}//end event protected void btnSubmit_Click(object sender, EventArgs e) { string username = TextBox1.Text; string securityQuestion = TextBox2.Text; string securityAnswer = TextBox3.Text; username = username.Trim(); securityQuestion = securityQuestion.Trim(); securityAnswer = securityAnswer.Trim(); string errorMessage4; Select selectObject4 = new Select(); bool clientExists; clientExists = Select.Client_Exists(username); errorMessage4 = selectObject4.getErrorMessage(); if (errorMessage4 != null) { lblError.Text = errorMessage4; lblError.Visible = true; ErrorMessage message = new ErrorMessage(); MsgBox(message.SQLServerErrorMessage); }//end if else if (clientExists == false) { MsgBox("Invalid. You must register before you can login to the website."); }//end else if else if (clientExists == true) { string errorMessage3; Select selectObject2 = new Select(); ArrayList keys = new ArrayList(); keys = Select.Select_BESTPATH_USER_Encryption_Keys(username); errorMessage3 = selectObject2.getErrorMessage(); if (errorMessage3 != null) { lblError.Text = errorMessage3; lblError.Visible = true; ErrorMessage message = new ErrorMessage(); MsgBox(message.SQLServerErrorMessage); }//end if else { string encryptedKey = keys[0].ToString(); string encryptedIV = keys[1].ToString(); byte[] _encryptedKey = Convert.FromBase64String(encryptedKey); byte[] _encryptedIV = Convert.FromBase64String(encryptedIV); byte[] MasterKey = Encryption.GetMasterKey(); byte[] MasterIV = Encryption.GetMasterIV(); string _key = Encryption.Decrypt_AES(_encryptedKey, MasterKey, MasterIV); string _IV = Encryption.Decrypt_AES(_encryptedIV, MasterKey, MasterIV); byte[] Key = Convert.FromBase64String(_key); byte[] IV = Convert.FromBase64String(_IV); byte[] encryptedSecurityQuestion = Encryption.Encrypt_AES(securityQuestion, Key, IV); byte[] encryptedSecurityAnswer = Encryption.Encrypt_AES(securityAnswer, Key, IV); string _encryptedSecurityQuestion = Convert.ToBase64String(encryptedSecurityQuestion); string _encryptedSecurityAnswer = Convert.ToBase64String(encryptedSecurityAnswer); Select selectObject = new Select(); bool authenticated; string errorMessage; authenticated = Select.Authenticate_Security_Credentials(username, _encryptedSecurityQuestion, _encryptedSecurityAnswer); errorMessage = selectObject.getErrorMessage(); if (errorMessage != null) { lblError.Text = errorMessage; lblError.Visible = true; ErrorMessage message = new ErrorMessage(); MsgBox(message.SQLServerErrorMessage); }//end if else { if (authenticated == false) { MsgBox("Invalid credentials. Please try again."); }//end if else { string errorMessage2; string newPassword; Update updateObject = new Update(); newPassword = Update.Update_Password(username, Key, IV); errorMessage2 = updateObject.getErrorMessage(); if (errorMessage2 != null) { lblError.Text = errorMessage2; lblError.Visible = true; ErrorMessage message = new ErrorMessage(); MsgBox(message.SQLServerErrorMessage); }//end if else { string errorMessage5; Select selectObject5 = new Select(); ArrayList clientRecord = new ArrayList(); clientRecord = Select.Select_Client_Record(username); errorMessage5 = selectObject5.getErrorMessage(); if (errorMessage5 != null) { lblError.Text = errorMessage5; lblError.Visible = true; ErrorMessage message = new ErrorMessage(); MsgBox(message.SQLServerErrorMessage); }//end if else { string clientFirstName = clientRecord[1].ToString(); string urlBase = Request.Url.GetLeftPart(UriPartial.Authority) + Request.ApplicationPath; string loginUrl = "/PL/Membership/Login.aspx"; string fullPath = urlBase + loginUrl; string AppPath = Request.PhysicalApplicationPath; StreamReader sr = new StreamReader(AppPath + "SA/Email_Templates/NewPassword.txt"); string errorMessage6; errorMessage6 = Email.Email_Forgot_Password(username, clientFirstName, newPassword, fullPath, sr); if (errorMessage6 != null) { lblError.Text = errorMessage6; lblError.Visible = true; ErrorMessage message = new ErrorMessage(); MsgBox(message.EmailErrorMessage); }//end if else { MsgBox("Success! An email has just been sent to you with your new temporary password. Please check your email to complete the password reset process. Thank you."); }//end else }//end else }//end else if }//end else }//end else }//end else }//end else }//end event