public ActionResult HandleAffiliateLogin(string email, string password, string background, string color) { var now = Current.Now; if (!Models.User.IsValidEmail(ref email)) { // Standard recoverable error stuff doesn't work here, so do it manually ViewData["error_message"] = "Invalid email address"; ViewData["email"] = email; ViewData["affId"] = CurrentAffiliate.Id; return(LoginIFrame(null, background, color)); } var cookie = System.Web.HttpContext.Current.CookieSentOrReceived(Current.AnonymousCookieName); var user = Models.User.FindUserByEmail(email); if (user == null) { // Standard recoverable error stuff doesn't work here, so do it manually ViewData["error_message"] = "No account with this email found"; ViewData["email"] = email; ViewData["affId"] = CurrentAffiliate.Id; IPBanner.BadLoginAttempt(user, Current.RemoteIP); return(LoginIFrame(null, background, color)); } if (!user.PasswordMatch(password)) { // Standard recoverable error stuff doesn't work here, so do it manually ViewData["error_message"] = "Incorrect password"; ViewData["email"] = email; ViewData["affId"] = CurrentAffiliate.Id; IPBanner.BadLoginAttempt(user, Current.RemoteIP); return(LoginIFrame(null, background, color)); } var callback = Current.GetFromCache <string>(CallbackKey(cookie)); Current.RemoveFromCache(CallbackKey(cookie)); user.Login(now); if (callback == null) { return(IrrecoverableError("No Callback Found", "We were unable to find a callback to finish the authentication session.")); } return(AffiliateRedirect(AddIdentifier(callback, Current.LoggedInUser.GetClaimedIdentifier()))); }
public ActionResult DoLogin(string email, string password, string session) { var now = Current.Now; if (!Models.User.IsValidEmail(ref email)) { return(RecoverableError("Invalid email address", new { email, session })); } var user = Models.User.FindUserByEmail(email); if (user == null) { IPBanner.BadLoginAttempt(user, Current.RemoteIP); return(RecoverableError("No account with this email found", new { email, session })); } if (!user.PasswordMatch(password)) { IPBanner.BadLoginAttempt(user, Current.RemoteIP); return(RecoverableError("Incorrect password", new { email, session })); } user.Login(now); if (session.HasValue()) { return (SafeRedirect( (Func <string, string, ActionResult>)(new OpenIdController()).ResumeAfterLogin, new { session } )); } return (SafeRedirect( (Func <ActionResult>)(new UserController()).ViewUser )); }