コード例 #1
0
ファイル: register.aspx.cs プロジェクト: katiposec/fooblog
        protected void submitButton_Click(object sender, EventArgs e)
        {
            string alias    = aliasText.Text;
            string email    = emailText.Text;
            string address  = addressText.Text;
            string city     = cityText.Text;
            string country  = countryText.Text;
            string username = usernameText.Text;
            string pass     = passText.Text;

            if (!String.IsNullOrEmpty(alias) && FooStringHelper.IsValidEmailAddress(email) &&
                !String.IsNullOrEmpty(address) &&
                !String.IsNullOrEmpty(city) && !String.IsNullOrEmpty(country) && !String.IsNullOrEmpty(username) &&
                !String.IsNullOrEmpty(pass))
            {
                if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
                {
                    string userId = FooStringHelper.RandomString(16);

                    if (!CheckIfUsernameExists(username) && !FooEmailHelper.CheckIfEmailExists(email, username))
                    {
                        errorPanel.Visible   = false;
                        formPanel.Visible    = false;
                        successPanel.Visible = true;

                        string defaultGroup = ConfigurationManager.AppSettings["User Group ID"] ?? "ri3EKpc5Z5gN4FEu";

                        bool insertedUser = RegisterNewUser(userId, alias, email, address, city, country, username, pass,
                                                            defaultGroup);

                        successLabel.Text = insertedUser
                                                ? "Your account has been successfully created. You can proceed to <a href=\"login.aspx\">log on</a>."
                                                : "Failed to create account. The administrator has been notified. Please try again.";

                        errorPanel.Visible = false;
                        errorLabel.Text    = "";
                    }

                    else
                    {
                        errorPanel.Visible = true;
                        errorLabel.Text    = "Some details already exist in this application.";
                    }
                }

                else
                {
                    errorPanel.Visible = true;
                    errorLabel.Text    = "Invalid request.";
                }
            }

            else
            {
                errorPanel.Visible = true;
                errorLabel.Text    = "Incomplete or invalid details.";
            }

            RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
        }
コード例 #2
0
        public void ProcessRequest(HttpContext context)
        {
            string userId = FooSessionHelper.GetUserObjectFromCookie(context).UserId;

            string jsonString = new StreamReader(context.Request.InputStream).ReadToEnd();

            var resetObj = JsonConvert.DeserializeObject <ResetObject>(jsonString);

            string password     = resetObj.Password.Trim();
            string confirmation = resetObj.Confirmation.Trim();

            if (password != confirmation)
            {
                context.Response.Write("Reset Failed");
            }

            if (!String.IsNullOrEmpty(password))
            {
                bool reset = do_reset.UpdatePassword(userId, password);

                if (reset)
                {
                    string email = FooEmailHelper.GetEmailForAccount(userId);

                    var emailObj = new EmailObject
                    {
                        Body =
                            "Your FooBlog password has been reset. If you did not perform this action, please contact a FooBlog administrator using your registered email account",
                        Subject   = "FooBlog Password Reset",
                        ToAddress = email
                    };

                    FooEmailHelper.SendEmail(emailObj);

                    context.Response.Write("Reset OK");
                }

                else
                {
                    context.Response.Write("Reset Failed");
                }
            }
        }
コード例 #3
0
        protected void submitButton_Click(object sender, EventArgs e)
        {
            string email = emailText.Text.Trim();

            if (!String.IsNullOrEmpty(email) || !FooStringHelper.IsValidEmailAddress(email))
            {
                if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
                {
                    if (FooEmailHelper.CheckIfEmailExists(email, null))
                    {
                        UserObject user = GetUserObjByEmail(email);

                        if (user != null)
                        {
                            string resetToken = FooStringHelper.RandomString(24);
                            string resetId    = MakeResetRequest(user.UserId, resetToken);
                            string resetUrl   = FooStringHelper.MakeResetUrl(resetId, resetToken);
                            string emailBody  =
                                String.Format(
                                    "Hi {0},<br/><br/>Your FooBlog password for account '{1}' can be reset by visiting the following link:<br/><br/><a href=\"{2}\">{3}</a><br/><br/>The link is valid for 24 hours. If you did not request this reset, simply do not visit the link - your current password will remain unchanged.<br/><br/>Cheers,<br/>The FooBlog Team.",
                                    user.UserAlias, user.Username, resetUrl, resetUrl);
                            const string emailSubject = "FooBlog Password Reset";

