public JsonResult RemoveUser(string username, string userid) { using (var db = new BloggingContext()) { var user = (from u in db.Users where u.Username.ToLower() == username.ToLower() select u).First(); // Sanity check to make sure that the inputs haven't been // fiddled with... var hashCheck = new Hash(username, user.UserId, user.Email).GetHash(); if (userid != hashCheck) { return new JsonResult { Data = new { success = false, message = "It looks like the request has been tampered with." } }; } var blogModel = new Blogs.IndexModel(); if (blogModel.BlogExists(user.Username)) { blogModel.RemoveBlog(db, user.Username); } var userRemoved = UserModel.RemoveUser(db, user); return new JsonResult { Data = userRemoved }; } }
public static bool SetPassword(string username, string hash, string password) { using (var db = new BloggingContext()) { var user = (from u in db.Users where u.Username.ToLower() == username.ToLower() select u).FirstOrDefault(); if (user == null) { return false; } // Hash the user, user id, and email. Compare against the hash passed in... var comparehash = new Hash(user.Username, user.UserId, user.Email).GetHash(); if (hash != comparehash) { return false; } // Ok, so we look good! user.Password = Helpers.SHA1.Encode(password); db.SaveChanges(); return true; } }