/// <summary> /// Method to validate JournalUser username and password /// </summary> /// <param name="username">username to validate</param> /// <param name="password">password to validate</param> /// <returns>true if valid</returns> private bool isValid(string username, string password) { bool isValid = false; //get JournalUser if equals to db content var user = db.Users.FirstOrDefault(u => u.Email == username); //if the user dont exist return false if (user == null) { ModelState.AddModelError("", "Username and/or password is wrong!"); return isValid; } //if the account is confirmed and password is correct if (user.AccountConfirmed == 1) { if (user != null && PasswordHasher.validatePassword(user.UserId, password, user.Password)) { //set global user to user without storing password this.user = db.Users.FirstOrDefault(u => u.Email == username); this.user.Password = null; this.user.Salts = null; //set state as valid isValid = true; } else { //Shows state that username/password is worng ModelState.AddModelError("", "Username and/or password is wrong!"); } } else { //sending a mail MailFunction mail = new MailFunction(); var callbackUrl = Url.Action("ConfirmAccount", "Home", new { userId = user.UserId }, protocol: Request.Url.Scheme); mail.sendEmail(user.Email, callbackUrl); //shows state that account is not confirmed ModelState.AddModelError("", "Account is not confirmed - a new email has been sent"); } return isValid; }
public ActionResult Register(RegisterValidateVM vm) { JournalUser journalUser = new JournalUser { RoleId = 2,//register a user FirstName = vm.Forename.ToLower(), LastName = vm.Surname.ToLower(), Email = vm.Email.ToLower() }; var existing = from u in db.Users where u.Email == vm.Email select u; if (existing.Any()) { ModelState.AddModelError("", "That email address is allready in use"); TempData["failed"] = "failed"; return View(); } //adds a user to the bd and saves db.Users.Add(journalUser); db.SaveChanges(); var user = db.Users.Single(c => c.Email == vm.Email.ToLower()); // Hashes the password and set it in the user. user.Password = PasswordHasher.createHash(user.UserId, vm.Password); db.SaveChanges(); //sending a mail MailFunction mail = new MailFunction(); var callbackUrl = Url.Action("ConfirmAccount", "Home", new { userId = user.UserId }, protocol: Request.Url.Scheme); mail.sendEmail(user.Email, callbackUrl); ModelState.Clear(); return View(); }