public bool ChangePassword(int portalId, int userId, string newPassword) { if (MembershipProviderConfig.RequiresQuestionAndAnswer) { throw new Exception(Localization.GetString("CannotChangePassword", Constants.LocalResourcesFile)); } var user = UserController.Instance.GetUserById(portalId, userId); if (user == null) { return(false); } var membershipPasswordController = new MembershipPasswordController(); var settings = new MembershipPasswordSettings(user.PortalID); if (settings.EnableBannedList) { if (membershipPasswordController.FoundBannedPassword(newPassword) || user.Username == newPassword) { throw new Exception(Localization.GetString("PasswordResetFailed", Constants.LocalResourcesFile)); } } //check new password is not in history if (membershipPasswordController.IsPasswordInHistory(user.UserID, user.PortalID, newPassword, false)) { throw new Exception(Localization.GetString("PasswordResetFailed_PasswordInHistory", Constants.LocalResourcesFile)); } try { var passwordChanged = UserController.ResetAndChangePassword(user, newPassword); if (!passwordChanged) { throw new Exception(Localization.GetString("PasswordResetFailed", Constants.LocalResourcesFile)); } return(true); } catch (MembershipPasswordException exc) { //Password Answer missing Logger.Error(exc); throw new Exception(Localization.GetString("PasswordInvalid", Constants.LocalResourcesFile)); } catch (ThreadAbortException) { return(true); } catch (Exception exc) { //Fail Logger.Error(exc); throw new Exception(Localization.GetString("PasswordResetFailed", Constants.LocalResourcesFile)); } }
public HttpResponseMessage PasswordStrengthOptions() { var settings = new MembershipPasswordSettings(PortalId); var passwordSettings = new PasswordSettingsDto { MinLength = settings.MinPasswordLength, MinNumberOfSpecialChars = settings.MinNonAlphanumericCharacters, ValidationExpression = settings.ValidationExpression }; return(Request.CreateResponse(HttpStatusCode.OK, passwordSettings)); }
public void OnSerializing(StreamingContext context) { var settings = new MembershipPasswordSettings(PortalController.GetCurrentPortalSettings().PortalId); MinLength = settings.MinPasswordLength; CriteriaAtLeastNCharsText = string.Format(CriteriaAtLeastNCharsText, MinLength); MinNumberOfSpecialChars = settings.MinNonAlphanumericCharacters; CriteriaSpecialCharText = MinNumberOfSpecialChars > 0 ? string.Format(Utilities.GetLocalizedString("CriteriaAtLeastNSpecialChars"), MinNumberOfSpecialChars) : Utilities.GetLocalizedString("CriteriaSpecialChar"); }
private void cmdChangePassword_Click(object sender, EventArgs e) { //1. Check New Password and Confirm are the same if (txtPassword.Text != txtConfirmPassword.Text) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordMismatch"); LogFailure(failed); lblHelp.Text = failed; return; } if (UserController.ValidatePassword(txtPassword.Text) == false) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordResetFailed"); LogFailure(failed); lblHelp.Text = failed; return; } //Check New Password is not same as username or banned var settings = new MembershipPasswordSettings(User.PortalID); if (settings.EnableBannedList) { var m = new MembershipPasswordController(); if (m.FoundBannedPassword(txtPassword.Text) || txtUsername.Text == txtPassword.Text) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordResetFailed"); LogFailure(failed); lblHelp.Text = failed; return; } } if (UserController.ChangePasswordByToken(PortalSettings.PortalId, txtUsername.Text, txtPassword.Text, ResetToken) == false) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordResetFailed", LocalResourceFile); LogFailure(failed); lblHelp.Text = failed; } else { //Log user in to site LogSuccess(); var loginStatus = UserLoginStatus.LOGIN_FAILURE; UserController.UserLogin(PortalSettings.PortalId, txtUsername.Text, txtPassword.Text, "", "", "", ref loginStatus, false); RedirectAfterLogin(); } }
