Exemplo n.º 1
0
        public ActionResult AnswerQuestions(AnswerQuestionsModel model)
        {
            EventLogHandler Logger      = new EventLogHandler();
            ErrorController ErrorFinder = new ErrorController();

            var sessionUser  = Session["Username"] as string;
            var sessionEmail = Session["Email"] as string;

            List <CreateUser> user;

            using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
            {
                user = db.Query <CreateUser>("Select * from dbo.UserTable where Username = @Username AND Email = @Email;",
                                             new { Username = sessionUser, Email = sessionEmail }).ToList();
            }
            ViewBag.Question_1 = user[0].SecurityQuestion1;
            ViewBag.Question_2 = user[0].SecurityQuestion2;
            //Database1Entities5 db = new Database1Entities5();
            //var userDetails = db.CreateUsers.Where(validUser => validUser.Username == sessionUser && validUser.Email == sessionEmail).FirstOrDefault();

            //ViewBag.Question_1 = userDetails.Security_Question1;
            //ViewBag.Question_2 = userDetails.Security_Question2;
            if (model.Answer_1 == user[0].Answer1 && model.Answer_2 == user[0].Answer2)
            {
                using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
                {
                    string sql = $"Update dbo.UserTable set AccountLocked = @AccountLocked where Username = @Username;";
                    db.Execute(sql, new { AccountLocked = false, Username = user[0].Username });
                }
                //user[0].Account_Locked = false;
                //db.SaveChanges();

                Logger.LogAccountRecovered(user[0].ID, user[0].Username);
                //Database1Entities6 db2 = new Database1Entities6();
                //var events = db2.EventLogs.ToList();
                ViewBag.Message = "Account Unlocked Successfully.";
            }
            else
            {
                ViewBag.Error = ErrorFinder.GetErrorMessage(37);
            }

            //if (model.Answer_1 == userDetails.Answer_1 && model.Answer_2 == userDetails.Answer_2) {
            //    userDetails.Account_Locked = false;
            //    db.SaveChanges();

            //    Logger.LogAccountRecovered(userDetails.ID, userDetails.Username);
            //    Database1Entities6 db2 = new Database1Entities6();
            //    var events = db2.EventLogs.ToList();
            //    ViewBag.Message = "Account Unlocked Successfully.";
            //}
            //else
            //{
            //    ViewBag.Error = ErrorFinder.GetErrorMessage(37);
            //}



            return(View());
        }
Exemplo n.º 2
0
        public ActionResult ResetPassword(ResetPasswordModel model)
        {
            EventLogHandler Logger = new EventLogHandler();

            var message = "";

            if (ModelState.IsValid)
            {
                List <CreateUser> validatePasswordCode;

                using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
                {
                    validatePasswordCode = db.Query <CreateUser>($"Select * from dbo.Usertable Where ResetPasswordCode = @ResetCode", new { ResetCode = model.ResetCode }).ToList();
                }

                if (validatePasswordCode.Count > 0)
                {
                    OldPasswordHandler PassHand = new OldPasswordHandler();
                    PassHand.AdjustOldPasswords(validatePasswordCode[0].Password, validatePasswordCode[0].ID);
                    using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
                    {
                        string sql = $"Update dbo.UserTable set Password = @Password, ResetPasswordCode = NULL where Username = @Username";
                        db.Execute(sql, new { Password = model.Password, Username = validatePasswordCode[0].Username });
                        message = "Password updated successfully.";
                        Logger.LogPasswordReset(validatePasswordCode[0].ID, validatePasswordCode[0].Username);
                        ViewBag.Message = message;
                    }
                }
            }


            return(View(model));
            //if (ModelState.IsValid)
            //{
            //    using (Database1Entities5 dc = new Database1Entities5())
            //    {
            //        var user = dc.CreateUsers.Where(a => a.ResetPasswordCode == model.ResetCode).FirstOrDefault();
            //        if (user != null)
            //        {
            //            OldPasswordHandler PassHand = new OldPasswordHandler();
            //            PassHand.AdjustOldPasswords(user.Password, user.ID);

