protected void CheckUserEmail() { DataSet ds = new DataSet(); SqlConnection sqlConn = new SqlConnection(CBSAppUtils.PrimaryConnectionString); SqlDataAdapter sqlDA = new SqlDataAdapter("CheckUserEmail", sqlConn); sqlDA.SelectCommand.CommandType = CommandType.StoredProcedure; sqlDA.SelectCommand.Parameters.Add("@UserID", Convert.ToInt32(Session["UserID"])); sqlDA.SelectCommand.Parameters.Add("@CompanyID", Convert.ToInt32(iModuleCompanyID)); try { sqlConn.Open(); sqlDA.Fill(ds); if (ds.Tables[0].Rows.Count > 0) { string Message = string.Empty; string strFetchedEmail = Convert.ToString(ds.Tables[0].Rows[0]["Email"]); if (strFetchedEmail.Trim().Length == 0) { strFetchedEmail = "No Email held"; } if (strFetchedEmail == "No Email held" || !IsValidEmail(Convert.ToString(ds.Tables[0].Rows[0]["Email"]))) { Message = "The email address held for you in the system is invalid (" + strFetchedEmail + "). Please contact your system administrator to correct it."; this.RegisterClientScriptBlock("clientScript", "<script language=javascript>alert('" + Message + "'); </script>"); return; } //if (Convert.ToInt16(ds.Tables[0].Rows[0]["IsDuplicateEmail"]) > 0) //{ // Message = "The email address held for you in the system is also being used by another active user ( " + strFetchedEmail + " ). Please contact the IS Helpdesk on 0330 606 1844 to update it."; // this.RegisterClientScriptBlock("clientScript", "<script language=javascript>alert('" + Message + "'); </script>"); // return; //} #region : Save string strSecurityQuestion = string.Empty; if (ddlSecurityQuestion.SelectedValue != "--Select--" && ddlSecurityQuestion.SelectedValue != "0") { strSecurityQuestion = ddlSecurityQuestion.SelectedValue.ToString(); } else { strSecurityQuestion = txtSecurityQuestion.Text.Trim(); } int iReturnValue = 0; string strSecurityQuestionAnswer = string.Empty; SimpleHash objSimpleHash = new SimpleHash(); string salt = ConfigurationManager.AppSettings["SaltingKey"].Trim().ToString(); strSecurityQuestionAnswer = objSimpleHash.ComputeHash(txtSecurityAnswer.Text.Trim().ToUpper(), "SHA1", Encoding.ASCII.GetBytes(salt)); SqlConnection sqlConnInner = new SqlConnection(CBSAppUtils.PrimaryConnectionString); SqlCommand sqlCmdInner = new SqlCommand("UserSecurityInfo", sqlConnInner); sqlCmdInner.CommandType = CommandType.StoredProcedure; sqlCmdInner.Parameters.Add("@UserID", Convert.ToInt32(Session["UserID"])); sqlCmdInner.Parameters.Add("@ResetQuestion", strSecurityQuestion); //blocked by kuntalkarar on 26thMay2016 //sqlCmdInner.Parameters.Add("@ResetAnswer", txtSecurityAnswer.Text); //added by kuntalkarar on 26thMay2016 sqlCmdInner.Parameters.Add("@ResetAnswer", strSecurityQuestionAnswer); SqlParameter sqlReturnParam = sqlCmdInner.Parameters.Add("ReturnValue", SqlDbType.Int); sqlReturnParam.Direction = ParameterDirection.ReturnValue; try { sqlConnInner.Open(); sqlCmdInner.ExecuteNonQuery(); iReturnValue = Convert.ToInt32(sqlReturnParam.Value); } catch (Exception ex) { string strExceptionMessage = ex.Message.Trim(); } finally { sqlReturnParam = null; if (sqlCmdInner != null) { sqlCmdInner.Dispose(); } if (sqlConnInner != null) { sqlConnInner.Close(); } } if (iReturnValue == 1) { ddlSecurityQuestion.SelectedValue = "0"; txtSecurityAnswer.Text = ""; txtSecurityQuestion.Text = ""; this.RegisterClientScriptBlock("clientScript", "<script language=javascript>alert('Security