protected void RequestPassword_Click(object sender, EventArgs e)
{
ErrorPanel.Visible = true; // that is where the status msg goes, in all cases in this routine
//FireFox does not validate RequiredFieldValidator1.
//This code will double check forgotemail has value.
if (ForgotEMail.Text.Trim() == string.Empty)
{
ErrorMsgLabel.Text = AppLogic.GetString("signin.aspx.3", SkinID, ThisCustomer.LocaleSetting, true);
return;
}
//Decrypt connectionstring using salt & vector scheme implemented by Interprise.
ErrorMsgLabel.Text = string.Empty;
string PWD = string.Empty;
bool passwordValid = true;
string customerCode = string.Empty;
string contactCode = string.Empty;
bool exists = false;
string sql = string.Format("SELECT EntityCode, cc.ContactCode, Password,PasswordSalt,PasswordIV FROM CRMContact cc WITH (NOLOCK) INNER JOIN EcommerceCustomerActiveSites ecas ON cc.ContactCode = ecas.ContactCode WHERE IsAllowWebAccess=1 AND UserName= {0} AND ecas.WebSiteCode = {1} AND ecas.IsEnabled = 1", DB.SQuote(ForgotEMail.Text.ToLower()), DB.SQuote(InterpriseHelper.ConfigInstance.WebSiteCode));
using (var con = DB.NewSqlConnection())
{
con.Open();
using (var rs = DB.GetRSFormat(con, sql))
{
exists = rs.Read();
if (exists)
{
string pwdCypher = DB.RSField(rs, "Password");
string salt = DB.RSField(rs, "PasswordSalt");
string iv = DB.RSField(rs, "PasswordIV");
customerCode = DB.RSField(rs, "EntityCode");
contactCode = DB.RSField(rs, "ContactCode");
try
{
var tmpCrypto = new Interprise.Licensing.Base.Services.CryptoServiceProvider();
PWD = tmpCrypto.Decrypt(Convert.FromBase64String(pwdCypher),
Convert.FromBase64String(salt),
Convert.FromBase64String(iv));
}
catch
{
passwordValid = false;
}
}
else
{
ErrorMsgLabel.Text = AppLogic.GetString("lostpassword.aspx.4", SkinID, ThisCustomer.LocaleSetting, true);
return;
}
}
}
if (exists && !passwordValid)
{
byte[] salt = InterpriseHelper.GenerateSalt();
byte[] iv = InterpriseHelper.GenerateVector();
string newPassword = Guid.NewGuid().ToString("N").Substring(0, 8);
string newPasswordCypher = InterpriseHelper.Encryption(newPassword, salt, iv);
string saltBase64 = Convert.ToBase64String(salt);
string ivBase64 = Convert.ToBase64String(iv);
DB.ExecuteSQL("UPDATE CRMContact SET Password = {0}, PasswordSalt = {1}, PasswordIV = {2} WHERE EntityCode = {3} AND ContactCode = {4}", DB.SQuote(newPasswordCypher), DB.SQuote(saltBase64), DB.SQuote(ivBase64), DB.SQuote(customerCode), DB.SQuote(contactCode));
PWD = newPassword;
}
if (PWD.Length != 0)
{
string FromEMail = AppLogic.AppConfig("MailMe_FromAddress");
string EMail = ForgotEMail.Text;
bool SendWasOk = false;
try
{
string WhoisRequestingThePassword = "******" + ThisCustomer.LastIPAddress + "\r\n" + DateTime.Now.ToString();
string MsgBody = string.Empty;
MsgBody = InterpriseHelper.GetPasswordEmailTemplate(EMail);
if (MsgBody.Length > 0)
{
AppLogic.SendMail(AppLogic.AppConfig("StoreName") + " " + AppLogic.GetString("lostpassword.aspx.5", SkinID, ThisCustomer.LocaleSetting, true), MsgBody, true, FromEMail, FromEMail, EMail, EMail, "", AppLogic.AppConfig("MailMe_Server"));
SendWasOk = true;
}
else
{
ErrorMsgLabel.Text = AppLogic.GetString("lostpassword.aspx.4", SkinID, ThisCustomer.LocaleSetting, true);
}
}
catch { }
if (SendWasOk)
{
ErrorMsgLabel.Text = AppLogic.GetString("lostpassword.aspx.2", SkinID, ThisCustomer.LocaleSetting, true);
}
else
{
ErrorMsgLabel.Text = AppLogic.GetString("lostpassword.aspx.3", SkinID, ThisCustomer.LocaleSetting, true);
}
}
else
{
ErrorMsgLabel.Text = AppLogic.GetString("lostpassword.aspx.4", SkinID, ThisCustomer.LocaleSetting, true);
}
}