public async Task <IActionResult> OnPostSaveNewPassword()
{
var lang = LanguageProvider.GetValidatedLanguage(null, Request);
var validator = new UserProfileDataValidationService(ModelState, LanguageProvider, lang);
var validations = new[]
{
validator.ValidatePassword(nameof(PwdResetErrorMessage), PwdResetFirstPassword),
validator.ValidateSecondPassword(nameof(PwdResetErrorMessage), PwdResetSecondPassword, PwdResetFirstPassword),
};
if (!validations.All(x => x))
{
Mode = LoginMode.PasswordReset;
return(Page());
}
var user = _context.PhpbbUsers.FirstOrDefault(u => u.UserId == UserId);
if (user == null || ResetPasswordCode != await _utils.DecryptAES(user.UserNewpasswd, Init))
{
ModelState.AddModelError(nameof(PwdResetErrorMessage), LanguageProvider.Errors[lang, "CONFIRM_ERROR"]);
Mode = LoginMode.PasswordReset;
return(Page());
}
user.UserNewpasswd = string.Empty;
user.UserPassword = Crypter.Phpass.Crypt(PwdResetFirstPassword !, Crypter.Phpass.GenerateSalt());
user.UserPasschg = DateTime.UtcNow.ToUnixTimestamp();
await _context.SaveChangesAsync();
return(RedirectToPage("Confirm", "PasswordChanged"));
}
public async Task <IActionResult> OnPost()
{
var lang = GetLanguage();
var validator = new UserProfileDataValidationService(ModelState, LanguageProvider, lang);
var validations = new[]
{
validator.ValidateUsername(nameof(UserName), UserName),
validator.ValidateEmail(nameof(Email), Email),
validator.ValidatePassword(nameof(Password), Password),
validator.ValidateSecondPassword(nameof(SecondPassword), SecondPassword, Password),
validator.ValidateTermsAgreement(nameof(Agree), Agree)
};
if (!validations.All(x => x))
{
return(Page());
}
try
{
var response = await _gClient.PostAsync(
requestUri : _recaptchaOptions.RelativeUri,
content : new StringContent(
content: $"secret={_recaptchaOptions.SecretKey}&response={RecaptchaResponse}&remoteip={HttpContext.Connection.RemoteIpAddress}",
encoding: Encoding.UTF8,
mediaType: "application/x-www-form-urlencoded"
)
);
response.EnsureSuccessStatusCode();
var resultText = await response.Content.ReadAsStringAsync();
var result = JsonConvert.DeserializeObject <dynamic>(resultText);
if ((bool?)result?.success != true)
{
throw new InvalidOperationException($"Validating g-recaptcha failed. Response: {resultText}");
}
if ((decimal)result.score < _recaptchaOptions.MinScore)
{
return(PageWithError(nameof(RecaptchaResponse), string.Format(LanguageProvider.Errors[lang, "YOURE_A_BOT_FORMAT"], _config.GetValue <string>("AdminEmail").Replace("@", " at ").Replace(".", " dot "))));
}
}
catch (Exception ex)
{
_utils.HandleErrorAsWarning(ex, "Failed to check captcha");
return(PageWithError(nameof(RecaptchaResponse), LanguageProvider.Errors[lang, "AN_ERROR_OCCURRED_TRY_AGAIN"]));
}
var conn = _context.GetDbConnection();
var checkBanlist = await conn.QueryAsync(
@"SELECT @email LIKE LOWER(REPLACE(REPLACE(ban_email, '*', '%'), '?', '_')) AS Email,
@ip LIKE LOWER(REPLACE(REPLACE(ban_ip, '*', '%'), '?', '_')) AS IP
FROM phpbb_banlist
WHERE @email LIKE LOWER(REPLACE(REPLACE(ban_email, '*', '%'), '?', '_'))
OR @ip LIKE LOWER(REPLACE(REPLACE(ban_ip, '*', '%'), '?', '_'))",
new { email = Email !.ToLower(), ip = HttpContext.Connection.RemoteIpAddress?.ToString() ?? string.Empty }
