public async Task <IActionResult> OnPostSaveNewPassword() { var lang = LanguageProvider.GetValidatedLanguage(null, Request); var validator = new UserProfileDataValidationService(ModelState, LanguageProvider, lang); var validations = new[] { validator.ValidatePassword(nameof(PwdResetErrorMessage), PwdResetFirstPassword), validator.ValidateSecondPassword(nameof(PwdResetErrorMessage), PwdResetSecondPassword, PwdResetFirstPassword), }; if (!validations.All(x => x)) { Mode = LoginMode.PasswordReset; return(Page()); } var user = _context.PhpbbUsers.FirstOrDefault(u => u.UserId == UserId); if (user == null || ResetPasswordCode != await _utils.DecryptAES(user.UserNewpasswd, Init)) { ModelState.AddModelError(nameof(PwdResetErrorMessage), LanguageProvider.Errors[lang, "CONFIRM_ERROR"]); Mode = LoginMode.PasswordReset; return(Page()); } user.UserNewpasswd = string.Empty; user.UserPassword = Crypter.Phpass.Crypt(PwdResetFirstPassword !, Crypter.Phpass.GenerateSalt()); user.UserPasschg = DateTime.UtcNow.ToUnixTimestamp(); await _context.SaveChangesAsync(); return(RedirectToPage("Confirm", "PasswordChanged")); }
public async Task <IActionResult> OnPost() { var lang = GetLanguage(); var validator = new UserProfileDataValidationService(ModelState, LanguageProvider, lang); var validations = new[] { validator.ValidateUsername(nameof(UserName), UserName), validator.ValidateEmail(nameof(Email), Email), validator.ValidatePassword(nameof(Password), Password), validator.ValidateSecondPassword(nameof(SecondPassword), SecondPassword, Password), validator.ValidateTermsAgreement(nameof(Agree), Agree) }; if (!validations.All(x => x)) { return(Page()); } try { var response = await _gClient.PostAsync( requestUri : _recaptchaOptions.RelativeUri, content : new StringContent( content: $"secret={_recaptchaOptions.SecretKey}&response={RecaptchaResponse}&remoteip={HttpContext.Connection.RemoteIpAddress}", encoding: Encoding.UTF8, mediaType: "application/x-www-form-urlencoded" ) ); response.EnsureSuccessStatusCode(); var resultText = await response.Content.ReadAsStringAsync(); var result = JsonConvert.DeserializeObject <dynamic>(resultText); if ((bool?)result?.success != true) { throw new InvalidOperationException($"Validating g-recaptcha failed. Response: {resultText}"); } if ((decimal)result.score < _recaptchaOptions.MinScore) { return(PageWithError(nameof(RecaptchaResponse), string.Format(LanguageProvider.Errors[lang, "YOURE_A_BOT_FORMAT"], _config.GetValue <string>("AdminEmail").Replace("@", " at ").Replace(".", " dot ")))); } } catch (Exception ex) { _utils.HandleErrorAsWarning(ex, "Failed to check captcha"); return(PageWithError(nameof(RecaptchaResponse), LanguageProvider.Errors[lang, "AN_ERROR_OCCURRED_TRY_AGAIN"])); } var conn = _context.GetDbConnection(); var checkBanlist = await conn.QueryAsync( @"SELECT @email LIKE LOWER(REPLACE(REPLACE(ban_email, '*', '%'), '?', '_')) AS Email, @ip LIKE LOWER(REPLACE(REPLACE(ban_ip, '*', '%'), '?', '_')) AS IP FROM phpbb_banlist WHERE @email LIKE LOWER(REPLACE(REPLACE(ban_email, '*', '%'), '?', '_')) OR @ip LIKE LOWER(REPLACE(REPLACE(ban_ip, '*', '%'), '?', '_'))", new { email = Email !.ToLower(), ip = HttpContext.Connection.RemoteIpAddress?.ToString() ?? string.Empty }