public IActionResult SaveResetPassword(Models.ResetPassword userObj)
{
if (ModelState.IsValid)
{
if (!_repObj.CheckEmailId(userObj.EmailId.ToLower()))
{
TempData["Status1"] = "Wrong Email Address";
return(RedirectToAction("ResetPassword"));
}
var returnValue = _repObj.SecurityCheckPassword(userObj.EmailId.ToLower(), userObj.Birthplace.ToLower());
if (returnValue)
{
ViewBag.emailadd = userObj.EmailId;
emailidforuse11 = userObj.EmailId;
TempData["ema"] = userObj.EmailId;
return(RedirectToAction("ConfirmPassword", "User"));
}
else
{
TempData["Status1"] = "Wrong Credentials";
return(RedirectToAction("ResetPassword"));
}
}
return(View("ResetPassword"));
}
public ActionResult ResetPassword(String email, String token)
{
Models.ResetPassword rp = new Models.ResetPassword();
rp.EmailAddress = email;
rp.Token = token;
return(View(rp));
}
public static bool ResetPasswordInDB(Models.ResetPassword resetPassword)
{
bool tokenMatches = false;
MySqlConnection cn = new MySqlConnection(@"DataSource=localhost;Initial Catalog=luckydraw;User Id=root;Password=''");
cn.Open();
MySqlCommand cmd = cn.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = String.Format("SELECT COUNT(emailAddress) AS count FROM adminforgotpassword WHERE token = @token AND emailAddress = @emailAddress");
cmd.Parameters.Add("@emailAddress", MySqlDbType.VarChar).Value = resetPassword.EmailAddress;
cmd.Parameters.Add("@token", MySqlDbType.VarChar).Value = resetPassword.Token;
MySqlDataReader rd = cmd.ExecuteReader();
while (rd.Read())
{
if (Convert.ToInt32(rd["count"].ToString()) == 0)
{
tokenMatches = false;
}
else
{
tokenMatches = true;
}
}
rd.Close();
rd.Dispose();
if (tokenMatches)
{
string salt = getSalt();
string passwordHash = createPasswordHash(salt, resetPassword.NewPassword);
MySqlCommand cmd1 = cn.CreateCommand();
cmd1.CommandType = CommandType.Text;
cmd1.CommandText = String.Format("UPDATE adminlogin SET passwordHash = @passwordHash, salt = @salt WHERE emailAddress = @emailAddress");
cmd1.Parameters.Add("@emailAddress", MySqlDbType.VarChar).Value = resetPassword.EmailAddress;
cmd1.Parameters.Add("@passwordHash", MySqlDbType.VarChar).Value = passwordHash;
cmd1.Parameters.Add("@salt", MySqlDbType.Blob).Value = salt;
MySqlDataReader rd1 = cmd1.ExecuteReader();
rd1.Close();
cmd1.Dispose();
cn.Close();
return(true);
}
else
{
return(false);
}
}
public ActionResult ResetPassword(Models.ResetPassword resetPassword)
{
if (ModelState.IsValid)
{
if (ResetPasswordInDB(resetPassword))
{
return(RedirectToAction("AdminIndex", "Login"));
}
else
{
ViewBag.ErrorMessage = "The token is invalid. Please reset your password again!";
return(View());
}
}
else
{
ViewBag.ErrorMessage = "Please ensure all fields are valid.";
return(View());
}
}
public ActionResult resetpassword(Models.ResetPassword model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var user = userManager.FindByEmail(model.Email);
if (user == null)
{
// Don't reveal that the user does not exist
return(RedirectToAction("Index", "Home"));
}
var result = userManager.ResetPassword(user.Id, model.Code, model.Password);
if (result.Succeeded)
{
sendEmail(user, "Password Changed", "Your password has been changed");
return(RedirectToAction("Index", "Home"));
}
return(View());
}
public static bool ResetPasswordInDB(Models.ResetPassword resetPassword)
{
bool tokenMatches = false;
try
{
SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder();
builder.DataSource = "luckydrawapplication20200108092548dbserver.database.windows.net";
builder.UserID = "sqladmin";
builder.Password = "******";
builder.InitialCatalog = "luckywheeldb";
using (SqlConnection connection = new SqlConnection(builder.ConnectionString))
{
StringBuilder sb = new StringBuilder();
sb.Append("SELECT COUNT(emailAddress) AS count FROM adminforgotpassword WHERE token = '" + resetPassword.Token + "' AND emailAddress = '" + resetPassword.EmailAddress + "'");
String sql = sb.ToString();
using (SqlCommand command = new SqlCommand(sql, connection))
{
connection.Open();
using (SqlDataReader rd = command.ExecuteReader())
{
while (rd.Read())
{
if (Convert.ToInt32(rd["count"].ToString()) == 0)
{
tokenMatches = false;
}
else
{
tokenMatches = true;
}
}
}
}
}
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
}
if (tokenMatches)
{
try
{
SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder();
builder.DataSource = "luckydrawapplication20200108092548dbserver.database.windows.net";
builder.UserID = "sqladmin";
builder.Password = "******";
builder.InitialCatalog = "luckywheeldb";
using (SqlConnection connection = new SqlConnection(builder.ConnectionString))
{
StringBuilder sb = new StringBuilder();
sb.Append("UPDATE adminlogin SET passwordHash = '" + resetPassword.NewPassword + "' WHERE emailAddress = '" + resetPassword.EmailAddress + "'");
String sql = sb.ToString();
using (SqlCommand command = new SqlCommand(sql, connection))
{
connection.Open();
SqlDataReader rd = command.ExecuteReader();
}
}
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
}
return(true);
}
else
{
return(false);
}
}
