public ActionResult Login(User user, string returnUrl)
{
// Lets first check if the Model is valid or not
//if (ModelState.IsValid)
//{
using (UserM userM = new UserM())
{
// Now if our password was enctypted or hashed we would have done the
// same operation on the user entered password here, But for now
// since the password is in plain text lets just authenticate directly
bool userValid = userM.Any(user);
// User found in the database
if (userValid)
{
FormsAuthentication.SetAuthCookie(user.FullName, false);
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") &&
!returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return(Redirect(returnUrl));
}
else
{
return(RedirectToAction("Index", "Home"));
}
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
//}
}
// If we got this far, something failed, redisplay form
return(View(user));
}