public ActionResult ChangePassword(
[Bind(Include = "OldPassword,Password,ConfirmPassword")]
NewPassword NewPasswordRequest)
{
if (!NewPasswordRequest.IsMatched())
{
Session["error"] = "New passwords aren't matched!";
return(RedirectToAction("Index"));
}
var LoggedUser = Session["LoggedUser"] as User;
var LoggedUserInDB = DB.Users.SingleOrDefault(u => u.Email == LoggedUser.Email);
if (LoggedUser != null)
{
var oldHasedPassword = ComputeSha256Hash(NewPasswordRequest.OldPassword);
var newHashedPassword = ComputeSha256Hash(NewPasswordRequest.Password);
// if old password is same as in db
if (LoggedUserInDB.Password.ToLower() == oldHasedPassword.ToLower())
{
LoggedUserInDB.Password = newHashedPassword;
DB.SaveChanges();
Session["success"] = "Password has been changed";
}
else
{
Session["error"] = "Old passwords doesnt match!";
}
}
return(RedirectToAction("Index"));
}