public virtual ActionResult ChangePassword(string ID) { try { // Preset form. ChangePasswordSubmission changePasswordSubmission = new ChangePasswordSubmission(); changePasswordSubmission.NewPassword = System.Web.Security.Membership.GeneratePassword(16, 2); changePasswordSubmission.NewPasswordVerify = changePasswordSubmission.NewPassword; changePasswordSubmission.DoNotSave = false; // Fetch database info. DatabaseInfo database = MgmtMdl.GetDatabase(ID); changePasswordSubmission.Database = database; // Verify user privileges. if (database.Owner != User.Identity.GetADUsername()) { System.Web.HttpContext.Current.Session["StatusMessage"] = "You do not have permisson to access the <strong>" + database.Name + "</strong> database."; return(RedirectToAction("Index", "View")); } return(View("ChangePassword", changePasswordSubmission)); } catch (Exception e) { System.Web.HttpContext.Current.Session["ErrorInfo"] = e.ToString(); return(RedirectToAction("Error", "View")); } }
public virtual ActionResult ChangePassword(ChangePasswordSubmission changePasswordSubmission, string ID) { try { // Reattach database info to submission. changePasswordSubmission.Database = MgmtMdl.GetDatabase(ID); // Verify data. if (!ModelState.IsValid) // Invalid HTML form. { return(View(changePasswordSubmission)); } if (changePasswordSubmission.NewPassword != changePasswordSubmission.NewPasswordVerify) // Passwords don't match. { System.Web.HttpContext.Current.Session["StatusMessage"] = "Passwords do not match."; return(View(changePasswordSubmission)); } Match PasswordVerification = Regex.Match(changePasswordSubmission.NewPassword, @"(?=^.{8,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*", RegexOptions.ECMAScript); if (!PasswordVerification.Success) // Password requirements. { System.Web.HttpContext.Current.Session["StatusMessage"] = "New password does not meet minimal password requirments."; return(View(changePasswordSubmission)); } // Attempt to change the username. IntfcMdl.ChangePassword(changePasswordSubmission); if (changePasswordSubmission.DoNotSave == true) { MgmtMdl.UpdatePassword(ID, ""); } else { MgmtMdl.UpdatePassword(ID, changePasswordSubmission.NewPassword); } // Redirect and display success message. System.Web.HttpContext.Current.Session["StatusMessage"] = "The password to <strong>" + changePasswordSubmission.Database.Name + "</strong> was changed."; System.Web.HttpContext.Current.Session["StatusStyle"] = "success"; return(RedirectToAction("Database", "View", new { id = changePasswordSubmission.Database.DatabaseID })); } catch (Exception e) { System.Web.HttpContext.Current.Session["ErrorInfo"] = e.ToString(); return(RedirectToAction("Error", "View")); } }