Exemple #1
0
            public static void SendRecoveryEmail(string emailAddress)
            {
                long   id    = -1;
                string token = "";
                string body;

                using (MySqlConnection con = new MySqlConnection(ConfigurationManager.ConnectionStrings["Development"].ConnectionString))
                {
                    con.Open();
                    using (MySqlCommand cmd = new MySqlCommand())
                    {
                        cmd.Connection  = con;
                        cmd.CommandText = "SELECT users.UserID FROM users WHERE users.UserEmail = @email;";
                        cmd.Parameters.AddWithValue("@email", emailAddress);
                        cmd.Prepare();
                        using (MySqlDataReader reader = cmd.ExecuteReader())
                        {
                            if (reader.Read())
                            {
                                // Get data:
                                id    = Convert.ToInt64(reader["UserID"]);
                                token = GenerateToken();
                                body  = ResetManager.GenerateEmail(token);
                            }
                            else
                            {
                                // User doesn't exist. Send an email saying so!
                                body = ResetManager.GenerateEmail();
                            }
                        }
                    }
                    if (id != -1)
                    {
                        using (MySqlCommand cmd = new MySqlCommand())
                        {
                            cmd.Connection  = con;
                            cmd.CommandText = "INSERT INTO passwordResets (UserID, ResetHash) VALUES (@uid, @hash);";
                            cmd.Parameters.AddWithValue("@uid", id);
                            cmd.Parameters.AddWithValue("@hash", PasswordReset.ComputeHash(token));
                            cmd.Prepare();
                            cmd.ExecuteNonQuery();
                        }
                    }
                }
                MailMessage email = new MailMessage(new MailAddress("The Gift Hub<*****@*****.**>"), new MailAddress(emailAddress));

                email.Body       = body;
                email.Subject    = "Password Reset";
                email.IsBodyHtml = true;
                using (SmtpClient sender = new SmtpClient("smtp.gmail.com", 587))
                {
                    sender.EnableSsl             = true;
                    sender.DeliveryMethod        = SmtpDeliveryMethod.Network;
                    sender.UseDefaultCredentials = false;
                    sender.Credentials           = new NetworkCredential("*****@*****.**", Resources.emailPassword);
                    sender.Send(email);
                }
            }
Exemple #2
0
            public static long GetUser(string token)
            {
                long     ret;
                DateTime timestamp;
                // Hash and query DB for hash; if not found, throw error. Otherwise, get the user
                string hashed = PasswordReset.ComputeHash(token);

                using (MySqlConnection con = new MySqlConnection(ConfigurationManager.ConnectionStrings["Development"].ConnectionString))
                {
                    con.Open();
                    using (MySqlCommand cmd = new MySqlCommand())
                    {
                        cmd.Connection  = con;
                        cmd.CommandText = "SELECT passwordResets.UserID, passwordResets.TimeCreated FROM passwordResets WHERE passwordResets.ResetHash = @hash;";
                        cmd.Parameters.AddWithValue("@hash", hashed);
                        cmd.Prepare();
                        using (MySqlDataReader reader = cmd.ExecuteReader())
                        {
                            if (!reader.HasRows)
                            {
                                // Throw UserNotFound
                                throw new UserNotFoundException(Convert.FromBase64String(token));
                            }
                            else
                            {
                                reader.Read();
                                ret       = Convert.ToInt64(reader["UserID"]);
                                timestamp = (DateTime)(reader["TimeCreated"]);
                                if (timestamp.AddMinutes(30) < DateTime.Now)
                                {
                                    // More than 30 minutes have passed; throw error:
                                    throw new PasswordResetTimeoutException();
                                }
                            }
                        }
                    }
                    using (MySqlCommand cmd = new MySqlCommand())
                    {
                        cmd.Connection  = con;
                        cmd.CommandText = "DELETE FROM passwordResets WHERE passwordResets.ResetHash = @hash;";
                        cmd.Parameters.AddWithValue("@hash", hashed);
                        cmd.Prepare();
                        // Finish with reader, then do this
                        cmd.ExecuteNonQuery();
                    }
                    return(ret);
                }
            }
Exemple #3
0
 private static bool VerifyToken(string token, string hashed)
 {
     return(hashed.Equals(PasswordReset.ComputeHash(token)));
 }