/// <summary>
/// Method to validate JournalUser username and password
/// </summary>
/// <param name="username">username to validate</param>
/// <param name="password">password to validate</param>
/// <returns>true if valid</returns>
private bool isValid(string username, string password)
{
bool isValid = false;
//get JournalUser if equals to db content
var user = db.Users.FirstOrDefault(u => u.Email == username);
//if the user dont exist return false
if (user == null)
{
ModelState.AddModelError("", "Username and/or password is wrong!");
return isValid;
}
//if the account is confirmed and password is correct
if (user.AccountConfirmed == 1)
{
if (user != null && PasswordHasher.validatePassword(user.UserId, password, user.Password))
{
//set global user to user without storing password
this.user = db.Users.FirstOrDefault(u => u.Email == username);
this.user.Password = null;
this.user.Salts = null;
//set state as valid
isValid = true;
}
else
{
//Shows state that username/password is worng
ModelState.AddModelError("", "Username and/or password is wrong!");
}
}
else
{
//sending a mail
MailFunction mail = new MailFunction();
var callbackUrl = Url.Action("ConfirmAccount", "Home", new { userId = user.UserId }, protocol: Request.Url.Scheme);
mail.sendEmail(user.Email, callbackUrl);
//shows state that account is not confirmed
ModelState.AddModelError("", "Account is not confirmed - a new email has been sent");
}
return isValid;
}
public ActionResult Register(RegisterValidateVM vm)
{
JournalUser journalUser = new JournalUser
{
RoleId = 2,//register a user
FirstName = vm.Forename.ToLower(),
LastName = vm.Surname.ToLower(),
Email = vm.Email.ToLower()
};
var existing = from u in db.Users
where u.Email == vm.Email
select u;
if (existing.Any())
{
ModelState.AddModelError("", "That email address is allready in use");
TempData["failed"] = "failed";
return View();
}
//adds a user to the bd and saves
db.Users.Add(journalUser);
db.SaveChanges();
var user = db.Users.Single(c => c.Email == vm.Email.ToLower());
// Hashes the password and set it in the user.
user.Password = PasswordHasher.createHash(user.UserId, vm.Password);
db.SaveChanges();
//sending a mail
MailFunction mail = new MailFunction();
var callbackUrl = Url.Action("ConfirmAccount", "Home", new { userId = user.UserId }, protocol: Request.Url.Scheme);
mail.sendEmail(user.Email, callbackUrl);
ModelState.Clear();
return View();
}