public IActionResult Create([Bind("Username,User_Email,User_Password,Confirm_Password")] UserRegistrationModel userRegistrationModel)
{
if (ModelState.IsValid)
{
var dt = new DataTable();
// Check database to see if username already exists.
using (SqlConnection sqlConnection = new SqlConnection(_configuration.GetConnectionString("LocalhostConnection")))
{
sqlConnection.Open();
SqlDataAdapter da = new SqlDataAdapter("FetchRecipesUserByUsername", sqlConnection);
da.SelectCommand.CommandType = CommandType.StoredProcedure;
da.SelectCommand.Parameters.AddWithValue("Username", userRegistrationModel.Username);
da.Fill(dt);
}
if (dt.Rows.Count > 0)
{
// Username already exists.
ViewData["Message"] = "Username already exists. Choose a different username.";
}
else
{
// Get password hash for User_Password
string passwordHash = PasswordEncryptionUsingRFC2898.GetPasswordHash(userRegistrationModel.User_Password);
// Add user to database.
using (SqlConnection sqlConnection = new SqlConnection(_configuration.GetConnectionString("LocalhostConnection")))
{
sqlConnection.Open();
SqlCommand sqlCommand = new SqlCommand("RecipesUserCreate", sqlConnection);
sqlCommand.CommandType = CommandType.StoredProcedure;
sqlCommand.Parameters.AddWithValue("Username", userRegistrationModel.Username);
sqlCommand.Parameters.AddWithValue("User_Email", userRegistrationModel.User_Email);
//sqlCommand.Parameters.AddWithValue("User_Password", userRegistrationModel.User_Password.Trim());
sqlCommand.Parameters.AddWithValue("User_Password", passwordHash);
int rowsAffected = sqlCommand.ExecuteNonQuery();
if (rowsAffected > 0)
{
ViewData["Message"] = userRegistrationModel.Username + "'s Account Created Successfully!";
}
else
{
ViewData["Message"] = "Account could not be created.";
}
}
}
}
return(View(userRegistrationModel));
}
public IActionResult Login([Bind("Username,User_Password")] LoginViewModel loginViewModel)
{
if (ModelState.IsValid)
{
var dt = new DataTable();
// Check database to see if username already exists.
using (SqlConnection sqlConnection = new SqlConnection(_configuration.GetConnectionString("LocalhostConnection")))
{
sqlConnection.Open();
SqlDataAdapter da = new SqlDataAdapter("FetchRecipesUserByUsername", sqlConnection);
da.SelectCommand.CommandType = CommandType.StoredProcedure;
da.SelectCommand.Parameters.AddWithValue("Username", loginViewModel.Username);
da.Fill(dt);
}
if (dt.Rows.Count > 0)
{
string passwordHash = dt.Rows[0]["User_Password"].ToString();
if (PasswordEncryptionUsingRFC2898.CheckPassword(loginViewModel.User_Password, passwordHash))
{
// Credentials matched.
// Add key value pair to Session to flag user as logged in.
HttpContext.Session.Set("LoggedIn", new byte[] { 0x1 });
// Redirect to All Recipes List
return(RedirectToAction("Index", "Recipe"));
}
else
{
ViewData["Message"] = "Password Incorrect";
}
}
else
{
ViewData["Message"] = "Invalid Credentials.";
}
}
return(View(loginViewModel));
}
