public ActionResult SecurityQuestions(SecurityQuestionsModel model, string username, string failureCount, string questionID)
{
if (ModelState.IsValid)
{
// string username = model.UserName;
if (WebSecurity.UserExists(username))
{
//get the question being tested
var pwMgr = new PasswordManager(username);
//get the questions for this user
var questions = pwMgr.GetQuestions();
var question = questions.FirstOrDefault(x => x.QuestionNumber.ToString() == model.QuestionID);
//check to see if the answer is valid
bool questionMatch = false;
if (question != null)
{
question.Answer = model.QuestionValue;
questionMatch = pwMgr.CheckAnswer(question);
}
//if it is, email the user the link and display the redirect to login view
if (questionMatch)
{
string token = WebSecurity.GeneratePasswordResetToken(username, 10);
string email = "";
using (var userContext = new PEMRBACEntities())
{
var profile = userContext.UserProfiles.SingleOrDefault(u => u.UserName == username);
if (profile != null)
{
email = profile.Email;
}
}
if (!String.IsNullOrEmpty(email) && !String.IsNullOrEmpty(token))
{
// Send password reset email
var mailer = new UserMailer();
mailer.PasswordReset(token, email).Send();
}
else
{
ModelState.AddModelError("",
"Could not send email at this time. If the problem perists please contact your system administrator");
}
//if everythign was successful, then we need to return the login redirect view
return(ReturnLoginRedirectView("You have been emailed a link to reset your password.",
"Password Reset - Emailed"));
}
//if the question didnt match, and this is the first failure (0), then retry with the other question
//also, lets make sure we are telling hte user why they have to answer again
if (model.FailureCount == "0")
{
ModelState.AddModelError("", "Incorrect Answer. Please Try Again.");
//get the question that we did NOT just ask
var unansweredQuestion = questions.FirstOrDefault(x => x.QuestionNumber.ToString() != model.QuestionID);
//re-ask them
var secModel = new SecurityQuestionsModel
{
UserName = username,
FailureCount = "1",
QuestionID = unansweredQuestion.QuestionNumber.ToString(),
QuestionText = unansweredQuestion.Question,
QuestionValue = string.Empty
};
return(View("SecurityQuestions", secModel));
}
//they didnt answer their quesitons correctly, display the system admin contact view.
return(View("CustomerService", new CustomerSupportModel()));
}
else
{
ModelState.AddModelError("", "No account with that username found. Please enter a valid username");
}
}
// If we got this far, something failed. redisplay form
return(View(model));
}
