protected void btnResetPassword_Click(Object sender, EventArgs e)
{
Regex regex = new Regex("[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,4}");
string emailAddress = txtEmailAddress.Text.Trim().ToUpperInvariant();
if (String.IsNullOrEmpty(emailAddress) || !regex.IsMatch(emailAddress))
{
lblErrorMessage.Visible = true;
return;
}
//Test if Email doesn't correspond to an account
IUserRepository userRepo = RepositoryFactory.Get <IUserRepository>();
bool userExists = userRepo.Users.Any(u => u.email.Equals(emailAddress));
if (!userExists)
{
//Prints success for security reasons (Account Harvesting)
lblResetEmailMessage.Text = "Success! A new password has been sent if the email provided was registered to an account";
lblResetEmailMessage.Style.Add(HtmlTextWriterStyle.Color, "Green");
return;
}
//Already checked that db entry exists. Now pull the user object!
User editUser = userRepo.Users.First(u => u.email.Equals(emailAddress));
//Generate Password
string passwordGenerated = Membership.GeneratePassword(8, 0);
//Work-around for bug in Membership.GeneratePassword() which adds 1 non-alphanumeric character
//Regex regexPW = new Regex("[^A-Za-z0-9]");
//passwordGenerated = regexPW.Replace(passwordGenerated, "");
//Stores new Password in User table
editUser.password = Security.MD5Encode(passwordGenerated);
userRepo.SubmitChanges();
//Emails Password
string message = String.Empty;
string from = companyEmail;
string to = emailAddress;
string subject = "Password Reset Message";
string body = "Dear " + editUser.firstName.Trim() + ",\n"
+ "\n"
+ "You have requested a new password to access XYZ Print Shop's website.\n"
+ "\n"
+ "Use the following password to sign on\n"
+ "\n"
+ "Password: "******"\n"
+ "\n"
+ "If you have any questions, please feel free to contact us at " + companyEmail + "\n"
+ "\n"
+ "Sincerely, "
+ "XYZ Support Group\n"
+ "\n"
+ "ABOUT THIS MESSAGE\n"
+ "This is a service e-mail message from the XYZ Print Shop Website.\n"
+ "Please do not reply to this service e-mail message as no response will be returned to you.\n";
if (SendEMail(from, to, subject, body, ref message))
{
lblResetEmailMessage.Text = "Success! A new password has been sent if the email provided was registered to an account";
lblResetEmailMessage.Style.Add(HtmlTextWriterStyle.Color, "Green");
}
else
{
//Will need to be changed to protect against Account Harvesting.
lblResetEmailMessage.Text = message;
}
}
private void updateRoleTable()
{
//used to update the role table entries
IRoleRepository roleRepo = RepositoryFactory.Get <IRoleRepository>();
var query = from p in roleRepo.Roles
select p;
//clear existing roles, get a new list (in case any are added / deleted / changed)
this.roleDescriptionTable.Rows.Clear();
this.roleDescriptionTable.Rows.Add(titleRow);
//for every role that is in the database, add it as a row in the table
foreach (var role in query)
{
//instantiate a new row
TableRow row = new TableRow();
row.CssClass = "orderRow";
bool canEdit = true;
bool canDelete = true;
TableCell cellEdit = new TableCell();
if (canEdit)
{
ImageButton edit = new ImageButton();
edit.ImageUrl = "/images/edit.gif";
edit.ToolTip = "Edit";
edit.CommandArgument = role.roleID.ToString();
edit.Command += new CommandEventHandler(btnEditRole_Click);
cellEdit.Controls.Add(edit);
}
else
{
Image edit = new Image();
edit.ImageUrl = "/images/edit_gray.gif";
edit.ToolTip = "Edit";
cellEdit.Controls.Add(edit);
}
TableCell cellDelete = new TableCell();
if (canDelete)
{
ImageButton delete = new ImageButton();
delete.ImageUrl = "/images/delete.gif";
delete.ToolTip = "Delete";
delete.CommandArgument = role.roleID.ToString();
delete.Command += new CommandEventHandler(btnDeleteRole_Click);
cellDelete.Controls.Add(delete);
}
else
{
Image delete = new Image();
delete.ImageUrl = "/images/delete_gray.gif";
delete.ToolTip = "Delete";
cellDelete.Controls.Add(delete);
cellDelete.Enabled = false;
}
TableCell roleID = new TableCell();
roleID.Text = role.roleID.ToString();
TableCell roleName = new TableCell();
roleName.Text = role.role_name.ToString();
TableCell roleDesc = new TableCell();
roleDesc.Text = role.role_desc;
