public IHttpActionResult Put(string userGuid, string verifyCode) { try { string body = new StreamReader(HttpContext.Current.Request.InputStream).ReadToEnd(); UpdatePasswordEnt ent = JsonConvert.DeserializeObject <UpdatePasswordEnt>(body); string errorInfo = string.Empty; if ((new User()).UpdatePassword(userGuid, ent, verifyCode, ref errorInfo)) { return(Ok("True")); } if (errorInfo == "User not exist") { return(NotFound()); } return(BadRequest(errorInfo)); } catch (Exception ex) { _log.Error(ex.ToString()); return(BadRequest(ex.ToString())); } }
public bool UpdatePassword(string userGuid, UpdatePasswordEnt ent, string verifyCode, ref string errorInfo) { _log.Info("Request to update password for user " + userGuid); string existCode = GetVerificationCode(userGuid); if (existCode.Equals(string.Empty)) { errorInfo = "No security code or code expired"; return(false); } if (!verifyCode.Equals(existCode)) { errorInfo = "Security code incorrect"; return(false); } UserEnt userEnt = GetUserByGuid(userGuid, ref errorInfo); if (userEnt == null) { return(false); } if (string.Compare(userEnt.Password, ent.OldPassword) != 0) { _log.Warn("User " + userGuid + "'s old password not correct while updating password"); errorInfo = "Old password incorrect"; return(false); } string sql = string.Format("UPDATE user SET password='******' and update_time='{1}' WHERE user_guid='{2}'" , ent.NewPassword, DateTime.UtcNow.ToString("yyyy-MM-ddThh:mm:ssZ"), userGuid); int cnt = ExecuteSql(sql); if (cnt == 0) { throw new Exception("Failed to update database"); } _log.Info("User " + userGuid + "'s password updated successfully"); return(true); }