예제 #1
0
        ///////////////////////////////////////////////////////////////////////
        public void Page_Load(Object sender, EventArgs e)
        {
            Util.set_context(HttpContext.Current);
            Util.do_not_cache(Response);

            if (Util.get_setting("ShowForgotPasswordLink", "0") == "0")
            {
                Response.Write("Sorry, Web.config ShowForgotPasswordLink is set to 0");
                Response.End();
            }

            if (!IsPostBack)
            {
                Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
                                    + "forgot password";
            }
            else
            {
                msg.InnerHtml = "";

                if (email.Value == "" && username.Value == "")
                {
                    msg.InnerHtml = "Enter either your Username or your Email address.";
                }
                else if (email.Value != "" && !Util.validate_email(email.Value))
                {
                    msg.InnerHtml = "Format of email address is invalid.";
                }
                else
                {
                    int user_count = 0;
                    int user_id    = 0;

                    if (email.Value != "" && username.Value == "")
                    {
                        // check if email exists
                        SQLString sql = new SQLString("select count(1) from users where us_email = @email");
                        sql.AddParameterWithValue("email", email.Value);
                        user_count = (int)DbUtil.execute_scalar(sql);

                        if (user_count == 1)
                        {
                            sql = new SQLString("select us_id from users where us_email = @email");
                            sql.AddParameterWithValue("email", email.Value);
                            user_id = (int)DbUtil.execute_scalar(sql);
                        }
                    }
                    else if (email.Value == "" && username.Value != "")
                    {
                        // check if email exists
                        SQLString sql = new SQLString(
                            "select count(1) from users where isnull(us_email,'') != '' and  us_username = @username");
                        sql.AddParameterWithValue("username", username.Value);
                        user_count = (int)DbUtil.execute_scalar(sql);

                        if (user_count == 1)
                        {
                            sql = new SQLString("select us_id from users where us_username = @username");
                            sql.AddParameterWithValue("username", username.Value);
                            user_id = (int)DbUtil.execute_scalar(sql);
                        }
                    }
                    else if (email.Value != "" && username.Value != "")
                    {
                        // check if email exists
                        SQLString sql = new SQLString(
                            "select count(1) from users where us_username = @username and us_email = @email");
                        sql.AddParameterWithValue("username", username.Value);
                        sql.AddParameterWithValue("email", email.Value);
                        user_count = (int)DbUtil.execute_scalar(sql);

                        if (user_count == 1)
                        {
                            sql = new SQLString(
                                "select us_id from users where us_username = @username and us_email = @email");
                            sql.AddParameterWithValue("username", username.Value);
                            sql.AddParameterWithValue("email", email.Value);
                            user_id = (int)DbUtil.execute_scalar(sql);
                        }
                    }


                    if (user_count == 1)
                    {
                        string guid = Guid.NewGuid().ToString();
                        var    sql  = new SQLString(@"
declare @username nvarchar(255)
declare @email nvarchar(255)

select @username = us_username, @email = us_email
	from users where us_id = @user_id

insert into emailed_links
	(el_id, el_date, el_email, el_action, el_user_id)
	values (@guid, getdate(), @email, N'forgot', @user_id)

select @username us_username, @email us_email");

                        sql = sql.AddParameterWithValue("guid", guid);
                        sql = sql.AddParameterWithValue("user_id", Convert.ToString(user_id));

                        DataRow dr = DbUtil.get_datarow(sql);

                        string result = Email.send_email(
                            (string)dr["us_email"],
                            Util.get_setting("NotificationEmailFrom", ""),
                            "", // cc
                            "reset password",

                            "Click to <a href='"
                            + Util.get_setting("AbsoluteUrlPrefix", "")
                            + "change_password.aspx?id="
                            + guid
                            + "'>reset password</a> for user \""
                            + (string)dr["us_username"]
                            + "\".",

                            MailFormat.Html);

                        if (result == "")
                        {
                            msg.InnerHtml = "An email with password info has been sent to you.";
                        }
                        else
                        {
                            msg.InnerHtml  = "There was a problem sending the email.";
                            msg.InnerHtml += "<br>" + result;
                        }
                    }
                    else
                    {
                        msg.InnerHtml = "Unknown username or email address.<br>Are you sure you spelled everything correctly?<br>Try just username, just email, or both.";
                    }
                }
            }
        }