///////////////////////////////////////////////////////////////////////
public void Page_Load(Object sender, EventArgs e)
{
Util.set_context(HttpContext.Current);
Util.do_not_cache(Response);
if (Util.get_setting("ShowForgotPasswordLink", "0") == "0")
{
Response.Write("Sorry, Web.config ShowForgotPasswordLink is set to 0");
Response.End();
}
if (!IsPostBack)
{
Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "forgot password";
}
else
{
msg.InnerHtml = "";
if (email.Value == "" && username.Value == "")
{
msg.InnerHtml = "Enter either your Username or your Email address.";
}
else if (email.Value != "" && !Util.validate_email(email.Value))
{
msg.InnerHtml = "Format of email address is invalid.";
}
else
{
int user_count = 0;
int user_id = 0;
if (email.Value != "" && username.Value == "")
{
// check if email exists
SQLString sql = new SQLString("select count(1) from users where us_email = @email");
sql.AddParameterWithValue("email", email.Value);
user_count = (int)DbUtil.execute_scalar(sql);
if (user_count == 1)
{
sql = new SQLString("select us_id from users where us_email = @email");
sql.AddParameterWithValue("email", email.Value);
user_id = (int)DbUtil.execute_scalar(sql);
}
}
else if (email.Value == "" && username.Value != "")
{
// check if email exists
SQLString sql = new SQLString(
"select count(1) from users where isnull(us_email,'') != '' and us_username = @username");
sql.AddParameterWithValue("username", username.Value);
user_count = (int)DbUtil.execute_scalar(sql);
if (user_count == 1)
{
sql = new SQLString("select us_id from users where us_username = @username");
sql.AddParameterWithValue("username", username.Value);
user_id = (int)DbUtil.execute_scalar(sql);
}
}
else if (email.Value != "" && username.Value != "")
{
// check if email exists
SQLString sql = new SQLString(
"select count(1) from users where us_username = @username and us_email = @email");
sql.AddParameterWithValue("username", username.Value);
sql.AddParameterWithValue("email", email.Value);
user_count = (int)DbUtil.execute_scalar(sql);
if (user_count == 1)
{
sql = new SQLString(
"select us_id from users where us_username = @username and us_email = @email");
sql.AddParameterWithValue("username", username.Value);
sql.AddParameterWithValue("email", email.Value);
user_id = (int)DbUtil.execute_scalar(sql);
}
}
if (user_count == 1)
{
string guid = Guid.NewGuid().ToString();
var sql = new SQLString(@"
declare @username nvarchar(255)
declare @email nvarchar(255)
select @username = us_username, @email = us_email
from users where us_id = @user_id
insert into emailed_links
(el_id, el_date, el_email, el_action, el_user_id)
values (@guid, getdate(), @email, N'forgot', @user_id)
select @username us_username, @email us_email");
sql = sql.AddParameterWithValue("guid", guid);
sql = sql.AddParameterWithValue("user_id", Convert.ToString(user_id));
DataRow dr = DbUtil.get_datarow(sql);
string result = Email.send_email(
(string)dr["us_email"],
Util.get_setting("NotificationEmailFrom", ""),
"", // cc
"reset password",
"Click to <a href='"
+ Util.get_setting("AbsoluteUrlPrefix", "")
+ "change_password.aspx?id="
+ guid
+ "'>reset password</a> for user \""
+ (string)dr["us_username"]
+ "\".",
MailFormat.Html);
if (result == "")
{
msg.InnerHtml = "An email with password info has been sent to you.";
}
else
{
msg.InnerHtml = "There was a problem sending the email.";
msg.InnerHtml += "<br>" + result;
}
}
else
{
msg.InnerHtml = "Unknown username or email address.<br>Are you sure you spelled everything correctly?<br>Try just username, just email, or both.";
}
}
}
}