Ejemplo n.º 1
0
        public ActionResult ChangePasswordUnauthenticated(ResetPasswordViewModel model)
        {
            if (!ModelState.IsValid)
            {
                return(View());
            }

            var goodUid = db.ResetPasswordRequests.Where(u => u.Guid == model.Code).FirstOrDefault();

            if (goodUid.Guid != model.Code)
            {
                return(View(model));
            }

            var valid = db.ValidateUser(model.Username, model.Email).FirstOrDefault();

            if ((model.Password == model.ConfirmPassword) && (valid.Valid != 0))
            {
                RNGCryptoServiceProvider csprng = new RNGCryptoServiceProvider();
                byte[] salt = new byte[SALT_BYTE_SIZE];
                csprng.GetBytes(salt);

                var hashedPassword = Hash.CreateHash(model.Password, salt);
                db.ChangePassword(model.Username, hashedPassword, salt);

                return(RedirectToAction("Login"));
            }
            else
            {
                ViewBag.Error = "Incorrect Information!";
                return(View());
            }
        }