public ActionResult Login(UserLoginInfo entity)
{
string oldHashValue = string.Empty;
string salt = string.Empty;
try
{
using (var db = new PCSEntities())
{
// ensure we have a valid vewModel to work with
if (!ModelState.IsValid)
{
return(View(entity));
}
// retrive stored hash value from database according to username
var userInfo = db.UserLogins.Where(s => s.UserName == entity.UserName.Trim()).FirstOrDefault();
if (userInfo != null)
{
oldHashValue = userInfo.PasswordHash;
salt = userInfo.SecurityStamp;
}
bool isLogin = Helper.CompareMD5HashValue(entity.Password, entity.UserName, salt, oldHashValue);
if (isLogin)
{
// Login success
// check lockoutdate
if (userInfo.LockoutEnabled)
{
if (userInfo.LockoutDateUtc != null && userInfo.LockoutDateUtc < DateTime.UtcNow)
{
// account is expired
throw new Exception("Access Denied! This account is expired");
}
}
var returnToUrllink = false;
if (!string.IsNullOrWhiteSpace(entity.ReturnURL) && Url.IsLocalUrl(entity.ReturnURL))
{
returnToUrllink = true;
}
// For set authentication in Cookie (remember me option)
SignInRemember(entity.UserName, entity.IsRemember);
// set a unique id in session
Session["UserId"] = userInfo.UserLoginId;
Session["UserName"] = userInfo.UserName;
Session["Role"] = userInfo.Role;
switch ((UserRole)userInfo.Role)
{
case UserRole.ADMIN:
//admin
// return RedirectToAction("Index", "Admin");
// to do test
if (!returnToUrllink)
{
return(RedirectToAction("EditAccount", "Admin"));
}
break;
case UserRole.CLIENT:
var recruiter = db.Recruiters.FirstOrDefault(s => s.UserLoginId == userInfo.UserLoginId);
if (recruiter == null)
{
return(RedirectToAction("Error", "Error"));
}
// Recruiter
var recruiterId = db.Recruiters.FirstOrDefault(s => s.UserLoginId == userInfo.UserLoginId).RecruiterId;
Session["RecruiterId"] = recruiter.RecruiterId;
Session["ClientId"] = recruiter.ClientId;
if (!returnToUrllink)
{
return(RedirectToAction("ManageAccount", "Client"));
}
break;
case UserRole.SPECIALIST:
// specialist
var specialistId = db.Specialists.FirstOrDefault(s => s.UserLoginId == userInfo.UserLoginId).SpecialistId;
Session["SpecialistId"] = specialistId;
if (!returnToUrllink)
{
return(RedirectToAction("ManageSpecialistAccount", "Specialist", new { id = specialistId }));
}
break;
case UserRole.CANDIDATE:
// Candidate
// get candidate id
if (!returnToUrllink)
{
return(RedirectToAction("EditProfile", "Candidate", new { userLoginId = userInfo.UserLoginId }));
}
break;
default:
return(RedirectToAction("Login", "Home"));
}
return(Redirect(entity.ReturnURL));
}
else
{
// login fail
throw new Exception("Access Denied! Wrong Credential.");
}
}
}
catch (Exception e)
{
TempData["ErrorMSG"] = e.Message;
return(View(entity));
}
}
