascript'>alert('You must register first!')</script >"));
}
//метод для проверки пароля
public bool CheckPassword()
{
Password ps = new Password(_user.PasswordHash, _user.PasswordSalt);
return(ps.ComparePassword(_password));
}
