}//end event
protected void btnSubmit_Click(object sender, EventArgs e)
{
string username = TextBox1.Text;
string securityQuestion = TextBox2.Text;
string securityAnswer = TextBox3.Text;
username = username.Trim();
securityQuestion = securityQuestion.Trim();
securityAnswer = securityAnswer.Trim();
string errorMessage4;
Select selectObject4 = new Select();
bool clientExists;
clientExists = Select.Client_Exists(username);
errorMessage4 = selectObject4.getErrorMessage();
if (errorMessage4 != null)
{
lblError.Text = errorMessage4;
lblError.Visible = true;
ErrorMessage message = new ErrorMessage();
MsgBox(message.SQLServerErrorMessage);
}//end if
else if (clientExists == false)
{
MsgBox("Invalid. You must register before you can login to the website.");
}//end else if
else if (clientExists == true)
{
string errorMessage3;
Select selectObject2 = new Select();
ArrayList keys = new ArrayList();
keys = Select.Select_BESTPATH_USER_Encryption_Keys(username);
errorMessage3 = selectObject2.getErrorMessage();
if (errorMessage3 != null)
{
lblError.Text = errorMessage3;
lblError.Visible = true;
ErrorMessage message = new ErrorMessage();
MsgBox(message.SQLServerErrorMessage);
}//end if
else
{
string encryptedKey = keys[0].ToString();
string encryptedIV = keys[1].ToString();
byte[] _encryptedKey = Convert.FromBase64String(encryptedKey);
byte[] _encryptedIV = Convert.FromBase64String(encryptedIV);
byte[] MasterKey = Encryption.GetMasterKey();
byte[] MasterIV = Encryption.GetMasterIV();
string _key = Encryption.Decrypt_AES(_encryptedKey, MasterKey, MasterIV);
string _IV = Encryption.Decrypt_AES(_encryptedIV, MasterKey, MasterIV);
byte[] Key = Convert.FromBase64String(_key);
byte[] IV = Convert.FromBase64String(_IV);
byte[] encryptedSecurityQuestion = Encryption.Encrypt_AES(securityQuestion, Key, IV);
byte[] encryptedSecurityAnswer = Encryption.Encrypt_AES(securityAnswer, Key, IV);
string _encryptedSecurityQuestion = Convert.ToBase64String(encryptedSecurityQuestion);
string _encryptedSecurityAnswer = Convert.ToBase64String(encryptedSecurityAnswer);
Select selectObject = new Select();
bool authenticated;
string errorMessage;
authenticated = Select.Authenticate_Security_Credentials(username, _encryptedSecurityQuestion, _encryptedSecurityAnswer);
errorMessage = selectObject.getErrorMessage();
if (errorMessage != null)
{
lblError.Text = errorMessage;
lblError.Visible = true;
ErrorMessage message = new ErrorMessage();
MsgBox(message.SQLServerErrorMessage);
}//end if
else
{
if (authenticated == false)
{
MsgBox("Invalid credentials. Please try again.");
}//end if
else
{
string errorMessage2;
string newPassword;
Update updateObject = new Update();
newPassword = Update.Update_Password(username, Key, IV);
errorMessage2 = updateObject.getErrorMessage();
if (errorMessage2 != null)
{
lblError.Text = errorMessage2;
lblError.Visible = true;
ErrorMessage message = new ErrorMessage();
MsgBox(message.SQLServerErrorMessage);
}//end if
else
{
string errorMessage5;
Select selectObject5 = new Select();
ArrayList clientRecord = new ArrayList();
clientRecord = Select.Select_Client_Record(username);
errorMessage5 = selectObject5.getErrorMessage();
if (errorMessage5 != null)
{
lblError.Text = errorMessage5;
lblError.Visible = true;
ErrorMessage message = new ErrorMessage();
MsgBox(message.SQLServerErrorMessage);
}//end if
else
{
string clientFirstName = clientRecord[1].ToString();
string urlBase = Request.Url.GetLeftPart(UriPartial.Authority) + Request.ApplicationPath;
string loginUrl = "/PL/Membership/Login.aspx";
string fullPath = urlBase + loginUrl;
string AppPath = Request.PhysicalApplicationPath;
StreamReader sr = new StreamReader(AppPath + "SA/Email_Templates/NewPassword.txt");
string errorMessage6;
errorMessage6 = Email.Email_Forgot_Password(username, clientFirstName, newPassword, fullPath, sr);
if (errorMessage6 != null)
{
lblError.Text = errorMessage6;
lblError.Visible = true;
ErrorMessage message = new ErrorMessage();
MsgBox(message.EmailErrorMessage);
}//end if
else
{
MsgBox("Success! An email has just been sent to you with your new temporary password. Please check your email to complete the password reset process. Thank you.");
}//end else
}//end else
}//end else if
}//end else
}//end else
}//end else
}//end else
}//end event