public static string ForceResetPassword(string UserID)
{
//force a password reset for admin
//this is rarely used
string newPwd;
if (!string.IsNullOrEmpty(UserID))
{
newPwd = AppUtility.GenerateAlphaNumeric(10);
string userIDHash = Crypto.SHA256Hash(UserID);
string pwdHash = Crypto.SHA256Hash(newPwd.ToUpper());
pwdHash = Crypto.SHA256Hash(userIDHash + pwdHash);
using (var db = new MemberLiteEntities().Init)
{
db.Users.Find(UserID).Password = pwdHash;
db.SaveChanges();
}
ReturnMessage = "Password reset ok";
return(newPwd);
}
return(string.Empty);
}
public bool Create()
{
//First line of defence
if (this.Password == "" || this.Password.Length < 5)
{
ReturnMessage = "Password format is incorrect";
return(false);
}
if (!NameIsValid(this.FirstName))
{
ReturnMessage = "Your name is not valid";
return(false);
}
if (!NameIsValid(this.OtherNames))
{
ReturnMessage = "Your name is not valid";
return(false);
}
//=============================================
try
{
using (var db = new MemberLiteEntities().Init)
{
//Validate email
var uEmail = db.Users.Select(a => new { a.Email })
.Where(a => a.Email == this.Email)
.FirstOrDefault();
if (uEmail != null)
{
ReturnMessage = "Sorry! This email is already in use";
return(false);
}
//Generate UserID
//USR-{MONTH YEAR JOINED}-{RANDOM}
string _userID = "";
createUserID:
_userID = string.Join("-", "USR", DateTime.Now.ToString("MM") + DateTime.Now.ToString("yy"), new Random().Next(10, 9000000));
//Check if generated id exist in DB
var uID = db.Users.Select(a => new { a.UserID })
.Where(a => a.UserID == _userID)
.FirstOrDefault();
//You can generate a simple GUID
//Using string _id = Guid.NewGuid().ToString();
if (uID != null)
{
goto createUserID;
}
else
{
this.UserID = _userID;
}
//Encrypt passkey
string userIDHash = Crypto.SHA256Hash(this.UserID);
string pwd = Crypto.SHA256Hash(this.Password.ToUpper());
string finalPwd = Crypto.SHA256Hash(userIDHash + pwd);
this.VerificationCode = AppUtility.GenerateAlphaNumeric(15);
this.Password = finalPwd;
this.Status = (int)StatusType.Active;
this.EmailConfirmed = false;
this.DateStamp = DateTime.Now;
db.Users.Add(this);
db.SaveChanges();
ReturnMessage = "Account created ok";
return(true);
}
}
catch (DbEntityValidationException ex)
{
CustomErrorLogger.Log(DBHelper.HandleEFException(ex));
//Users should not see your exception message
ReturnMessage = "An error occurred while processing your details. Please try again!";
return(false);
}
catch (Exception ex)
{
CustomErrorLogger.Log(ex.InnerException.Message);
ReturnMessage = "An error occurred while processing your details. Please try again!";
return(false);
}
}
public static bool ResetPassword(string Login)
{
string userID = "", email = "", newPwd, fname = "";
using (var db = new MemberLiteEntities().Init)
{
long __phone = 0, val = 0;
if (Int64.TryParse(Login, out val))
{
__phone = Convert.ToInt64(Login);
}
if (Login.Contains("@"))
{
if (AppUtility.ValidateEmail(Login))
{
var u = db.Users.Select(a => new { a.UserID, a.Email, a.FirstName, a.OtherNames })
.Where(a => a.Email == Login).FirstOrDefault();
if (u != null)
{
userID = u.UserID;
fname = u.OtherNames + " " + u.FirstName;
email = Login;
}
goto notfound;
}
else
{
ReturnMessage = "Email address format is incorrect!";
return(false);
}
}
else if (__phone != 0)
{
var u = db.Users.Select(a => new { a.UserID, a.Email, a.Phone, a.FirstName, a.OtherNames })
.Where(a => a.Phone == __phone).FirstOrDefault();
if (u != null)
{
userID = u.UserID;
fname = u.FirstName;
email = Login;
}
goto notfound;
}
else
{
ReturnMessage = "Provide your login email or phone number!";
return(false);
}
notfound:
if (userID == "")
{
ReturnMessage = "User not found! Please try again.";
return(false);
}
newPwd = AppUtility.GenerateAlphaNumeric(10);
string userIDHash = Crypto.SHA256Hash(userID);
string pwd = Crypto.SHA256Hash(newPwd.ToUpper());
string finalPwd = Crypto.SHA256Hash(userIDHash + pwd);
db.Users.Find(userID).Password = finalPwd;
db.SaveChanges();
ReturnMessage = "Password reset ok but could not send email. Pls try again!";
}
string msg = File.ReadAllText(AppUtility.AppDataPath + "MailTemplates/PasswordReset.htm");
msg = msg.Replace("{site_name}", AppConfig.Name);
msg = msg.Replace("{fullname}", fname);
msg = msg.Replace("{new_pwd}", newPwd);
msg = msg.Replace("{site_url}", AppConfig.Url);
msg = msg.Replace("{support_mail}", WebMailer.Support);
if (WebMailer.Send(WebMailer.Alert, email, "Password Reset", msg, true))
{
ReturnMessage = "Password reset complete! Check your email for a new password.";
}
return(true);
}