public static string ChangePW(string password, string confirm, string sessionID)
{
if (TSAuthentication.SessionID != sessionID)
{
return("Unable to authenticate your session. Please refresh the page and try again.");
}
bool result = false;
StringBuilder builder = new StringBuilder("<ul>");
if (password.Trim() != confirm.Trim())
{
builder.Append("<li>Your passwords do not match.</li>");
result = true;
}
if (password.Trim().Length < 6)
{
builder.Append("<li>Please choose a password that is at least 6 characters long.</li>");
result = true;
}
builder.Append("</ul");
if (!result)
{
Users users = new Users(TSAuthentication.GetLoginUser());
users.LoadByUserID(TSAuthentication.UserID);
if (!users.IsEmpty)
{
users[0].CryptedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(password, "MD5");
users[0].IsPasswordExpired = false;
users[0].PasswordCreatedUtc = DateTime.UtcNow;
users.Save();
EmailPosts.SendChangedTSPassword(users.LoginUser, users[0].UserID);
}
return("");
}
else
{
return(builder.ToString());
}
}
public string[] SavePassword(int userID, string token, string pw1, string pw2)
{
List <string> result = new List <string>();
if (pw1 != pw2)
{
result.Add("Passwords do not match.");
}
if (!pw1.Any(char.IsUpper))
{
result.Add("At least one uppercase letter is required.");
}
if (!pw1.Any(char.IsLower))
{
result.Add("At least one lowercase letter is required.");
}
if (!pw1.Any(char.IsDigit))
{
result.Add("At least one number is required.");
}
if (pw1.Length < 8)
{
result.Add("Use at least 8 characters.");
}
if (pw1.Length > 20)
{
result.Add("Use less than 20 characters.");
}
if (result.Count < 1)
{
User user = null;
if (TSAuthentication.Ticket != null)
{
user = Users.GetUser(TSAuthentication.GetLoginUser(), TSAuthentication.UserID);
}
else
{
user = Users.GetUser(LoginUser.Anonymous, userID);
if (user.CryptedPassword != token && user.CryptedPassword != FormsAuthentication.HashPasswordForStoringInConfigFile(token, "MD5"))
{
user = null;
}
}
if (user != null)
{
user.CryptedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(pw1, "MD5");
user.IsPasswordExpired = false;
user.PasswordCreatedUtc = DateTime.UtcNow;
user.Collection.Save();
EmailPosts.SendChangedTSPassword(LoginUser.Anonymous, user.UserID);
}
else
{
result.Add("There was an issue saving your password. Please try resetting your password again.");
}
}
return(result.ToArray());
}