public static void SendEmailForConfirmation(Users u, DataContext db) { string code = GenerateString(); Confirmations c = new Confirmations() { Email = u.Email, UserId = u.UserID, Type = ConfirmType.EmailConfirm, Code = HttpUtility.UrlDecode(code), Expiry = DateTime.Now.AddMinutes(30d) }; db.Confirmations.Add(c); string addr = HttpUtility.UrlEncode(u.Email); string link = string.Format("https://haxnet.azurewebsites.net/Auth/ConfirmEmail?Email={0}&Code={1}", addr, code); using (MailClient mc = new MailClient(u.Email)) { mc.Subject = "HackNet - Verify your Email Address"; mc.AddLine(""); mc.AddLine("Kindly verify your email address by clicking on the link below"); mc.AddLine("This link will expire in 30 minutes"); mc.AddLine("If that does not work, please use this code: " + code); mc.Send(u.FullName, "Verify Email", link); } db.SaveChanges(); }
public static void SendEmailForPasswordReset(string email) { using (DataContext db = new DataContext()) using (Authenticate a = new Authenticate(email)) { string code = GenerateString(); Confirmations c = new Confirmations() { Email = a.Email, UserId = a.UserId, Type = ConfirmType.PasswordReset, Code = HttpUtility.UrlDecode(code), // no need to encode for db Expiry = DateTime.Now.AddMinutes(30d) }; db.Confirmations.Add(c); string addr = HttpUtility.UrlEncode(a.Email); string link = string.Format("https://haxnet.azurewebsites.net/Auth/ResetPassword?Email={0}&Code={1}", addr, code); link = HttpUtility.HtmlAttributeEncode(link); // Encoding for QueryString using (MailClient mc = new MailClient(a.Email)) { mc.Subject = "Password Reset Request"; mc.AddLine(""); mc.AddLine("You have initiated a password reset request!"); mc.AddLine("If it was you, please click the link below to continue"); mc.AddLine("Otherwise, you can safely ignore this message as it will expire in 30 minutes"); mc.Send("user", "Reset Password", link); } db.SaveChanges(); } }
public static void SendNewPassword(string email, string password) { using (DataContext db = new DataContext()) using (Authenticate a = new Authenticate(email)) { using (MailClient mc = new MailClient(a.Email)) { mc.Subject = "Password Reset Result"; mc.AddLine(""); mc.AddLine("Your new password is " + password); mc.AddLine("Please change it as soon as possible and remember it"); mc.Send("user"); } db.SaveChanges(); } }
/// <summary> /// Validate the user's password /// </summary> /// <param name="password">The user's password</param> /// <param name="checkEmailValidity">Whether to check if the email address is verified</param> /// <returns></returns> internal AuthResult ValidateLogin(string password, bool checkEmailValidity = true) { using (DataContext db = new DataContext()) { Users user = Users.FindByEmail(this.Email, db); if (user == null) { AuthLogger.Instance.UserNotFound(Email); return(AuthResult.UserNotFound); } // Check IP string userip = GetIP(); if (UserIPList.CheckUserIPList(userip, user, db)) { Debug.WriteLine("CHK TRUE"); MailClient m = new MailClient(Email); m.Subject = "Unrecognised login from IP Address " + userip; m.AddLine("An unrecognised login has been found"); m.AddLine("If this wasn't you, please contact us."); m.Send(user.FullName, "Contact Us", "https://haxnet.azurewebsites.net/Contact"); } else { Debug.WriteLine("CHK FALSE"); } if (checkEmailValidity && !EmailConfirm.IsEmailValidated(user)) { EmailConfirm.SendEmailForConfirmation(user, db); return(AuthResult.EmailNotVerified); } byte[] bPassword = Encoding.UTF8.GetBytes(password); byte[] bSalt = user.Salt; byte[] bHash = Crypt.Instance.Hash(bPassword, bSalt); if (user.Hash.SequenceEqual(bHash)) { AuthLogger.Instance.PasswordSuccess(user.Email, user.UserID); } else { AuthLogger.Instance.PasswordFail(user.Email, user.UserID); return(AuthResult.PasswordIncorrect); } try { db.Entry(user).Reference(usr => usr.UserKeyStore).Load(); if (user.UserKeyStore == null) { user.UserKeyStore = KeyStore.DefaultDbKeyStore(password, bSalt, user.UserID); db.SaveChanges(); } TempKeyStore = new KeyStore(user.UserKeyStore, password, bSalt); return(AuthResult.Success); } catch (KeyStoreException) { return(AuthResult.KeyStoreInvalid); } } throw new AuthException("Login has no result, database failure might have occured."); }