Ejemplo n.º 1
0
        }//end event

        protected void btnSubmit_Click(object sender, EventArgs e)
        {
            string username = TextBox1.Text;
            string securityQuestion = TextBox2.Text;
            string securityAnswer = TextBox3.Text;

            username = username.Trim();

            securityQuestion = securityQuestion.Trim();

            securityAnswer = securityAnswer.Trim();

            string errorMessage4;

            Select selectObject4 = new Select();

            bool clientExists;

            clientExists = Select.Client_Exists(username);

            errorMessage4 = selectObject4.getErrorMessage();

            if (errorMessage4 != null)
            {
                lblError.Text = errorMessage4;
                lblError.Visible = true;

                ErrorMessage message = new ErrorMessage();

                MsgBox(message.SQLServerErrorMessage);

            }//end if

            else if (clientExists == false)
            {
                MsgBox("Invalid. You must register before you can login to the website.");

            }//end else if

            else if (clientExists == true)
            {
                string errorMessage3;

                Select selectObject2 = new Select();

                ArrayList keys = new ArrayList();

                keys = Select.Select_BESTPATH_USER_Encryption_Keys(username);

                errorMessage3 = selectObject2.getErrorMessage();

                if (errorMessage3 != null)
                {
                    lblError.Text = errorMessage3;
                    lblError.Visible = true;

                    ErrorMessage message = new ErrorMessage();

                    MsgBox(message.SQLServerErrorMessage);

                }//end if

                else
                {
                    string encryptedKey = keys[0].ToString();

                    string encryptedIV = keys[1].ToString();

                    byte[] _encryptedKey = Convert.FromBase64String(encryptedKey);

                    byte[] _encryptedIV = Convert.FromBase64String(encryptedIV);

                    byte[] MasterKey = Encryption.GetMasterKey();

                    byte[] MasterIV = Encryption.GetMasterIV();

                    string _key = Encryption.Decrypt_AES(_encryptedKey, MasterKey, MasterIV);

                    string _IV = Encryption.Decrypt_AES(_encryptedIV, MasterKey, MasterIV);

                    byte[] Key = Convert.FromBase64String(_key);

                    byte[] IV = Convert.FromBase64String(_IV);

                    byte[] encryptedSecurityQuestion = Encryption.Encrypt_AES(securityQuestion, Key, IV);

                    byte[] encryptedSecurityAnswer = Encryption.Encrypt_AES(securityAnswer, Key, IV);

                    string _encryptedSecurityQuestion = Convert.ToBase64String(encryptedSecurityQuestion);

                    string _encryptedSecurityAnswer = Convert.ToBase64String(encryptedSecurityAnswer);

                    Select selectObject = new Select();

                    bool authenticated;

                    string errorMessage;

                    authenticated = Select.Authenticate_Security_Credentials(username, _encryptedSecurityQuestion, _encryptedSecurityAnswer);

                    errorMessage = selectObject.getErrorMessage();

                    if (errorMessage != null)
                    {
                        lblError.Text = errorMessage;
                        lblError.Visible = true;

                        ErrorMessage message = new ErrorMessage();

                        MsgBox(message.SQLServerErrorMessage);

                    }//end if

                    else
                    {
                        if (authenticated == false)
                        {
                            MsgBox("Invalid credentials. Please try again.");

                        }//end if

                        else
                        {
                            string errorMessage2;

                            string newPassword;

                            Update updateObject = new Update();

                            newPassword = Update.Update_Password(username, Key, IV);

                            errorMessage2 = updateObject.getErrorMessage();

                            if (errorMessage2 != null)
                            {
                                lblError.Text = errorMessage2;
                                lblError.Visible = true;

                                ErrorMessage message = new ErrorMessage();

                                MsgBox(message.SQLServerErrorMessage);

                            }//end if

                            else
                            {
                                string errorMessage5;

                                Select selectObject5 = new Select();

                                ArrayList clientRecord = new ArrayList();

                                clientRecord = Select.Select_Client_Record(username);

                                errorMessage5 = selectObject5.getErrorMessage();

                                if (errorMessage5 != null)
                                {
                                    lblError.Text = errorMessage5;
                                    lblError.Visible = true;

                                    ErrorMessage message = new ErrorMessage();

                                    MsgBox(message.SQLServerErrorMessage);

                                }//end if

                                else
                                {
                                    string clientFirstName = clientRecord[1].ToString();

                                    string urlBase = Request.Url.GetLeftPart(UriPartial.Authority) + Request.ApplicationPath;
                                    string loginUrl = "/PL/Membership/Login.aspx";
                                    string fullPath = urlBase + loginUrl;
                                    string AppPath = Request.PhysicalApplicationPath;
                                    StreamReader sr = new StreamReader(AppPath + "SA/Email_Templates/NewPassword.txt");

                                    string errorMessage6;

                                    errorMessage6 = Email.Email_Forgot_Password(username, clientFirstName, newPassword, fullPath, sr);

                                    if (errorMessage6 != null)
                                    {
                                        lblError.Text = errorMessage6;
                                        lblError.Visible = true;

                                        ErrorMessage message = new ErrorMessage();

                                        MsgBox(message.EmailErrorMessage);

                                    }//end if

                                    else
                                    {
                                        MsgBox("Success! An email has just been sent to you with your new temporary password. Please check your email to complete the password reset process. Thank you.");

                                    }//end else

                                }//end else

                            }//end else if

                        }//end else

                    }//end else

                }//end else

            }//end else

        }//end event