public IActionResult ResetPassword(string password)
{
try
{
if (TempData["_ForgotPassword"] is string userID)
{
var forgotPassword = Newtonsoft.Json.JsonConvert.DeserializeObject(userID).ToString();
MySqlConnection conn = new MySqlConnection(Constants.ConnsStrings);
MySqlCommand cmd = new MySqlCommand();
cmd.Connection = conn;
cmd.CommandText = QueryProcedureHelper.SP_CREATE_NEW_PASSWORD;
cmd.CommandType = System.Data.CommandType.StoredProcedure;
cmd.Parameters.AddWithValue(Constants.p_NewPassword, AESSecurity.EncryptPassword(password));
cmd.Parameters.AddWithValue(Constants.p_UserID, forgotPassword);
conn.Open();
cmd.ExecuteNonQuery();
if (conn.State == System.Data.ConnectionState.Open)
{
conn.Close();
}
return(StatusCode(200));
}
}
catch (MySqlException MysqlEx)
{
ViewBag.MysqlEx = MysqlEx.Message.ToString();
}
catch (ArgumentException arEx)
{
throw new ArgumentException("Your Exception : " + arEx.Message.ToString());
}
catch (Exception ex)
{
throw new Exception("Your Exception : " + ex.Message.ToString());
}
return(Ok());
}
private void SendMailActivationAccount(UserDetails userModel)
{
try
{
string fullName = userModel.PreferredName == null ? userModel.FirstName : userModel.PreferredName != null ? userModel.PreferredName : string.Empty;
string activateCode = AESSecurity.EncryptPassword(userModel.Email);
MimeMessage emailMessage = new MimeMessage();
emailMessage.From.Add(new MailboxAddress("*****@*****.**", EmailConstant.EmailAddress));
emailMessage.To.Add(new MailboxAddress(fullName, userModel.Email));
emailMessage.Subject = "Acativation Your Account.";
emailMessage.Body = new TextPart(MimeKit.Text.TextFormat.Html)
{
Text = EmailConstant.AcctivationAccount(fullName, HttpContext.Request.Scheme, HttpContext.Request.Host.Value, userModel.UserID, activateCode)
};
using (SmtpClient mailClient = new SmtpClient())
{
mailClient.Connect(EmailConstant.SmtpServer, EmailConstant.SmtpPort, MailKit.Security.SecureSocketOptions.StartTlsWhenAvailable);
mailClient.AuthenticationMechanisms.Remove("XOAUTH2");
mailClient.Authenticate(EmailConstant.SmtpUsername, EmailConstant.SmtpPassword);
mailClient.Send(emailMessage);
mailClient.Disconnect(true);
mailClient.Dispose();
}
}
catch (MySqlException sqlEx)
{
sqlEx.Message.ToString();
}
catch (ArgumentException arEx)
{
throw new ArgumentException("Your Exception : " + arEx.Message.ToString());
}
catch (Exception ex)
{
throw new Exception("Your Exception : " + ex.Message.ToString());
}
}
// POST: Administrator/AddUserRegisterWithoutPrivileged
public async Task <ActionResult> AddRegisterUser(UserDetails userDetails)
{
if (userDetails != null)
{
UserDetails result = await MysqlHelper <UserDetails> .ExecuteProcedureSingleAsync(QueryProcedureHelper.SP_ADD_USERS, new
{
p_FirstName = userDetails.FirstName,
P_Lastname = userDetails.LastName,
p_PreferredName = userDetails.PreferredName,
p_PhoneNumber = userDetails.Phone,
p_BirthDate = userDetails.BirthDate,
P_Username = userDetails.UserName,
p_Email = userDetails.Email,
p_Password = AESSecurity.EncryptPassword(userDetails.Password)
}) as UserDetails;
if (result.Email != null && result.UserName != null)
{
SendMailActivationAccount(result);
}
}
return(Ok());
}
public IActionResult GetUserLogin(string txtPrivilegedInfo, string txtPassword)
{
List <UserLoginModel> listUser = new List <UserLoginModel>();
UserLoginModel user = new UserLoginModel();
try
{
MySqlConnection conn = new MySqlConnection(Constants.ConnsStrings);
MySqlCommand cmd = new MySqlCommand();
string regexEmail = @"\A(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?)\Z";
string regexUsername = @"@[a-zA-Z0-9]+";