            //            user.Password = model.Password;
            //            user.ResetPasswordCode = "";

            //            dc.SaveChanges();
            //            Logger.LogPasswordReset(user.ID, user.Username);
            //            Database1Entities6 db2 = new Database1Entities6();
            //            var events = db2.EventLogs.ToList();
            //            var message = "Password updated successfully.";
            //            ViewBag.Message = message;
            //        }
            //    }
            //}
            //return View(model);
        }
Exemplo n.º 3
0
        public void ForgotPassword(ForgotPasswordModel ForgotPass, string Email)
        {
            string          Em     = Email;
            EventLogHandler Logger = new EventLogHandler();

            List <CreateUser> validateEmail;

            using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
            {
                validateEmail = db.Query <CreateUser>("Select * from dbo.Usertable Where Email = @Email", new { Email = Em }).ToList();
            }

            if (validateEmail.Count > 0)
            {
                //send email
                string resetCode = Guid.NewGuid().ToString();
                SendEmail(Em, resetCode);
                validateEmail[0].ResetPasswordCode = resetCode;

                using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
                {
                    string sql = "Update dbo.UserTable set ResetPasswordCode = @resetCode where Username = @Username";
                    db.Execute(sql, new { resetCode = resetCode, Username = validateEmail[0].Username });
                }
                Logger.LogForgotPassword(Em);
                System.Diagnostics.Debug.WriteLine("Email was sent");
            }

            else
            {
                System.Diagnostics.Debug.WriteLine("Fail, no email sent");
            }
            //using (Database1Entities5 dc = new Database1Entities5())
            //{
            //    var account = dc.CreateUsers.Where(a => a.Email == Em).FirstOrDefault();

            //    if (account != null)
            //    {
            //        //send email
            //        string resetCode = Guid.NewGuid().ToString();
            //        SendEmail(Em, resetCode);
            //        account.ResetPasswordCode = resetCode;
            //        dc.SaveChanges();

            //        Logger.LogForgotPassword(Em);
            //        Database1Entities6 db2 = new Database1Entities6();
            //        var events = db2.EventLogs.ToList();
            //        System.Diagnostics.Debug.WriteLine("Email was sent");
            //    }
            //    else {
            //        System.Diagnostics.Debug.WriteLine("Fail, no email sent");
            //    }
            //}
        }
Exemplo n.º 4
0
        public ActionResult EditAccount(EditAccountModel model)
        {
            EventLogHandler Logger      = new EventLogHandler();
            var             sessionUser = Session["Username"] as string;

            if (ModelState.IsValid)
            {
                List <ChartOfAcc> accountsList;
                List <string>     AccountDetails    = new List <string>();
                List <string>     NewAccountDetails = new List <string>();
                using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
                {
                    accountsList = db.Query <ChartOfAcc>($"Select * From dbo.ChartOfAccounts Where AccountNumber = @ID", new { ID = model.AccountNumber }).ToList();
                }
                AccountDetails.Add("Name:" + accountsList[0].AccountName);
                AccountDetails.Add("Active: " + accountsList[0].Active);
                AccountDetails.Add("Type: " + accountsList[0].AccountType);
                AccountDetails.Add("Description:" + accountsList[0].AccountDescription);
                string DetailedFrom = String.Join("|^|", AccountDetails);



                using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
                {
                    string sql = "Update dbo.ChartOfAccounts set AccountName = @AccountName, " +
                                 "AccountType = @AccountType, AccountDescription = @AccountDescription," +
                                 "Active = @Active Where AccountNumber = @AccountNumber";


                    db.Execute(sql, new
                    {
                        AccountNumber      = model.AccountNumber,
                        AccountName        = model.AccountName,
                        AccountType        = model.AccountType,
                        AccountDescription = model.AccountDescription,
                        Active             = model.Active
                    });
                }

                NewAccountDetails.Add("Name:" + model.AccountName);
                NewAccountDetails.Add("Active: " + model.Active);
                NewAccountDetails.Add("Type: " + model.AccountType);
                NewAccountDetails.Add("Description:" + model.AccountDescription);
                string DetailedTo = String.Join("|^|", NewAccountDetails);

