public IActionResult Login(HexaGone.Models.UserLoginHelperModel user) { user.isLogin = "******"; //If userModel is Valid try to login the User //Else return a good errorMessage if (user.isValid()) { user.errorMessage = ""; using (IDbConnection db = new MySqlConnection(Models.Dapper.connectionString)) { //Correct Email format to all lower Case if (user.LoginModel.Username.Contains("@")) { user.LoginModel.Email = user.LoginModel.Username.ToLower(); } //Encrypt Password user.LoginModel.Password = Hash.GetMD5Hash(user.LoginModel.Password); //Create both sqlQueryCommands for Email and Username to test if User exists string sqlQueryUsername = "******"" + user.LoginModel.Username + "\""; string sqlQueryEmail = "Select * From User Where Email = \"" + user.LoginModel.Email + "\""; List <LoginUserModel> possibleUser; bool currentUserName = false; bool currentUserMail = false; //First test for UserName try { possibleUser = db.Query <LoginUserModel>(sqlQueryUsername).ToList(); if (possibleUser.Count == 0) { //If Username doesn't exist set errorMessage, doesn't has to mean. That the User won't be logged in. Reason for Error can be, that Username is Email user.errorMessage = "User doesn't exists"; } else { //Set that the UserName is an Username and not an Email currentUserName = true; } } finally { } //Second test for Email only if Username conatins an @ if (possibleUser.Count == 0) { try { possibleUser = db.Query <LoginUserModel>(sqlQueryEmail).ToList(); if (possibleUser.Count == 0 && user.LoginModel.Username.Contains("@")) { //return errorMessage that the User doesn't exists. Means that the User won't be Logged In user.errorMessage = "Email doesn't exists"; } else if (possibleUser.Count != 0 && user.LoginModel.Username.Contains("@")) { //Set that the UserName is an Email currentUserMail = true; currentUserName = false; } } finally { } } //If true: return IndexPage with error if (possibleUser.Count == 0) { //If User doesn't exists. Return LogInPage with errors user.isLogin = "******"; return(View("Index", user)); } //Try to LogIn the User with encrypted Password else { //Try to LogIn the User. For loop wouldn't be needed, because every user exists only once,however if an error occurs it is less likely to crash for (int i = 0; i < possibleUser.Count; i++) { //Compare Passwords if passwords are equal log in the User by getting data from the database and create the SessionCookie var Item = possibleUser[i]; if (user.LoginModel.Password == Item.Password) { user.isLogin = "******"; string sqlQuery = ""; List <UserModel> userLoaded; //If User logs in by Username get data by Username //Else get data by Email if (currentUserName) { sqlQuery = "Select * From User Where Username = \"" + user.LoginModel.Username + "\""; } else if (currentUserMail) { sqlQuery = "Select * From User Where Email = \"" + user.LoginModel.Email + "\""; } userLoaded = db.Query <UserModel>(sqlQuery).ToList(); HttpContext.Session.SetString("userKeyData", userLoaded[0].CreateSessionString()); //If User wants to stay Logged In create Cookie if (user.stayLoggedIn) { //Create Cookie CookieOptions stayLoggedIn = new CookieOptions(); stayLoggedIn.Expires = new DateTimeOffset(DateTime.Now.AddYears(100)); user.errorMessage = ""; //Safe Cookie HttpContext.Response.Cookies.Append("stayLoggedIn", userLoaded[0].UserId.ToString(), stayLoggedIn); } //If User comes from a restricted page redirect back to it if (!String.IsNullOrEmpty(user.redirectTo)) { if (user.redirectTo == "Game") { return(Game()); } } //else redirect back to LogedInIndex Page return(View("LogedInIndex", userLoaded[0])); } } } } //If User couldn't be Logged In because of wrong Password return IndexPage with errorMessage user.isLogin = "******"; user.errorMessage = "Password is incorrect"; return(View("Index", user)); } else { user.isLogin = "******"; user.errorMessage = user.LoginModel.IsValid(); //return Login Page with ErrorMessage added return(View("Index", user)); } }
public IActionResult Register(HexaGone.Models.UserLoginHelperModel user) { user.isLogin = "******"; //If given Data is correct. Try to create User in database. First verify if an user with similar data already exists. //Else return errorMessage if (user.isValid()) { user.errorMessage = ""; using (IDbConnection db = new MySqlConnection(Models.Dapper.connectionString)) { user.RegistrationModel.Email = user.RegistrationModel.Email.ToLower(); string sqlQuery = "Select * From User Where Username = \"" + user.RegistrationModel.Username + "\""; string sqlQuery2 = "Select * From User Where Email = \"" + user.RegistrationModel.Email + "\""; List <LoginUserModel> possibleUser = new List <LoginUserModel>(); //First try if the Username exists and give back an error via errorMessage try { possibleUser = db.Query <LoginUserModel>(sqlQuery).ToList(); if (possibleUser.Count != 0) { user.errorMessage = "Username already exists"; } } finally { } //If the Username doesn't exists, try to find a same email adress in database if (possibleUser.Count == 0) { try { possibleUser = db.Query <LoginUserModel>(sqlQuery2).ToList(); if (possibleUser.Count != 0) { //Email exists, give back an error via errorMessage user.errorMessage = "Email already exists"; } } finally { } } if (possibleUser.Count != 0) { //Something went really wrong redirect to Index... Shouldn't get to this point and doesn't, as long as the database is up and running user.isLogin = "******"; return(View("Index", user)); } else { } //Create sqlCommand and encrypt password sqlQuery = "Insert Into User (Email, Username, Password) Values(@Email, @Username, @Password)"; user.RegistrationModel.Password = Hash.GetMD5Hash(user.RegistrationModel.Password); //Create new User in database int rowsAffected = db.Execute(sqlQuery, user.RegistrationModel); //if Creation was done right create Session cookie if (rowsAffected > 0) { List <UserModel> userLoaded; sqlQuery = "Select * From User Where Username = \"" + user.RegistrationModel.Username + "\""; userLoaded = db.Query <UserModel>(sqlQuery).ToList(); HttpContext.Session.SetString("userKeyData", userLoaded[0].CreateSessionString()); //return LoggedInIndex-Page return(View("LogedInIndex", userLoaded[0])); } user.isLogin = "******"; return(View("Index", user)); } } else { user.isLogin = "******"; user.errorMessage = user.RegistrationModel.IsValid(); //return registration page, because RegistrationModel was not Valid, with good Errormessages return(View("Index", user)); } }