Merge pull request #157 from xdorro/minh

Minh

Backend/Areas/Admin/Data/BaseController.cs

@@ -65,6 +65,16 @@ protected override void OnAuthorization(AuthorizationContext filterContext)
                 };
             }
 
+            if (obj != null && (obj.RoleId == 2 || obj.RoleId == 1) && (string)currentArea == "" && currentController == "Transactions" && !Request.IsAjaxRequest())
+            {
+                filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new RouteValueDictionary(new
+                {
+                    action = "Index",
+                    controller = "Home",
+                    area = "Admin"
+                }
+                )));
+            }
 
             string[] AllowedController = { "Logout" };
             if (obj != null && (obj.RoleId == 2 || obj.RoleId == 1) && (string)currentArea == "" && !AllowedController.Contains(currentAction) && currentController != "Transactions")

Backend/Controllers/HomeController.cs

@@ -281,7 +281,7 @@ public ActionResult CheckLogin(string email, string password)
             {
                 obj.AttemptLogin++;
                 accounts.Update(obj);
-                errors.Add("Password", "Your password is wrong!" + obj.AttemptLogin);
+                errors.Add("Password", "Your password is wrong!");
 
                 return Json(new
                 {

OnlineBanking.DAL/Common/Utils.cs

@@ -45,7 +45,15 @@ public static string HashPassword(string password)
 
         public static bool ValidatePassword(string password, string correctHash)
         {
-            return BCrypt.Net.BCrypt.Verify(password, correctHash);
+            try
+            {
+                return BCrypt.Net.BCrypt.Verify(password, correctHash);
+            }
+            catch (Exception)
+            {
+                return false;
+            }
+
         }
     }
 }