private void cmdUpdate_Click(Object sender, EventArgs e) { if (IsUserOrAdmin == false) { return; } //1. Check New Password and Confirm are the same if (txtNewPassword.Text != txtNewConfirm.Text) { OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordMismatch)); return; } //2. Check New Password is Valid if (!UserController.ValidatePassword(txtNewPassword.Text)) { OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordInvalid)); return; } //3. Check old Password is Provided if (!IsAdmin && String.IsNullOrEmpty(txtOldPassword.Text)) { OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordMissing)); return; } //4. Check New Password is ddifferent if (!IsAdmin && txtNewPassword.Text == txtOldPassword.Text) { OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordNotDifferent)); return; } //5. Check New Password is not same as username or banned var settings = new MembershipPasswordSettings(User.PortalID); if (settings.EnableBannedList) { var m = new MembershipPasswordController(); if (m.FoundBannedPassword(txtNewPassword.Text) || User.Username == txtNewPassword.Text) { OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.BannedPasswordUsed)); return; } } if (!IsAdmin && txtNewPassword.Text == txtOldPassword.Text) { OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordNotDifferent)); return; } if (!IsAdmin) { try { OnPasswordUpdated(UserController.ChangePassword(User, txtOldPassword.Text, txtNewPassword.Text) ? new PasswordUpdatedEventArgs(PasswordUpdateStatus.Success) : new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed)); } catch (MembershipPasswordException exc) { //Password Answer missing Logger.Error(exc); OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.InvalidPasswordAnswer)); } catch (ThreadAbortException) { //Do nothing we are not logging ThreadAbortxceptions caused by redirects } catch (Exception exc) { //Fail Logger.Error(exc); OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed)); } } else { try { OnPasswordUpdated(UserController.ResetAndChangePassword(User, txtNewPassword.Text) ? new PasswordUpdatedEventArgs(PasswordUpdateStatus.Success) : new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed)); } catch (MembershipPasswordException exc) { //Password Answer missing Logger.Error(exc); OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.InvalidPasswordAnswer)); } catch (ThreadAbortException) { //Do nothing we are not logging ThreadAbortxceptions caused by redirects } catch (Exception exc) { //Fail Logger.Error(exc); OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed)); } } }
private void cmdChangePassword_Click(object sender, EventArgs e) { //1. Check New Password and Confirm are the same if (txtPassword.Text != txtConfirmPassword.Text) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordMismatch"); LogFailure(failed); lblHelp.Text = failed; return; } if (UserController.ValidatePassword(txtPassword.Text)==false) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordResetFailed"); LogFailure(failed); lblHelp.Text = failed; return; } //Check New Password is not same as username or banned var settings = new MembershipPasswordSettings(User.PortalID); if (settings.EnableBannedList) { var m = new MembershipPasswordController(); if (m.FoundBannedPassword(txtPassword.Text) || txtUsername.Text == txtPassword.Text) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordResetFailed"); LogFailure(failed); lblHelp.Text = failed; return; } } string username = txtUsername.Text; if (PortalController.GetPortalSettingAsBoolean("Registration_UseEmailAsUserName", PortalId, false)) { var testUser = UserController.GetUserByEmail(PortalId, username); // one additonal call to db to see if an account with that email actually exists if (testUser != null) { username = testUser.Username; //we need the username of the account in order to change the password in the next step } } if (UserController.ChangePasswordByToken(PortalSettings.PortalId, username, txtPassword.Text, ResetToken) == false) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordResetFailed", LocalResourceFile); LogFailure(failed); lblHelp.Text = failed; } else { //Log user in to site LogSuccess(); var loginStatus = UserLoginStatus.LOGIN_FAILURE; UserController.UserLogin(PortalSettings.PortalId, username, txtPassword.Text, "", "", "", ref loginStatus, false); RedirectAfterLogin(); } }
