//admin signIn
public static string SignIn(AdminSignIn loginDetails)
{
try
{
string hashpassword = HashPassword.ComputeSha256Hash(loginDetails.AdminToken);
string qry = string.Format("SELECT 1 FROM Admin where AdminEmail='{0}' and AdminToken='{1}'", loginDetails.AdminEmail, hashpassword);
//SqlConnection con = new SqlConnection(@"Data Source=ALEX-OVO-NATHAN\SQLSERVER2017DEV;Initial Catalog=Bank__DB;Integrated Security=True");
SqlCommand cmd = new SqlCommand(qry, con);
con.Open();
SqlDataReader reader = cmd.ExecuteReader();
if (reader.Read())
{
con.Close();
return("LOGIN SUCCESSFULLY");
}
else
{
con.Close();
return("INVALID EMAIL OR PASSWORD");
}
}
catch (Exception ex)
{
return($"Check login details =>: \n{ex.Message}");
}
}
public IActionResult Index(AdminSignIn obj)
{
DatabaseConnector db = new DatabaseConnector();
if (ModelState.IsValid)
{
if (db.isAdmin(obj))
{
DatabaseConnector.signeduser.id = 786;
return(View("HomePage", db.getAllUsers()));
}
else
{
ModelState.AddModelError("username", "May be Username is Invalid");
ModelState.AddModelError("password", "May be Password is Invalid");
return(View());
}
}
else
{
return(View());
}
}
public string Post([FromBody] AdminSignIn logindetails)
{
return(AdminDBConnection.SignIn(logindetails));
}
public ActionResult AdminSignIn(AdminSignIn adminsignin)
{
Session["CustomerID"] = null;
if (ModelState.IsValid == false)
{
return(View());
}
// this is not a good practice for passwords but this is a demo site!
// use identity provider or best practices method currently known.
var validate = false;
var admin = "";
var pw = "";
Security.crya(out admin, out pw);
if (adminsignin.AdminId == admin && adminsignin.Password == pw)
{
validate = true;
}
var SignedIn = Session["adminSignedIn"];
if (SignedIn != null)
{
ViewBag.Message = "(you are still signed in - please select an action.)";
validate = true;
}
if (!validate)
{
ViewBag.Message = "Invalid adm user id or password";
return(View());
}
// retain if admin returns to sign in screen keep signed in.
Session["adminSignedIn"] = "SignedIn";
var Action = adminsignin.Action;
if (Action == "Customer Search")
{
return(RedirectToAction("CustomerSearch"));
}
if (Action == "Policy Search")
{
return(RedirectToAction("PolicySearch"));
}
if (Action == "Policy Add")
{
return(RedirectToAction("AddPolicy"));
}
if (Action == "Reset Password")
{
return(RedirectToAction("ResetPassword"));
}
return(View());
}