string replaceText = string.Empty;
string passUser = AESSecurity.EncryptPassword(txtPassword);
bool emailIsValid = Regex.IsMatch(txtPrivilegedInfo, regexEmail, RegexOptions.IgnoreCase);
bool usernameIsValid = Regex.IsMatch(txtPrivilegedInfo, regexUsername, RegexOptions.IgnoreCase);
if (emailIsValid == true)
{
replaceText = txtPrivilegedInfo;
cmd.Connection = conn;
cmd.CommandText = QueryProcedureHelper.SP_CHECK_ACCOUNT_LOGIN_VERIFY_EMAIL_ADDRESS;
cmd.CommandType = System.Data.CommandType.StoredProcedure;
cmd.Parameters.AddWithValue(Constants.p_EmailAddress, replaceText);
cmd.Parameters.AddWithValue(Constants.p_Password, passUser);
conn.Open();
}
else if (usernameIsValid == true)
{
cmd.Connection = conn;
cmd.CommandText = QueryProcedureHelper.SP_CHECK_ACCOUNT_LOGIN_VERIFY_USERNAME;
cmd.CommandType = System.Data.CommandType.StoredProcedure;
cmd.Parameters.AddWithValue(Constants.p_Username, txtPrivilegedInfo);
cmd.Parameters.AddWithValue(Constants.p_Password, passUser);
conn.Open();
}
else
{
throw new Exception("Data is not match.");
}
var checkAccount = cmd.ExecuteScalar();
if (conn.State == System.Data.ConnectionState.Open)
{
conn.Close();
}
cmd.Parameters.Clear();
// ConfirmationEmail
if (Convert.ToInt32(checkAccount) == 1)
{
using (MySqlConnection conn2 = new MySqlConnection(Constants.ConnsStrings))
{
using (MySqlCommand cmd2 = new MySqlCommand())
{
if (emailIsValid == true)
{
replaceText = txtPrivilegedInfo;
cmd2.Connection = conn2;
cmd2.CommandText = QueryProcedureHelper.SP_USER_LOGIN;
cmd2.CommandType = System.Data.CommandType.StoredProcedure;
cmd2.Parameters.AddWithValue(Constants.p_Username, txtPrivilegedInfo.Equals(string.Empty));
cmd2.Parameters.AddWithValue(Constants.p_EmailAddress, replaceText);
cmd2.Parameters.AddWithValue(Constants.p_Password, passUser);
conn2.Open();
txtPrivilegedInfo = string.Empty;
}
else if (usernameIsValid == true)
{
cmd2.Connection = conn2;
cmd2.CommandText = QueryProcedureHelper.SP_USER_LOGIN;
cmd2.CommandType = System.Data.CommandType.StoredProcedure;
cmd2.Parameters.AddWithValue(Constants.p_Username, txtPrivilegedInfo);
cmd2.Parameters.AddWithValue(Constants.p_EmailAddress, replaceText.Equals(string.Empty));
cmd2.Parameters.AddWithValue(Constants.p_Password, passUser);
conn2.Open();
}
else
{
throw new Exception("Data is null.");
}
using (MySqlDataReader reader = cmd2.ExecuteReader())
{
if (reader.HasRows)
{
if (reader.Read())
{
if (txtPrivilegedInfo != "" || replaceText != "" && txtPassword != "")
{
DateTime?date = null;
user = new UserLoginModel()
{
UserID = reader["UserID"].Equals(DBNull.Value) == true ? 0 : Convert.ToInt32(reader["UserID"]),
UserName = reader["UserName"].Equals(DBNull.Value) == true ? string.Empty : Convert.ToString(reader["UserName"]),
FirstName = reader["FirstName"].Equals(DBNull.Value) == true ? string.Empty : Convert.ToString(reader["FirstName"]),
PreferredName = reader["PreferredName"].Equals(DBNull.Value) == true ? string.Empty : Convert.ToString(reader["PreferredName"]),
LastName = reader["LastName"].Equals(DBNull.Value) == true ? string.Empty : Convert.ToString(reader["LastName"]),
BirthDay = reader["BirthDay"].Equals(DBNull.Value) == true ? date : Convert.ToDateTime(reader["BirthDay"]),
PhoneNumber = reader["PhoneNumber"].Equals(DBNull.Value) == true ? string.Empty : Convert.ToString(reader["PhoneNumber"]),
Email = reader["Email"].Equals(DBNull.Value) == true ? string.Empty : Convert.ToString(reader["Email"]),
IsVerified = reader["IsVerified"].Equals(DBNull.Value) == true ? string.Empty : Convert.ToString(reader["IsVerified"]),
