public ActionResult Login(User model, string returnUrl)
{
// Lets first check if the Model is valid or not
if (ModelState.IsValid)
{
using (var entities = new MySiteEntities())
{
IArticleRepository ar = new EF_ArticleRepository(new DbConnectionContext());
var username = model.UserId;
var password = model.Password;
// Now if our password was enctypted or hashed we would have done the
// same operation on the user entered password here, But for now
// since the password is in plain text lets just authenticate directly
var userValid = entities.Users.Any(user => user.UserId == username && user.Password == password);
// User found in the database
if (userValid)
{
FormsAuthentication.SetAuthCookie(username, false);
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
&& !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return Redirect(returnUrl);
}
return RedirectToAction("Index", "Home");
}
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
public void EditUser(User userToEdit)
{
db.Entry(userToEdit).State = EntityState.Modified;
db.SaveChanges();
}
public void CreateNewUser(User userToCreate)
{
db.Users.Add(userToCreate);
db.SaveChanges();
}