private void cmdChangePassword_Click(object sender, EventArgs e) { string username = txtUsername.Text; if (MembershipProviderConfig.RequiresQuestionAndAnswer && String.IsNullOrEmpty(txtAnswer.Text)) { var user = UserController.GetUserByName(username); if (user != null) { lblQuestion.Text = user.Membership.PasswordQuestion; } divQA.Visible = true; return; } //1. Check New Password and Confirm are the same if (txtPassword.Text != txtConfirmPassword.Text) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordMismatch"); LogFailure(failed); lblHelp.Text = failed; return; } if (UserController.ValidatePassword(txtPassword.Text)==false) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordResetFailed"); LogFailure(failed); lblHelp.Text = failed; return; } //Check New Password is not same as username or banned var settings = new MembershipPasswordSettings(User.PortalID); if (settings.EnableBannedList) { var m = new MembershipPasswordController(); if (m.FoundBannedPassword(txtPassword.Text) || txtUsername.Text == txtPassword.Text) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordResetFailed"); LogFailure(failed); lblHelp.Text = failed; return; } } if (PortalController.GetPortalSettingAsBoolean("Registration_UseEmailAsUserName", PortalId, false)) { var testUser = UserController.GetUserByEmail(PortalId, username); // one additonal call to db to see if an account with that email actually exists if (testUser != null) { username = testUser.Username; //we need the username of the account in order to change the password in the next step } } string errorMessage; string answer = String.Empty; if (MembershipProviderConfig.RequiresQuestionAndAnswer) { answer = txtAnswer.Text; } if (UserController.ChangePasswordByToken(PortalSettings.PortalId, username, txtPassword.Text, answer, ResetToken, out errorMessage) == false) { resetMessages.Visible = true; var failed = errorMessage; LogFailure(failed); lblHelp.Text = failed; } else { //check user has a valid profile var user = UserController.GetUserByName(PortalSettings.PortalId, username); var validStatus = UserController.ValidateUser(user, PortalSettings.PortalId, false); if (validStatus == UserValidStatus.UPDATEPROFILE) { LogSuccess(); ViewState.Add("PageNo", 3); Response.Redirect(Globals.NavigateURL(PortalSettings.ActiveTab.TabID, "Login")); } else { //Log user in to site LogSuccess(); var loginStatus = UserLoginStatus.LOGIN_FAILURE; UserController.UserLogin(PortalSettings.PortalId, username, txtPassword.Text, "", "", "", ref loginStatus, false); RedirectAfterLogin(); } } }
private void cmdChangePassword_Click(object sender, EventArgs e) { //1. Check New Password and Confirm are the same if (txtPassword.Text != txtConfirmPassword.Text) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordMismatch"); LogFailure(failed); lblHelp.Text = failed; return; } if (UserController.ValidatePassword(txtPassword.Text)==false) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordResetFailed"); LogFailure(failed); lblHelp.Text = failed; return; } //Check New Password is not same as username or banned var settings = new MembershipPasswordSettings(User.PortalID); if (settings.EnableBannedList) { var m = new MembershipPasswordController(); if (m.FoundBannedPassword(txtPassword.Text) || txtUsername.Text == txtPassword.Text) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordResetFailed"); LogFailure(failed); lblHelp.Text = failed; return; } } if (UserController.ChangePasswordByToken(PortalSettings.PortalId, txtUsername.Text, txtPassword.Text, ResetToken) == false) { resetMessages.Visible = true; var failed = Localization.GetString("PasswordResetFailed", LocalResourceFile); LogFailure(failed); lblHelp.Text = failed; } else { //Log user in to site LogSuccess(); var loginStatus = UserLoginStatus.LOGIN_FAILURE; UserController.UserLogin(PortalSettings.PortalId, txtUsername.Text, txtPassword.Text, "", "", "", ref loginStatus, false); RedirectAfterLogin(); } }
