public ActionResult Authenticate(LoginModel userLoggingIn)
{
EventLogHandler Logger = new EventLogHandler();
ErrorController GetErr = new ErrorController();
string inv = GetErr.GetErrorMessage(19);
string denied = GetErr.GetErrorMessage(21);
string locked = GetErr.GetErrorMessage(30);
string attempts = GetErr.GetErrorMessage(31);
//var db = new Database1Entities5();
//checks username and password both exists for an account, left for reference
//var userDetails = db.CreateUsers.Where(validUser => validUser.Username == userLoggingIn.Username && validUser.Password == userLoggingIn.Password).FirstOrDefault();
//var userDetails = db.CreateUsers.Where(validUser => validUser.Username == userLoggingIn.Username).FirstOrDefault(); //get the account for the typed username
//List<CreateUser> validateLogin;
List <UserModel> userDetails;
using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
{
userDetails = db.Query <UserModel>("Select * from dbo.UserTable Where Username = @Username", new { Username = userLoggingIn.Username }).ToList();
}
try
{
if (userDetails == null)
{
throw new Exception(inv); //the username does not exist
}
else if (userDetails.Count == 0)
{
throw new Exception(inv);
}
else if (userDetails[0].Active == false)
{
throw new Exception(denied);
}
else if (userDetails[0].AccountLocked == true)
{
throw new Exception(locked);
}
if (userLoggingIn.Password != userDetails[0].Password)
{
//usernames exists, but password is wrong
if (userDetails[0].LoginAttempts == 1)
{
//Adjust fails and login attempts for last attempt
using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
{
string sql = "Update dbo.UserTable set LoginFails = @fails, LoginAttempts = @attempts Where Username = @name;";
db.Execute(sql, new
{
fails = userDetails[0].LoginFails + 1,
attempts = userDetails[0].LoginAttempts - 1,
name = userDetails[0].Username
});
}
//Lock account for too many invalid login attempts;
bool NewLock = true;
using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
{
string sql = "Update dbo.UserTable set AccountLocked = @Lock Where Username = @name;";
db.Execute(sql, new
{
Lock = NewLock,
name = userDetails[0].Username
});
}
Logger.LogAccountLocked(userDetails[0].ID, userDetails[0].Username);
throw new Exception(locked);
}
using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
{
string sql = "Update dbo.UserTable set LoginFails = @fails, LoginAttempts = @attempts Where Username = @name;";
db.Execute(sql, new
{
fails = userDetails[0].LoginFails + 1,
attempts = userDetails[0].LoginAttempts - 1,
name = userDetails[0].Username
});
}
int AmountRemaining = (int)userDetails[0].LoginAttempts - 1;
throw new Exception(attempts + " " + AmountRemaining.ToString());
//throw new Exception(attempts + " " + validateLogin[0].Login_Attempts.ToString());
}
else if (userDetails[0].SecurityQuestion1 == null)
{
System.Web.HttpContext.Current.Session["FirstNameofUser"] = userDetails[0].FirstName;
System.Web.HttpContext.Current.Session["Username"] = userDetails[0].Username;
System.Web.HttpContext.Current.Session["UserRole"] = userDetails[0].Role;
using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
{
string sql = "Update dbo.UserTable set LoginAmount = @amount Where Username = @name;";
db.Execute(sql, new
{
amount = userDetails[0].LoginAmount + 1,
name = userDetails[0].Username
});
}
return(Redirect("~/Account/SecurityQuestions"));
}
else
{
//The account is allowed
System.Web.HttpContext.Current.Session["FirstNameofUser"] = userDetails[0].FirstName;
System.Web.HttpContext.Current.Session["Username"] = userDetails[0].Username;
System.Web.HttpContext.Current.Session["UserRole"] = userDetails[0].Role;
//UserRole is stored in session ID, helpful link https://code.msdn.microsoft.com/How-to-create-and-access-447ada98
