public void ProcessRequest(HttpContext context) { string userId = FooSessionHelper.GetUserObjectFromCookie(context).UserId; string jsonString = new StreamReader(context.Request.InputStream).ReadToEnd(); var resetObj = JsonConvert.DeserializeObject <ResetObject>(jsonString); string password = resetObj.Password.Trim(); string confirmation = resetObj.Confirmation.Trim(); if (password != confirmation) { context.Response.Write("Reset Failed"); } if (!String.IsNullOrEmpty(password)) { bool reset = do_reset.UpdatePassword(userId, password); if (reset) { string email = FooEmailHelper.GetEmailForAccount(userId); var emailObj = new EmailObject { Body = "Your FooBlog password has been reset. If you did not perform this action, please contact a FooBlog administrator using your registered email account", Subject = "FooBlog Password Reset", ToAddress = email }; FooEmailHelper.SendEmail(emailObj); context.Response.Write("Reset OK"); } else { context.Response.Write("Reset Failed"); } } }
protected void submitButton_Click(object sender, EventArgs e) { string password = passText.Text.Trim(); string confirmation = confirmText.Text.Trim(); if (password != confirmation) { errorLabel.Text = "The password and confirmation do not match."; return; } string resetId = Request.QueryString["id"]; string token = Request.QueryString["token"]; if (!String.IsNullOrEmpty(resetId) && !String.IsNullOrEmpty(token) && !String.IsNullOrEmpty(password)) { if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value)) { string userId = GetAccountForReset(resetId, token); if (!String.IsNullOrEmpty(userId)) { bool doReset = UpdatePassword(userId, password); if (doReset) { errorPanel.Visible = false; formPanel.Visible = false; successPanel.Visible = true; string email = FooEmailHelper.GetEmailForAccount(userId); var emailObj = new EmailObject { Body = "Your FooBlog password has been reset. If you did not perform this action, please contact a FooBlog administrator using your registered email account", Subject = "FooBlog Password Reset", ToAddress = email }; FooEmailHelper.SendEmail(emailObj); successLabel.Text = "Your password has been reset. You can proceed to <a href=\"login.aspx\">login</a> again."; errorPanel.Visible = false; errorLabel.Text = ""; } } } else { errorPanel.Visible = true; errorLabel.Text = "Invalid request."; } } else { errorPanel.Visible = true; errorLabel.Text = "Passwords do not match."; } RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current); }