public ActionResult Login(LoginModel model, string returnUrl) { if (ModelState.IsValid) { int userID = AccountLogic.Login(model); if (userID > 0) { Session["Username"] = model.UserName; Session["TeamID"] = AccountLogic.GetTeamID(userID); Session["IsAdmin"] = AccountLogic.GetIsAdmin(userID); return RedirectToLocal(returnUrl); } } // If we got this far, something failed, redisplay form ModelState.AddModelError("", "The user name or password provided is incorrect."); return View(model); }
public static int Login(LoginModel user) { DataTable data = new DataTable(); int result = 0; string sql = @"select UserID, Password from Users where Username = @Username"; using (SqlConnection conn = new SqlConnection(Main.GetDSN())) { SqlCommand command = new SqlCommand(sql, conn); command.Parameters.AddWithValue("@Username", user.UserName); new SqlDataAdapter(command).Fill(data); if (data.Rows.Count > 0) { DataRow userRow = data.Rows[0]; string hash = userRow["Password"].ToString(); if (PasswordHash.ValidatePassword(user.Password, hash)) { result = Convert.ToInt32(userRow["UserID"]); } } } return result; }