public ActionResult Login(LoginSender msg)
{
USERS temp = new USERS();
if (msg == null)
{
ViewBag.Error = "Empty account";
}
else
{
temp = db.USERS.Where(u => u.ACCOUNT == msg.account).Where(u => u.AUTHORITY == "admin").FirstOrDefault();
if (temp == null)
{
ViewBag.Error = "Account wrong";
}
else
{
//Decode the password from base64 and verify
byte[] bytes = Convert.FromBase64String(temp.PASSWORD);
var decode_password = Encoding.UTF8.GetString(bytes);
if (msg.password == decode_password)
{
Session["admin_auth"] = true;
Session["admin_id"] = temp.ID;
Session["admin_account"] = msg.account;
return(Redirect("~/Admin/Index"));
}
else
{
ViewBag.Error = "Account or password wrong!";
}
}
}
return(Redirect("~/Admin/Login"));
}
public ActionResult Index(LoginSender msg)
{
MUSER temp = new MUSER();
if (msg == null)
{
ViewBag.Error = "Empty account";
}
else
{
var isuser = db.Database.SqlQuery <int>("select USERID from MUSER where USERID=" + msg.account).FirstOrDefault();
var _password = db.Database.SqlQuery <string>("select USERPASSWORD from MUSER where USERID=" + msg.account).FirstOrDefault();
ViewBag._password = _password;
if (isuser == 0)
{
ViewBag.Error = "Account wrong";
return(View());
}
else
{
ViewBag._password = _password;
if (msg.password.CompareTo(_password) == 0)
{
// Store userID into session
//HttpContext.Session["account"] = msg.account;
HttpContext.Session.Add("account", isuser);
//Object s = HttpContext.Session["account"];
ViewBag.check = 1;
return(Redirect("~/Home/Index"));
}
else
{
ViewBag.Error = "Account or password wrong!";
return(View());
}
}
}
return(Redirect("~/Home/Index"));
}
