public IActionResult Create([Bind("Username,User_Email,User_Password,Confirm_Password")] UserRegistrationModel userRegistrationModel) { if (ModelState.IsValid) { var dt = new DataTable(); // Check database to see if username already exists. using (SqlConnection sqlConnection = new SqlConnection(_configuration.GetConnectionString("LocalhostConnection"))) { sqlConnection.Open(); SqlDataAdapter da = new SqlDataAdapter("FetchRecipesUserByUsername", sqlConnection); da.SelectCommand.CommandType = CommandType.StoredProcedure; da.SelectCommand.Parameters.AddWithValue("Username", userRegistrationModel.Username); da.Fill(dt); } if (dt.Rows.Count > 0) { // Username already exists. ViewData["Message"] = "Username already exists. Choose a different username."; } else { // Get password hash for User_Password string passwordHash = PasswordEncryptionUsingRFC2898.GetPasswordHash(userRegistrationModel.User_Password); // Add user to database. using (SqlConnection sqlConnection = new SqlConnection(_configuration.GetConnectionString("LocalhostConnection"))) { sqlConnection.Open(); SqlCommand sqlCommand = new SqlCommand("RecipesUserCreate", sqlConnection); sqlCommand.CommandType = CommandType.StoredProcedure; sqlCommand.Parameters.AddWithValue("Username", userRegistrationModel.Username); sqlCommand.Parameters.AddWithValue("User_Email", userRegistrationModel.User_Email); //sqlCommand.Parameters.AddWithValue("User_Password", userRegistrationModel.User_Password.Trim()); sqlCommand.Parameters.AddWithValue("User_Password", passwordHash); int rowsAffected = sqlCommand.ExecuteNonQuery(); if (rowsAffected > 0) { ViewData["Message"] = userRegistrationModel.Username + "'s Account Created Successfully!"; } else { ViewData["Message"] = "Account could not be created."; } } } } return(View(userRegistrationModel)); }
public IActionResult Login([Bind("Username,User_Password")] LoginViewModel loginViewModel) { if (ModelState.IsValid) { var dt = new DataTable(); // Check database to see if username already exists. using (SqlConnection sqlConnection = new SqlConnection(_configuration.GetConnectionString("LocalhostConnection"))) { sqlConnection.Open(); SqlDataAdapter da = new SqlDataAdapter("FetchRecipesUserByUsername", sqlConnection); da.SelectCommand.CommandType = CommandType.StoredProcedure; da.SelectCommand.Parameters.AddWithValue("Username", loginViewModel.Username); da.Fill(dt); } if (dt.Rows.Count > 0) { string passwordHash = dt.Rows[0]["User_Password"].ToString(); if (PasswordEncryptionUsingRFC2898.CheckPassword(loginViewModel.User_Password, passwordHash)) { // Credentials matched. // Add key value pair to Session to flag user as logged in. HttpContext.Session.Set("LoggedIn", new byte[] { 0x1 }); // Redirect to All Recipes List return(RedirectToAction("Index", "Recipe")); } else { ViewData["Message"] = "Password Incorrect"; } } else { ViewData["Message"] = "Invalid Credentials."; } } return(View(loginViewModel)); }