public ActionResult Create(user user)
{
if (ModelState.IsValid)
{
// Add the customer role to the new user object
user.user_role = (int)SiteRoles.Customer;
// Encrypt the user's password
AES aes = new AES();
user.password = aes.EncryptToString(user.password);
user.ConfirmPassword = aes.EncryptToString(user.ConfirmPassword);
// Try to add the user to the database and save the changes
// Exception is thrown in case of errors (ex: unique field value is not respected)
try
{
if (!om.Create(user))
{
return View("Create");
}
}
catch (DbUpdateException e)
{
HandleDbUpdateException(e);
// Return to the original page we were at. Any errors added into the model will be shown automatically by the view
return View("Create");
}
catch (Exception)
{
ViewBag.Error = Global.ServerError;
return View("Create");
}
// Create a cookie with our user information
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.username,
DateTime.Now, DateTime.Now.AddDays(1),
false, user.id.ToString(), FormsAuthentication.FormsCookiePath);
// Now that the user was properly created we can add the customer role to the session
HttpContext.Session["role"] = SiteRoles.Customer;
// Encrypt the ticket
string hashedTicket = FormsAuthentication.Encrypt(ticket);
// Create the new cookie and add it into the response
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, hashedTicket));
return RedirectToAction("Index", "Home");
}
// If we got to this point then something went wrong
ViewBag.Error = Global.ServerError;
return View("Create");
}
/// <summary>
/// Creates an entry of type user in the database.
/// </summary>
/// <param name="username">A unique string to represent the user.</param>
/// <param name="currentTable">A table in the restaurant.</param>
/// <param name="userRole">The role of the user (ex: Administrator, Client)</param>
/// <returns>The created user entity.</returns>
public user AddUser(string email, table currentTable, int userRole)
{
//Initialise
db = new touch_for_foodEntities();
user testUser = new user();
//Set attributes
testUser.username = email;
// Make sure the password is encrypted
AES aes = new AES();
testUser.password = aes.EncryptToString(email);
testUser.ConfirmPassword = aes.EncryptToString(email);
testUser.first_name = email;
testUser.last_name = email;
testUser.email = email;
testUser.image_url = email;
testUser.current_table_id = currentTable.id;
testUser.version = 1;
testUser.user_role = userRole;
//Save
db.users.Add(testUser);
db.SaveChanges();
db.Dispose();
return testUser;
}
public ActionResult LogOn(string username, string password)
{
if (ModelState.IsValid)
{
// Create our AES object so we can encrypt the password and compare
AES aes = new AES();
password = aes.EncryptToString(password);
user user = db.users.FirstOrDefault(m => m.username.Equals(username, StringComparison.Ordinal) &&
m.password.Equals(password, StringComparison.Ordinal));
if (user != null)
{
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.username,
DateTime.Now, DateTime.Now.AddDays(1),
false, user.id.ToString(),
FormsAuthentication.FormsCookiePath);
// Encrypt the ticket
string hashedTicket = FormsAuthentication.Encrypt(ticket);
// Create the new cookie and add it into the response
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, hashedTicket));
// Add the custom role
HttpContext.Session["role"] = user.user_role;
return RedirectToAction("Index", "Home");
}
else
{
ModelState.AddModelError(string.Empty, Global.UsernamePasswordIncorrect);
return View("LogOn");
}
}
return RedirectToAction("LogOn");
}
public ActionResult Edit(user user, HttpPostedFileBase file)
{
// Get array of errors (if any)
var errors = ModelState.Where(x => x.Value.Errors.Count > 0)
.Select(x => new { x.Key, x.Value.Errors })
.ToArray();
// Only allow entry if the ModelState is valid or if we have an invalid ModelState that's caused by a blank (null) password
if (ModelState.IsValid ||
(!ModelState.IsValid && errors.Length == 1
&& errors[0].Key.Equals("password", StringComparison.Ordinal)
&& (user.password == null && user.ConfirmPassword == null)))
{
try
{
if (file != null && file.ContentLength > 0)
{
var fileName = Path.GetFileName(file.FileName);
var path = Path.Combine(Server.MapPath("~/uploads/user_images/"), "user_" + user.id + Path.GetExtension(fileName));
//Save the file in given location
file.SaveAs(path);
//Update the db to show where profile image is located
user.image_url = Path.Combine("~/uploads/user_images/", "user_" + user.id + Path.GetExtension(fileName));
}
// If the user did enter passwords, we hash them
if (user.password != null && user.ConfirmPassword != null)
{
// Encrypt the user's password
AES aes = new AES();
user.password = aes.EncryptToString(user.password);
user.ConfirmPassword = aes.EncryptToString(user.ConfirmPassword);
}
if (om.edit(user))
return RedirectToAction("Index", "Home");
else
{
ViewBag.Error = Global.VersioningError;
}
}
catch (Exception)
{
ViewBag.Error = Global.ServerError;
}
}
return View(user);
}
