public ActionResult Login(User user, string ReturnUrl)
{
// Check that credentials were entered
if (user != null || !string.IsNullOrEmpty(user.Email))
{
// Find the user with the appropriate username, and check hashed password
User login = db.Users.FirstOrDefault(a => a.Email.Equals(user.Email));
string pass = StringManipulator.GenerateHashedPassword(login.Salt, user.Password);
// If a user was found, log them in
if (login != null && login.Password == pass)
{
FormsAuthentication.SetAuthCookie(login.Email.Trim(), false);
// If user was previouly logged in, redirect them to their previous page.
// Otherwise send them to the default page.
if (this.Url.IsLocalUrl(ReturnUrl))
{
EventLogger.LogNewEvent(login.Id, login.OrganizationID, LoggingEventType.UserLogin, "");
return(Redirect(ReturnUrl));
}
else
{
EventLogger.LogNewEvent(login.Id, login.OrganizationID, LoggingEventType.UserLogin, "");
return(RedirectToAction("Time", "TimeCard"));
}
}
}
// A user wasn't found, try again
ViewBag.Error = true;
return(View());
}
public ActionResult SignUp(User user, string inviteCode)
{
if (user != null)
{
if (ModelState.IsValid)
{
// Generate salt and salted/hashed password for db storage
string salt = StringManipulator.GenerateSalt();
string hashedPassword = StringManipulator.GenerateHashedPassword(salt, user.Password);
// Set user properties
user.Password = hashedPassword;
user.Salt = salt;
user.Role = "Standard";
user.Position = "N/A";
user.EmployeeID = user.FirstName[0] + user.LastName[0] + StringManipulator.GenerateIdNumber(8);
user.RegDate = DateTime.Now;
// If an invite code was present, join that org. If not, create a new one
if (string.IsNullOrEmpty(inviteCode))
{
Organization org = new Organization();
// Set Organization properties
org.Label = user.Organization.Label;
org.Registered = DateTime.Now;
org.CodesCount = 1;
org.OrganizationID = org.Label + "#" + StringManipulator.GenerateIdNumber(8);
// Add new org to database
db.Organizations.Add(org);
db.SaveChanges();
// Link the user to the newly created org
user.Organization = org;
user.OrganizationID = org.Id;
}
else
{
// Find the organization relating to the invite code
InviteCode code = db.InviteCodes.FirstOrDefault(i => i.Code == inviteCode);
// If the code is valid,
if (code != null && !code.IsExpired)
{
user.OrganizationID = code.OrganizationID;
code.IsExpired = true;
code.DateExpired = DateTime.Now;
// Commit invite code changes
db.SaveChanges();
}
}
// Commit user changes
db.Users.Add(user);
db.SaveChanges();
// Log the user creation event
EventLogger.LogNewEvent(user.Id, user.OrganizationID, LoggingEventType.UserCreated, "");
}
}
return(View("Login"));
}