question and answer saved successfully.'); </script>"); return; } else if (iReturnValue == -501) { ddlSecurityQuestion.SelectedValue = "0"; txtSecurityAnswer.Text = ""; txtSecurityQuestion.Text = ""; lblErrorMessage.Visible = true; lblErrorMessage.Text = "Your security question and answer have been saved. You do not need to re-enter them, nor will you need to re-enter them again when you reset/change your password - your security Q&A will remain the same."; } else { lblErrorMessage.Visible = false; lblErrorMessage.Text = ""; } // Security Question and Answer saved successfully //return (iReturnValue); #endregion } } catch (Exception ex) { string ss = ex.Message.ToString(); } finally { if (sqlDA != null) { sqlDA.Dispose(); } if (sqlConn != null) { sqlConn.Close(); } } }
protected void btnSubmit_Click(object sender, EventArgs e) { //added by kuntal karar on 26thMay 2016to make user force to change password JKS.Users objUsers = new JKS.Users(); string strResetAnswer = string.Empty; if (txtResetQuestionAnswer.Text.Trim().Length == 0) { this.RegisterClientScriptBlock("clientScript", "<script language=javascript>alert('Please enter Answer.'); </script>"); return; } else { // Salting Password Needed SimpleHash objSimpleHash = new SimpleHash(); string salt = ConfigurationManager.AppSettings["SaltingKey"].Trim().ToString(); strResetAnswer = objSimpleHash.ComputeHash(txtResetQuestionAnswer.Text.Trim().ToString().ToUpper(), "SHA1", System.Text.Encoding.ASCII.GetBytes(salt)); // strResetAnswer=txtResetQuestionAnswer.Text.Trim().ToString().ToUpper(); } int UserID = 0; if (Request.QueryString["UserID"] != null) { UserID = Convert.ToInt32(Request.QueryString["UserID"]); } int iReturnValue = 0; //blocked by kuntalkarar on 26thMay2016 // List<PasswordReset> lstSaltedPassword = objPasswordReset.checkSaltedPassword(UserID, txtResetQuestionAnswer.Text);//strResetAnswer //added by kuntalkarar on 26thMay2016 List <PasswordReset> lstSaltedPassword = objPasswordReset.checkSaltedPassword(UserID, strResetAnswer); if (lstSaltedPassword.Count > 0) { iReturnValue = lstSaltedPassword[0].iReturnValue; } if (iReturnValue == 1) { string strPassword = Guid.NewGuid().ToString().Substring(0, 8); int strDbUserID = Convert.ToInt32(Request.QueryString["UserID"]); ChangePassword(strDbUserID, strPassword); // Change Password Section int iReturnVal = 0; //blocked by kuntal karar on 28thMay 2016 for RijnDael encryption. //iReturnVal = ForgotChangePassword(strDbUserID, EncryptJKS.EncryptData(strPassword)); //Added by kuntal karar on 28thMay 2016 for RijnDael encryption. iReturnVal = ForgotChangePassword(strDbUserID, objEncrypt.RijndaelEncription(strPassword)); if (iReturnVal == -101) { this.RegisterClientScriptBlock("clientScript", "<script language=javascript>alert('Error Changing Password.'); </script>"); return; } else { //added by kuntal karar on 26thMay 2016 to make user force to change password objUsers.PasswordChangeRequired(strDbUserID); } string Email = FetchUserEmail(strDbUserID); SendMailInfo(strDbUserID, Email, strPassword); Response.Redirect("JKSSecurityIntermediate.aspx"); // need to create this page.. } else if (iReturnValue == -501) { Page.RegisterStartupScript("Reg", "<script>PopulateMessage(-501);</script>"); return; } else if (iReturnValue == -500) { Page.RegisterStartupScript("Reg", "<script>PopulateMessage(-500);</script>"); return; } }