/
RecoverPassword.aspx.cs
160 lines (133 loc) · 5.79 KB
/
RecoverPassword.aspx.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Security;
using System.Net.Mail;
using MySql.Data.MySqlClient;
using System.Data.Common;
using System.Data;
using Microsoft.Practices.EnterpriseLibrary.Data;
namespace ScoreBoard
{
public partial class RecoverPassword : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
/// <summary>
/// Kludge to recover from Bug#189 The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.0 Must issue a STARTTLS command first.
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void PasswordRecovery1_SendingMail(object sender, MailMessageEventArgs e)
{
MailMessage mm = new MailMessage();
mm.IsBodyHtml = true;
mm.From = e.Message.From;
mm.Subject = e.Message.Subject.ToString();
mm.To.Add(e.Message.To[0]);
mm.Body = e.Message.Body;
SmtpClient smtp = new SmtpClient();
smtp.EnableSsl = true;
smtp.Send(mm);
e.Cancel = true;
}
protected void SEndMAil(MembershipUser user, string password)
{
Dictionary<string, string> replacements = new Dictionary<string, string>(2);
replacements.Add("<%UserName%>", user.UserName);
replacements.Add("<%Password%>", password);
MailMessage mm = PasswordRecovery1.MailDefinition.CreateMailMessage(user.Email, replacements, this);
mm.IsBodyHtml = true;
SmtpClient smtp = new SmtpClient();
smtp.EnableSsl = true;
smtp.Send(mm);
}
protected void PasswordRecovery1_VerifyingUser(object sender, LoginCancelEventArgs e)
{
string userName = ((System.Web.UI.WebControls.PasswordRecovery)(sender)).UserName;
MembershipUser user = Membership.GetUser(userName);
if (user != null)
{
if (user.IsLockedOut)
{
pnlLockedOut.Visible = true;
txtUserName.Text = userName;
lblSecQues.Text = user.PasswordQuestion;
e.Cancel = true;
}
}
}
protected void PasswordRecovery1_VerifyingAnswer(object sender, LoginCancelEventArgs e)
{
}
protected void btnUnlock_Click(object sender, EventArgs e)
{
string userName = txtUserName.Text;
MembershipUser user = Membership.GetUser(userName);
string newPAssword = string.Empty;
if (user != null)
{
try
{
if (txtSecQuesAns.Text.Length > 0)
{
newPAssword = user.ResetPassword(txtSecQuesAns.Text);
SEndMAil(user, newPAssword);
lblPWError.Text = string.Empty;
lblPass.Text = "New password sent";
}
else
{
lblPWError.Text = "Security question incorrect.";
}
}
catch (MembershipPasswordException ex)
{
if (ex.Message == "The user account has been locked out.")
{
user.UnlockUser();
if (txtSecQuesAns.Text.Length > 0)
{
try
{
newPAssword = user.ResetPassword(txtSecQuesAns.Text);
lblPWError.Text = string.Empty;
SEndMAil(user, newPAssword);
lblPass.Text = "New password sent.";
}
catch (MembershipPasswordException ex2)
{
////MySql Implementation
//string cnString = System.Web.Configuration.WebConfigurationManager.ConnectionStrings["LocalMySqlServer"].ToString();
//using (MySqlConnection cnx = new MySqlConnection(cnString))
//{
// string cmdText = "update my_aspnet_Membership set IsLockedOut=1 where UserId = '" + user.ProviderUserKey.ToString() + "'";
// using (MySqlCommand cmd = new MySqlCommand(cmdText, cnx))
// {
// cmd.CommandType = CommandType.Text;
// cnx.Open();
// cmd.ExecuteNonQuery();
// cnx.Close();
// }
//}
//Need to relock the user
Database db = DatabaseFactory.CreateDatabase("cnGrammit");
db.ExecuteNonQuery(CommandType.Text, "update aspnet_Membership set IsLockedOut=1 where UserId = '" + user.ProviderUserKey.ToString() + "'");
lblPWError.Text = "Security question incorrect.";
lblPWError.Text = "Security question incorrect.";
}
}
}
else
{
lblPWError.Text = "Security question incorrect.";
}
}
}
}
}
}