public ActionResult ResetPassword(string email, string token) { ResetpasswordForm resetpasswordForm = new ResetpasswordForm(); resetpasswordForm.Email = email; resetpasswordForm.token = token; return(View(resetpasswordForm)); }
public ActionResult ResetPassword(ResetpasswordForm model) { if (model.NewPassword == null) { ViewBag.message = "Password is required"; return(View()); } if (!model.NewPassword.Equals(model.NewPasswordConfirm)) { ViewBag.message = "Password is mismatch."; return(View()); } string email = model.Email; NewWebSubContext context = HttpContext.RequestServices.GetService(typeof(new_websub.NewWebSubContext)) as NewWebSubContext; using (MySqlConnection conn = context.GetConnection()) { try { conn.Open(); string query = "select * from useraccounts where Email=@Email"; MySqlCommand cmd = new MySqlCommand(query, conn); MySqlParameter param = new MySqlParameter("@Email", email); param.MySqlDbType = MySqlDbType.VarChar; cmd.Parameters.Add(param); MySqlDataReader reader = cmd.ExecuteReader(); if (!reader.Read()) { ViewBag.message = "This email is not valid."; return(View()); } string hashedToken = reader["Hashed_Token"].ToString(); reader.Close(); byte[] tmpToken = ASCIIEncoding.ASCII.GetBytes(model.token); byte[] tmpHash = new MD5CryptoServiceProvider().ComputeHash(tmpToken); string newHashedToken = ByteArrayToString(tmpHash); if (!newHashedToken.Equals(hashedToken)) { ViewBag.message = "Token is not valid"; return(View()); } // reset new password try { byte[] tmpPwd = ASCIIEncoding.ASCII.GetBytes(model.NewPassword); byte[] tmpPwdHash = new MD5CryptoServiceProvider().ComputeHash(tmpPwd); string newHashedPwd = ByteArrayToString(tmpPwdHash); query = "update useraccounts set Password=@Password where Email=@Email"; cmd = new MySqlCommand(query, conn); param = new MySqlParameter("@Password", newHashedPwd); param.MySqlDbType = MySqlDbType.VarChar; cmd.Parameters.Add(param); param = new MySqlParameter("@Email", email); param.MySqlDbType = MySqlDbType.VarChar; cmd.Parameters.Add(param); cmd.ExecuteNonQuery(); return(RedirectToAction(nameof(Login))); } catch (Exception ex2) { ViewBag.message = ex2.Message; return(View()); } } catch (Exception ex) { ViewBag.message = ex.Message; return(View()); } } }