public ActionResult CreateAccount(string username, string password, string name)
{
username = username.Trim();
if (string.IsNullOrWhiteSpace(username))
{
return(Json(new { status = false, message = "Failed to create user. Username cannot be empty." }));
}
if (string.IsNullOrWhiteSpace(password))
{
return(Json(new { status = false, message = "Failed to create user. Password cannot be empty." }));
}
if (string.IsNullOrWhiteSpace(name))
{
return(Json(new { status = false, message = "Failed to create user. Name cannot be empty." }));
}
var account = AccountRepository.GetAccount(username);
if (account != null && account != default(Account))
{
return(Json(new { status = false, message = "Failed to create user. Username already exists." }));
}
var salt = PasswordHelper.CreateRandomSalt();
var saltedPassword = PasswordHelper.ComputeSaltedHash(password, salt);
AccountRepository.CreateAccount(username, saltedPassword, salt.ToString(), name);
return(Json(new { status = true, message = $"User {username} created." }));
}
public ActionResult Validate(string username, string password)
{
var account = AccountRepository.GetAccountWithPassword(username);
if (account != null && account != default(AccountWithPassword))
{
if (account.Password == PasswordHelper.ComputeSaltedHash(password, account.Salt))
{
HttpContext.Session.Set(SessionHelper.SessionKeyAccountId, account.AccountId);
return(Json(new { status = true, message = "Login Successfull!" }));
}
else
{
return(Json(new { status = false, message = "Invalid Password" }));
}
}
else
{
return(Json(new { status = false, message = "Invalid Username" }));
}
}
