// POST: Account/Delete/AccountName public ActionResult Delete(DeleteViewModel ViewModel) { if (ModelState.IsValid) { // Check if POST action was done by currently logged user string LoggedUserName = User.Identity.GetUserName(); if (db.Account.Where(x => x.AccountName == ViewModel.AccountName && x.AccountName == LoggedUserName).Count() > 0) { // Check if action was properly confirmed by password if (db.Account.Where(x => x.AccountName == ViewModel.AccountName && x.Password == ViewModel.CurrentPassword).Count() > 0) { db.Account.Remove(db.Account.FirstOrDefault(x => x.AccountName == ViewModel.AccountName)); db.SaveChanges(); return RedirectToAction("Index", "Home"); } // If wrong password was entered redirect to /Account/WrongPassword else return RedirectToAction("WrongPassword", "Account"); } // If post was done by not logged user redirect to: /Account/Details/ViewModel.AccountName else return RedirectToAction("Index", "Home"); } else return View(ViewModel); }
// GET: Account/Delete/AccountNamech public ActionResult Delete(string AccountName) { DeleteViewModel ViewModel = new DeleteViewModel(); // Check if currently logged user is the same as the one whose data is being deleted if (User.Identity.GetUserName() == AccountName) { ViewModel.AccountName = AccountName; return View(ViewModel); } else return RedirectToAction("Details", "Account", new { AccountName = AccountName }); }