// Retrieve data from user input
public ActionResult Registration(UserModels user)
{
if (ModelState.IsValid) // Check for valid ModelState
{
try
{
GDbContext db = new GDbContext(); // Establish connection to the database
user.USER_PASSWORD_SALT = GenerateSalt(); // Generate password salt
user.USER_PASSWORD = Hash(Encoding.ASCII.GetBytes(user.USER_PASSWORD),
Encoding.ASCII.GetBytes(user.USER_PASSWORD_SALT)); // Hash password with password salt
db.User.Add(user); // Add user to the datebase
db.SaveChanges(); // Save changes to the database
return(RedirectToAction("Login")); // Redirect to login page
} catch (Exception) // Catch unique constraint violation for email
{
user.USER_PASSWORD = string.Empty; // Clear password
ModelState.AddModelError(string.Empty, "This email is already in use.");
return(View(user));
}
}
else
{
return(View(user));
}
}
// Hotels
// View Hotels in the database
public ActionResult HotelList()
{
List <Hotels> hotels = new List <Hotels>(); // Holds hotels
GDbContext db = new GDbContext(); // Establish connection to database
hotels = db.Hotel.ToList(); // Retrieve hotels from database
return(View(hotels)); // Send hotels in a list view
}
// View users in the database
public ActionResult UserList()
{
List <UserModels> users = new List <UserModels>(); // Holds users
GDbContext db = new GDbContext(); // Establish connection to database
users = db.User.ToList(); // Retrieve users from database
return(View(users)); // Send users in a list view
}
public ActionResult HotelDetails(int id)
{
GDbContext db = new GDbContext(); // Establish connection to database
// Retrieve hotel from database
Hotels hotel = db.Hotel.SingleOrDefault(h => h.HOTEL_ID == id) as Hotels;
if (hotel == null) // Return error if hotel isn't found
{
return(HttpNotFound());
}
return(View(hotel)); // Send hotel in a detail view
}
// Inquite specific user
public ActionResult UserDetails(int id)
{
GDbContext db = new GDbContext(); // Establish connection to database
// Retrieve user from database
UserModels user = db.User.SingleOrDefault(u => u.USER_ID == id) as UserModels;
if (user == null) // Return error if user isn't found
{
return(HttpNotFound());
}
return(View(user)); // Send user in a detail view
}
public ActionResult UserDelete(int id)
{
GDbContext db = new GDbContext(); // Establish connection to database
// Retrieve user from database
UserModels user = db.User.SingleOrDefault(u => u.USER_ID == id) as UserModels;
if (user == null) // Return error if user isn't found
{
return(HttpNotFound());
}
if (ModelState.IsValid) // Check for valid ModelState
{
user.DELETE_STAT = !user.DELETE_STAT; // Soft delete or undelete based on current status
db.SaveChanges(); // Save changes to datebase
return(RedirectToAction("UserList")); // Return updated user list page
}
return(View(user)); // Returns view, should not occur
}
public ActionResult HotelDelete(int id)
{
GDbContext db = new GDbContext(); // Establish connection to database
// Retrieve hotel from database
Hotels hotel = db.Hotel.SingleOrDefault(h => h.HOTEL_ID == id) as Hotels;
if (hotel == null) // Return error if hotel isn't found
{
return(HttpNotFound());
}
if (ModelState.IsValid) // Check for valid ModelState
{
hotel.DELETE_STAT = !hotel.DELETE_STAT; // Soft delete or undelete based on current status
db.SaveChanges(); // Save changes to datebase
return(RedirectToAction("HotelList")); // Return to hotel list
}
return(View(hotel)); // Returns view, should not occur
}
// Retrieve data from user input
public ActionResult Login(UserModels login)
{
if (login.USER_EMAIL == null || login.USER_PASSWORD == null)
{
ModelState.AddModelError(string.Empty, "missing username and/or password");
return(View(login));
}
if (!new EmailAddressAttribute().IsValid(login.USER_EMAIL))
{
ModelState.AddModelError(string.Empty, "invalid e-mail address");
return(View(login));
}
GDbContext db = new GDbContext();
UserModels user = db.User.SingleOrDefault(u => u.USER_EMAIL == login.USER_EMAIL) as UserModels;
if (user == null) // User doesn't exist
{
ModelState.AddModelError(string.Empty, "User/password combination does not exist.");
login.USER_PASSWORD = string.Empty; // Clear password
return(View(login));
}
if (user != null) // If user exists
{
login.USER_PASSWORD = Hash(Encoding.ASCII.GetBytes(login.USER_PASSWORD),
Encoding.ASCII.GetBytes(user.USER_PASSWORD_SALT)); // Hash user input for password comparison
}
// Compare user input to users in the database
if (login.USER_EMAIL.Equals(user.USER_EMAIL) && // Matching user email and password
login.USER_PASSWORD.Equals(user.USER_PASSWORD)) // was found in the database
{
if (user.DELETE_STAT == true)
{
ModelState.AddModelError(string.Empty, "This account has been disabled.");
login.USER_PASSWORD = string.Empty; // Clear password
return(View(login));
}
if (user.ADMIN_CONTROLS == true) // Admin role
{
string roles = "Admin"; // Administrator
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
2, // Version
login.USER_EMAIL, // User email
DateTime.Now, // Time issued
DateTime.Now.AddMinutes(120), // Expire time
false, // Do not remember cookie
roles, // Role(s)
"/"); // Cookie path
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(authTicket)); // Set cookie
Response.Cookies.Add(cookie); // Add cookie
return(Redirect("/Admin/")); // Redirect to admin page
}
else // User role
{
string roles = "User"; // User
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
2, // Version
login.USER_EMAIL, // User email
DateTime.Now, // Time issued
DateTime.Now.AddMinutes(120), // Expire time
false, // Do not remember cookie
roles, // Role(s)
"/"); // Cookie path
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(authTicket)); // Set cookie
Response.Cookies.Add(cookie); // Add cookie
}
return(Redirect("/"));
}
else
{
ModelState.AddModelError(string.Empty, "User/password combination does not exist.");
login.USER_PASSWORD = string.Empty; // Clear password
return(View(login));
}
}