                TempData["Message"] = "Your entry was successfully updated!";
                Logger.LogAdminEditAccount(sessionUser, model.AccountName, DetailedFrom, DetailedTo);

                return(RedirectToAction("ChartOfAccounts"));
            }

            return(View(model));
        }
Exemplo n.º 5
0
        public ActionResult ChangePassword(ChangePasswordModel model)
        {
            //have to add code to replace password still
            //use old passsword handler
            EventLogHandler Logger = new EventLogHandler();

            List <CreateUser> user;

            using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
            {
                var sessionUser = Session["Username"] as string;

                user = db.Query <CreateUser>("Select * from dbo.UserTable where Username = @Username;", new { Username = sessionUser }).ToList();
            }
            if (user.Count() > 0)
            {
                OldPasswordHandler PassHand = new OldPasswordHandler();
                PassHand.AdjustOldPasswords(model.CurrentPassword, user[0].ID);
                using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
                {
                    string sql = $"Update dbo.UserTable set Password = @Password where Username = @Username;";
                    db.Execute(sql, new { Password = user[0].Password, Username = user[0].Username });
                }
                Logger.LogPasswordChange();
                var message = "Password updated successfully.";
                ViewBag.Message = message;
            }
            // using (Database1Entities5 dc = new Database1Entities5())
            //{
            //    EventLogHandler Logger = new EventLogHandler();
            //    var sessionUser = Session["Username"] as string;

            //    var user = dc.CreateUsers.Where(a => a.Username == sessionUser).FirstOrDefault();
            //    if (user != null)
            //    {
            //        OldPasswordHandler PassHand = new OldPasswordHandler();
            //        PassHand.AdjustOldPasswords(model.CurrentPassword, user.ID);

            //        user.Password = model.NewPassword;
            //        dc.SaveChanges();

            //        Logger.LogPasswordChange();
            //        Database1Entities6 db2 = new Database1Entities6();
            //        var events = db2.EventLogs.ToList();
            //        var message = "Password updated successfully.";
            //        ViewBag.Message = message;
            //    }
            //}

            return(View(model));
        }
Exemplo n.º 6
0
        public ActionResult NewAccount(NewAccountModel model)
        {
            EventLogHandler Logger      = new EventLogHandler();
            var             sessionUser = Session["Username"] as string;

            string Normal = "";

            if (model.AccountType == "Asset" || model.AccountType == "Liability")
            {
                Normal = "Debit";
            }
            else
            {
                Normal = "Credit";
            }

            if (ModelState.IsValid)
            {
                using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
                {
                    string sql = $"Insert into dbo.ChartOfAccounts (AccountNumber, AccountName, " +
                                 "AccountType, NormalSide, OriginalBalance, CurrentBalance, AccountDescription, CreatedBy, Active, DateCreated)" +
                                 "values(@AccountNumber, @AccountName, @AccountType,@NormalSide,@OriginalBalance," +
                                 "@CurrentBalance,@AccountDescription,@CreatedBy,@Active,@Date)";
                    db.Execute(sql, new
                    {
                        AccountNumber      = model.AccountNumber,
                        AccountName        = model.AccountName,
                        AccountType        = model.AccountType,
                        NormalSide         = Normal,
                        OriginalBalance    = model.OriginalBalance,
                        CurrentBalance     = 0,
                        AccountDescription = model.AccountDescription,
                        CreatedBy          = sessionUser,
                        Active             = model.Active,
                        Date = DateTime.Now
                    });
                }


                TempData["Message"] = "A new account was successfully created!";
                Logger.LogAdminCreateAccount(sessionUser, model.AccountName);

                return(RedirectToAction("ChartOfAccounts"));
            }

            return(View("NewAccount", new NewAccountModel()));
        }
Exemplo n.º 7
0
        public ActionResult NewUser(NewUserModel model)
        {
            EventLogHandler Logger = new EventLogHandler();

