public ActionResult LoginRequest(LoginDataModel user)
{
if (ModelState.IsValid)
{
using (DatabaseQuery query = new DatabaseQuery())
{
PBKDF2Password password = query.GetPassword(user);
//vraag het password van een gebruiker
if (password != null)
{ //als het password niet leeg is match het password met de Database
PasswordMatcher matcher = new PasswordMatcher(password, user.Password, false); //False kijkt of het interne wachtwoord gedisposed moet worden als hij gematched is.
if (matcher.IsMatch) //Als een match is
{
try
{//Probeer een Sessie te maken
Session session = (Session)this.Session["__MySessionObject"];
using (DatabaseQuery userQuery = new DatabaseQuery())
{
session.User = userQuery.GetUser(user); //Klant krijgt een sessie
session.LoggedIn = true;
this.Session["__MySessionObject"] = session;
List<Order> orders = userQuery.GetOrdersByUser(session.User);
foreach(Order order in orders)
{
if (order.Status == OrderStatus.TOBEPAID)
{
double days = (DateTime.Now - order.DTime).TotalDays;
if (days > 14)
{
order.Status = OrderStatus.EXPIRED;
userQuery.UpdateOrderStatus(order);
}
}
}
}
if (((Session)this.Session["__MySessionObject"]).User.Role == UserRole.MANAGER)
{
return RedirectToAction("manage"); //Ga naar manager pagina
}
else if (((Session)this.Session["__MySessionObject"]).User.Role == UserRole.ADMIN)
{
return RedirectToAction("admin"); //Ga naar manager pagina
}
else if(((Session)this.Session["__MySessionObject"]).ShoppingBag.OrderLines.Count > 0)
{
return RedirectToAction("Shoppingbag");
}
return RedirectToAction("Index"); //Ga terug naar de index
}
catch(Exception e)
{
TempData["ErrorMessage"] = "Er is iets fout gegaan met het inloggen: " + e;
}
}
}
TempData["ErrorMessage"] = "Gebruikersnaam en wachtwoord combinatie zijn onbekend";
return RedirectToAction("login", user); //redirect to faillure
}
}
else
{
TempData["ErrorMessage"] = "Gebruikersnaam en/of wachtwoord combinatie is fout";
return RedirectToAction("Login", "Home", user);
}
}
internal User GetUser(LoginDataModel GetUser)
{
//Haal een user op uit de database
using (NpgsqlCommand cmd = new NpgsqlCommand())
{
cmd.Connection = _connection;
if (_transaction != null)
{
cmd.Transaction = _transaction; //maak een transactie als hij er niet is
}
cmd.CommandText = "SELECT * FROM \"user\" WHERE \"username\" = @username";
cmd.Parameters.AddWithValue("username", GetUser.Username);
NpgsqlDataReader reader = cmd.ExecuteReader();
if (reader.Read()) //lees een user
{
User user = new User();
user.Id = (ulong)reader.GetInt32(reader.GetOrdinal("id"));
user.FirstName = reader.GetString(reader.GetOrdinal("first_name"));
user.LastName = reader.GetString(reader.GetOrdinal("last_name"));
user.Username = reader.GetString(reader.GetOrdinal("username"));
user.Email = reader.GetString(reader.GetOrdinal("email_address"));
user.DateOfBirth = reader.GetDateTime(reader.GetOrdinal("date_of_birth"));
user.Role = (UserRole)Enum.ToObject(typeof(UserRole), reader.GetInt32(reader.GetOrdinal("role")));
reader.Close();
user.Address = GetAddress((ulong)reader.GetInt32(reader.GetOrdinal("id")));
return user;
}
reader.Close();
return null;
}
}
internal bool setUserAddress(User user)
{
using (NpgsqlCommand cmd = new NpgsqlCommand())
{
cmd.Connection = _connection;
_transaction = cmd.Connection.BeginTransaction();
cmd.CommandText = "INSERT INTO user_address (user_id, postalcode, number, suffix, type) "
+ "VALUES(@user_id, @postalcode, @number, @suffix, @type);";
LoginDataModel ldm = new LoginDataModel() { Username = user.Username, Password = user.Password };
cmd.Parameters.AddWithValue("user_id", (long)GetUser(ldm).Id);
cmd.Parameters.AddWithValue("postalcode", user.Address.PostalCode);
cmd.Parameters.AddWithValue("number", user.Address.HouseNumber);
cmd.Parameters.AddWithValue("suffix", user.Address.Suffix);
cmd.Parameters.AddWithValue("type", (int)user.Address.Type);
//Parameters
bool success = parseNonqueryResult(cmd.ExecuteNonQuery());
if (success)
{
_transaction.Commit();
_transaction.Dispose();
return success; //Commit als het sucessvol is
}
_transaction.Rollback();
_transaction.Dispose();
return success; //Rollback en dispose als het niet lukt
}
}
internal PBKDF2Password GetPassword(LoginDataModel customer)
{
//Haal een password van een User op
//The internal keyword is an access modifier for types and type members. Internal types or members are accessible only within files in the same assembly,
using (NpgsqlCommand cmd = new NpgsqlCommand())
{
cmd.Connection = _connection;
cmd.CommandText = "SELECT password_hash, password_salt, password_iterations FROM \"user\" WHERE username = @username;";
cmd.Parameters.AddWithValue("username", customer.Username.Trim());
NpgsqlDataReader reader = cmd.ExecuteReader(); //Valideer het wachtwoord , Salt en Iteraties
if (reader.Read())
{
byte[] hash = (byte[])reader[reader.GetOrdinal("password_hash")];
byte[] salt = (byte[])reader[reader.GetOrdinal("password_salt")];
int iterations = reader.GetInt32(reader.GetOrdinal("password_iterations"));
return new PBKDF2Password(hash, salt, iterations);
}
else
{
reader.Close();
return null;
}
}
}