public void OnSerializing(StreamingContext context) { int portalId = (PortalController.Instance.GetCurrentPortalSettings()) != null ? (PortalController.Instance.GetCurrentPortalSettings().PortalId) : -1; var settings = new MembershipPasswordSettings(portalId); MinLength = settings.MinPasswordLength; CriteriaAtLeastNCharsText = string.Format(CriteriaAtLeastNCharsText, MinLength); MinNumberOfSpecialChars = settings.MinNonAlphanumericCharacters; CriteriaAtLeastNSpecialCharsText = string.Format(CriteriaAtLeastNSpecialCharsText, MinNumberOfSpecialChars); ValidationExpression = settings.ValidationExpression; CriteriaValidationExpressionText = string.Format(CriteriaValidationExpressionText, ValidationExpression); }
private static void ChangePassword(UserInfo user, string password) { // Check New Password is Valid if (!UserController.ValidatePassword(password)) { App.Services.Logger.Error($"Changing password of user {user.Username} failed with PasswordInvalid error"); throw new DataNotValidException(App.Services.Localizer.GetString("PasswordInvalid")); } // Check New Password is not same as username or banned var settings = new MembershipPasswordSettings(user.PortalID); if (settings.EnableBannedList) { var m = new MembershipPasswordController(); if (m.FoundBannedPassword(password) || user.Username == password) { App.Services.Logger.Error($"Changing password of user {user.Username} failed with BannedPasswordUsed error"); throw new DataNotValidException(App.Services.Localizer.GetString("BannedPasswordUsed")); } } UserController.ResetAndChangePassword(user, password); }
private bool Validate() { if (!string.IsNullOrEmpty(gotcha.Value)) { return(false); } CreateStatus = UserCreateStatus.AddUser; var portalSecurity = PortalSecurity.Instance; //Check User Editor bool _IsValid = userForm.IsValid; if (_IsValid) { var filterFlags = PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup; var name = User.Username ?? User.Email; var cleanUsername = PortalSecurity.Instance.InputFilter(name, filterFlags); if (!cleanUsername.Equals(name)) { CreateStatus = UserCreateStatus.InvalidUserName; } var valid = UserController.Instance.IsValidUserName(name); if (!valid) { CreateStatus = UserCreateStatus.InvalidUserName; } var cleanEmail = PortalSecurity.Instance.InputFilter(User.Email, filterFlags); if (!cleanEmail.Equals(User.Email)) { CreateStatus = UserCreateStatus.InvalidEmail; } var cleanFirstName = PortalSecurity.Instance.InputFilter(User.FirstName, filterFlags); if (!cleanFirstName.Equals(User.FirstName)) { CreateStatus = UserCreateStatus.InvalidFirstName; } var cleanLastName = PortalSecurity.Instance.InputFilter(User.LastName, filterFlags); if (!cleanLastName.Equals(User.LastName)) { CreateStatus = UserCreateStatus.InvalidLastName; } var cleanDisplayName = PortalSecurity.Instance.InputFilter(User.DisplayName, filterFlags); if (!cleanDisplayName.Equals(User.DisplayName)) { CreateStatus = UserCreateStatus.InvalidDisplayName; } } if (PortalSettings.Registration.RegistrationFormType == 0) { //Update UserName if (PortalSettings.Registration.UseEmailAsUserName) { User.Username = User.Email; if (String.IsNullOrEmpty(User.DisplayName)) { User.DisplayName = User.Email.Substring(0, User.Email.IndexOf("@", StringComparison.Ordinal)); } } //Check Password is valid if (!PortalSettings.Registration.RandomPassword) { //Check Password is Valid if (CreateStatus == UserCreateStatus.AddUser && !UserController.ValidatePassword(User.Membership.Password)) { CreateStatus = UserCreateStatus.InvalidPassword; } if (PortalSettings.Registration.RequirePasswordConfirm && String.IsNullOrEmpty(AuthenticationType)) { if (User.Membership.Password != User.Membership.PasswordConfirm) { CreateStatus = UserCreateStatus.PasswordMismatch; } } } else { //Generate a random password for the user User.Membership.Password = UserController.GeneratePassword(); User.Membership.PasswordConfirm = User.Membership.Password; } } else { //Set Username to Email if (String.IsNullOrEmpty(User.Username)) { User.Username = User.Email; } //Set DisplayName if (String.IsNullOrEmpty(User.DisplayName)) { User.DisplayName = String.IsNullOrEmpty(User.FirstName + " " + User.LastName) ? User.Email.Substring(0, User.Email.IndexOf("@", StringComparison.Ordinal)) : User.FirstName + " " + User.LastName; } //Random Password if (String.IsNullOrEmpty(User.Membership.Password)) { //Generate a random password for the user User.Membership.Password = UserController.GeneratePassword(); } //Password Confirm if (!String.IsNullOrEmpty(User.Membership.PasswordConfirm)) { if (User.Membership.Password != User.Membership.PasswordConfirm) { CreateStatus = UserCreateStatus.PasswordMismatch; } } } //Validate banned password var settings = new MembershipPasswordSettings(User.PortalID); if (settings.EnableBannedList) { var m = new MembershipPasswordController(); if (m.FoundBannedPassword(User.Membership.Password) || User.Username == User.Membership.Password) { CreateStatus = UserCreateStatus.BannedPasswordUsed; } } //Validate Profanity if (PortalSettings.Registration.UseProfanityFilter) { if (!portalSecurity.ValidateInput(User.Username, PortalSecurity.FilterFlag.NoProfanity)) { CreateStatus = UserCreateStatus.InvalidUserName; } if (!String.IsNullOrEmpty(User.DisplayName)) { if (!portalSecurity.ValidateInput(User.DisplayName, PortalSecurity.FilterFlag.NoProfanity)) { CreateStatus = UserCreateStatus.InvalidDisplayName; } } } //Validate Unique User Name UserInfo user = UserController.GetUserByName(PortalId, User.Username); if (user != null) { if (PortalSettings.Registration.UseEmailAsUserName) { CreateStatus = UserCreateStatus.DuplicateEmail; } else { CreateStatus = UserCreateStatus.DuplicateUserName; int i = 1; string userName = null; while (user != null) { userName = User.Username + "0" + i.ToString(CultureInfo.InvariantCulture); user = UserController.GetUserByName(PortalId, userName); i++; } User.Username = userName; } } //Validate Unique Display Name if (CreateStatus == UserCreateStatus.AddUser && PortalSettings.Registration.RequireUniqueDisplayName) { user = UserController.Instance.GetUserByDisplayname(PortalId, User.DisplayName); if (user != null) { CreateStatus = UserCreateStatus.DuplicateDisplayName; int i = 1; string displayName = null; while (user != null) { displayName = User.DisplayName + " 0" + i.ToString(CultureInfo.InvariantCulture); user = UserController.Instance.GetUserByDisplayname(PortalId, displayName); i++; } User.DisplayName = displayName; } } //Check Question/Answer if (CreateStatus == UserCreateStatus.AddUser && MembershipProviderConfig.RequiresQuestionAndAnswer) { if (string.IsNullOrEmpty(User.Membership.PasswordQuestion)) { //Invalid Question CreateStatus = UserCreateStatus.InvalidQuestion; } if (CreateStatus == UserCreateStatus.AddUser) { if (string.IsNullOrEmpty(User.Membership.PasswordAnswer)) { //Invalid Question CreateStatus = UserCreateStatus.InvalidAnswer; } } } if (CreateStatus != UserCreateStatus.AddUser) { _IsValid = false; } return(_IsValid); }
private void cmdChangePassword_Click(object sender, EventArgs e) { string username = txtUsername.Text; if (MembershipProviderConfig.RequiresQuestionAndAnswer && string.IsNullOrEmpty(txtAnswer.Text)) { return; } //1. Check New Password and Confirm are the same if (txtPassword.Text != txtConfirmPassword.Text) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordMismatch"); LogFailure(failed); lblHelp.Text = failed; return; } var newPassword = txtPassword.Text.Trim(); if (UserController.ValidatePassword(newPassword) == false) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordResetFailed"); LogFailure(failed); lblHelp.Text = failed; return; } //Check New Password is not same as username or banned var settings = new MembershipPasswordSettings(User.PortalID); if (settings.EnableBannedList) { var m = new MembershipPasswordController(); if (m.FoundBannedPassword(newPassword) || txtUsername.Text == newPassword) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordResetFailed"); LogFailure(failed); lblHelp.Text = failed; return; } } if (PortalController.GetPortalSettingAsBoolean("Registration_UseEmailAsUserName", PortalId, false)) { var