            CreateUser tbl = new CreateUser();

            tbl.FirstName     = model.FirstName;
            tbl.LastName      = model.LastName;
            tbl.Username      = model.Username;
            tbl.Password      = model.Password;
            tbl.Role          = model.Role;
            tbl.Phone         = model.Phone;
            tbl.Email         = model.Email;
            tbl.Date          = model.Date_Created;
            tbl.Active        = model.Active;
            tbl.Address       = model.Address;
            tbl.City          = model.City;
            tbl.State         = model.State;
            tbl.ZIP_Code      = model.ZIP_Code;
            tbl.AccountLocked = false;
            tbl.LoginAttempts = 10;
            tbl.LoginAmount   = 0;
            tbl.LoginFails    = 0;


            if (ModelState.IsValid)
            {
                using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
                {
                    string sql = $"Insert into dbo.UserTable (FirstName, LastName, " +
                                 "Username, Password, Role, Phone, Email, Date, Active, Address, City, State, ZIP_Code," +
                                 "AccountLocked, LoginAttempts, LoginAmount, LoginFails)" +
                                 "values(@FirstName,@LastName,@Username,@Password,@Role," +
                                 "@Phone,@Email,@Date,@Active,@Address,@City,@State,@ZIP_Code," +
                                 "@AccountLocked, @LoginAttempts, @LoginAmount, @LoginFails)";
                    db.Execute(sql, new
                    {
                        FirstName     = tbl.FirstName,
                        LastName      = tbl.LastName,
                        Username      = tbl.Username,
                        Password      = tbl.Password,
                        Role          = tbl.Role,
                        Phone         = tbl.Phone,
                        Email         = tbl.Email,
                        Date          = tbl.Date,
                        Active        = tbl.Active,
                        Address       = tbl.Address,
                        City          = tbl.City,
                        State         = tbl.State,
                        ZIP_Code      = tbl.ZIP_Code,
                        AccountLocked = tbl.AccountLocked,
                        LoginAttempts = tbl.LoginAttempts,
                        LoginAmount   = tbl.LoginAmount,
                        LoginFails    = tbl.LoginFails
                    });
                }
                TempData["Message"] = "Your entry was successfully added!";
                Logger.LogNewUser(model.Username);

                return(RedirectToAction("AllUsers"));
            }
            return(View("NewUser", new NewUserModel()));
        }
Exemplo n.º 8
0
        public ActionResult EditUser(EditUserModel value)
        {
            EventLogHandler   Logger = new EventLogHandler();
            List <CreateUser> CurrentUser;

            using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
            {
                CurrentUser = db.Query <CreateUser>($"Select * from dbo.Usertable Where ID = @ID", new { ID = value.ID }).ToList();
            }


            string CurrentPassword = CurrentUser[0].Password.ToString();
            int    id = CurrentUser[0].ID;

            var Original = new List <string>();
            var Updated  = new List <string>();

            string OriginalModel = "";
            string UpdatedModel  = "";

            if (CurrentUser[0].DateModified != value.Date_Modified)
            {
                Original.Add("Date Modified: " + CurrentUser[0].DateModified);
                Updated.Add("Date Modified: " + value.Date_Modified);
            }

            if (CurrentUser[0].FirstName != value.FirstName)
            {
                Original.Add("First Name: " + CurrentUser[0].FirstName);
                Updated.Add("First Name: " + value.FirstName);
            }

            if (CurrentUser[0].LastName != value.LastName)
            {
                Original.Add("Last Name: " + CurrentUser[0].LastName);
                Updated.Add("Last Name: " + value.LastName);
            }

            if (CurrentUser[0].Email != value.Email)
            {
                Original.Add("Email: " + CurrentUser[0].Email);
                Updated.Add("Email: " + value.Email);
            }

            if (CurrentUser[0].Role != value.Role)
            {
                Original.Add("Role: " + CurrentUser[0].Role);
                Updated.Add("Role: " + value.Role);
            }

