Esempio n. 1
0
        public async Task <IActionResult> OnPostSaveNewPassword()
        {
            var lang        = LanguageProvider.GetValidatedLanguage(null, Request);
            var validator   = new UserProfileDataValidationService(ModelState, LanguageProvider, lang);
            var validations = new[]
            {
                validator.ValidatePassword(nameof(PwdResetErrorMessage), PwdResetFirstPassword),
                validator.ValidateSecondPassword(nameof(PwdResetErrorMessage), PwdResetSecondPassword, PwdResetFirstPassword),
            };

            if (!validations.All(x => x))
            {
                Mode = LoginMode.PasswordReset;
                return(Page());
            }

            var user = _context.PhpbbUsers.FirstOrDefault(u => u.UserId == UserId);

            if (user == null || ResetPasswordCode != await _utils.DecryptAES(user.UserNewpasswd, Init))
            {
                ModelState.AddModelError(nameof(PwdResetErrorMessage), LanguageProvider.Errors[lang, "CONFIRM_ERROR"]);
                Mode = LoginMode.PasswordReset;
                return(Page());
            }

            user.UserNewpasswd = string.Empty;
            user.UserPassword  = Crypter.Phpass.Crypt(PwdResetFirstPassword !, Crypter.Phpass.GenerateSalt());
            user.UserPasschg   = DateTime.UtcNow.ToUnixTimestamp();
            await _context.SaveChangesAsync();

            return(RedirectToPage("Confirm", "PasswordChanged"));
        }
Esempio n. 2
0
        public async Task <IActionResult> OnPost()
        {
            var lang        = GetLanguage();
            var validator   = new UserProfileDataValidationService(ModelState, LanguageProvider, lang);
            var validations = new[]
            {
                validator.ValidateUsername(nameof(UserName), UserName),
                validator.ValidateEmail(nameof(Email), Email),
                validator.ValidatePassword(nameof(Password), Password),
                validator.ValidateSecondPassword(nameof(SecondPassword), SecondPassword, Password),
                validator.ValidateTermsAgreement(nameof(Agree), Agree)
            };

            if (!validations.All(x => x))
            {
                return(Page());
            }

            try
            {
                var response = await _gClient.PostAsync(
                    requestUri : _recaptchaOptions.RelativeUri,
                    content : new StringContent(
                        content: $"secret={_recaptchaOptions.SecretKey}&response={RecaptchaResponse}&remoteip={HttpContext.Connection.RemoteIpAddress}",
                        encoding: Encoding.UTF8,
                        mediaType: "application/x-www-form-urlencoded"
                        )
                    );

                response.EnsureSuccessStatusCode();
                var resultText = await response.Content.ReadAsStringAsync();

                var result = JsonConvert.DeserializeObject <dynamic>(resultText);
                if ((bool?)result?.success != true)
                {
                    throw new InvalidOperationException($"Validating g-recaptcha failed. Response: {resultText}");
                }
                if ((decimal)result.score < _recaptchaOptions.MinScore)
                {
                    return(PageWithError(nameof(RecaptchaResponse), string.Format(LanguageProvider.Errors[lang, "YOURE_A_BOT_FORMAT"], _config.GetValue <string>("AdminEmail").Replace("@", " at ").Replace(".", " dot "))));
                }
            }
            catch (Exception ex)
            {
                _utils.HandleErrorAsWarning(ex, "Failed to check captcha");
                return(PageWithError(nameof(RecaptchaResponse), LanguageProvider.Errors[lang, "AN_ERROR_OCCURRED_TRY_AGAIN"]));
            }

            var conn = _context.GetDbConnection();

            var checkBanlist = await conn.QueryAsync(
                @"SELECT @email LIKE LOWER(REPLACE(REPLACE(ban_email, '*', '%'), '?', '_')) AS Email,
                         @ip LIKE LOWER(REPLACE(REPLACE(ban_ip, '*', '%'), '?', '_')) AS IP
                    FROM phpbb_banlist
                   WHERE @email LIKE LOWER(REPLACE(REPLACE(ban_email, '*', '%'), '?', '_')) 
                      OR @ip LIKE LOWER(REPLACE(REPLACE(ban_ip, '*', '%'), '?', '_'))",
                new { email = Email !.ToLower(), ip = HttpContext.Connection.RemoteIpAddress?.ToString() ?? string.Empty }