testUser = UserController.GetUserByEmail(PortalId, username); // one additonal call to db to see if an account with that email actually exists if (testUser != null) { username = testUser.Username; //we need the username of the account in order to change the password in the next step } } string errorMessage; string answer = String.Empty; if (MembershipProviderConfig.RequiresQuestionAndAnswer) { answer = txtAnswer.Text; } if (UserController.ChangePasswordByToken(PortalSettings.PortalId, username, newPassword, answer, ResetToken, out errorMessage) == false) { resetMessages.Visible = true; var failed = errorMessage; LogFailure(failed); lblHelp.Text = failed; } else { //check user has a valid profile var user = UserController.GetUserByName(PortalSettings.PortalId, username); var validStatus = UserController.ValidateUser(user, PortalSettings.PortalId, false); if (validStatus == UserValidStatus.UPDATEPROFILE) { LogSuccess(); ViewState.Add("PageNo", 3); Response.Redirect(Globals.NavigateURL(PortalSettings.ActiveTab.TabID, "Login")); } else { //Log user in to site LogSuccess(); var loginStatus = UserLoginStatus.LOGIN_FAILURE; UserController.UserLogin(PortalSettings.PortalId, username, txtPassword.Text, "", "", "", ref loginStatus, false); RedirectAfterLogin(); } } }
private void cmdUpdate_Click(object sender, EventArgs e) { if ((this.UseCaptcha && this.ctlCaptcha.IsValid) || !this.UseCaptcha) { if (this.IsUserOrAdmin == false) { return; } // 1. Check New Password and Confirm are the same if (this.txtNewPassword.Text != this.txtNewConfirm.Text) { this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordMismatch)); return; } // 2. Check New Password is Valid if (!UserController.ValidatePassword(this.txtNewPassword.Text)) { this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordInvalid)); return; } // 3. Check old Password is Provided if (!this.IsAdmin && string.IsNullOrEmpty(this.txtOldPassword.Text)) { this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordMissing)); return; } // 4. Check New Password is ddifferent if (!this.IsAdmin && this.txtNewPassword.Text == this.txtOldPassword.Text) { this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordNotDifferent)); return; } // 5. Check New Password is not same as username or banned var membershipPasswordController = new MembershipPasswordController(); var settings = new MembershipPasswordSettings(this.User.PortalID); if (settings.EnableBannedList) { if (membershipPasswordController.FoundBannedPassword(this.txtNewPassword.Text) || this.User.Username == this.txtNewPassword.Text) { this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.BannedPasswordUsed)); return; } } // check new password is not in history if (membershipPasswordController.IsPasswordInHistory(this.User.UserID, this.User.PortalID, this.txtNewPassword.Text, false)) { this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed)); return; } if (!this.IsAdmin && this.txtNewPassword.Text == this.txtOldPassword.Text) { this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordNotDifferent)); return; } if (!this.IsAdmin) { try { this.OnPasswordUpdated(UserController.ChangePassword(this.User, this.txtOldPassword.Text, this.txtNewPassword.Text) ? new PasswordUpdatedEventArgs(PasswordUpdateStatus.Success) : new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed)); } catch (MembershipPasswordException exc) { // Password Answer missing Logger.Error(exc); this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.InvalidPasswordAnswer)); } catch (ThreadAbortException) { // Do nothing we are not logging ThreadAbortxceptions caused by redirects } catch (Exception exc) { // Fail Logger.Error(exc); this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed)); } } else { try { this.OnPasswordUpdated(UserController.ResetAndChangePassword(this.User, this.txtNewPassword.Text) ? new PasswordUpdatedEventArgs(PasswordUpdateStatus.Success) : new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed)); } catch (MembershipPasswordException exc) { // Password Answer missing Logger.Error(exc); this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.InvalidPasswordAnswer)); } catch (ThreadAbortException) { // Do nothing we are not logging ThreadAbortxceptions caused by redirects } catch (Exception exc) { // Fail Logger.Error(exc); this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed)); } } } }
