public ActionResult LogIn(LogInModel model, string returnUrl) { if (ModelState.IsValid) { MembershipUser mu = Membership.GetUser(model.UserName); if (mu != null && (!mu.IsApproved || mu.IsLockedOut)) { ModelState.AddModelError("", Resources.Account.LogIn.suspendedUser); } else { if (Membership.ValidateUser(model.UserName, model.Password)) { FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe); MxUser mxUser = new MxUser(mu.ProviderUserKey.ToString()); //make sure that the license type has not been tampered with if (mxUser.IsCompanyAdmin || mxUser.IsAcctAdmin || mxUser.IsProdAdmin) { if (mxUser.LicenseType != "full") { mu.IsApproved = false; RedirectToAction("Account", "NoSeat"); } } //clear any inactive users for concurrency BLL.MxLicense.ClearInactiveSeats(); int lCount = BLL.MxLicense.GetLicenseSeatCount(); if (lCount < 1) { RedirectToAction("Account", "NoSeat"); } //check to see if there's room for a seat if (BLL.MxLicense.GetActiveSeatCount(mxUser.LicenseType) <= lCount) { //check to see if the user already has a seat if (!BLL.MxLicense.SeatCheck(mu.ProviderUserKey.ToString(), Session.SessionID)) { //seat the user mxUser.SeatUser(Session.SessionID, "", "", Request.ServerVariables["REMOTE_ADDR"], ""); } } else { RedirectToAction("Account", "NoSeat"); } int pwInterval = 0; int.TryParse(mxUser.GetProperty("PwExpireInterval"), out pwInterval); if (pwInterval > 0) { if (mu.LastPasswordChangedDate.AddDays(pwInterval) < DateTime.Today) { return RedirectToAction("ChangePassword", new RouteValueDictionary( new { controller = "Account", action = "ChangePassword", option = "PwExpired", username = mu.UserName })); } } if (model.Password == "default") { return RedirectToAction("ChangePassword", new RouteValueDictionary( new { controller = "Account", action = "ChangePassword", option = "DefaultPw", username = mu.UserName })); } //add the user model to the session Session.Add("User", mxUser); if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\")) { return Redirect(returnUrl); } else { return RedirectToAction("Status", "Orders"); } } else { ModelState.AddModelError("", Resources.Account.LogIn.Invalid); //profile } } } // If we got this far, something failed, redisplay form return View(model); }
// // GET: /Account/LogOn public ActionResult LogIn(string msg, string returnUrl) { var model = new LogInModel(msg); return View(model); }