public ActionResult LoginRequest(LoginDataModel user) { if (ModelState.IsValid) { using (DatabaseQuery query = new DatabaseQuery()) { PBKDF2Password password = query.GetPassword(user); //vraag het password van een gebruiker if (password != null) { //als het password niet leeg is match het password met de Database PasswordMatcher matcher = new PasswordMatcher(password, user.Password, false); //False kijkt of het interne wachtwoord gedisposed moet worden als hij gematched is. if (matcher.IsMatch) //Als een match is { try {//Probeer een Sessie te maken Session session = (Session)this.Session["__MySessionObject"]; using (DatabaseQuery userQuery = new DatabaseQuery()) { session.User = userQuery.GetUser(user); //Klant krijgt een sessie session.LoggedIn = true; this.Session["__MySessionObject"] = session; List<Order> orders = userQuery.GetOrdersByUser(session.User); foreach(Order order in orders) { if (order.Status == OrderStatus.TOBEPAID) { double days = (DateTime.Now - order.DTime).TotalDays; if (days > 14) { order.Status = OrderStatus.EXPIRED; userQuery.UpdateOrderStatus(order); } } } } if (((Session)this.Session["__MySessionObject"]).User.Role == UserRole.MANAGER) { return RedirectToAction("manage"); //Ga naar manager pagina } else if (((Session)this.Session["__MySessionObject"]).User.Role == UserRole.ADMIN) { return RedirectToAction("admin"); //Ga naar manager pagina } else if(((Session)this.Session["__MySessionObject"]).ShoppingBag.OrderLines.Count > 0) { return RedirectToAction("Shoppingbag"); } return RedirectToAction("Index"); //Ga terug naar de index } catch(Exception e) { TempData["ErrorMessage"] = "Er is iets fout gegaan met het inloggen: " + e; } } } TempData["ErrorMessage"] = "Gebruikersnaam en wachtwoord combinatie zijn onbekend"; return RedirectToAction("login", user); //redirect to faillure } } else { TempData["ErrorMessage"] = "Gebruikersnaam en/of wachtwoord combinatie is fout"; return RedirectToAction("Login", "Home", user); } }
internal User GetUser(LoginDataModel GetUser) { //Haal een user op uit de database using (NpgsqlCommand cmd = new NpgsqlCommand()) { cmd.Connection = _connection; if (_transaction != null) { cmd.Transaction = _transaction; //maak een transactie als hij er niet is } cmd.CommandText = "SELECT * FROM \"user\" WHERE \"username\" = @username"; cmd.Parameters.AddWithValue("username", GetUser.Username); NpgsqlDataReader reader = cmd.ExecuteReader(); if (reader.Read()) //lees een user { User user = new User(); user.Id = (ulong)reader.GetInt32(reader.GetOrdinal("id")); user.FirstName = reader.GetString(reader.GetOrdinal("first_name")); user.LastName = reader.GetString(reader.GetOrdinal("last_name")); user.Username = reader.GetString(reader.GetOrdinal("username")); user.Email = reader.GetString(reader.GetOrdinal("email_address")); user.DateOfBirth = reader.GetDateTime(reader.GetOrdinal("date_of_birth")); user.Role = (UserRole)Enum.ToObject(typeof(UserRole), reader.GetInt32(reader.GetOrdinal("role"))); reader.Close(); user.Address = GetAddress((ulong)reader.GetInt32(reader.GetOrdinal("id"))); return user; } reader.Close(); return null; } }
internal bool setUserAddress(User user) { using (NpgsqlCommand cmd = new NpgsqlCommand()) { cmd.Connection = _connection; _transaction = cmd.Connection.BeginTransaction(); cmd.CommandText = "INSERT INTO user_address (user_id, postalcode, number, suffix, type) " + "VALUES(@user_id, @postalcode, @number, @suffix, @type);"; LoginDataModel ldm = new LoginDataModel() { Username = user.Username, Password = user.Password }; cmd.Parameters.AddWithValue("user_id", (long)GetUser(ldm).Id); cmd.Parameters.AddWithValue("postalcode", user.Address.PostalCode); cmd.Parameters.AddWithValue("number", user.Address.HouseNumber); cmd.Parameters.AddWithValue("suffix", user.Address.Suffix); cmd.Parameters.AddWithValue("type", (int)user.Address.Type); //Parameters bool success = parseNonqueryResult(cmd.ExecuteNonQuery()); if (success) { _transaction.Commit(); _transaction.Dispose(); return success; //Commit als het sucessvol is } _transaction.Rollback(); _transaction.Dispose(); return success; //Rollback en dispose als het niet lukt } }
internal PBKDF2Password GetPassword(LoginDataModel customer) { //Haal een password van een User op //The internal keyword is an access modifier for types and type members. Internal types or members are accessible only within files in the same assembly, using (NpgsqlCommand cmd = new NpgsqlCommand()) { cmd.Connection = _connection; cmd.CommandText = "SELECT password_hash, password_salt, password_iterations FROM \"user\" WHERE username = @username;"; cmd.Parameters.AddWithValue("username", customer.Username.Trim()); NpgsqlDataReader reader = cmd.ExecuteReader(); //Valideer het wachtwoord , Salt en Iteraties if (reader.Read()) { byte[] hash = (byte[])reader[reader.GetOrdinal("password_hash")]; byte[] salt = (byte[])reader[reader.GetOrdinal("password_salt")]; int iterations = reader.GetInt32(reader.GetOrdinal("password_iterations")); return new PBKDF2Password(hash, salt, iterations); } else { reader.Close(); return null; } } }