public ActionResult ResetPassword(string token)
{
if (User.Identity.IsAuthenticated)
{
NotifyInfo("You are already logged in. Log out and try again.");
return(Redirect(Url.Home().Index()));
}
Guid guidToken;
if (!Guid.TryParse(token, out guidToken))
{
NotifyWarning("Sorry! We couldn't verify that this user requested a password reset. Please try resetting again.");
return(Redirect(Url.Account().ForgotPassword()));
}
var model = new ResetPassword
{
Token = guidToken,
Data = Db.SingleOrDefault <PasswordRetrieval>(new { Token = guidToken })
};
if (model.Data == null)
{
NotifyWarning("Sorry! We couldn't verify that this user requested a password reset. Please try resetting again.");
return(Redirect(Url.Account().ForgotPassword()));
}
return(View(model));
}
public ActionResult ResetPassword(ResetPassword model)
{
if (User.Identity.IsAuthenticated)
{
NotifyInfo("You are already logged in. Log out and try again.");
return(Redirect(Url.Home().Index()));
}
if (ModelState.IsValid)
{
model.Data = Db.Query <PasswordRetrieval>("select * from [{0}] where Token=@Token".Fmt(Db.GetTableName <PasswordRetrieval>()), new
{
model.Token
}).SingleOrDefault();
if (model.Data == null)
{
NotifyWarning("Sorry! We couldn't verify that this user requested a password reset. Please try resetting again.");
return(Redirect(Url.Account().ForgotPassword()));
}
var user = Db.Query <User>("delete from [{0}] where Id=@resetId;update [{1}] set Password=@Password, ModifiedOn=GetUtcDate() where Id=@UserId;select * from [{1}] where Id=@UserId"
.Fmt(
Db.GetTableName <PasswordRetrieval>(),
Db.GetTableName <User>()
), new
{
ResetId = model.Data.Id,
Password = model.Password.ToSHAHash(),
model.Data.UserId
}).SingleOrDefault();
_authenticationService.SetLoginCookie(user, true);
Metrics.Increment(Metric.Users_ResetPassword);
//show confirmation
return(View("ResetPasswordConfirmation"));
}
return(View(model));
}
public ActionResult Login(Login model)
{
if (ModelState.IsValid)
{
var user = Db.Query <User>("select top 1 * from [{0}] where (Username=@Username OR Email=@Username) and Password=@Password and IsDeleted=0".Fmt(Db.GetTableName <User>()), new
{
model.Username,
Password = model.Password.ToSHAHash()
}).SingleOrDefault();
if (user != null)
{
_authenticationService.SetLoginCookie(user, model.RememberMe);
Metrics.Increment(Metric.Users_SuccessfulLogin);
if (Url.IsLocalUrl(model.ReturnUrl))
{
return(Redirect(model.ReturnUrl));
}
return(RedirectToAction("Index", "Home"));
}
ModelState.AddModelErrorFor <Login>(x => x.Username, string.Format("The user name or password provided is incorrect. Did you <a href='{0}'>forget your password?</a>", Url.Account().ForgotPassword()));
}
Metrics.Increment(Metric.Users_FailedLogin);
// If we got this far, something failed, redisplay form
model.Password = null; //clear the password so they have to re-enter it
return(View(model));
}