public ActionResult Login(UserLogin model) { if (ModelState.IsValid) { // Successful root user if (model.Username.ToLower() == "root" && Properties.Settings.Default.root == model.Password) { return(CreateAuthToken("root", true, false)); } else { SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["database"].ToString()); ChildwatchAuthentication auth = ChildwatchAuthentication.Authenticate(model.Username, model.Password, connection); switch (auth.Authentication) { case AuthContext.Admin: case AuthContext.User: return(CreateAuthToken(auth.User, auth.Authentication == AuthContext.Admin, false)); default: TempData["Message"] = new ResponseMessage() { Error = true, Message = "Failed to authenticate username and password." }; break; } } } return(View(new UserLogin(model.Username, null))); }
public ActionResult Unlock(ChangePassword model) { if (ModelState.IsValid) { string connectString = ConfigurationManager.ConnectionStrings["database"].ToString(); SqlConnection connection = new SqlConnection(connectString); HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName]; FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.Value); bool success = false; if (ticket.Name == "root") { if (model.AdminPassword == Properties.Settings.Default.root) { success = true; } } else { var auth = ChildwatchAuthentication.Authenticate(ticket.Name, model.AdminPassword, connection); if (auth.Authentication == AuthContext.Admin) { using (connection = new SqlConnection(connectString)) { try { connection.Open(); using (SqlCommand command = new SqlCommand("p_employee_update_login", connection)) { command.CommandType = System.Data.CommandType.StoredProcedure; command.Parameters.AddRange(new SqlParameter[] { new SqlParameter("password", model.Password), new SqlParameter("id", model.EmployeeID) }); success = command.ExecuteNonQuery() > 0; } } catch { success = false; } finally { if (connection.State == System.Data.ConnectionState.Open) { connection.Close(); } } } } } if (success) { TempData["Message"] = new ResponseMessage() { Error = false, Message = "Password successfully changed." }; return(View(new ChangePassword())); } else { TempData["Message"] = new ResponseMessage() { Error = true, Message = "Unable to change password." }; return(View(model)); } } return(View(model)); }