public ActionResult ForgotPassword(ResetPasswordModel model)
{
if (ModelState.IsValid)
{
var emailAddress = model.Email;
Account account = null;
try {
account = _workUnit.AccountRepository.Entities
.Where(x => x.EmailAddress.ToLower() == emailAddress.ToLower())
.First();
}
catch {// no email found in the system
ModelState.AddModelError("", "We could not find the email address you entered. Please enter a different email address!");
}
if (account != null)
{
//set temp password
account.InitialPassword = ESRGC.DLLR.EARN.Domain.Helpers.Utility.RandomString(8);
account.Password = SHA1PasswordSecurity.encrypt(account.InitialPassword);
_workUnit.AccountRepository.UpdateEntity(account);
_workUnit.saveChanges();
//send email
EmailHelper.SendPasswordEmail(account);
updateTempMessage("An email with password reset information has been sent to your email address. Please check your inbox to change your password.");
return(RedirectToAction("Index", "Home"));
}
}
return(View(model));
}
public static bool authenticate(IWorkUnit workUnit, SignInModel logOnModel)
{
var password = logOnModel.Password;
Account account = null;
try {
//get the contact with the provided email
account = workUnit.AccountRepository.Entities.First(x => x.EmailAddress.ToUpper() == logOnModel.Email.ToUpper());
}
catch {
return(false);//failed to find user account
}
//encode password
var encodedPassword = SHA1PasswordSecurity.encrypt(password);
//authenticate
var databasePassword = account.Password;
var pwValidation = comparePassword(encodedPassword, databasePassword);
//if valid record log in datetime
if (pwValidation)
{
try {
account.LastLogin = DateTime.Now;
workUnit.AccountRepository.UpdateEntity(account);
workUnit.saveChanges();
}
catch {
//do error logging here
}
}
return(pwValidation);
}
public ActionResult SignUp(SignUpModel model)
{
if (ModelState.IsValid)
{
var existingEmails = _workUnit.AccountRepository.Entities.Where(x => x.EmailAddress.ToLower() == model.Email.ToLower());
if (existingEmails.Count() > 0)
{
ModelState.AddModelError("", "This email address \"" + model.Email + "\" has already been in use. Please try again with a different email address");
return(View(model));
}
//we're good to go
var newAccount = new Account()
{
EmailAddress = model.Email
};
//check password
if (model.Password == model.ConfirmPassword)
{
try {
//encrypt password
var encryptedPassword = SHA1PasswordSecurity.encrypt(model.Password);
newAccount.Password = encryptedPassword;
//encrypt secret answer for password recovery
//newAccount.AnswerToSecretQuestion = SHA1PasswordSecurity.encrypt(model.SecretAnswer.ToUpper());//use upper case
//add role
newAccount.Role = "user";//by default user is assigned to the account
newAccount.LastLogin = DateTime.Now;
newAccount.MemberSince = DateTime.Now;
newAccount.LastUpdate = DateTime.Now;
//store to database
_workUnit.AccountRepository.InsertEntity(newAccount);
_workUnit.saveChanges();
//make sure any signed on account is signed out
FormsAuthentication.SignOut();
//authenticated--add session cookies
FormsAuthentication.SetAuthCookie(newAccount.EmailAddress, false);
//send email notification
//notifyNewAccount(newAccount);
//updateTempDataMessage("Your account has been created. Please create a new contact for your account");
//redirect to create new user contact
//verify email
EmailHelper.SendVerificationEmail(newAccount);
return(RedirectToAction("Index", "Profile"));
}
catch (Exception ex) {
ModelState.AddModelError("", "Error saving data to database. Please try again later. " + ex.Message);
}
}
else
{
ModelState.AddModelError("", "New password and confirmation password do not match. Please try again");
}
}
// If we got this far, something failed, redisplay form
return(View(model));
}
public ActionResult ChangePassword(ChangePasswordModel model)
{
var account = CurrentAccount;
if (ModelState.IsValid)
{
// ChangePassword will throw an exception rather
// than return false in certain failure scenarios.
bool changePasswordSucceeded;
try {
if (model.NewPassword != model.ConfirmPassword)
{
throw new Exception("Confirmed password does not match new password. Please try again");
}
if (model.NewPassword.Length < 6)
{
throw new Exception("Minimum password is too short. Minimum 6 characters");
}
//encrypt new password
var newPassword = SHA1PasswordSecurity.encrypt(model.NewPassword);
var oldPassword = SHA1PasswordSecurity.encrypt(model.OldPassword);
if (Authentication.comparePassword(oldPassword, account.Password))
{
account.Password = newPassword;//change password
_workUnit.AccountRepository.UpdateEntity(account);
_workUnit.saveChanges();
changePasswordSucceeded = true;
updateTempMessage("Your password has been changed successfully.");
logLastUpdate(account);
}
else
{
throw new Exception("Old password is incorrect. Please try again");
}
}
catch (Exception ex) {
ModelState.AddModelError("", ex.Message);
changePasswordSucceeded = false;
}
if (changePasswordSucceeded)
{
return(RedirectToAction("Settings", "Account"));
}
}
// If we got this far, something failed, redisplay form
return(View(model));
}
public ActionResult SignIn(SignInModel model, string returnUrl)
{
if (ModelState.IsValid)
{
if (Authentication.authenticate(_workUnit, model))
{
//authenticate user
FormsAuthentication.SetAuthCookie(model.Email, model.RememberMe);
try {
var currentAccount = _workUnit.AccountRepository
.Entities.First(x => x.EmailAddress == model.Email);
//check password reset
var initPassword = SHA1PasswordSecurity.encrypt(currentAccount.InitialPassword);
if (Authentication.comparePassword(initPassword, currentAccount.Password))
{
updateTempMessage("Please change your password. If you choose not to do so, you will be prompted to change your password everytime you sign in!");
return(RedirectToAction("ChangePassword"));
}
}
catch {
//just in case..ofcourse account would have been
//authenticated at this point
//if could not find the account
//proceeds as usual
}
//return to previous url
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") &&
!returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return(Redirect(returnUrl));
}
else
{
return(RedirectToAction("Index", "Home"));
}
}
else
{
ModelState.AddModelError("", "The username/email or password provided is incorrect.");
}
}
// If we got this far, something failed, redisplay form
return(View(model));
}