public ActionResult ChangePassword(string oldpass,string newpass1,string newpass2)
{
if (Request.IsAuthenticated)
{
if(newpass1==newpass2)
{
PasswordMethods pass = new PasswordMethods();
UserData userData = UserData.GetUserData();
User user = new User();
user.username = User.Identity.Name;
user.password = pass.Hash(oldpass);
if (userData.LoginUser(user))
{
userData.ChangePassword(User.Identity.Name, pass.Hash(newpass1));
TempData["Message"] = "Şifreniz başarıyla değiştirildi";
return RedirectToAction("Index");
}
else
{
TempData["Message"] = "Eski şifrenizi yanlış girdiniz";
return RedirectToAction("Index");
}
}
else
{
TempData["Message"] = "Şifreler birbiriyle uyuşmuyor";
return RedirectToAction("Index");
}
}
else
{
TempData["Message"] = "Giriş yapmamışsınız";
return RedirectToAction("Index");
}
}
/// <summary>
/// Yeni kullanıcı ekler.
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
public void AddUser(User user)
{
string query = "insert into user (username,password) values (@username,@password)";
MySqlCommand cmd = new MySqlCommand(query, con);
cmd.Parameters.AddWithValue("@username", user.username);
cmd.Parameters.AddWithValue("@password", user.password);
Open();
cmd.ExecuteNonQuery();
Close();
}
/*public bool CheckUserRole(string username, string role)
{
string query = "select role from user where username=@username";
MySqlCommand cmd = new MySqlCommand(query, con);
cmd.Parameters.AddWithValue("@username", username);
OpenConnection();
bool result = (role == Convert.ToString(cmd.ExecuteScalar()));
CloseConnection();
return result;
}*/
/// <summary>
/// Kullanıcının şifre ve kullanıcı adının eşleşip eşleşmediğini kontrol eder.
/// </summary>
/// <param name="user"></param>
/// <returns>Bilgiler eşleşiyorsa 'true', eşleşmiyorsa 'false' döndürür.</returns>
public bool LoginUser(User user)
{
string query = "select password from user where username=@username";
MySqlCommand cmd = new MySqlCommand(query, con);
cmd.Parameters.AddWithValue("@username",user.username);
Open();
bool result = (user.password == Convert.ToString(cmd.ExecuteScalar()));
Close();
return result;
}
/// <summary>
/// Tüm kullanıcı adlarını veritabanından çeker.
/// </summary>
/// <returns></returns>
public List<User> GetUsers()
{
string query = "select * from user";
List<User> users = new List<User>();
MySqlCommand cmd = new MySqlCommand(query, con);
Open();
MySqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
User user = new User();
user.username = Convert.ToString(reader["username"]);
//user.password = Convert.ToString(reader["password"]);
users.Add(user);
}
Close();
return users;
}
public ActionResult Login(string username, string remember, string password)
{
User user = new User();
user.username = username;
PasswordMethods pass = new PasswordMethods();
user.password = pass.Hash(password);
UserData userData = UserData.GetUserData();
if (Request.IsAuthenticated)
{
TempData["Message"] = "Zaten giriş yapmışsınız";
return RedirectToAction("Index");
}
else
{
if (userData.LoginUser(user))
{
if (remember == "on")
{
HttpCookie hc = new HttpCookie("username");
hc.Value = username;
Response.Cookies.Add(hc);
}
else if (remember == null)
{
if (Request.Cookies["username"] != null)
{
HttpCookie hc = new HttpCookie("username");
hc.Expires = DateTime.Now.AddDays(-1);
Response.Cookies.Add(hc);
}
}
RolesData rolesData = RolesData.GetRolesData();
string role = rolesData.GetRole(user.username);
System.Web.Security.FormsAuthenticationTicket ticket = new System.Web.Security.FormsAuthenticationTicket(
1,
user.username,
DateTime.Now,
DateTime.Now.AddMinutes(30),
false,
role,
System.Web.Security.FormsAuthentication.FormsCookiePath);
string EncryptedTicket = System.Web.Security.FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, EncryptedTicket);
cookie.HttpOnly = true;
Response.Cookies.Add(cookie);
//System.Web.Security.FormsAuthentication.SetAuthCookie(user.username, false);
TempData["Message"] = "Giriş başarılı";
return RedirectToAction("Index");
}
else
{
TempData["Message"] = "Yanlış kullanıcı adı veya şifre";
return RedirectToAction("Index");
}
}
}