// GET: /member/ChangePassword
public virtual ActionResult ChangePassword(string issuedKey)
{
ActionResult returnValue = null;
ProviderCurrentMember currentMember = ProviderCurrentMember.Instance;
if (!string.IsNullOrWhiteSpace(issuedKey))
{
ProviderIssuedKey aKey = new ProviderIssuedKey();
if (!aKey.Load(issuedKey))
{
MessageVM returnMessageVM = new MessageVM
{
Image = ImageLibrary.Alert,
CssClassContainer = "failure",
Message = "Invalid key provided. Please <a href=\"" + Url.Action(MVC.Info.ContactUs()) + "\">contact us</a> to resolve the issue.",
Title = "Login failure",
LinkText = "Continue",
LinkHref = Url.Action(MVC.Home.Index())
};
returnValue = View(MVC.Shared.Views.Message, returnMessageVM);
}
else
{
// validate the e-mail if it wasn't already.
ProviderEmail anEmail = new ProviderEmail();
if (anEmail.Load(aKey.Data) && !anEmail.IsValidated)
{
anEmail.IsValidated = true;
anEmail.EditDate = DateTime.UtcNow;
anEmail.Save();
}
List<string> errorList = new List<string>();
if (currentMember.Login(issuedKey, null, false, ref errorList) == ProviderCurrentMember.LoginEnum.success)
{
MessageVM returnMessageVM = new MessageVM
{
Image = ImageLibrary.Alert,
CssClassContainer = "failure",
Message = "Failed to login. Please <a href=\"" + Url.Action(MVC.Info.ContactUs()) + "\">contact us</a> to resolve the issue.",
Title = "Login failure",
LinkText = "Continue",
LinkHref = Url.Action(MVC.Home.Index()),
Details = errorList
};
returnValue = View(MVC.Shared.Views.Message, returnMessageVM);
}
}
}
if(currentMember.IsLoggedOn)
{
ChangePasswordVM viewModel = new ChangePasswordVM
{
CurrentMemberId = currentMember.Id.Value
};
returnValue = View(viewModel);
}
return returnValue;
}
// POST: /member/delete
public virtual ActionResult Delete(string key)
{
MessageVM returnMessageVM;
ProviderIssuedKey issuedKey = new ProviderIssuedKey();
if (issuedKey.Load(key) && !issuedKey.HasExpired && issuedKey.IsValidated)
{
ProviderMember aMember = new ProviderMember(issuedKey.MemberId);
ProviderCurrentMember currentMember = ProviderCurrentMember.Instance;
// if the person is currently logged on with the account that is being deleted then log them off
if (currentMember.Id == aMember.Id)
{
currentMember.LogOff();
}
aMember.Delete();
returnMessageVM = new MessageVM
{
Image = ImageLibrary.Success,
CssClassContainer = "success",
Message = "Success! Member Acount deleted.",
Title = "Acount Deleted",
LinkText = "Continue",
LinkHref = Url.Action(MVC.Home.Index())
};
}
else
{
returnMessageVM = new MessageVM
{
Image = ImageLibrary.Alert,
CssClassContainer = "failure",
Message = "Failed to delete member account. Please <a href=\"" + Url.Action(MVC.Info.ContactUs()) + "\">contact us</a> to resolve the issue.",
Title = "Account Deletion Failure",
LinkText = "Continue",
LinkHref = Url.Action( MVC.Home.Index() )
};
}
return View("Message", returnMessageVM);
}
// GET: /member/validate
public virtual ActionResult ValidateEmail(string key)
{
ProviderCurrentMember currentMember = ProviderCurrentMember.Instance;
List<string> errorList = new List<string>();
ProviderIssuedKey nonceKey = new ProviderIssuedKey();
MessageVM returnMessageVM = new MessageVM
{
Image = ImageLibrary.Alert,
CssClassContainer = "failure",
Message = "Failed to validate e-mail. Please <a href=\"" + Url.Action(MVC.Info.ContactUs()) + "\">contact us</a> to resolve the issue.",
Title = "E-mail Validation Failure",
LinkText = "Continue",
LinkHref = Url.Action(MVC.Home.Index()),
Details = errorList
};
if (nonceKey.Load(key))
{
ProviderEmail anEmail = new ProviderEmail();