/// <summary> /// /// </summary> /// <param name="portalId"></param> /// <param name="AuthenticationType"></param> /// <param name="newUser"></param> /// <returns></returns> public UserCreateStatus Validate(int portalId, string AuthenticationType, UserInfo newUser) { var membUtils = new DnnMembershipUtilities(portalId); UserCreateStatus CreateStatus = UserCreateStatus.AddUser; var portalSecurity = new PortalSecurity(); //Check User Editor //bool _IsValid = base.View.RegistrationForm.IsValid; if (membUtils.RegistrationFormType == 0) { //Update UserName if (membUtils.UseEmailAsUserName) { newUser.Username = newUser.Email; if (String.IsNullOrEmpty(newUser.DisplayName)) { newUser.DisplayName = newUser.Email.Substring(0, newUser.Email.IndexOf("@", StringComparison.Ordinal)); } } //Check Password is valid if (!membUtils.RandomPassword) { //Check Password is Valid if (CreateStatus == UserCreateStatus.AddUser && !UserController.ValidatePassword(newUser.Membership.Password)) { CreateStatus = UserCreateStatus.InvalidPassword; } if (membUtils.RequirePasswordConfirm && String.IsNullOrEmpty(AuthenticationType)) { if (newUser.Membership.Password != newUser.Membership.PasswordConfirm) { CreateStatus = UserCreateStatus.PasswordMismatch; } } } else { //Generate a random password for the user newUser.Membership.Password = UserController.GeneratePassword(); newUser.Membership.PasswordConfirm = newUser.Membership.Password; } } else { //Set Username to Email if (String.IsNullOrEmpty(newUser.Username)) { newUser.Username = newUser.Email; } //Set DisplayName if (String.IsNullOrEmpty(newUser.DisplayName)) { newUser.DisplayName = String.IsNullOrEmpty(String.Format("{0} {1}", newUser.FirstName, newUser.LastName)) ? newUser.Email.Substring(0, newUser.Email.IndexOf("@", StringComparison.Ordinal)) : String.Format("{0} {1}", newUser.FirstName, newUser.LastName); } //Random Password if (String.IsNullOrEmpty(newUser.Membership.Password)) { //Generate a random password for the user newUser.Membership.Password = UserController.GeneratePassword(); } //Password Confirm if (!String.IsNullOrEmpty(newUser.Membership.PasswordConfirm)) { if (newUser.Membership.Password != newUser.Membership.PasswordConfirm) { CreateStatus = UserCreateStatus.PasswordMismatch; } } } //Validate banned password var settings = new MembershipPasswordSettings(newUser.PortalID); if (settings.EnableBannedList) { var m = new MembershipPasswordController(); if (m.FoundBannedPassword(newUser.Membership.Password) || newUser.Username == newUser.Membership.Password) { CreateStatus = UserCreateStatus.BannedPasswordUsed; } } //Validate Profanity if (UseProfanityFilter) { if (!portalSecurity.ValidateInput(newUser.Username, PortalSecurity.FilterFlag.NoProfanity)) { CreateStatus = UserCreateStatus.InvalidUserName; } if (!String.IsNullOrEmpty(newUser.DisplayName)) { if (!portalSecurity.ValidateInput(newUser.DisplayName, PortalSecurity.FilterFlag.NoProfanity)) { CreateStatus = UserCreateStatus.InvalidDisplayName; } } } //Validate Unique User Name UserInfo user = UserController.GetUserByName(portalId, newUser.Username); if (user != null) { if (membUtils.UseEmailAsUserName) { CreateStatus = UserCreateStatus.DuplicateEmail; } else { CreateStatus = UserCreateStatus.DuplicateUserName; int i = 1; string userName = null; while (user != null) { userName = String.Format("{0}0{1}", newUser.Username, i.ToString(CultureInfo.InvariantCulture)); user = UserController.GetUserByName(portalId, userName); i++; } newUser.Username = userName; } } //Validate Unique Display Name if (CreateStatus == UserCreateStatus.AddUser && RequireUniqueDisplayName) { user = TestableUserController.Instance.GetUserByDisplayname(portalId, newUser.DisplayName); if (user != null) { CreateStatus = UserCreateStatus.DuplicateDisplayName; int i = 1; string displayName = null; while (user != null) { displayName = String.Format("{0} 0{1}", newUser.DisplayName, i.ToString(CultureInfo.InvariantCulture)); user = TestableUserController.Instance.GetUserByDisplayname(portalId, displayName); i++; } newUser.DisplayName = displayName; } } //Check Question/Answer if (CreateStatus == UserCreateStatus.AddUser && MembershipProviderConfig.RequiresQuestionAndAnswer) { if (string.IsNullOrEmpty(newUser.Membership.PasswordQuestion)) { //Invalid Question CreateStatus = UserCreateStatus.InvalidQuestion; } if (CreateStatus == UserCreateStatus.AddUser) { if (string.IsNullOrEmpty(newUser.Membership.PasswordAnswer)) { //Invalid Question CreateStatus = UserCreateStatus.InvalidAnswer; } } } return(CreateStatus); }
private void cmdChangePassword_Click(object sender, EventArgs e) { //1. Check New Password and Confirm are the same if (txtPassword.Text != txtConfirmPassword.Text) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordMismatch"); LogFailure(failed); lblHelp.Text = failed; return; } if (UserController.ValidatePassword(txtPassword.Text) == false) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordResetFailed"); LogFailure(failed); lblHelp.Text = failed; return; } //Check New Password is not same as username or banned var settings = new MembershipPasswordSettings(User.PortalID); if (settings.EnableBannedList) { var m = new MembershipPasswordController(); if (m.FoundBannedPassword(txtPassword.Text) || txtUsername.Text == txtPassword.Text) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordResetFailed"); LogFailure(failed); lblHelp.Text = failed; return; } } string username = txtUsername.Text; if (PortalController.GetPortalSettingAsBoolean("Registration_UseEmailAsUserName", PortalId, false)) { var testUser = UserController.GetUserByEmail(PortalId, username); // one additonal call to db to see if an account with that email actually exists if (testUser != null) { username = testUser.Username; //we need the username of the account in order to change the password in the next step } } if (UserController.ChangePasswordByToken(PortalSettings.PortalId, username, txtPassword.Text, ResetToken) == false) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordResetFailed", LocalResourceFile); LogFailure(failed); lblHelp.Text = failed; } else { //Log user in to site LogSuccess(); var loginStatus = UserLoginStatus.LOGIN_FAILURE; UserController.UserLogin(PortalSettings.PortalId, username, txtPassword.Text, "", "", "", ref loginStatus, false); RedirectAfterLogin(); } }
public dynamic Index(Entities.ResetPassword PasswordReset) { dynamic actionResult = new ExpandoObject(); try { PasswordReset.ResetToken = HttpContext.Current.Request.UrlReferrer.AbsoluteUri.Split('/')[HttpContext.Current.Request.UrlReferrer.AbsoluteUri.Split('/').Length - 1]; UserInfo UserInfo = UserController.GetUserByPasswordResetToken(PortalSettings.Current.PortalId, PasswordReset.ResetToken); _ipAddress = UserRequestIPAddressController.Instance.GetUserRequestIPAddress(new HttpRequestWrapper(HttpContext.Current.Request)); string username = PasswordReset.Username; if (PasswordReset.Password != PasswordReset.ConfirmPassword) { string failed = Localization.GetString("PasswordMismatch"); LogFailure(failed, UserInfo); actionResult.IsSuccess = false; actionResult.Message = failed; return(actionResult); } string newPassword = PasswordReset.Password.Trim(); if (UserController.ValidatePassword(newPassword) == false) { string failed = Localization.GetString("PasswordResetFailed"); LogFailure(failed, UserInfo); actionResult.IsSuccess = false; actionResult.Message = failed; return(actionResult); } MembershipPasswordSettings settings = new MembershipPasswordSettings(PortalSettings.Current.PortalId); if (settings.EnableBannedList) { MembershipPasswordController m = new MembershipPasswordController(); if (m.FoundBannedPassword(newPassword) || username == newPassword) { string failed = Localization.GetString("PasswordResetFailed"); LogFailure(failed, UserInfo); actionResult.IsSuccess = false; actionResult.Message = failed; return(actionResult); } } if (PortalController.GetPortalSettingAsBoolean("Registration_UseEmailAsUserName", PortalSettings.Current.PortalId, false)) { UserInfo testUser = UserController.GetUserByEmail(PortalSettings.Current.PortalId, username); // one additonal call to db to see if an account with that email actually exists if (testUser != null) { username = testUser.Username; //we need the username of the account in order to change the password in the next step } } if (UserController.ChangePasswordByToken(PortalSettings.PortalId, username, newPassword, null, PasswordReset.ResetToken, out string errorMessage) == false) { string failed = errorMessage; LogFailure(failed, UserInfo); actionResult.IsSuccess = false; actionResult.Message = failed; return(actionResult); } else { //check user has a valid profile UserInfo user = UserController.GetUserByName(PortalSettings.PortalId, username); UserValidStatus validStatus = UserController.ValidateUser(user, PortalSettings.PortalId, false); if (validStatus == UserValidStatus.UPDATEPROFILE) { LogSuccess(UserInfo); } else { //Log user in to site LogSuccess(UserInfo); UserLoginStatus loginStatus = UserLoginStatus.LOGIN_FAILURE; UserController.UserLogin(PortalSettings.PortalId, username, PasswordReset.Password, "", "", "", ref loginStatus, false); actionResult.Message = Localization.GetString("ChangeSuccessful", LocalResourceFile); } } actionResult.IsSuccess = true; actionResult.IsRedirect = true; actionResult.RedirectURL = Managers.ResetPasswordManager.RedirectAfterLogin(); } catch (Exception ex) { actionResult.IsSuccess = false; actionResult.Message = ex.Message; } return(actionResult); }
private void cmdUpdate_Click(Object sender, EventArgs e) { if ((UseCaptcha && ctlCaptcha.IsValid) || !UseCaptcha) { UserInfo usersData = DotNetNuke.Entities.Users.UserController.GetUserByName(user_Name); if (IsUserOrAdmin == false && !currentUser.IsInRole("clubadmin")) { return; } //1. Check New Password and Confirm are the same if (txtNewPassword.Text != txtNewConfirm.Text) { OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordMismatch)); return; } //2. Check New Password is Valid if (!UserController.ValidatePassword(txtNewPassword.Text)) { OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordInvalid)); return; } //3. Check old Password is Provided if (!IsAdmin && String.IsNullOrEmpty(txtOldPassword.Text) && !currentUser.IsInRole("clubadmin")) { OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordMissing)); return; } //4. Check New Password is ddifferent if (!IsAdmin && txtNewPassword.Text == txtOldPassword.Text && !currentUser.IsInRole("clubadmin")) { OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordNotDifferent)); return; } //5. Check New Password is not same as username or banned var settings = new MembershipPasswordSettings(User.PortalID); if (settings.EnableBannedList) { var m = new MembershipPasswordController(); if (m.FoundBannedPassword(txtNewPassword.Text) || User.Username == txtNewPassword.Text) { OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.BannedPasswordUsed)); return; } } if (!IsAdmin && txtNewPassword.Text == txtOldPassword.Text && !currentUser.IsInRole("clubadmin")) { OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordNotDifferent)); return; } if (!IsAdmin && !currentUser.IsInRole("clubadmin")) { try { OnPasswordUpdated(UserController.ChangePassword(User, txtOldPassword.Text, txtNewPassword.Text) ? new PasswordUpdatedEventArgs(PasswordUpdateStatus.Success) : new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed)); } catch (MembershipPasswordException exc) { //Password Answer missing Logger.Error(exc); OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.InvalidPasswordAnswer)); } catch (ThreadAbortException) { //Do nothing we are not