Ejemplo n.º 1
0
        protected void resetPwd_Click(object sender, EventArgs e)
        {
            string          userEmail;
            string          resetString;
            DataAccessLayer dao = new DataAccessLayer();

            try
            {
                if (!String.IsNullOrEmpty(Request.QueryString["resetID"]) && !String.IsNullOrEmpty(Request.QueryString["userID"]))
                {
                    // Query string value is there so now use it
                    resetString = Request.QueryString["resetID"].ToString();
                    userEmail   = Request.QueryString["userID"].ToString();
                    if (dao.checkResetStringExists(resetString, userEmail) == true)
                    {
                        string password     = txtPassword.Text;
                        byte[] bytePassword = System.Text.ASCIIEncoding.ASCII.GetBytes(password);
                        System.Security.Cryptography.HashAlgorithm hashAlgorithm;

                        if (userEmail.Length % 3 == 0)
                        {
                            hashAlgorithm = SHA256.Create();
                        }
                        else if (userEmail.Length % 3 == 1)
                        {
                            hashAlgorithm = SHA512.Create();
                        }
                        else
                        {
                            hashAlgorithm = SHA1.Create();
                        }

                        byte[] byteHashPassword  = hashAlgorithm.ComputeHash(bytePassword);
                        string encryptedPassword = Convert.ToBase64String(byteHashPassword);
                        dao.UpdateUserPassword(encryptedPassword, userEmail);

                        responseReset.Text = "Password Updated Successfully";
                    }
                }
            }
            catch (System.NullReferenceException r)
            {
                //exception handling
            }
        }