Example #1
0
        public static string ForceResetPassword(string UserID)
        {
            //force a password reset for admin
            //this is rarely used
            string newPwd;

            if (!string.IsNullOrEmpty(UserID))
            {
                newPwd = AppUtility.GenerateAlphaNumeric(10);
                string userIDHash = Crypto.SHA256Hash(UserID);
                string pwdHash    = Crypto.SHA256Hash(newPwd.ToUpper());
                pwdHash = Crypto.SHA256Hash(userIDHash + pwdHash);

                using (var db = new MemberLiteEntities().Init)
                {
                    db.Users.Find(UserID).Password = pwdHash;
                    db.SaveChanges();
                }
                ReturnMessage = "Password reset ok";
                return(newPwd);
            }

            return(string.Empty);
        }
Example #2
0
        public bool Create()
        {
            //First line of defence
            if (this.Password == "" || this.Password.Length < 5)
            {
                ReturnMessage = "Password format is incorrect";
                return(false);
            }

            if (!NameIsValid(this.FirstName))
            {
                ReturnMessage = "Your name is not valid";
                return(false);
            }

            if (!NameIsValid(this.OtherNames))
            {
                ReturnMessage = "Your name is not valid";
                return(false);
            }
            //=============================================

            try
            {
                using (var db = new MemberLiteEntities().Init)
                {
                    //Validate email
                    var uEmail = db.Users.Select(a => new { a.Email })
                                 .Where(a => a.Email == this.Email)
                                 .FirstOrDefault();
                    if (uEmail != null)
                    {
                        ReturnMessage = "Sorry! This email is already in use";
                        return(false);
                    }

                    //Generate UserID
                    //USR-{MONTH YEAR JOINED}-{RANDOM}
                    string _userID = "";
createUserID:
                    _userID = string.Join("-", "USR", DateTime.Now.ToString("MM") + DateTime.Now.ToString("yy"), new Random().Next(10, 9000000));

                    //Check if generated id exist in DB
                    var uID = db.Users.Select(a => new { a.UserID })
                              .Where(a => a.UserID == _userID)
                              .FirstOrDefault();

                    //You can generate a simple GUID
                    //Using string _id = Guid.NewGuid().ToString();

                    if (uID != null)
                    {
                        goto createUserID;
                    }
                    else
                    {
                        this.UserID = _userID;
                    }

                    //Encrypt passkey
                    string userIDHash = Crypto.SHA256Hash(this.UserID);
                    string pwd        = Crypto.SHA256Hash(this.Password.ToUpper());
                    string finalPwd   = Crypto.SHA256Hash(userIDHash + pwd);

                    this.VerificationCode = AppUtility.GenerateAlphaNumeric(15);
                    this.Password         = finalPwd;
                    this.Status           = (int)StatusType.Active;
                    this.EmailConfirmed   = false;
                    this.DateStamp        = DateTime.Now;

                    db.Users.Add(this);
                    db.SaveChanges();

                    ReturnMessage = "Account created ok";
                    return(true);
                }
            }
            catch (DbEntityValidationException ex)
            {
                CustomErrorLogger.Log(DBHelper.HandleEFException(ex));

                //Users should not see your exception message
                ReturnMessage = "An error occurred while processing your details. Please try again!";
                return(false);
            }
            catch (Exception ex)
            {
                CustomErrorLogger.Log(ex.InnerException.Message);
                ReturnMessage = "An error occurred while processing your details. Please try again!";
                return(false);
            }
        }
Example #3
0
        public static bool ResetPassword(string Login)
        {
            string userID = "", email = "", newPwd, fname = "";

            using (var db = new MemberLiteEntities().Init)
            {
                long __phone = 0, val = 0;
                if (Int64.TryParse(Login, out val))
                {
                    __phone = Convert.ToInt64(Login);
                }

                if (Login.Contains("@"))
                {
                    if (AppUtility.ValidateEmail(Login))
                    {
                        var u = db.Users.Select(a => new { a.UserID, a.Email, a.FirstName, a.OtherNames })
                                .Where(a => a.Email == Login).FirstOrDefault();
                        if (u != null)
                        {
                            userID = u.UserID;
                            fname  = u.OtherNames + " " + u.FirstName;
                            email  = Login;
                        }
                        goto notfound;
                    }
                    else
                    {
                        ReturnMessage = "Email address format is incorrect!";
                        return(false);
                    }
                }
                else if (__phone != 0)
                {
                    var u = db.Users.Select(a => new { a.UserID, a.Email, a.Phone, a.FirstName, a.OtherNames })
                            .Where(a => a.Phone == __phone).FirstOrDefault();
                    if (u != null)
                    {
                        userID = u.UserID;
                        fname  = u.FirstName;
                        email  = Login;
                    }
                    goto notfound;
                }
                else
                {
                    ReturnMessage = "Provide your login email or phone number!";
                    return(false);
                }

notfound:
                if (userID == "")
                {
                    ReturnMessage = "User not found! Please try again.";
                    return(false);
                }

                newPwd = AppUtility.GenerateAlphaNumeric(10);

                string userIDHash = Crypto.SHA256Hash(userID);
                string pwd        = Crypto.SHA256Hash(newPwd.ToUpper());
                string finalPwd   = Crypto.SHA256Hash(userIDHash + pwd);

                db.Users.Find(userID).Password = finalPwd;
                db.SaveChanges();
                ReturnMessage = "Password reset ok but could not send email. Pls try again!";
            }

            string msg = File.ReadAllText(AppUtility.AppDataPath + "MailTemplates/PasswordReset.htm");

            msg = msg.Replace("{site_name}", AppConfig.Name);
            msg = msg.Replace("{fullname}", fname);
            msg = msg.Replace("{new_pwd}", newPwd);
            msg = msg.Replace("{site_url}", AppConfig.Url);
            msg = msg.Replace("{support_mail}", WebMailer.Support);

            if (WebMailer.Send(WebMailer.Alert, email, "Password Reset", msg, true))
            {
                ReturnMessage = "Password reset complete! Check your email for a new password.";
            }
            return(true);
        }