private bool Validate() { CreateStatus = UserCreateStatus.AddUser; var portalSecurity = new PortalSecurity(); //Check User Editor bool _IsValid = userForm.IsValid; if (RegistrationFormType == 0) { //Update UserName if (UseEmailAsUserName) { User.Username = User.Email; if (String.IsNullOrEmpty(User.DisplayName)) { User.DisplayName = User.Email.Substring(0, User.Email.IndexOf("@", StringComparison.Ordinal)); } } //Check Password is valid if (!RandomPassword) { //Check Password is Valid if (CreateStatus == UserCreateStatus.AddUser && !UserController.ValidatePassword(User.Membership.Password)) { CreateStatus = UserCreateStatus.InvalidPassword; } if (RequirePasswordConfirm && String.IsNullOrEmpty(AuthenticationType)) { if (User.Membership.Password != User.Membership.PasswordConfirm) { CreateStatus = UserCreateStatus.PasswordMismatch; } } } else { //Generate a random password for the user User.Membership.Password = UserController.GeneratePassword(); User.Membership.PasswordConfirm = User.Membership.Password; } } else { //Set Username to Email if (String.IsNullOrEmpty(User.Username)) { User.Username = User.Email; } //Set DisplayName if (String.IsNullOrEmpty(User.DisplayName)) { User.DisplayName = String.IsNullOrEmpty(User.FirstName + " " + User.LastName) ? User.Email.Substring(0, User.Email.IndexOf("@", StringComparison.Ordinal)) : User.FirstName + " " + User.LastName; } //Random Password if (String.IsNullOrEmpty(User.Membership.Password)) { //Generate a random password for the user User.Membership.Password = UserController.GeneratePassword(); } //Password Confirm if (!String.IsNullOrEmpty(User.Membership.PasswordConfirm)) { if (User.Membership.Password != User.Membership.PasswordConfirm) { CreateStatus = UserCreateStatus.PasswordMismatch; } } } //Validate banned password var settings = new MembershipPasswordSettings(User.PortalID); if (settings.EnableBannedList) { var m = new MembershipPasswordController(); if (m.FoundBannedPassword(User.Membership.Password) || User.Username==User.Membership.Password) { CreateStatus = UserCreateStatus.BannedPasswordUsed; } } //Validate Profanity if (UseProfanityFilter) { if (!portalSecurity.ValidateInput(User.Username, PortalSecurity.FilterFlag.NoProfanity)) { CreateStatus = UserCreateStatus.InvalidUserName; } if (!String.IsNullOrEmpty(User.DisplayName)) { if (!portalSecurity.ValidateInput(User.DisplayName, PortalSecurity.FilterFlag.NoProfanity)) { CreateStatus = UserCreateStatus.InvalidDisplayName; } } } //Validate Unique User Name UserInfo user = UserController.GetUserByName(PortalId, User.Username); if (user != null) { if(UseEmailAsUserName) { CreateStatus = UserCreateStatus.DuplicateEmail; } else { CreateStatus = UserCreateStatus.DuplicateUserName; int i = 1; string userName = null; while (user != null) { userName = User.Username + "0" + i.ToString(CultureInfo.InvariantCulture); user = UserController.GetUserByName(PortalId, userName); i++; } User.Username = userName; } } //Validate Unique Display Name if (CreateStatus == UserCreateStatus.AddUser && RequireUniqueDisplayName) { user = UserController.Instance.GetUserByDisplayname(PortalId, User.DisplayName); if (user != null) { CreateStatus = UserCreateStatus.DuplicateDisplayName; int i = 1; string displayName = null; while (user != null) { displayName = User.DisplayName + " 0" + i.ToString(CultureInfo.InvariantCulture); user = UserController.Instance.GetUserByDisplayname(PortalId, displayName); i++; } User.DisplayName = displayName; } } //Check Question/Answer if (CreateStatus == UserCreateStatus.AddUser && MembershipProviderConfig.RequiresQuestionAndAnswer) { if (string.IsNullOrEmpty(User.Membership.PasswordQuestion)) { //Invalid Question CreateStatus = UserCreateStatus.InvalidQuestion; } if (CreateStatus == UserCreateStatus.AddUser) { if (string.IsNullOrEmpty(User.Membership.PasswordAnswer)) { //Invalid Question CreateStatus = UserCreateStatus.InvalidAnswer; } } } if (CreateStatus != UserCreateStatus.AddUser) { _IsValid = false; } return _IsValid; }