logging ThreadAbortxceptions caused by redirects } catch (Exception exc) { //Fail Logger.Error(exc); OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed)); } } else { try { if (CanUpdateUsername()) { UserController.ChangeUsername(user_Id, txtUserName.Text); } UserInfo UserInfoDetails = DotNetNuke.Entities.Users.UserController.GetUserById(PortalId, user_Id); UserInfoDetails.Membership.Email = txtEmailID.Text; UserInfoDetails.Email = txtEmailID.Text; UserController.UpdateUser(PortalId, UserInfoDetails); bool flag = ResetAndChangePassword(usersData, txtNewPassword.Text); OnPasswordUpdated(flag ? new PasswordUpdatedEventArgs(PasswordUpdateStatus.Success) : new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed)); if (flag) { PwdStatus.Text = "Password Changed Successfully"; PwdStatus.Visible = true; statusPassword.Attributes.Add("class", "smallMessage successMessage"); statusPassword.Attributes.Add("style", "display:block"); } else { PwdStatus.Text = "Password Changed Failed"; PwdStatus.Visible = true; statusPassword.Attributes.Add("class", "smallMessage failureMessage"); statusPassword.Attributes.Add("style", "display:block"); } } catch (MembershipPasswordException exc) { //Password Answer missing Logger.Error(exc); OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.InvalidPasswordAnswer)); } catch (ThreadAbortException) { //Do nothing we are not logging ThreadAbortxceptions caused by redirects } catch (Exception exc) { //Fail Logger.Error(exc); OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed)); } //try //{ //} //catch (Exception exc) //{ // Logger.Error(exc); // //var args = new UserUpdateErrorArgs(User.UserID, User.Username, "EmailError"); // //OnUserUpdateError(args); //} } } }
/// ----------------------------------------------------------------------------- /// <summary> /// cmdUpdate_Click runs when the Update Button is clicked /// </summary> /// <remarks> /// </remarks> /// <history> /// [cnurse] 03/03/2006 created /// </history> /// ----------------------------------------------------------------------------- private void cmdUpdate_Click(Object sender, EventArgs e) { if (IsUserOrAdmin == false) { return; } //1. Check New Password and Confirm are the same if (txtNewPassword.Text != txtNewConfirm.Text) { OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordMismatch)); return; } //2. Check New Password is Valid if (!UserController.ValidatePassword(txtNewPassword.Text)) { OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordInvalid)); return; } //3. Check old Password is Provided if (!IsAdmin && String.IsNullOrEmpty(txtOldPassword.Text)) { OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordMissing)); return; } //4. Check New Password is ddifferent if (!IsAdmin && txtNewPassword.Text == txtOldPassword.Text) { OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordNotDifferent)); return; } //5. Check New Password is not same as username or banned var settings = new MembershipPasswordSettings(User.PortalID); if (settings.EnableBannedList) { var m = new MembershipPasswordController(); if (m.FoundBannedPassword(txtNewPassword.Text) || User.Username == txtNewPassword.Text) { OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.BannedPasswordUsed)); return; } } if (!IsAdmin && txtNewPassword.Text == txtOldPassword.Text) { OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordNotDifferent)); return; } try { OnPasswordUpdated(UserController.ChangePassword(User, txtOldPassword.Text, txtNewPassword.Text) ? new PasswordUpdatedEventArgs(PasswordUpdateStatus.Success) : new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed)); } catch (MembershipPasswordException exc) { //Password Answer missing Logger.Error(exc); OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.InvalidPasswordAnswer)); } catch (ThreadAbortException) { //Do nothing we are not logging ThreadAbortxceptions caused by redirects } catch (Exception exc) { //Fail Logger.Error(exc); OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed)); } }