protected void BtnChange_Click(object sender, EventArgs e)
{
Session[Utils.EMAILCHANGING] = true;
bool canProceed = true;
if (String.IsNullOrEmpty(tbEmail.Text))
{
SetState(checkEmail, State.Wrong);
canProceed = false;
}
labCheckPasswd.InnerText = "";
if (String.IsNullOrEmpty(tbPasswd.Text))
{
SetState(checkPasswd, State.Wrong);
labCheckPasswd.InnerText = "Wprowadź hasło";
canProceed = false;
}
if (canProceed)
{
// czy email już istnieje w bazie
sqlDeleteUpdate.SelectCommand = "SELECT [Id] FROM [Users] WHERE [Email] = '" + tbEmail.Text + "'";
DataView dv = SQLHelper.SQLSelect(sqlDeleteUpdate);
labCheckEmail.InnerText = "";
if (dv.Count > 0)
{
SetState(checkEmail, State.Wrong);
labCheckEmail.InnerText = "Podany adres email istnieje już w bazie danych.";
}
else
{
// czy hasło do konta jest zgodne
int userId = Utils.GetUser(Session).Id;
sqlDeleteUpdate.SelectCommand = "SELECT [Password], [Active] FROM [Users] WHERE [Id] = " + userId;
dv = SQLHelper.SQLSelect(sqlDeleteUpdate);
if (Hashing.ComparePasswords(tbPasswd.Text, dv[0][0].ToString()))
{
// zaktualizuj maila i wyłącz konto
sqlDeleteUpdate.UpdateCommand = "UPDATE [Users] SET [Email] = '" + tbEmail.Text + "', [Active] = 0 WHERE [Id] = " + userId;
sqlDeleteUpdate.Update();
string hash = Hashing.Hash(userId + DateTime.Now.ToString()); // generate new hash
if (!(bool)dv[0][1]) // if inactive
{
sqlDeleteUpdate.UpdateCommand = "UPDATE [Verification] SET [Code] = '" + hash + "' WHERE [UserId] = " + userId;
sqlDeleteUpdate.Update(); // update database
}
else // if active account
{
sqlDeleteUpdate.InsertCommand = "INSERT INTO [Verification] VALUES (" + userId + ", '" + hash + "')";
sqlDeleteUpdate.Insert();
}
Mailing.SendEmail(tbEmail.Text, hash); // send new email
Utils.GetUser(Session).Email = tbEmail.Text;
Utils.GetUser(Session).Active = false;
Session[Utils.EMAILCHANGED] = true;
Session[Utils.EMAILCHANGING] = null;
Response.Redirect(Request.RawUrl);
}
}
}
}