            if (CurrentUser[0].Phone != value.Phone)
            {
                Original.Add("Phone: " + CurrentUser[0].Phone);
                Updated.Add("Phone: " + value.Phone);
            }

            if (CurrentUser[0].Active != value.Active)
            {
                Original.Add("Active: " + CurrentUser[0].Active);
                Updated.Add("Active: " + value.Active);
            }

            if (CurrentUser[0].Address != value.Address)
            {
                Original.Add("Address: " + CurrentUser[0].Address);
                Updated.Add("Address: " + value.Address);
            }

            if (CurrentUser[0].City != value.City)
            {
                Original.Add("City: " + CurrentUser[0].City);
                Updated.Add("City: " + value.City);
            }

            if (CurrentUser[0].State != value.State)
            {
                Original.Add("State: " + CurrentUser[0].State);
                Updated.Add("State: " + value.State);
            }

            if (CurrentUser[0].ZIP_Code != value.ZIP_Code)
            {
                Original.Add("ZIP Code: " + CurrentUser[0].ZIP_Code);
                Updated.Add("ZIP Code: " + value.ZIP_Code);
            }

            OriginalModel = String.Join("|^|", Original);
            UpdatedModel  = String.Join("|^|", Updated);

            if (OriginalModel != "")
            {
                //A change has been done
                Logger.LogEditUser(CurrentUser[0].ID, CurrentUser[0].Username, OriginalModel, UpdatedModel);
            }

            Original.Clear();
            Updated.Clear();

            CurrentUser[0].DateModified = value.Date_Modified;
            CurrentUser[0].FirstName    = value.FirstName;
            CurrentUser[0].LastName     = value.LastName;
            CurrentUser[0].Email        = value.Email;
            CurrentUser[0].Role         = value.Role;
            CurrentUser[0].Phone        = value.Phone;
            CurrentUser[0].Active       = value.Active;
            CurrentUser[0].Address      = value.Address;
            CurrentUser[0].City         = value.City;
            CurrentUser[0].State        = value.State;
            CurrentUser[0].ZIP_Code     = value.ZIP_Code;


            using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
            {
                string sql = "Update dbo.UserTable set FirstName = @FirstName, LastName = @LastName, " +
                             "Username = @Username, Password = @Password, Role = @Role, Phone = @Phone, " +
                             "Email = @Email, DateModified = @Date_Modified, Active = @Active, Address = @Address, " +
                             "City = @City, State = @State, ZIP_Code = @ZIP_Code Where ID = @ID;";

                db.Execute(sql, new
                {
                    FirstName     = CurrentUser[0].FirstName,
                    LastName      = CurrentUser[0].LastName,
                    Username      = CurrentUser[0].Username,
                    Password      = CurrentUser[0].Password,
                    Role          = CurrentUser[0].Role,
                    Phone         = CurrentUser[0].Phone,
                    Email         = CurrentUser[0].Email,
                    Date_Modified = CurrentUser[0].DateModified,
                    Active        = CurrentUser[0].Active,
                    Address       = CurrentUser[0].Address,
                    City          = CurrentUser[0].City,
                    State         = CurrentUser[0].State,
                    ZIP_Code      = CurrentUser[0].ZIP_Code,
                    ID            = CurrentUser[0].ID
                });
            }
            TempData["Message"] = "Your entry was successfully updated!";

            return(RedirectToAction("AllUsers"));
        }
Exemplo n.º 9
0
        public ActionResult Authenticate(LoginModel userLoggingIn)
        {
            EventLogHandler Logger   = new EventLogHandler();
            ErrorController GetErr   = new ErrorController();
            string          inv      = GetErr.GetErrorMessage(19);
            string          denied   = GetErr.GetErrorMessage(21);
            string          locked   = GetErr.GetErrorMessage(30);
            string          attempts = GetErr.GetErrorMessage(31);
            //var db = new Database1Entities5();

            //checks username and password both exists for an account, left for reference
            //var userDetails = db.CreateUsers.Where(validUser => validUser.Username == userLoggingIn.Username && validUser.Password == userLoggingIn.Password).FirstOrDefault();