//add the row to the table
row.Cells.Add(cellEdit);
row.Cells.Add(cellDelete);
row.Cells.Add(roleID);
row.Cells.Add(roleName);
row.Cells.Add(roleDesc);
this.roleDescriptionTable.Rows.Add(row);
}
}
protected void Page_Load(object sender, EventArgs e)
{
//check that user has access
//if not -> redirect to home page
if (Session[Constants.PWAS_SESSION_ID] == null || !Security.IsAuthorized((int)Session[Constants.PWAS_SESSION_ID], PwasObject.User, PwasAction.View, PwasScope.All))
{
Response.Redirect("customerView_Home.aspx");
}
//load active users and populate tableManageUsers
IUserRepository userRepo = RepositoryFactory.Get <IUserRepository>();
List <User> users = userRepo.Users.Where(u => u.active == true).ToList();
bool canEdit = Security.IsAuthorized((int)Session[Constants.PWAS_SESSION_ID], PwasObject.User, PwasAction.Update, PwasScope.All);
bool canDelete = Security.IsAuthorized((int)Session[Constants.PWAS_SESSION_ID], PwasObject.User, PwasAction.Delete, PwasScope.All);
//is user has update and delete access for all users (also allow acces to update roles) -> might be changed in the future when there is actually and action for updateroles
bool canEditRoles = canEdit && canDelete;
//load all Roles
IRoleRepository roleRepo = RepositoryFactory.Get <IRoleRepository>();
List <Role> roles = roleRepo.Roles.ToList <Role>();
//Sets counter to set Different IDs to all Dropdown controls
//Set to 1 to skip header row
int roleCounter = 1;
foreach (User user in users)
{
TableRow tableRow = new TableRow();
tableRow.CssClass = "orderRow";
TableCell cellEdit = new TableCell();
if (canEdit)
{
ImageButton edit = new ImageButton();
edit.ImageUrl = "/images/edit.gif";
edit.ToolTip = "Edit";
edit.CommandArgument = user.userID.ToString();
edit.Command += new CommandEventHandler(btnEditUser_Click);
cellEdit.Controls.Add(edit);
}
else
{
Image edit = new Image();
edit.ImageUrl = "/images/edit_gray.gif";
edit.ToolTip = "Edit";
cellEdit.Controls.Add(edit);
}
TableCell cellDelete = new TableCell();
if (canDelete)
{
ImageButton delete = new ImageButton();
delete.ImageUrl = "/images/delete.gif";
delete.ToolTip = "Delete";
delete.CommandArgument = user.userID.ToString();
delete.Command += new CommandEventHandler(btnDeleteUser_Click);
cellDelete.Controls.Add(delete);
}
else
{
Image delete = new Image();
delete.ImageUrl = "/images/delete_gray.gif";
delete.ToolTip = "Delete";
cellDelete.Controls.Add(delete);
cellDelete.Enabled = false;
}
TableCell cellUsername = new TableCell();
string username = user.email.Trim();
username = username.Substring(0, username.IndexOf('@'));
cellUsername.Text = username;
cellUsername.Width = Unit.Pixel(150);
TableCell cellFullName = new TableCell();
cellFullName.Text = user.firstName.Trim() + " " + user.lastName.Trim();
cellFullName.Width = Unit.Pixel(200);
TableCell cellEmail = new TableCell();
cellEmail.Text = user.email.Trim();
cellEmail.Width = Unit.Pixel(200);
TableCell cellRole = new TableCell();
DropDownList ddRoles = new DropDownList();
ddRoles.ID = "ddRoles" + roleCounter;
foreach (Role r in roles)
{
ListItem item = new ListItem();
item.Value = r.roleID.ToString();
item.Text = r.role_name;
ddRoles.Items.Add(item);
}
ddRoles.Items.FindByValue(user.roleID.ToString()).Selected = true;
ddRoles.Enabled = canEditRoles; //disables the dropdown control if user does not have access to change the role.
cellRole.Controls.Add(ddRoles);
TableCell cellRoleUpdate = new TableCell();
Button btnUpdateRole = new Button();
btnUpdateRole.Text = "Update";
btnUpdateRole.ToolTip = "Update Role";
btnUpdateRole.CommandArgument = user.userID.ToString() + ";" + roleCounter;
btnUpdateRole.Command += new CommandEventHandler(btnUpdateRole_Click);
btnUpdateRole.Enabled = canEditRoles; //disables the button control if user does not have access to change the role.
cellRoleUpdate.Controls.Add(btnUpdateRole);
tableRow.Cells.Add(cellEdit);
tableRow.Cells.Add(cellDelete);
tableRow.Cells.Add(cellUsername);
tableRow.Cells.Add(cellFullName);
tableRow.Cells.Add(cellEmail);
tableRow.Cells.Add(cellRole);
tableRow.Cells.Add(cellRoleUpdate);
tableManageUsers.Rows.Add(tableRow);
roleCounter++;
}
}