예제 #1
0
        public ActionResult CreateAccount(AuthCreateAccountForm form, string returnUrl)
        {
            Debug.WriteLine(string.Format("POST: Auth Controller: Create Account"));

            #region Check if Inputs are Valid
            if (!DB_users.ValidateUsername(form.Username))
            {
                ModelState.AddModelError("Username", "Username is invalid");
            }

            if (!DB_users.ValidateEmail(form.Email))
            {
                ModelState.AddModelError("Email", "Email is invalid");
            }

            //if (!DB_users.ValidatePassword(form.Password))
            //	ModelState.AddModelError("Password", "Password is invalid");

            if (!ModelState.IsValid)
            {
                return(View(form));
            }
            #endregion

            #region Check if Inputs have been Taken
            if (Database.Session.Query <DB_users>().FirstOrDefault(u => u.username == form.Username) != null)
            {
                ModelState.AddModelError("Username", "Username has already been taken");
            }

            //if (Database.Session.Query<DB_users>().FirstOrDefault(u => u.email == form.Email) != null)
            //    ModelState.AddModelError("Email", "Email has already been taken");

            if (!ModelState.IsValid)
            {
                return(View(form));
            }
            #endregion

            #region Create the Account and Login
            DB_users newUser = new DB_users();
            newUser.SetUsername(form.Username);
            newUser.SetEmail(form.Email);
            newUser.SetPassword(form.Password);
            Database.Session.Save(newUser);

            FormsAuthentication.SetAuthCookie(newUser.username, true);
            #endregion

            if (!string.IsNullOrWhiteSpace(returnUrl))
            {
                return(Redirect(returnUrl));
            }

            return(RedirectToRoute("home"));
        }
예제 #2
0
        public ActionResult Login(AuthLoginForm form, string returnUrl)
        {
            Debug.WriteLine(string.Format("POST: Auth Controller: Login"));

            #region Check if Inputs are Valid
            if (!DB_users.ValidateUsername(form.Username))
            {
                ModelState.AddModelError("Username", "Username contains invalid characters");
            }

            if (!ModelState.IsValid)
            {
                return(View(form));
            }
            #endregion

            var user = Database.Session.Query <DB_users>().FirstOrDefault(u => u.username == form.Username);

            // Prevent Timing Attacks
            if (user == null)
            {
                DB_users.FakeHash();
            }

            // Check Password and add Model error if incorrect
            if (user == null || !user.CheckPassword(form.Password))
            {
                ModelState.AddModelError("Username", "Username or Password is incorrect");
            }

            if (!ModelState.IsValid)
            {
                return(View(form));
            }

            FormsAuthentication.SetAuthCookie(user.username, true);

            if (!string.IsNullOrWhiteSpace(returnUrl))
            {
                return(Redirect(returnUrl));
            }

            return(RedirectToRoute("home"));
        }
예제 #3
0
        public ActionResult Save(UserAccountUpdateForm form)
        {
            var user = Auth.User;

            if (!string.IsNullOrWhiteSpace(form.Username) || !string.IsNullOrWhiteSpace(form.Email) || !string.IsNullOrWhiteSpace(form.NewPassword) || !string.IsNullOrWhiteSpace(form.VerifyNewPassword))
            {
                if (user.CheckPassword(form.CurrentPassword))
                {
                    #region New Username
                    if (!user.username.Equals(form.Username))
                    {
                        if (DB_users.ValidateUsername(form.Username))
                        {
                            if (Database.Session.Query <DB_users>().FirstOrDefault(u => u.username == form.Username) != null)
                            {
                                ModelState.AddModelError("Username", "Username has already been taken");
                            }
                            else
                            {
                                user.SetUsername(form.Username);

                                // Reset the Auth Cookie if the user changes their username
                                FormsAuthentication.SignOut();
                                FormsAuthentication.SetAuthCookie(user.username, true);
                            }
                        }
                        else
                        {
                            ModelState.AddModelError("Username", "Username is invalid");
                        }
                    }
                    #endregion

                    #region New Email
                    if (!user.email.Equals(form.Email))
                    {
                        if (DB_users.ValidateEmail(form.Email))
                        {
                            //if (Database.Session.Query<DB_users>().FirstOrDefault(u => u.email == form.Email) != null)
                            //    ModelState.AddModelError("Email", "Email has already been taken");
                            user.SetEmail(form.Email);
                        }
                        else
                        {
                            ModelState.AddModelError("Email", "Email is invalid");
                        }
                    }
                    #endregion

                    #region New Password
                    if (!string.IsNullOrWhiteSpace(form.NewPassword) && !string.IsNullOrWhiteSpace(form.VerifyNewPassword))
                    {
                        if (form.NewPassword.Equals(form.VerifyNewPassword))
                        {
                            user.SetPassword(form.NewPassword);
                        }
                        else
                        {
                            ModelState.AddModelError("NewPassword", "Check that your new password was written the same way both times");
                        }
                    }
                    #endregion
                }
                else
                {
                    ModelState.AddModelError("Password", "You have entered your current password incorrectly");
                }
            }



            // Update the ID, Save the Object and then return
            form.ID = user.id;
            Database.Session.Update(user);

            if (!ModelState.IsValid)
            {
                return(View(form));
            }

            return(RedirectToRoute("home"));
        }