public ActionResult Create(LOGIN newuser)
{
if (Request.IsAuthenticated)
{
using (trackerEntities db = new trackerEntities())
{
PasswordHash pass = new PasswordHash();
pass.Salt = pass.GenerateSalt();
newuser.userID = (int)TempData["u2"];
newuser.password = (string)TempData["pass"];
newuser.password = pass.GetHash(newuser.password, pass.Salt);
newuser.password_salt = Convert.ToBase64String(pass.Salt);
//int hash = newuser.password.GetHashCode();
//newuser.password_salt = hash; //password salt needs to be int ??
USER User = (USER)TempData["userModel"];
db.USERs.Add(User);
//db.SaveChanges();
if (User.user_type != "Volunteer")
{
PAID_STAFF pAID_STAFF = (PAID_STAFF)TempData["paidStaffModel"];
db.PAID_STAFF.Add(pAID_STAFF);
//db.SaveChanges();
}
db.LOGINs.Add(newuser);
db.SaveChanges();
}
ModelState.Clear();
ViewBag.SuccessMessage = "Registration Success!";
return(RedirectToAction("Index", "Home"));
}
else
{
return(RedirectToAction("Index", "Home"));
}
//return View("Create", new LOGIN());
}
public ActionResult Authorize(bgce_timetracker.Models.LOGIN userModel, String answer)
{
using (trackerEntities db = new trackerEntities())
{
var userDetails = db.LOGINs.Where(x => x.username == userModel.username).ToList();
byte[] ss;
string hashword;
//Encoding enc = Encoding.UTF8;
PasswordHash pass = new PasswordHash();
if (userDetails == null)
{
userModel.LoginErrorMessage = "Wrong Username";
return(View("Authorize", userModel));
}
else
{
foreach (var item in userDetails)
{
string userSaltString = item.password_salt;
ss = Convert.FromBase64String(userSaltString);
//check the getbytes method used in the creation and login parts. make it consistant **PasswordHash.cs
//pass.GetHash(item.password, ss);
String password = userModel.password;
if (password == null)
{
return(View("Authorize", userModel));
}
if (item.password == pass.GetHash(userModel.password, ss))
{
if (answer.Equals("Log in"))
{
Session["userID"] = item.userID;
var timeSheet = db.TIME_SHEET.Where(x => x.active == true && x.employee == item.userID)
.Select(x => x.timesheetID)
.FirstOrDefault();
TempData["activeTimesheetID"] = timeSheet;
var claims = new List <Claim>();
claims.Add(new Claim(ClaimTypes.Name, item.username));
var identity = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie);
HttpContext.GetOwinContext().Authentication.SignIn(identity);
return(RedirectToAction("Index", "Home"));
}
else if (answer.Equals("Punch in/out"))
{
Session["UserID"] = item.userID;
TempData["isFoodService"] = "False";
return(RedirectToAction("punch", "TimeSheetEntry", userModel));
}
else
{
Session["UserID"] = item.userID;
TempData["isFoodService"] = "True";
return(RedirectToAction("punch", "TimeSheetEntry", userModel));
}
}
}
}
userModel.LoginErrorMessage = "Wrong Username or password";
return(View("Authorize", userModel));
}
}