if (anEmail.Load(nonceKey.Data))
{
anEmail.IsValidated = true;
anEmail.EditDate = DateTime.UtcNow;
anEmail.Save();
if (currentMember.IsLoggedOn && currentMember.IsActive)
{
returnMessageVM = new MessageVM
{
Image = ImageLibrary.Success,
CssClassContainer = "info",
Message = "Your e-mail has been validated",
Title = "E-mail validated"
};
}
else if (currentMember.Login(key, null, false, ref errorList) == ProviderCurrentMember.LoginEnum.success)
{
returnMessageVM = new MessageVM
{
Image = ImageLibrary.Success,
CssClassContainer = "info",
Message = "Welcome! Your account has been activated. Explore our site:",
Title = "Account Activated",
Details = new List<string>
{
"<a href='" + Url.Action( MVC.Home.Index(null, null) ) + "' class='button'>Home Page</a> Go back to the main page.",
"<a href='" + Url.Action( MVC.Article.ArticleEdit(null, null) ) + "' class='button'>Publish</a> Become an author! Publish an article.",
"<a href='" + Url.Action( MVC.Member.Profile(currentMember.Id.Value, null) ) + "' class='button'>Profile</a> Check out your new member profile " +
"where you can review your published articles and add details to show others who you are."
}
};
}
}
}
return View("Message", returnMessageVM);
}
/// <summary>
/// Temporary keys usually sent to members in e-mails to allow them to accomplish certain tasks such as:
/// - Activating their account
/// - Resetting their password
/// - Anonymously editing their articles
/// </summary>
public ProviderIssuedKey NextNonceIssuedKey()
{
ProviderIssuedKey nonceKey = new ProviderIssuedKey();
nonceKey.CreateDate = DateTime.UtcNow;
nonceKey.EditDate = DateTime.UtcNow;
nonceKey.IsNonce = true;
nonceKey.MemberId = Id.Value;
nonceKey.Save();
return nonceKey;
}
/// <summary>
/// Function to send an Edit/Delete e-mail to a member.
/// </summary>
/// <param name="anArticle">Article that member would like to edit/delete</param>
/// <param name="aMember">Member that will receive the e-mail</param>
/// <returns>true if the e-mail was sent successfully and false otherwise.</returns>
public bool SendEditArticleEmail(MailAddress email, ProviderArticle anArticle, ProviderMember aMember)
{
ProviderIssuedKey nonceIssuedKey = new ProviderIssuedKey();
nonceIssuedKey.LoadOrCreate(aMember.Id.Value, email.Address, true, null, true);
// create a month issued key for editing the article
ProviderIssuedKey monthExpiry = new ProviderIssuedKey();
monthExpiry.LoadOrCreate(aMember.Id.Value, email.Address, false, 1, true);
string editUrl = HttpHost + "article/edit/" + anArticle.Id.Value + "/" + monthExpiry.IssuedKey;
string activateUrl = HttpHost + "member/change_password/" + nonceIssuedKey.IssuedKey;
string deleteUrl = HttpHost + "member/delete/" + nonceIssuedKey.IssuedKey;
string submitState = "";
if (anArticle.IsPublished)
{
submitState = "Your article was submited to our system.";
}
else
{
submitState = "Your article was submited to our system as a draft.";
}
string category;
if(anArticle.CategoryIds.Count > 0)
{
category = (new ProviderCategory(anArticle.CategoryIds[0])).Title;
}
else
{
category = "none";
}
string emailBody = "DO NOT SHARE THIS E-MAIL OR REPLY TO THIS E-MAIL<br />"
+ "<br />"
+ "<br />"
+ submitState + "<br />"
+ "Id: "+anArticle.Id.Value.ToString()+"<br />"
+ "Title: "+anArticle.Title +"<br />"
+ "Category: " + category + "<br />"
+ "<br />"
+ "Click the link below to edit/delete your article at InsideWord:<br />"
+ "<a href='" + editUrl + "'>EDIT ARTICLE</a><br />"
+ "<br />";
if (!aMember.IsActive)
{