            //var userDetails = db.CreateUsers.Where(validUser => validUser.Username == userLoggingIn.Username).FirstOrDefault();  //get the account for the typed username
            //List<CreateUser> validateLogin;
            List <UserModel> userDetails;


            using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
            {
                userDetails = db.Query <UserModel>("Select * from dbo.UserTable Where Username = @Username", new { Username = userLoggingIn.Username }).ToList();
            }

            try
            {
                if (userDetails == null)
                {
                    throw new Exception(inv);  //the username does not exist
                }

                else if (userDetails.Count == 0)
                {
                    throw new Exception(inv);
                }

                else if (userDetails[0].Active == false)
                {
                    throw new Exception(denied);
                }

                else if (userDetails[0].AccountLocked == true)
                {
                    throw new Exception(locked);
                }


                if (userLoggingIn.Password != userDetails[0].Password)
                {
                    //usernames exists, but password is wrong

                    if (userDetails[0].LoginAttempts == 1)
                    {
                        //Adjust fails and login attempts for last attempt
                        using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
                        {
                            string sql = "Update dbo.UserTable set LoginFails = @fails, LoginAttempts = @attempts Where Username = @name;";

                            db.Execute(sql, new
                            {
                                fails    = userDetails[0].LoginFails + 1,
                                attempts = userDetails[0].LoginAttempts - 1,
                                name     = userDetails[0].Username
                            });
                        }

                        //Lock account for too many invalid login attempts;
                        bool NewLock = true;

                        using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
                        {
                            string sql = "Update dbo.UserTable set AccountLocked = @Lock Where Username = @name;";

                            db.Execute(sql, new
                            {
                                Lock = NewLock,
                                name = userDetails[0].Username
                            });
                        }

                        Logger.LogAccountLocked(userDetails[0].ID, userDetails[0].Username);
                        throw new Exception(locked);
                    }


                    using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
                    {
                        string sql = "Update dbo.UserTable set LoginFails = @fails, LoginAttempts = @attempts Where Username = @name;";

                        db.Execute(sql, new
                        {
                            fails    = userDetails[0].LoginFails + 1,
                            attempts = userDetails[0].LoginAttempts - 1,
                            name     = userDetails[0].Username
                        });
                    }

                    int AmountRemaining = (int)userDetails[0].LoginAttempts - 1;


                    throw new Exception(attempts + " " + AmountRemaining.ToString());

                    //throw new Exception(attempts + " " + validateLogin[0].Login_Attempts.ToString());
                }


                else if (userDetails[0].SecurityQuestion1 == null)
                {
                    System.Web.HttpContext.Current.Session["FirstNameofUser"] = userDetails[0].FirstName;
                    System.Web.HttpContext.Current.Session["Username"]        = userDetails[0].Username;
                    System.Web.HttpContext.Current.Session["UserRole"]        = userDetails[0].Role;



                    using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
                    {
                        string sql = "Update dbo.UserTable set LoginAmount = @amount Where Username = @name;";

                        db.Execute(sql, new
                        {
                            amount = userDetails[0].LoginAmount + 1,
                            name   = userDetails[0].Username
                        });
                    }


                    return(Redirect("~/Account/SecurityQuestions"));
                }
                else
                {
                    //The account is allowed
                    System.Web.HttpContext.Current.Session["FirstNameofUser"] = userDetails[0].FirstName;
                    System.Web.HttpContext.Current.Session["Username"]        = userDetails[0].Username;
                    System.Web.HttpContext.Current.Session["UserRole"]        = userDetails[0].Role;

                    //UserRole is stored in session ID, helpful link https://code.msdn.microsoft.com/How-to-create-and-access-447ada98


                    int x = 10;

                    using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
                    {
                        string sql = "Update dbo.UserTable set LoginAmount = @amount, LoginAttempts = @attempts, LastLogin = @time Where Username = @name;";

                        db.Execute(sql, new
                        {
                            amount   = userDetails[0].LoginAmount + 1,
                            attempts = x,
                            time     = DateTime.Now,
                            name     = userDetails[0].Username
                        });
                    }