                            var mailObj = new EmailObject {
                                Body = emailBody, Subject = emailSubject, ToAddress = email
                            };

                            bool sendMail = FooEmailHelper.SendEmail(mailObj);

                            if (sendMail)
                            {
                                errorPanel.Visible   = false;
                                formPanel.Visible    = false;
                                successPanel.Visible = true;
                                successLabel.Text    = "A reset link has been sent to your registered email account.";
                            }
                        }

                        else
                        {
                            errorPanel.Visible = true;
                            errorLabel.Text    = "Invalid details.";
                        }
                    }

                    else
                    {
                        errorPanel.Visible = true;
                        errorLabel.Text    = "Invalid request.";
                    }
                }

                else
                {
                    errorPanel.Visible = true;
                    errorLabel.Text    = "Invalid details.";
                }
            }

            else
            {
                errorPanel.Visible = true;
                errorLabel.Text    = "Incomplete or invalid details.";
            }

            RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
        }
コード例 #4
0
        protected void UserView_ItemUpdating(object sender, DetailsViewUpdateEventArgs e)
        {
            UserObject userObj  = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current);
            string     userId   = userObj.UserId;
            string     userName = userObj.Username;

            if (!FooStringHelper.IsValidAlphanumeric(userId, 16))
            {
                errorLabel.Text = "Invalid request.";
                Reset_Page();
                return;
            }

            var txtUserAlias    = (TextBox)userView.FindControl("txtUserAlias");
            var txtUserEmail    = (TextBox)userView.FindControl("txtUserEmail");
            var txtUserAddress  = (TextBox)userView.FindControl("txtUserAddress");
            var txtUserCity     = (TextBox)userView.FindControl("txtUserCity");
            var txtUserCountry  = (TextBox)userView.FindControl("txtUserCountry");
            var txtUserBody     = (TextBox)userView.FindControl("txtUserBody");
            var imageUploadForm = (FileUpload)userView.FindControl("imageUploadForm");

            if (!string.IsNullOrEmpty(txtUserAlias.Text) && !string.IsNullOrEmpty(txtUserEmail.Text) &&
                !string.IsNullOrEmpty(txtUserAddress.Text) && !string.IsNullOrEmpty(txtUserCity.Text) &&
                !string.IsNullOrEmpty(txtUserCountry.Text) && !string.IsNullOrEmpty(txtUserBody.Text) &&
                !string.IsNullOrEmpty(txtUserEmail.Text) && FooStringHelper.IsValidEmailAddress(txtUserEmail.Text) &&
                !FooEmailHelper.CheckIfEmailExists(txtUserEmail.Text, userName))
            {
                try
                {
                    if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
                    {
                        using (var conn = new NpgsqlConnection())
                        {
                            conn.ConnectionString =
                                ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                            conn.Open();

                            var cmd = new NpgsqlCommand
                            {
                                CommandText =
                                    "UPDATE users SET (useralias, email, address, city, country, profilebody) = (@USERALIAS, @EMAIL, @ADDRESS, @CITY, @COUNTRY, @PROFILEBODY) WHERE userid= @USERID",
                                CommandType = CommandType.Text,
                                Connection  = conn
                            };

                            var idParam = new NpgsqlParameter
                            {
                                ParameterName = "@USERID",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 16,
                                Direction     = ParameterDirection.Input,
                                Value         = FooStringHelper.RemoveInvalidChars(userId)
                            };
                            cmd.Parameters.Add(idParam);

                            var aliasParam = new NpgsqlParameter
                            {
                                ParameterName = "@USERALIAS",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 32,
                                Direction     = ParameterDirection.Input,
                                Value         = txtUserAlias.Text
                            };
                            cmd.Parameters.Add(aliasParam);

                            var emailParam = new NpgsqlParameter
                            {
                                ParameterName = "@EMAIL",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 64,
                                Direction     = ParameterDirection.Input,
                                Value         = txtUserEmail.Text
                            };
                            cmd.Parameters.Add(emailParam);

                            var addressParam = new NpgsqlParameter
                            {
                                ParameterName = "@ADDRESS",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 128,
                                Direction     = ParameterDirection.Input,
                                Value         = txtUserAddress.Text
                            };
                            cmd.Parameters.Add(addressParam);

