public ActionResult CheckUserPass(string name, string pass) { int userID = repo.GetUserID(name); string db_saltHashed = repo.GetSaltHashedPassword(userID); string db_salt = repo.GetSalt(userID); SaltHashPassword shp = new SaltHashPassword(); string saltHashed = db_salt + shp.GetHashedPassword(pass); // check if password is correct if (saltHashed != db_saltHashed) { return new JsonResult() { Data = false }; } return new JsonResult() { Data = true }; }
public ActionResult Register(UsersViewModel updateModel) { string user = updateModel.User.Username; if (repo.CheckUserExist(user)) { Session["User"] = user; return RedirectToAction("Register", "Admin"); } UsersViewModel uvm = new UsersViewModel(); uvm.User = new User(); SaltHashPassword shPass = new SaltHashPassword(); string pwd = updateModel.User.Password; uvm.User.Username = updateModel.User.Username; uvm.User.FirstName = updateModel.User.FirstName; uvm.User.LastName = updateModel.User.LastName; uvm.User.SecretQuestion = updateModel.User.SecretQuestion; uvm.User.SecretAnswer = updateModel.User.SecretAnswer; uvm.User.PasswordSalt = shPass.GetSaltPassword(); uvm.User.Password = shPass.GetHashedPassword(pwd); uvm.User.Created = DateTime.Now; if (ModelState.IsValid) { repo.AddNewUser(uvm.User); //repo.Save(); } return View(uvm); }
public ActionResult Index(User login) { string user = login.Username; if (repo.CheckUserExist(user)) { int userID = repo.GetUserID(user); string db_saltHashed = repo.GetSaltHashedPassword(userID); string db_salt = repo.GetSalt(userID); SaltHashPassword shp = new SaltHashPassword(); string password = login.Password; string saltHashed = db_salt + shp.GetHashedPassword(password); // check if password is correct if (saltHashed == db_saltHashed) { Session["Username"] = user; Session["UserID"] = userID; return RedirectToAction("Create", "Admin"); } else { Session["Message"] = "Password Incorrect!"; return RedirectToAction("Index", "Admin"); } } Session["Message"] = "Username does not exist!"; return RedirectToAction("Index", "Admin"); }