                    Logger.LogUserLogin(userDetails[0].Username);

                    if (userDetails[0].Role == "Admin")
                    {
                        return(Redirect("~/Admin/Dashboard")); //takes user to Admin view
                    }
                    else if (userDetails[0].Role == "Accountant")
                    {
                        return(Redirect("~/Accountant/Dashboard")); //takes user to Accountant view
                    }
                    else if (userDetails[0].Role == "Manager")      //takes user to Manager view
                    {
                        return(Redirect("~/Manager/ManagerIndex"));
                    }
                }
            }



            //try
            //{
            //    if (userDetails == null)
            //    {
            //        throw new Exception(inv);  //the username does not exist
            //    }

            //    else if (userLoggingIn.Password != userDetails.Password)
            //    {
            //        //usernames exists, but password is wrong
            //        if (userDetails.Login_Attempts == 1)
            //        {
            //            userDetails.Account_Locked = true;
            //            db.SaveChanges();

            //            Logger.LogAccountLocked(userDetails.ID, userDetails.Username);
            //            Database1Entities6 db2 = new Database1Entities6();
            //            var events = db2.EventLogs.ToList();
            //            throw new Exception(locked);
            //        }

            //        userDetails.Login_Fails++;
            //        userDetails.Login_Attempts--;
            //        db.SaveChanges();

            //        throw new Exception(attempts + " " + userDetails.Login_Attempts.ToString());
            //    }

            //    else if (userDetails.Active == false)
            //        throw new Exception(denied);
            //    else if (userDetails.Account_Locked == true)
            //        throw new Exception(locked);
            //    else if (userDetails.Security_Question1 == null) {
            //        //Not answered security questions
            //        System.Web.HttpContext.Current.Session["FirstNameofUser"] = userDetails.FirstName;
            //        System.Web.HttpContext.Current.Session["Username"] = userDetails.Username;
            //        System.Web.HttpContext.Current.Session["UserRole"] = userDetails.Role;

            //        userDetails.Login_Amount++;
            //        db.SaveChanges();

            //        System.Diagnostics.Debug.WriteLine("Went to security questions.");
            //        return Redirect("~/Account/SecurityQuestions");
            //    }
            //    else
            //    {
            //        //The account is allowed
            //        System.Web.HttpContext.Current.Session["UserID"] = userDetails.ID;
            //        System.Web.HttpContext.Current.Session["FirstNameofUser"] = userDetails.FirstName;
            //        System.Web.HttpContext.Current.Session["Username"] = userDetails.Username;
            //        System.Web.HttpContext.Current.Session["UserRole"] = userDetails.Role;  //UserRole is stored in session ID, helpful link https://code.msdn.microsoft.com/How-to-create-and-access-447ada98

            //        userDetails.Login_Attempts = 10;
            //        userDetails.Login_Amount++;
            //        db.SaveChanges();

            //        if (userDetails.Role == "Admin")
            //        {
            //            return Redirect("~/Admin/AdminIndex"); //takes user to admin page
            //            //return View("~/Views/Admin/AdminIndex.cshtml"); //takes user to admin page
            //        }
            //        else if (userDetails.Role == "Manager")
            //        {
            //            return Redirect("~/Manager/ManagerIndex");
            //        }
            //        else if (userDetails.Role == "Accountant")
            //        {
            //            return Redirect("~/Accountant/AccountantIndex");  //takes user to accountant page, probably should make this one go to a manager page
            //            //return View("~/Views/Home/Index.cshtml"); //takes user to accountant page, probably should make this one go to a manager page
            //        }
            //    }
            //}
            catch (Exception exception)
            {
                Response.Write("<script language=javascript>alert('" + exception.Message + "'); window.location = 'Login';</script>");
            }

            //return Redirect("~/Admin/AdminIndex");  //just a default page to end up at if neither option above was used, probably should make this an accountant
            return(new EmptyResult());//just a default page to end up at if neither option above was used, probably should make this an accountant
        }