public ActionResult UpdatePassword(User user, string oldPassword)
{
if (user == null || Session["User"] == null)
{
return(RedirectToAction("Index", "Home"));
}
string hashOldPass = PublicFunction.HashPassword(oldPassword);
oldPassword = PublicFunction.HashPassword(hashOldPass);
User sUser = (User)Session["User"];
if (oldPassword != sUser.Password)
{
return(RedirectToAction("UserProfile"));
}
string hashNewPass = PublicFunction.HashPassword(user.Password);
user.Password = PublicFunction.HashPassword(hashNewPass);
string result = db.UpdateUserPassword(sUser.ID, user.Password);
if (result == "Success")
{
Session["User"] = db.GetUser(sUser.Email, user.Password);
}
ViewBag.User = Session["User"];
return(View("UserProfile"));
}