public ActionResult CreateAccount(AuthCreateAccountForm form, string returnUrl)
{
Debug.WriteLine(string.Format("POST: Auth Controller: Create Account"));
#region Check if Inputs are Valid
if (!DB_users.ValidateUsername(form.Username))
{
ModelState.AddModelError("Username", "Username is invalid");
}
if (!DB_users.ValidateEmail(form.Email))
{
ModelState.AddModelError("Email", "Email is invalid");
}
//if (!DB_users.ValidatePassword(form.Password))
// ModelState.AddModelError("Password", "Password is invalid");
if (!ModelState.IsValid)
{
return(View(form));
}
#endregion
#region Check if Inputs have been Taken
if (Database.Session.Query <DB_users>().FirstOrDefault(u => u.username == form.Username) != null)
{
ModelState.AddModelError("Username", "Username has already been taken");
}
//if (Database.Session.Query<DB_users>().FirstOrDefault(u => u.email == form.Email) != null)
// ModelState.AddModelError("Email", "Email has already been taken");
if (!ModelState.IsValid)
{
return(View(form));
}
#endregion
#region Create the Account and Login
DB_users newUser = new DB_users();
newUser.SetUsername(form.Username);
newUser.SetEmail(form.Email);
newUser.SetPassword(form.Password);
Database.Session.Save(newUser);
FormsAuthentication.SetAuthCookie(newUser.username, true);
#endregion
if (!string.IsNullOrWhiteSpace(returnUrl))
{
return(Redirect(returnUrl));
}
return(RedirectToRoute("home"));
}
public ActionResult Login(AuthLoginForm form, string returnUrl)
{
Debug.WriteLine(string.Format("POST: Auth Controller: Login"));
#region Check if Inputs are Valid
if (!DB_users.ValidateUsername(form.Username))
{
ModelState.AddModelError("Username", "Username contains invalid characters");
}
if (!ModelState.IsValid)
{
return(View(form));
}
#endregion
var user = Database.Session.Query <DB_users>().FirstOrDefault(u => u.username == form.Username);
// Prevent Timing Attacks
if (user == null)
{
DB_users.FakeHash();
}
// Check Password and add Model error if incorrect
if (user == null || !user.CheckPassword(form.Password))
{
ModelState.AddModelError("Username", "Username or Password is incorrect");
}
if (!ModelState.IsValid)
{
return(View(form));
}
FormsAuthentication.SetAuthCookie(user.username, true);
if (!string.IsNullOrWhiteSpace(returnUrl))
{
return(Redirect(returnUrl));
}
return(RedirectToRoute("home"));
}
public ActionResult Save(UserAccountUpdateForm form)
{
var user = Auth.User;
if (!string.IsNullOrWhiteSpace(form.Username) || !string.IsNullOrWhiteSpace(form.Email) || !string.IsNullOrWhiteSpace(form.NewPassword) || !string.IsNullOrWhiteSpace(form.VerifyNewPassword))
{
if (user.CheckPassword(form.CurrentPassword))
{
#region New Username
if (!user.username.Equals(form.Username))
{
if (DB_users.ValidateUsername(form.Username))
{
if (Database.Session.Query <DB_users>().FirstOrDefault(u => u.username == form.Username) != null)
{
ModelState.AddModelError("Username", "Username has already been taken");
}
else
{
user.SetUsername(form.Username);
// Reset the Auth Cookie if the user changes their username
FormsAuthentication.SignOut();
FormsAuthentication.SetAuthCookie(user.username, true);
}
}
else
{
ModelState.AddModelError("Username", "Username is invalid");
}
}
#endregion
#region New Email
if (!user.email.Equals(form.Email))
{
if (DB_users.ValidateEmail(form.Email))
{
//if (Database.Session.Query<DB_users>().FirstOrDefault(u => u.email == form.Email) != null)
// ModelState.AddModelError("Email", "Email has already been taken");
user.SetEmail(form.Email);
}
else
{
ModelState.AddModelError("Email", "Email is invalid");
}
}
#endregion
#region New Password
if (!string.IsNullOrWhiteSpace(form.NewPassword) && !string.IsNullOrWhiteSpace(form.VerifyNewPassword))
{
if (form.NewPassword.Equals(form.VerifyNewPassword))
{
user.SetPassword(form.NewPassword);
}
else
{
ModelState.AddModelError("NewPassword", "Check that your new password was written the same way both times");
}
}
#endregion
}
else
{
ModelState.AddModelError("Password", "You have entered your current password incorrectly");
}
}
// Update the ID, Save the Object and then return
form.ID = user.id;
Database.Session.Update(user);
if (!ModelState.IsValid)
{
return(View(form));
}
return(RedirectToRoute("home"));
}