private void InsertInfo() { SqlConnection con = new SqlConnection(Login.GetConnectionString()); string MiddleName = "ddd"; string Country = "ksa"; string City = "Riyadh"; string state = "Riyadh"; string Sql = "insert into LH_User(FirstName,LastName,Password,Email,Mobile,Create_Date,Update_Date,UserName,MiddleName,Country,City,State,activationCode) values(@val1,@val2,@val3,@val4,@val5,@val6,@val7,@val8,'ddd','ksa','Riyadh','Riyadh',@activation)"; try { string activationCode = Guid.NewGuid().ToString(); if (txtUname.Text == "" || txtEmail.Value == "" || txtFname.Value == "" || txtLname.Value == "" || txtMobile.Text == "" || txtPswd.Text == "" || txtremail.Value == "" || txtrePswd.Text == "") { Response.Redirect("SignUp.aspx"); } // string brecordexist = "Username already exist"; else { con.Open(); } SqlCommand cmd = new SqlCommand(Sql, con); cmd.Parameters.AddWithValue("@val1", txtFname.Value); cmd.Parameters.AddWithValue("@val2", txtLname.Value); cmd.Parameters.AddWithValue("@val3", txtPswd.Text); cmd.Parameters.AddWithValue("@val4", txtEmail.Value); cmd.Parameters.AddWithValue("@val5", txtMobile.Text); cmd.Parameters.AddWithValue("@val6", DateTime.Now); cmd.Parameters.AddWithValue("@val7", DateTime.Now); cmd.Parameters.AddWithValue("@val8", txtUname.Text); cmd.Parameters.AddWithValue("@activation", activationCode); cmd.CommandType = CommandType.Text; cmd.ExecuteNonQuery(); string baseUrl = Request.Url.Scheme + "://" + Request.Url.Authority + Request.ApplicationPath.TrimEnd('/') + "/"; Login.sendEmail(txtEmail.Value, baseUrl + "activation.aspx?c=" + activationCode); } catch (Exception ex) { string msg = "Insert Error:"; msg += ex.Message; throw new Exception(msg); } finally { con.Close(); Session["UserName"] = txtUname.Text; } }
protected void Page_Load(object sender, EventArgs e) { if (Request.QueryString["c"] != null) { int id = -1; string email = null; string code = Request.QueryString["c"]; SqlConnection con = new SqlConnection(Login.GetConnectionString()); string query = "select id,Email from LH_User where activationCode = @code"; con.Open(); SqlCommand cmd = new SqlCommand(query, con); cmd.Parameters.AddWithValue("@code", code); SqlDataReader dr = cmd.ExecuteReader(); if (!dr.HasRows) { Response.Write("Activation Failed."); } else { while (dr.Read()) { id = int.Parse(dr["id"].ToString()); email = dr["email"].ToString(); con.Close(); con.Open(); query = "update LH_user set active = 1 where id = @id"; cmd = new SqlCommand(query, con); cmd.Parameters.AddWithValue("@id", id); cmd.ExecuteReader(); con.Close(); break; } Login.sendEmail(email, "Account Activated."); activationtxt.Visible = true; error.Visible = false; } } else { activationtxt.Visible = false; error.Visible = true; } }
public static string doResetPassword(string password, int id, string email, string code) { SqlConnection con = new SqlConnection(Login.GetConnectionString()); try { SqlConnection con1 = new SqlConnection(Login.GetConnectionString()); string query1 = "select id,Email from LH_User where resetCode = @code"; con.Open(); SqlCommand cmd1 = new SqlCommand(query1, con1); cmd1.Parameters.AddWithValue("@code", code); SqlDataReader dr1 = cmd1.ExecuteReader(); if (!dr1.HasRows) { return("diffrent code"); } string query = "update LH_User set Password = @password where id = @id"; con.Open(); SqlCommand cmd = new SqlCommand(query, con); cmd.Parameters.AddWithValue("@id", id); cmd.Parameters.AddWithValue("@password", password); SqlDataReader dr = cmd.ExecuteReader(); con.Close(); Login.sendEmail(email, "Password Reset Finished. ;)"); return("Password Reset Done."); } catch (Exception) { con.Close(); return("Failed to reset the password."); } }