public ActionResult Login(LoginViewModel model)
{
model.message = "";
model.errMessage = "";
// If username and password are blank, display an error msg.
if (model.uname == null || model.psw == null)
{
model.errMessage = "Please enter valid username and password.";
return(View(model));
}
Account activatedAccount = AccountDB.FindActivatedAccount(model.uname);
// If account not found, displays an error msg.
if (activatedAccount == null)
{
model.errMessage = "Please enter valid username and password.";
return(View(model));
}
else
{
model.name = activatedAccount.Name;
}
// Create a string to store entered passwordHash from user.
string userHash = AccountDB.CreateHash(model.psw, activatedAccount.PasswordSalt);
model.role = activatedAccount.Role;
// Compare entered on screen username + passsword with the ones stored in DB.
if (model.uname == activatedAccount.Username && userHash == activatedAccount.PasswordHash)
{
// Validate Roles, if staff then goes to Story2.
if (activatedAccount.Role == Role.Employee || activatedAccount.Role == Role.Manager)
{
model.message = "Hi staff!";
Thread thread = new Thread(() =>
{
Form mainForm = new MainForm(activatedAccount);
mainForm.ShowDialog();
});
thread.Start();
}
// Validate Roles, if subscriber then promts a success login message.
else if (activatedAccount.Role == Role.Subscriber)
{
// Special object to store login user in session
Session["account"] = activatedAccount;
return(RedirectToAction("UserAccount"));
}
}
// Validate entered username in login.
else if (model.uname != activatedAccount.Username)
{
model.errMessage = "Please enter valid username and password.";
}
// Validate entered password in login.
else if (userHash != activatedAccount.PasswordHash)
{
model.errMessage = "Please enter valid username and password.";
}
else
{
// display an error message if username and password not found in DB.
model.errMessage = "Please enter valid username and password.";
}
return(View(model));
}
