Esempio n. 1
0
        public ActionResult SelectUser(string userEmail, string userPassword, string P1, string P2)
        {

            SelectionOptionID user = new SelectionOptionID(IDnotFound, "");
            person _person = new person();

            if (userEmail != null && userPassword != null)
            {
                var _session = sessionService.GetSession(this.HttpContext, false, false);
                bool personFound = false;
                bool userAuthor = false;

                string xP1 = _session.sessionGUID.Substring(0, 12);
                string xP2 = _session.sessionGUID.Substring(11, 12);

                if (P1 == xP1 && P2 == xP2)
                {
                    try //checks if person is in database
                    {
                        _person = persons.GetAll().Where(u => u.email == userEmail).
                            FirstOrDefault();
                        personFound = !(_person.Equals(default(person)));
                    }
                    catch (Exception e)
                    {
                        Console.WriteLine("An error occurred: '{0}'", e);
                    }
                }
                // Person found in database
                if (personFound)
                {
                    userAuthor = sessionService.VerifyHash(_person.ID, userPassword);
                }
                // User is authorized
                if (userAuthor)
                {
                    user.ID = _person.ID;
                    user.Label = userEmail;
                    _session.idStaff = user.ID;
                }
                else
                {
                    user.ID = IDnotFound;
                    user.Label = string.Empty;
                    _session.idStaff = null;
                }
                sessions.Update(_session);
                sessions.Commit();
            }
            return Json(user);
        }
Esempio n. 2
0
        public ActionResult ResetPassword(long personID)
        {
            var sessionID = sessionService.GetSessionID(this.HttpContext, true, true);
            person _person = new person();
            bool personFound = false;

            try //checks if person is in database
            {
                _person = persons.GetById(personID);
                personFound = !(_person.Equals(default(person)));
            }
            catch (Exception e)
            {
                Console.WriteLine("An error occurred: '{0}'", e);
            }

            // Person has been found, reset password
            if (personFound)
            {
                _person.password = sessionService.GetHash("012345");
                persons.Update(_person);
                persons.Commit();
            }

            return RedirectToAction("ResetPassword","Staff");
        }