public ActionResult ChangePassword(ChangePassword model, string username)
{
try
{
if(ModelState.IsValid)
{
BTourGuideOp tourOp = new BTourGuideOp();
username = TempData["Username"].ToString();
AUser user = tourOp.GetUser(username);
PasswordManager passMan = new PasswordManager();
if (passMan.IsPasswordMatch(model.OldPassword, user.Salt, user.UserPassword))
{
// hash and salt the new password
string salt = null;
string hashPassword = passMan.GeneratePasswordHash(model.NewPassword, out salt);
user.UserPassword = hashPassword;
user.Salt = salt;
tourOp.EditUser(user);
return RedirectToAction("UserProfile", new { Username = username, msg = "Your password has changed" });
}
else
{
return View();
}
}
else
{
return View();
}
}
catch(Exception e)
{
TempData["ChangePassException"] = "Something went wrong. " + e.Message;
return View();
}
}
public ActionResult Create(UserDetails userdetails)
{
try
{
if (ModelState.IsValid)
{
// Checking the username availability in the server
BTourGuideOp op = new BTourGuideOp();
List<AUser> users = op.GetUsers();
if (!users.Any(u => u.Username == userdetails.Username))
{
BTourGuideOp tourOp = new BTourGuideOp();
AUser user = new AUser();
user.RegTime = DateTime.Now;
user.UserIP = Request.ServerVariables["REMOTE_ADDR"];
user.UserFirstName = userdetails.UserFirstName;
user.UserLastName = userdetails.UserLastName;
user.UserEmail = userdetails.UserEmail;
user.UserPhone = userdetails.UserPhone;
// Create a random password
string password = System.Web.Security.Membership.GeneratePassword(8, 2);
// hash and salt the password
PasswordManager passMan = new PasswordManager();
string salt = null;
string hashPassword = passMan.GeneratePasswordHash(password, out salt);
user.UserPassword = hashPassword;
user.Salt = salt;
user.Username = userdetails.Username;
user.UserBirthday = userdetails.UserBirthday;
tourOp.AddUser(user);
// Generae password token that will be used in the email link to authenticate user
string resetToken = Guid.NewGuid().ToString();
// Hash the reset token
HashComputer hashComp = new HashComputer();
string resetTokenHash = hashComp.GetPasswordHashAndSalt(resetToken);
AUser theNewUser = tourOp.GetUser(user.Username);
// Generate the html link sent via email
theNewUser.ResetToken = resetTokenHash;
tourOp.EditUser(theNewUser);
// Email stuff
string subject = "New account in TourGuideWebsite";
string body = "You have a new account in TourGuideWebsite. " +
"To reset your password <a href='" + Url.Action("ResetPassword", "Account", new { rt = resetToken }, "http")
+ "'>Click here</a>";
string from = "*****@*****.**";
MailMessage message = new MailMessage(from, user.UserEmail);
message.Subject = subject;
message.Body = body;
message.IsBodyHtml = true;
SmtpClient client = new SmtpClient("smtp.gmail.com", 587)
{
UseDefaultCredentials = false,
EnableSsl = true,
Timeout = 20000,
Credentials = new NetworkCredential("*****@*****.**", "henhqwcfvmtzplgb")
};
// Attempt to send the email
try
{
client.Send(message);
}
catch (Exception e)
{
TempData["EmailException"] = "Issue sending email: " + e.Message;
}
return RedirectToAction("Index");
}
else
{
userdetails.Username = null;
return View();
}
}
else
{
return View(userdetails);
}
}
catch(Exception e)
{
TempData["Exception"] = "" + e.Message;
return View(userdetails);
}
}
public ActionResult Edit(string id, UserDetails userDetails)
{
try
{
if (ModelState.IsValid)
{
BTourGuideOp tourOp = new BTourGuideOp();
AUser user = tourOp.GetUser(userDetails.Username);
user.UserFirstName = userDetails.UserFirstName;
user.UserLastName = userDetails.UserLastName;
user.UserPhone = userDetails.UserPhone;
user.UserEmail = userDetails.UserEmail;
user.UserBirthday = userDetails.UserBirthday;
tourOp.EditUser(user);
return RedirectToAction("Index");
}
else
