public ActionResult RemindPasswordStep1(RemindModel remindModel)
{
string userLogin = "";
if (!string.IsNullOrEmpty(remindModel.Login))
{
userLogin = remindModel.Login;
}
var conn
=
new SqlConnection(
"Data Source = (LocalDB)\\MSSQLLocalDB; AttachDbFilename = |DataDirectory|PersonalAdressBookDatabase.mdf; MultipleActiveResultSets = True; Integrated Security = True; Connect Timeout = 30");
var cmd = new SqlCommand("SELECT * FROM [Users] WHERE [Login] = @l")
{
Connection = conn
};
conn.Open();
cmd.Parameters.Add(new SqlParameter("@l", SqlDbType.NVarChar)).Value = userLogin;
var reader = cmd.ExecuteReader();
if (reader.HasRows)
{
Session["reminder"] = new RemindModel() {Login = remindModel.Login};
conn.Close();
return RedirectToAction("RemindPasswordStep2", "Home");
}
else
{
conn.Close();
ModelState.AddModelError("", "Nieprawidłowa nazwa użytkownika.");
return View();
}
}
public ActionResult RemindPasswordStep2(RemindModel remindModel)
{
if (Session["reminder"] == null)
{
return RedirectToAction("Index", "Home");
}
var reminder = Session["reminder"] as RemindModel;
if (RemindModel.IsUserAnswerCorrect(@reminder.Login, remindModel.UserSecretAnswer))
{
return RedirectToAction("RemindPasswordStep3", "Home");
}
else
{
ModelState.AddModelError("", "Nieprawidłowa odpowiedź!");
return View(remindModel);
}
}
public static RemindModel GetUserData(string userLogin)
{
var conn
=
new SqlConnection(
"Data Source = (LocalDB)\\MSSQLLocalDB; AttachDbFilename = |DataDirectory|PersonalAdressBookDatabase.mdf; MultipleActiveResultSets = True; Integrated Security = True; Connect Timeout = 30");
var cmd = new SqlCommand("SELECT * FROM [Users] WHERE [Login] = @u")
{
Connection = conn
};
conn.Open();
cmd.Parameters.Add(new SqlParameter("@u", SqlDbType.NVarChar)).Value = userLogin;
var reader = cmd.ExecuteReader();
if (reader.Read())
{
var remindModel = new RemindModel
{
SecretQuestion = (string) reader["SecretQuestion"]
};
conn.Close();
return remindModel;
}
return null;
}
public ActionResult RemindPasswordStep3(RemindModel remindModel)
{
if (Session["reminder"] == null)
{
return RedirectToAction("Index", "Home");
}
else
{
string newGeneratedPassword = System.Web.Security.Membership.GeneratePassword(8, 0);
remindModel.Password = newGeneratedPassword;
var reminder = Session["reminder"] as RemindModel;
var conn
=
new SqlConnection(
"Data Source = (LocalDB)\\MSSQLLocalDB; AttachDbFilename = |DataDirectory|PersonalAdressBookDatabase.mdf; MultipleActiveResultSets = True; Integrated Security = True; Connect Timeout = 30");
var updCmd =
new SqlCommand(
"UPDATE [Users] SET [Password] = @password WHERE [Login] = @login")
{
Connection = conn
};
conn.Open();
updCmd.Parameters.Clear();
updCmd.Parameters.Add(new SqlParameter("@password", SqlDbType.NVarChar)).Value = newGeneratedPassword;
updCmd.Parameters.Add(new SqlParameter("@login", SqlDbType.NVarChar)).Value = @reminder.Login;
updCmd.ExecuteNonQuery();
conn.Close();
}
return View(remindModel);
}
