[HttpPost] // TODO - is this password validation location? public IActionResult LogOn(LogOnViewModel logOnViewModel) { if (ModelState.IsValid) { string email = logOnViewModel.Email; string password = logOnViewModel.Password; // TODO - if (chkUser == null) {} .... //var getUser = (from s in context.ObjRegisterUser where s.UserName == userName || s.EmailId == userName select s).FirstOrDefault(); (((( Just an example for ideas that I copied)) var getUser = (from s in context.Users where s.Email == email || s.PasswordHash == email select s).FirstOrDefault(); if (getUser != null) { var hashCode = getUser.HashCode; //Password Hasing Process Call Helper Class Method var encodingPasswordString = HashHelp.EncodePassword(password, hashCode); //Check Login Detail User Name Or Password var query = (from s in context.Users where (s.Email == email || s.PasswordHash == email) && s.PasswordHash.Equals(encodingPasswordString) select s).FirstOrDefault(); if (query != null) { string screenName = getUser.ScreenName; HttpContext.Session.Clear(); HttpContext.Session.SetString("_Email", email); // TODO - added as per session guide. HttpContext.Session.SetString("_ScreenName", screenName); return(Redirect("/Welcome")); } ViewBag.ErrorMessage = "Invalid User Name and/or Password "; return(View()); } ViewBag.ErrorMessage = "Invalid User Name and/or Password "; return(View()); } return(View(logOnViewModel)); }
[HttpPost] // TODO - Need Better validation on all entry Fields!!. public IActionResult Register(RegisterUserViewModel registerUserViewModel) { if (ModelState.IsValid) { int errorCount = 0; //Check if "password" and "confirm password" match: if (registerUserViewModel.Password != registerUserViewModel.ConfirmPassword) { errorCount++; ViewBag.PasswordMatchError = "Passwords do not match"; } // Check if Email is already used in DB. IList <User> usersMatchingEmail = context.Users .Where(u => u.Email == registerUserViewModel.Email) .ToList(); if (usersMatchingEmail.Count > 0) { ViewBag.EmailInUse = "Email is already in use."; errorCount++; } // Check if Screen Name is already used in DB. IList <User> usersMatchingScreenName = context.Users .Where(u => u.ScreenName == registerUserViewModel.ScreenName) .ToList(); if (usersMatchingScreenName.Count > 0) { ViewBag.ScreenNameInUse = "Screen Name is already in use."; errorCount++; } //// stackoverflow.com/questions/5342375/regex-email-validation try { MailAddress m = new MailAddress(registerUserViewModel.Email); } catch (FormatException) { ViewBag.EmailError = "Invalid Email address."; errorCount++; //return View(registerUserViewModel); } //// if (registerUserViewModel.PhoneNumber != null) { ////www.safaribooksonline.com/library/view/regular-expressions-cookbook/9781449327453/ch04s02.html Regex phoneRegex = new Regex(@"^\(?([0-9]{3})\)?[-. ]?([0-9]{3})[-. ]?([0-9]{4})$"); if (phoneRegex.IsMatch(registerUserViewModel.PhoneNumber)) { formattedPhoneNumber = phoneRegex.Replace(registerUserViewModel.PhoneNumber, "($1) $2-$3"); } else { // TODO - Invalid phone number ViewBag.error errorCount++; ViewBag.PhoneNumberError = "Invalid Phone Number"; //return View(registerUserViewModel); } //// } if (errorCount > 0) { return(View(registerUserViewModel)); } var newSalt = HashHelp.GeneratePassword(10); var passwordHash = HashHelp.EncodePassword(registerUserViewModel.Password, newSalt); User newUser = new User { ScreenName = registerUserViewModel.ScreenName, Email = registerUserViewModel.Email, PasswordHash = passwordHash, HashCode = newSalt, CreationTime = DateTime.Now, ModificationTime = DateTime.Now, PhoneNumber = formattedPhoneNumber };// TODO - Why would I need to "Clear a ModelState"? context.Users.Add(newUser); context.SaveChanges(); HttpContext.Session.Clear(); HttpContext.Session.SetString("_Email", registerUserViewModel.Email); // TODO - added as per session guide. HttpContext.Session.SetString("_ScreenName", registerUserViewModel.ScreenName); return(Redirect("/User")); } return(View(registerUserViewModel)); }