emailBody += "Click the link below to finish activating your account:<br />"
+ "<a href='" + activateUrl + "'>FINISH ACTIVATING ACCOUNT</a><br />"
+ "<br />"
+ "Don't know what this e-mail is about? Chances are someone used your e-mail by accident. Select the link below to delete the account:<br />"
+ "<a href='" + deleteUrl + "'>DELETE ACCOUNT</a><br />"
+ "<br />";
}
emailBody += "<br />"
+ "<br />"
+ "<br />";
//+ DidYouKnow();
MailMessage aMailMessage = new MailMessage("*****@*****.**",
email.Address,
"InsideWord - edit article " + anArticle.Title,
emailBody);
aMailMessage.IsBodyHtml = true;
DefaultSmtp.Send(aMailMessage);
return true;
}
public void SendActivationEmail(MailAddress email, ProviderMember aMember)
{
ProviderIssuedKey nonceIssuedKey = new ProviderIssuedKey();
nonceIssuedKey.LoadOrCreate(aMember.Id.Value, email.Address, true, null, true);
string activateUrl = HttpHost + "member/validate_email/" + nonceIssuedKey.IssuedKey;
string deleteUrl = HttpHost + "member/delete/" + nonceIssuedKey.IssuedKey;
string emailBody = "DO NOT SHARE THIS E-MAIL OR REPLY TO THIS E-MAIL<br />"
+ "<br />"
+ "<br />"
+ "Click the link below to validate your e-mail with InsideWord:<br />"
+ "<a href='" + activateUrl + "'>VALIDATE E-MAIL</a><br />"
+ "<br />"
+ "Don't know what this e-mail is about? Chances are someone used your e-mail by accident. Select the link below to delete the account:<br />"
+ "<a href='" + deleteUrl + "'>DELETE ACCOUNT</a><br />"
+ "<br />"
+ "<br />"
+ "<br />";
//+ DidYouKnow();
MailMessage aMailMessage = new MailMessage("*****@*****.**",
email.Address,
"InsideWord - e-mail validation",
emailBody);
aMailMessage.IsBodyHtml = true;
DefaultSmtp.Send(aMailMessage);
}
public virtual JsonResult DomainIdentificationRequest(string domainAddress)
{
string from = "APILOGINFO - " + HttpContext.Request.UserHostAddress;
InsideWordWebLog.Instance.Buffer(from, "DomainIdentificationRequest(" + domainAddress + ")");
ApiMsgVM returnMessage = new ApiMsgVM(1);
Uri domainUri = null;
if (!IWStringUtility.TryUrlDecode(domainAddress, out domainAddress) ||
!Uri.TryCreate(domainAddress, UriKind.Absolute, out domainUri))
{
returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.failure;
returnMessage.StatusMessage = domainAddress + " is an invalid uri";
}
else
{
ProviderDomain aDomain = new ProviderDomain();
ProviderIssuedKey issuedKey = new ProviderIssuedKey();
ProviderMember aMember = new ProviderMember();
if (aDomain.Load(domainUri.AbsoluteUri))
{
aMember.Load(aDomain.MemberId);
}
else
{
// Domain doesn't exist already so create it and a member
aMember.CreateDate = DateTime.UtcNow;
aMember.EditDate = DateTime.UtcNow;
aMember.Save();
aDomain.CreateDate = DateTime.UtcNow;
aDomain.EditDate = DateTime.UtcNow;
aDomain.Domain = domainUri;
aDomain.IsValidated = false;
aDomain.MemberId = aMember.Id.Value;
aDomain.Save();
}
issuedKey.LoadOrCreate(aMember.Id.Value, domainUri.AbsoluteUri, true, 1, false);
returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.success;
returnMessage.StatusMessage = "Success";
returnMessage.Content = issuedKey.IssuedKey;
}
InsideWordWebLog.Instance.Buffer(from, "Done DomainIdentificationRequest - " + returnMessage);
return Json(returnMessage);
}
public virtual JsonResult DomainIdentification(string domainAddress, string subFolder)
{
string from = "APILOGINFO - " + HttpContext.Request.UserHostAddress;
InsideWordWebLog.Instance.Buffer(from, "DomainIdentification(" + domainAddress + ", " + subFolder + ")");
ApiMsgVM returnMessage = new ApiMsgVM((int)ApiMsgVM.StatusEnum.failure);