Password = reader["Password"].Equals(DBNull.Value) == true ? string.Empty : Convert.ToString(reader["Password"]),
UserActive = reader["UserActive"].Equals(DBNull.Value) == true ? string.Empty : Convert.ToString(reader["UserActive"])
};
listUser.Add(user);
}
}
}
reader.Close();
}
conn2.Close();
}
}
if (user.UserName == txtPrivilegedInfo && user.Password == passUser)
{
string createPrivilegedAccess = AESSecurity.EncryptPassword(user.UserID.ToString()) + "_" + AESSecurity.EncryptPassword(user.UserName) + "_" + AESSecurity.EncryptPassword(user.Password);
CookieOptions cookieOptions = new CookieOptions();
cookieOptions.HttpOnly = false;
cookieOptions.Expires = DateTime.Now.AddSeconds(180);
Response.Cookies.Append("privilege_access", createPrivilegedAccess, cookieOptions);
var modelObj = Newtonsoft.Json.JsonConvert.SerializeObject(user);
TempData["ModelUserDetail"] = modelObj;
return(RedirectToAction("Home", "Dashboard"));
}
else if (user.Email == replaceText && user.Password == passUser)
{
string createPrivilegedAccess = AESSecurity.EncryptPassword(user.UserID.ToString()) + "_" + AESSecurity.EncryptPassword(user.UserName) + "_" + AESSecurity.EncryptPassword(user.Password);
CookieOptions cookieOptions = new CookieOptions();
cookieOptions.HttpOnly = false;
cookieOptions.Expires = DateTime.Now.AddSeconds(180);
Response.Cookies.Append("privilege_access", createPrivilegedAccess, cookieOptions);
var modelObj = Newtonsoft.Json.JsonConvert.SerializeObject(user);
TempData["ModelUserDetail"] = modelObj;
return(RedirectToAction("Home", "Dashboard"));
}
else
{
throw new Exception("Username, Email or Password is wrong, please check again.");
}
}
else if (Convert.ToInt32(checkAccount) == 0)
{
string accNotVerify = "Account Unverified.";
string passText = Newtonsoft.Json.JsonConvert.SerializeObject(accNotVerify);
TempData["_ifAccountCannotVerify"] = passText;
return(RedirectToAction("ConfirmationEmail", "Privileged"));
}
else
{
throw new Exception("Your Account not been verified.");
}
}
catch (MySqlException sqlEx)
{
ViewBag.SqlExceptionMessage = "Your Exception : " + sqlEx.Message.ToString();
}
catch (ArgumentException arEx)
{
ViewBag.ArgumentExceptionMessage = "Your Exception : " + arEx.Message.ToString();
}
catch (Exception ex)
{
throw new Exception("Check your data. " + ex.Message);
}
return(StatusCode(200));
}
private void SendMailForgotPassword(string userId, string userName, string email)
{
try
{
MimeMessage emailMessage = new MimeMessage();
emailMessage.From.Add(new MailboxAddress("*****@*****.**", EmailConstant.EmailAddress));
emailMessage.To.Add(new MailboxAddress(userName, email));
emailMessage.Subject = "Reset Password.";
emailMessage.Body = new TextPart(MimeKit.Text.TextFormat.Html)
{
Text = EmailConstant.ForgotPassword(userName, HttpContext.Request.Scheme, HttpContext.Request.Host.Value, AESSecurity.EncryptPassword(userId), AESSecurity.EncryptPassword(userName), AESSecurity.EncryptPassword(email))
};
using (SmtpClient mailClient = new SmtpClient())
{
mailClient.Connect(EmailConstant.SmtpServer, EmailConstant.SmtpPort, MailKit.Security.SecureSocketOptions.StartTlsWhenAvailable);
mailClient.AuthenticationMechanisms.Remove("XOAUTH2");
mailClient.Authenticate(EmailConstant.SmtpUsername, EmailConstant.SmtpPassword);
mailClient.Send(emailMessage);
mailClient.Disconnect(true);
mailClient.Dispose();
}
}
catch (MySqlException sqlEx)
{
sqlEx.Message.ToString();
}
catch (ArgumentException arEx)
{
throw new ArgumentException("Your Exception : " + arEx.Message.ToString());
}
catch (Exception ex)
{
throw new Exception("Your Exception : " + ex.Message.ToString());
}
}