public virtual ActionResult ForgotPassword(ForgotPasswordModel model)
{
if (!ModelState.IsValid) return CurrentUmbracoPage();
var viewData = new StoreViewData();
var member = Members.GetByUsername(model.Username);
if (member == null)
{
viewData.Success = false;
viewData.Messages = new[] { "Unknown email address." };
ViewData["MerchelloViewData"] = viewData;
return CurrentUmbracoPage();
}
var newPassword = Membership.GeneratePassword(Membership.MinRequiredPasswordLength, 0);
var user = Membership.GetUser(model.Username);
user.ChangePassword(newPassword, newPassword);
// assumes you have set the SMTP settings in web.config and supplied a default "from" email
var msg = new MailMessage
{
Subject = string.Format("New Password for {0}", Request.Url.Host),
Body = string.Format("Your new password is: {0}", newPassword),
IsBodyHtml = false
};
msg.To.Add(new MailAddress(model.Username));
using (var smtpClient = new SmtpClient())
{
smtpClient.Send(msg);
}
viewData.Success = true;
viewData.Messages = new[] { "A new password has been emailed to you." };
ViewData["MerchelloViewData"] = viewData;
return CurrentUmbracoPage();
}
public virtual ActionResult Login(LoginModel model)
{
if (!ModelState.IsValid) return CurrentUmbracoPage();
if (!Members.Login(model.Username, model.Password))
{
var member = Members.GetByUsername(model.Username);
var viewData = new StoreViewData { Success = false };
if (member == null)
{
viewData.Messages = new[] { "Account does not exist for this email address." };
}
else
{
var messages = new List<string>
{
"Login was unsuccessful with the email address and password entered."
};
if (!member.GetPropertyValue<bool>("umbracoMemberApproved")) messages.Add("This account has not been approved.");
if (member.GetPropertyValue<bool>("umbracoMemberLockedOut")) messages.Add("This account has been locked due to too many unsucessful login attempts.");
viewData.Messages = messages;
}
ViewData["MerchelloViewData"] = viewData;
return CurrentUmbracoPage();
}
return model.SuccessRedirectUrl.IsNullOrWhiteSpace() ?
Redirect("/") : Redirect(model.SuccessRedirectUrl);
}
public virtual ActionResult ChangePassword(ChangePasswordModel model)
{
if (!ModelState.IsValid) return CurrentUmbracoPage();
var viewData = new StoreViewData();
if (!((model.Password.Length >= Membership.MinRequiredPasswordLength) &&
(model.Password.ToCharArray().Count(c => !char.IsLetterOrDigit(c)) >= Membership.MinRequiredNonAlphanumericCharacters)))
{
viewData.Success = false;
viewData.Messages = new[] { string.Format("New password invalid. Minimum length {0} characters", Membership.MinRequiredPasswordLength) };
ViewData["MerchelloViewData"] = viewData;
return CurrentUmbracoPage();
}
// change password seems to have a bug that will allow it to change the password even if the supplied
// old password is wrong!
// so use the login to check the old password as a hack
var currentUser = Membership.GetUser();
if (!Members.Login(currentUser.UserName, model.OldPassword))
{
viewData.Success = false;
viewData.Messages = new[] { "Current password incorrect." };
ViewData["MerchelloViewData"] = viewData;
return CurrentUmbracoPage();
}
if (!currentUser.ChangePassword(model.OldPassword, model.Password))
{
viewData.Success = false;
viewData.Messages = new[] { "Change password failed. Please try again." };
ViewData["MerchelloViewData"] = viewData;
return CurrentUmbracoPage();
}
viewData.Success = true;
viewData.Messages = new[] { "Password updated successfully" };
ViewData["MerchelloViewData"] = viewData;
return CurrentUmbracoPage();
}