int x = 10;
using (IDbConnection db = new SqlConnection(SqlAccess.GetConnectionString()))
{
string sql = "Update dbo.UserTable set LoginAmount = @amount, LoginAttempts = @attempts, LastLogin = @time Where Username = @name;";
db.Execute(sql, new
{
amount = userDetails[0].LoginAmount + 1,
attempts = x,
time = DateTime.Now,
name = userDetails[0].Username
});
}
Logger.LogUserLogin(userDetails[0].Username);
if (userDetails[0].Role == "Admin")
{
return(Redirect("~/Admin/Dashboard")); //takes user to Admin view
}
else if (userDetails[0].Role == "Accountant")
{
return(Redirect("~/Accountant/Dashboard")); //takes user to Accountant view
}
else if (userDetails[0].Role == "Manager") //takes user to Manager view
{
return(Redirect("~/Manager/ManagerIndex"));
}
}
}
//try
//{
// if (userDetails == null)
// {
// throw new Exception(inv); //the username does not exist
// }
// else if (userLoggingIn.Password != userDetails.Password)
// {
// //usernames exists, but password is wrong
// if (userDetails.Login_Attempts == 1)
// {
// userDetails.Account_Locked = true;
// db.SaveChanges();
// Logger.LogAccountLocked(userDetails.ID, userDetails.Username);
// Database1Entities6 db2 = new Database1Entities6();
// var events = db2.EventLogs.ToList();
// throw new Exception(locked);
// }
// userDetails.Login_Fails++;
// userDetails.Login_Attempts--;
// db.SaveChanges();
// throw new Exception(attempts + " " + userDetails.Login_Attempts.ToString());
// }
// else if (userDetails.Active == false)
// throw new Exception(denied);
// else if (userDetails.Account_Locked == true)
// throw new Exception(locked);
// else if (userDetails.Security_Question1 == null) {
// //Not answered security questions
// System.Web.HttpContext.Current.Session["FirstNameofUser"] = userDetails.FirstName;
// System.Web.HttpContext.Current.Session["Username"] = userDetails.Username;
// System.Web.HttpContext.Current.Session["UserRole"] = userDetails.Role;
// userDetails.Login_Amount++;
// db.SaveChanges();
// System.Diagnostics.Debug.WriteLine("Went to security questions.");
// return Redirect("~/Account/SecurityQuestions");
// }
// else
// {
// //The account is allowed
// System.Web.HttpContext.Current.Session["UserID"] = userDetails.ID;
// System.Web.HttpContext.Current.Session["FirstNameofUser"] = userDetails.FirstName;
// System.Web.HttpContext.Current.Session["Username"] = userDetails.Username;
// System.Web.HttpContext.Current.Session["UserRole"] = userDetails.Role; //UserRole is stored in session ID, helpful link https://code.msdn.microsoft.com/How-to-create-and-access-447ada98
// userDetails.Login_Attempts = 10;
// userDetails.Login_Amount++;
// db.SaveChanges();
// if (userDetails.Role == "Admin")
// {
// return Redirect("~/Admin/AdminIndex"); //takes user to admin page
// //return View("~/Views/Admin/AdminIndex.cshtml"); //takes user to admin page
// }
// else if (userDetails.Role == "Manager")
// {
// return Redirect("~/Manager/ManagerIndex");
// }
// else if (userDetails.Role == "Accountant")
// {
// return Redirect("~/Accountant/AccountantIndex"); //takes user to accountant page, probably should make this one go to a manager page
// //return View("~/Views/Home/Index.cshtml"); //takes user to accountant page, probably should make this one go to a manager page
// }
// }
//}
catch (Exception exception)
{
Response.Write("<script language=javascript>alert('" + exception.Message + "'); window.location = 'Login';</script>");
}
//return Redirect("~/Admin/AdminIndex"); //just a default page to end up at if neither option above was used, probably should make this an accountant
return(new EmptyResult());//just a default page to end up at if neither option above was used, probably should make this an accountant
}
