public ActionResult ChangePasswordSubmit(string p, string newPassword, string confirmNewPassword, string oldPassword)
{
// public ActionResult ChangePasswordSubmit(string p, string newPassword, string confirmNewPassword, int personID, string oldPassword){
var data = new ChangePasswordViewModel();
string resetId = p;
int personId = 0;
// do we know their personId? - we won't for people that forgot their passwords.
if (Security.IsLoggedIn)
{
personId = Security.LoggedInUserID;
}
var s = new Beweb.Security();
s.ChangePassword(resetId, newPassword, confirmNewPassword, personId, oldPassword);
data.ChangePasswordMessage = s.ResultMessage;
Web.InfoMessage = data.ChangePasswordMessage;
if (s.IsSuccess)
{
return(Redirect(Web.Root + "security/login"));
}
else
{
return(ShowChangePasswordForm(p, data));
}
}
/// <summary>
/// Logout and return to login page
/// </summary>
public ActionResult Logout()
{
Beweb.Security s = new Beweb.Security();
s.Logout();
if (EnableSavvySingleSignOn)
{
s.ClearSavvySingleSignOnCookie(SSODomain);
}
Web.InfoMessage = "Logout complete.";
string returnURL = Web.Request["returnURL"];
return(Redirect(Web.Root + "Security/Login?logout=1" + (returnURL != "" ? "&ReturnUrl=" + returnURL : "")));
}
public ActionResult LoginSubmit(string username, string pCode, bool?rememberPwd)
{
bool remember = rememberPwd ?? false;
Beweb.Security s = new Beweb.Security();
s.AllCurrentRoles = SecurityRoles.Roles;
// Login user by other fields, eg FacebookID
//var fbUserID = Request["FacebookID"];
//if (fbUserID.IsNotBlank()) {
// var p = Person.LoadByFacebookUserID(fbUserID);
// if (p == null) {
// var data = new LoginFormViewData();
// Web.ErrorMessage = "Sorry, no family member found with the provided Facebook account. Please <a href=\""+Web.Root+"Family/Join\">Join the Family</a> first. ";
// return ReturnLoginView(data);
// }
// if (s.Login(p.Email, Crypto.Decrypt(p.Password), remember)) {
// return Redirect(s.RedirectUrl);
// }
//}
if (Web.Session["Impersonating"] == null)
{
RemoteTwitchLogin(s, username, ref pCode);
}
else
{
Web.Session.Remove("Impersonating");
}
if (s.Login(username, pCode, remember))
{
// ok
if (EnableSavvySingleSignOn)
{
s.SetSavvySingleSignOnCookie(username, SSODomain);
}
return(Redirect(s.RedirectUrl));
}
else
{
// a problem
ModelState.AddModelError("Login", s.ResultMessage);
var data = new LoginFormViewData();
data.Username = username;
data.PCode = "";
data.RememberPwd = remember;
return(ReturnLoginView(data));
}
}
public ActionResult Login(string t, string u)
{
if (t.IsNotBlank() && u.IsNotBlank())
{
bool isImpersonateOk = Crypto.CheckMinuteCypher(t, 1);
if (!isImpersonateOk)
{
Web.ErrorMessage = "Impersonating failed";
return(Redirect(Web.Root));
}
int id = Crypto.DecryptID(u);
Person p = Person.LoadByPersonID(id);
if (p != null)
{
Web.Session.Add("Impersonating", true);
//string passwordToken = "|" + "|" + "|" + "|";
string password = Crypto.Decrypt(p.Password);
return(LoginSubmit(p.Email, password, true));
}
else
{
Web.ErrorMessage = "Impersonating failed";
return(Redirect(Web.Root));
}
}
var data = new LoginFormViewData();
TrackingBreadcrumb.Current.AddBreadcrumb(1, "Login");
// save the lastUrl - for login redirect later
//if (Request.UrlReferrer != null && !Request.UrlReferrer.AbsoluteUri.ContainsInsensitive("security/login")) {
// Session["LastUrl"] = Request.UrlReferrer.AbsoluteUri;
//} else {
// Session["LastUrl"] = "~/admin/";
//}
if (!Request["ReturnUrl"].ContainsInsensitive("loginsubmit")) // this will prevent login submit not found after first login fails(i.e. using the wrong username and password) JC 20140427
{
Session["LastUrl"] = Request["ReturnUrl"];
}
if (Session["LastUrl"] + "" == "")
{
if (EnableMemberLogin)
{
Session["LastUrl"] = MemberWelcomeUrl; // you can change this to the default URL people go to after logging in - eg Members Section - this applies when browsing directly to login page
}
else
{
Session["LastUrl"] = Web.AdminRoot; // by default, we go to admin menu after logging in
}
}
// if logged in AND we have a ReturnUrl in the querystring, the person must not be authorised for that page - hopefully this assumption is always correct
if (Security.IsLoggedIn && Request["ReturnUrl"].IsNotBlank())
{
ModelState.AddModelError("Login", "Sorry, your user name doesn't have permission to access that area.");
}
// get the remembered values
var s = new Beweb.Security();
s.GetRemembered();
data.Username = s.RememberedUser;
data.ForgottenPasswordEmailAddress = s.RememberedUser;
data.RememberPwd = s.IsRemembered;
data.PCode = s.RememberedPassword; // if cookied this will be an encrypted version
if (s.IsRemembered && AutologinSkipLoginScreen && ModelState.Count == 0)
{
if (Request["logout"] == "1")
{
// user has just chosen to log out, so they will want to log in with a different user or at least not auto-login again
Security.ClearSecurityCookies();
data.Username = "";
data.PCode = "";
data.RememberPwd = false;
Web.InfoMessage = "Your login details have been removed from this computer.";
}
else
{
return(LoginSubmit(data.Username, data.PCode, true));
}
}
else if (EnableSavvySingleSignOn && ModelState.Count == 0 && s.CheckSavvySingleSignOn())
{
// single sign in Savvy Classic ASP to Savvy MVC .Net
return(LoginSubmit(s.RememberedUser, s.RememberedPassword, true));
}
return(ReturnLoginView(data));
}