return View(userDetails);
}
catch(Exception e)
{
TempData["EditException"] = "Error in user edit: " + e.Message;
return View(userDetails);
}
}
public ActionResult ForgotPassword(ForgotPassword model)
{
try
{
if (ModelState.IsValid)
{
// Get the user by email:
BTourGuideOp tourOp = new BTourGuideOp();
List<AUser> users = tourOp.GetUsers();
AUser user = users.FirstOrDefault(u => u.UserEmail == model.Email);
if (user != null) // If a user with the email provided was found
{
// Generae password token that will be used in the email link to authenticate user
string resetToken = Guid.NewGuid().ToString();
// Hash the reset token
HashComputer hashComp = new HashComputer();
string resetTokenHash = hashComp.GetPasswordHashAndSalt(resetToken);
// Generate the html link sent via email
user.ResetToken = resetTokenHash;
tourOp.EditUser(user);
string resetLink = "<a href='"
+ Url.Action("ResetPassword", "Account", new { rt = resetToken }, "http")
+ "'>Reset Password Link</a>";
// Email stuff
string subject = "Reset your password for TourGuideWebsite";
string body = "Your link: " + resetLink;
string from = "*****@*****.**";
MailMessage message = new MailMessage(from, model.Email);
message.Subject = subject;
message.Body = body;
message.IsBodyHtml = true;
SmtpClient client = new SmtpClient("smtp.gmail.com", 587)
{
UseDefaultCredentials = false,
EnableSsl = true,
Timeout = 20000,
Credentials = new NetworkCredential("*****@*****.**", "henhqwcfvmtzplgb")
};
// Attempt to send the email
try
{
client.Send(message);
ViewBag.Message = "A reset password email has been sent.";
return View();
}
catch (Exception e)
{
TempData["EmailException"] = "Issue sending email: " + e.Message;
}
}
// For testing:
//else // Email not found
//{
// /* Note: You may not want to provide the following information
// * since it gives an intruder information as to whether a
// * certain email address is registered with this website or not.
// * If you're really concerned about privacy, you may want to
// * forward to the same "Success" page regardless whether an
// * user was found or not. This is only for illustration purposes.
// */
// ModelState.AddModelError("", "No user found by that email.");
//}
}
return View(model);
}
catch (Exception e)
{
TempData["Exception"] = "" + e.Message;
return View(model);
}
}
public ActionResult UserProfile(UserProfile userProfile)
{
try
{
if (ModelState.IsValid)
{
BTourGuideOp tourOp = new BTourGuideOp();
string username = User.Identity.Name;
AUser user = tourOp.GetUser(username);
user.UserPhone = userProfile.UserChanges.UserPhone;
user.UserEmail = userProfile.UserChanges.UserEmail;
tourOp.EditUser(user);
return RedirectToAction("Index", "Home");
}
else
return View(userProfile);
}
catch(Exception e)
{
TempData["UserProfileException"] = "" + e.Message;
return View(userProfile);
}
}
public ActionResult ResetPassword(ResetPassword model)
{
try
{
if (ModelState.IsValid)
{
BTourGuideOp tourOp = new BTourGuideOp();
List<AUser> users = tourOp.GetUsers();
// hasing the resetToken from the url
HashComputer hashComp = new HashComputer();
string hashedResetToken = hashComp.GetPasswordHashAndSalt(model.ReturnToken);
// Checking if the hash matches the resetToken from the DB
AUser user = users.FirstOrDefault(u => u.ResetToken == hashedResetToken);
if (user != null)
{
// password salting & hashing
PasswordManager passMan = new PasswordManager();
string salt = null;
string passwordHash = passMan.GeneratePasswordHash(model.Password, out salt);
user.UserPassword = passwordHash;
user.Salt = salt;
user.ResetToken = null;
tourOp.EditUser(user);
ViewBag.Message = "Successfully Changed";
}
else
{
ViewBag.Message = "Something went wrong!";
}
}
return View(model);
}
catch(Exception e)
{
TempData["Exception"] = "" + e.Message;
return View();
}
}
