projects / CPE_learningsite / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
If possible create a couple of additional account with ADMIN permission. I hope their...
[CPE_learningsite] / CPE / CPE.App / CPE.App.Web / Controllers / IndexController.cs
diff --git a/CPE/CPE.App/CPE.App.Web/Controllers/IndexController.cs b/CPE/CPE.App/CPE.App.Web/Controllers/IndexController.cs
index 813d055..c5217bf 100644 (file)
--- a/CPE/CPE.App/CPE.App.Web/Controllers/IndexController.cs
+++ b/CPE/CPE.App/CPE.App.Web/Controllers/IndexController.cs
@@ -27,14 +27,28 @@ namespace CPE.App.Web.Controllers {
             return false;
         }
 
+        private bool IsAdmin(string login, string password)
+        {
+            return Database.Users.Any(t => t.IsAdmin && t.Login == login && t.Password == password);
+        }
+
+        private bool IsAdmin(string password)
+        {
+            return Database.Users.Any(t => t.IsAdmin && t.Password == password);
+        }
+
         // GET: Index
         [HttpGet]
         public ActionResult Index(int? year) {
             if(Request.Cookies["allowed"] == null && !IsLocal())
                 return Redirect("http://www.cpeonline.com/webcasts");
-            string systemPassword = ConfigurationManager.AppSettings["password"];
-            if(Request.Cookies["allowed"] != null && (Request.Cookies["allowed"].Value != systemPassword))
+
+            //string systemPassword = ConfigurationManager.AppSettings["password"];
+            if (Request.Cookies["allowed"] != null && !IsAdmin(Request.Cookies["allowed"].Value))
+            {
                 return Redirect("http://www.cpeonline.com/webcasts");
+            }
+
             DateTime now = DateTime.UtcNow;
 
             if(!year.HasValue) {
@@ -440,10 +454,10 @@ namespace CPE.App.Web.Controllers {
             login = login?.Trim();
             passcode = passcode?.Trim();
 
-            string systemPassword = ConfigurationManager.AppSettings["password"];
-            if(login == ConfigurationManager.AppSettings["login"] & passcode == systemPassword) {
+           // string systemPassword = ConfigurationManager.AppSettings["password"];
+            if(IsAdmin(login, passcode)) {
                 var reportingCookie = new HttpCookie("allowed") {
-                    Value = systemPassword,
+                    Value = passcode,
                     Expires = DateTime.UtcNow.AddDays(1)
                 };
                 Response.Cookies.Add(reportingCookie);
@@ -470,8 +484,8 @@ namespace CPE.App.Web.Controllers {
         public ActionResult Elucidat() {
             if(Request.Cookies["allowed"] == null && !IsLocal())
                 return Redirect("http://www.cpeonline.com/webcasts");
-            string systemPassword = ConfigurationManager.AppSettings["password"];
-            if(Request.Cookies["allowed"] != null && (Request.Cookies["allowed"].Value != systemPassword))
+//            string systemPassword = ConfigurationManager.AppSettings["password"];
+            if(Request.Cookies["allowed"] != null && (!IsAdmin(Request.Cookies["allowed"].Value)))
                 return Redirect("http://www.cpeonline.com/webcasts");
             DateTime now = DateTime.UtcNow;
 
Unnamed repository; edit this file 'description' to name the repository.