string subFolderDecoded = null;
IWStringUtility.TryUrlDecode(subFolder, out subFolderDecoded, "");
Uri domainUri = null;
Uri pathUri = null;
if (!IWStringUtility.TryUrlDecode(domainAddress, out domainAddress) ||
!Uri.TryCreate(domainAddress, UriKind.Absolute, out domainUri))
{
returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.failure;
returnMessage.StatusMessage = domainAddress + " is an invalid uri";
}
else if (!IWStringUtility.TryUriConcat(domainUri, subFolderDecoded, out pathUri))
{
returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.failure;
returnMessage.StatusMessage = domainUri.AbsoluteUri + " and " + subFolder + " form an invalid uri";
}
else
{
ProviderDomain aDomain = new ProviderDomain();
ProviderIssuedKey issuedKey = new ProviderIssuedKey();
ProviderMember aMember = new ProviderMember();
if (!aDomain.Load(domainUri.AbsoluteUri))
{
returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.failure;
returnMessage.StatusMessage = domainUri.AbsoluteUri
+" does not exist in our system. Use "
+Url.Action(MVC.API.DomainIdentificationRequest())
+" to request a key and identify yourself first.";
}
else if(!aMember.Load(aDomain.MemberId))
{
returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.failure;
returnMessage.StatusMessage = "The member associated with this domain, "
+domainUri.AbsoluteUri
+", does not exist. Contact support to resolve this issue.";
}
else if (!issuedKey.LoadBy(aMember.Id.Value, domainUri.AbsoluteUri, true, 1))
{
returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.failure;
returnMessage.StatusMessage = "Your issued key has been used up already or was never issued. Use "
+ Url.Action(MVC.API.DomainIdentificationRequest())
+ " to request a new key for identification.";
}
else
{
// all the data is good and we're ready to check if the key has been placed in the correct uri.
bool isFetchSuccess = false;
string htmlPage = null;
HtmlDocument htmlDoc = new HtmlDocument();
try
{
using (WebClient client = new WebClient())
{
// TODO: DOS attack is possible here by sending us to a page with a gig of data.
// put some sort of precautionary check here to avoid loading too much data.
htmlPage = client.DownloadString(pathUri.AbsoluteUri);
}
htmlDoc.LoadHtml(htmlPage);
isFetchSuccess = true;
}
catch (Exception caughtException)
{
returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.failure;
returnMessage.StatusMessage = "Failed to read the webpage at " + pathUri.AbsoluteUri;
isFetchSuccess = false;
}
if (isFetchSuccess)
{
HtmlNode embeddedIssuedKey = htmlDoc.GetElementbyId(issuedKey.IssuedKey);
if (embeddedIssuedKey == null ||
embeddedIssuedKey.Name.CompareTo("input") != 0)
{
returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.failure;
returnMessage.StatusMessage = "Could not find hidden input tag with id containing the issued key at page " + pathUri.AbsoluteUri;
}
else
{
//we found it so let's validate the domain and return the issued keys
aDomain.IsValidated = true;
aDomain.EditDate = DateTime.UtcNow;
aDomain.Save();
returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.success;
returnMessage.StatusMessage = "You have been successfully validated. Here are the issued keys for this month and next months. Do not share these with anyone.";
returnMessage.Content = aMember.CurrentMonthIssuedKey.IssuedKey + "," + aMember.NextMonthIssuedKey.IssuedKey;
// decommission the issued key
issuedKey.TryDecommission();
}
}
}
}
InsideWordWebLog.Instance.Buffer(from, "Done DomainIdentification - " + returnMessage);
return Json(returnMessage);
}