                            var cityParam = new NpgsqlParameter
                            {
                                ParameterName = "@CITY",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 32,
                                Direction     = ParameterDirection.Input,
                                Value         = txtUserCity.Text
                            };
                            cmd.Parameters.Add(cityParam);

                            var countryParam = new NpgsqlParameter
                            {
                                ParameterName = "@COUNTRY",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 32,
                                Direction     = ParameterDirection.Input,
                                Value         = txtUserCountry.Text
                            };
                            cmd.Parameters.Add(countryParam);

                            var bodyParam = new NpgsqlParameter
                            {
                                ParameterName = "@PROFILEBODY",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 1024,
                                Direction     = ParameterDirection.Input,
                                Value         = txtUserBody.Text
                            };
                            cmd.Parameters.Add(bodyParam);

                            cmd.ExecuteNonQuery();
                            cmd.Dispose();
                        }

                        if (imageUploadForm.HasFile)
                        {
                            string path = HttpContext.Current.Server.MapPath("~/uploads");

                            if (!Directory.Exists(path))
                            {
                                Directory.CreateDirectory(path);
                            }

                            HttpPostedFile file = HttpContext.Current.Request.Files[0];

                            if (file.ContentLength < 2097152)
                            {
                                string fileName;

                                if (HttpContext.Current.Request.Browser.Browser.ToUpper() == "IE")
                                {
                                    string[] files = file.FileName.Split(new[] { '\\' });
                                    fileName = files[files.Length - 1];
                                }
                                else
                                {
                                    fileName = file.FileName;
                                }

                                fileName = FooStringHelper.RandomFileName(fileName);
                                string filePath = Path.Combine(path, fileName);

                                try
                                {
                                    file.SaveAs(filePath);

                                    Insert_NewImage(fileName, userId);

                                    Reset_Page();
                                }
                                catch (Exception ex)
                                {
                                    FooLogging.WriteLog(ex.ToString());
                                    errorLabel.Text = "Upload failed.";
                                }
                            }

                            else
                            {
                                errorLabel.Text = "Invalid file.";
                            }
                        }
                    }
                }
                catch (Exception ex)
                {
                    FooLogging.WriteLog(ex.ToString());
                    errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
                }
            }

            else
            {
                errorLabel.Text = "Incomplete or invalid input.";
            }

            Reset_Page();
        }
コード例 #5
0
ファイル: do_reset.aspx.cs プロジェクト: katiposec/fooblog
        protected void submitButton_Click(object sender, EventArgs e)
        {
            string password     = passText.Text.Trim();
            string confirmation = confirmText.Text.Trim();

            if (password != confirmation)
            {
                errorLabel.Text = "The password and confirmation do not match.";
                return;
            }

            string resetId = Request.QueryString["id"];
            string token   = Request.QueryString["token"];

            if (!String.IsNullOrEmpty(resetId) && !String.IsNullOrEmpty(token) && !String.IsNullOrEmpty(password))
            {
                if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
                {
                    string userId = GetAccountForReset(resetId, token);

                    if (!String.IsNullOrEmpty(userId))
                    {
                        bool doReset = UpdatePassword(userId, password);

                        if (doReset)
                        {
                            errorPanel.Visible   = false;
                            formPanel.Visible    = false;
                            successPanel.Visible = true;

                            string email = FooEmailHelper.GetEmailForAccount(userId);

                            var emailObj = new EmailObject
                            {
                                Body =
                                    "Your FooBlog password has been reset. If you did not perform this action, please contact a FooBlog administrator using your registered email account",
                                Subject   = "FooBlog Password Reset",
                                ToAddress = email
                            };

                            FooEmailHelper.SendEmail(emailObj);

                            successLabel.Text =
                                "Your password has been reset. You can proceed to <a href=\"login.aspx\">login</a> again.";

                            errorPanel.Visible = false;
                            errorLabel.Text    = "";
                        }
                    }
                }

                else
                {
                    errorPanel.Visible = true;
                    errorLabel.Text    = "Invalid request.";
                }
            }

            else
            {
                errorPanel.Visible = true;
                errorLabel.Text    = "Passwords do not match.";
            }

            RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
        }