public ActionResult Login(LoginModel model, string returnUrl) { if (ModelState.IsValid) { // Attempt to register the user var user = Service.CheckAuthentication(model.UserName, model.Password, CfHelper.GetRealIp(Request)); if (user == null) { ModelState.AddModelError("", "Username or password doesn't match"); //TempData.SetErrorMessage("Username or password doesn't match"); } else { TempData.SetSuccessMessage(string.Format(ViewRes.User.LoginStrings.Welcome, user.Name)); FormsAuthentication.SetAuthCookie(model.UserName, model.KeepLoggedIn); var redirectUrl = FormsAuthentication.GetRedirectUrl(model.UserName, true); if (redirectUrl != null) return Redirect(redirectUrl); else return RedirectToAction("Index", "Home"); } } return View(model); }
public ActionResult Login(LoginModel model) { if (ModelState.IsValid) { var host = WebHelper.GetRealHost(Request); var result = Data.CheckAuthentication(model.UserName, model.Password, host, true); if (!result.IsOk) { ModelState.AddModelError("", ViewRes.User.LoginStrings.WrongPassword); if (result.Error == LoginError.AccountPoisoned) MvcApplication.BannedIPs.Add(host); } else { var user = result.User; TempData.SetSuccessMessage(string.Format(ViewRes.User.LoginStrings.Welcome, user.Name)); FormsAuthentication.SetAuthCookie(user.Name, model.KeepLoggedIn); var redirectUrl = FormsAuthentication.GetRedirectUrl(model.UserName, true); string targetUrl; // TODO: should not allow redirection to URLs outside the site if (!string.IsNullOrEmpty(model.ReturnUrl)) { targetUrl = model.ReturnUrl; } else if (!string.IsNullOrEmpty(redirectUrl)) targetUrl = redirectUrl; else targetUrl = Url.Action("Index", "Home"); if (model.ReturnToMainSite) targetUrl = VocaUriBuilder.AbsoluteFromUnknown(targetUrl, preserveAbsolute: true, ssl: false); return Redirect(targetUrl); } } if (model.ReturnToMainSite) { SaveErrorsToTempData(); return Redirect(VocaUriBuilder.Absolute(Url.Action("Login", new { model.ReturnUrl, model.SecureLogin }), false)); } return View(model); }