public IActionResult LoginSubmit(AllUserViewModels model) { if (ModelState.IsValid) { // If there are no errors upon form submit, check db for proper creds. // The reason for the multiple try/catch statements is to return the proper validation error message to the user. // There are better ways to do it (AJAX in the modal), but this is a simple, although crude, method that works for now. // The User object is being instantiated out here in order to establish it as a global variable and accessible by all the different try/catch statments. User LoggedUser; try { LoggedUser = _context.Users.SingleOrDefault(u => u.Email == model.Log.Email); } // Catch will run if matching email is not found in DB. catch { ViewBag.loginError = "Your email was incorrect."; MostActiveStocksAPICall(); return(View("landing")); } // If email is correct, verify that password is correct. try { var Hasher = new PasswordHasher <User>(); // Check hashed password. 0 = false password match. if (Hasher.VerifyHashedPassword(LoggedUser, LoggedUser.Password, model.Log.Password) != 0) { // Set user id in session for use in identification, future db calls, and for greeting the user. HttpContext.Session.SetInt32("LoggedUserId", LoggedUser.Id); HttpContext.Session.SetString("LoggedUserName", LoggedUser.FirstName); return(RedirectToAction("Portfolio", "Main")); } // If password does not match else { ViewBag.loginError = "Your password was incorrect."; MostActiveStocksAPICall(); return(View("landing")); } } // Catch should only run if there was some unusual error, like a DB connection error. Logout will clear session. That might have an effect. catch { ViewBag.loginError = "Sorry, there was a problem logging you in. Please try again."; return(RedirectToAction("Logout")); } } // If ModelState is not valid, return login and display model validation errors. else { ViewBag.loginError = "Your email or password was incorrect."; MostActiveStocksAPICall(); return(View("landing")); } }
public IActionResult NewUser(AllUserViewModels model) { // Check if models received any validation errors. if (ModelState.IsValid) { try { // Check if email already exists in DB. var EmailExists = _context.Users.Where(e => e.Email == model.Reg.Email).SingleOrDefault(); // If email is unique, perform registration. if (EmailExists == null) { // Hash and store password in DB. PasswordHasher <RegisterViewModel> Hasher = new PasswordHasher <RegisterViewModel>(); string HashedPassword = Hasher.HashPassword(model.Reg, model.Reg.Password); User NewUser = new User { FirstName = model.Reg.FirstName, LastName = model.Reg.LastName, Email = model.Reg.Email, Password = HashedPassword, CreatedAt = DateTime.Now, UpdatedAt = DateTime.Now, }; Portfolio Portfolio = new Portfolio { User = NewUser, CreatedAt = DateTime.Now, UpdatedAt = DateTime.Now, }; Watchlist Watchlist = new Watchlist { User = NewUser, CreatedAt = DateTime.Now, UpdatedAt = DateTime.Now, }; _context.Add(NewUser); _context.Add(Portfolio); _context.Add(Watchlist); _context.SaveChanges(); // Set user id in session for use in identification, future db calls, and for greeting the user. HttpContext.Session.SetInt32("LoggedUserId", NewUser.Id); // Redirect to Profile method. return(RedirectToAction("Profile")); } // Redirect w/ error if email already exists in db. else { ViewBag.email = "That email is already in use. Please try again using a different one."; MostActiveStocksAPICall(); return(View("landing")); } } // Catch should only run if there was an error with the password hashing or storing on the new user in the DB. catch { MostActiveStocksAPICall(); return(View("landing")); } } // Else statement will run if the ModelState is invalid. else { MostActiveStocksAPICall(); return(View("landing")); } }