public ActionResult ChangePassword(ChangePassword model, string username) { try { if(ModelState.IsValid) { BTourGuideOp tourOp = new BTourGuideOp(); username = TempData["Username"].ToString(); AUser user = tourOp.GetUser(username); PasswordManager passMan = new PasswordManager(); if (passMan.IsPasswordMatch(model.OldPassword, user.Salt, user.UserPassword)) { // hash and salt the new password string salt = null; string hashPassword = passMan.GeneratePasswordHash(model.NewPassword, out salt); user.UserPassword = hashPassword; user.Salt = salt; tourOp.EditUser(user); return RedirectToAction("UserProfile", new { Username = username, msg = "Your password has changed" }); } else { return View(); } } else { return View(); } } catch(Exception e) { TempData["ChangePassException"] = "Something went wrong. " + e.Message; return View(); } }
public ActionResult Create(UserDetails userdetails) { try { if (ModelState.IsValid) { // Checking the username availability in the server BTourGuideOp op = new BTourGuideOp(); List<AUser> users = op.GetUsers(); if (!users.Any(u => u.Username == userdetails.Username)) { BTourGuideOp tourOp = new BTourGuideOp(); AUser user = new AUser(); user.RegTime = DateTime.Now; user.UserIP = Request.ServerVariables["REMOTE_ADDR"]; user.UserFirstName = userdetails.UserFirstName; user.UserLastName = userdetails.UserLastName; user.UserEmail = userdetails.UserEmail; user.UserPhone = userdetails.UserPhone; // Create a random password string password = System.Web.Security.Membership.GeneratePassword(8, 2); // hash and salt the password PasswordManager passMan = new PasswordManager(); string salt = null; string hashPassword = passMan.GeneratePasswordHash(password, out salt); user.UserPassword = hashPassword; user.Salt = salt; user.Username = userdetails.Username; user.UserBirthday = userdetails.UserBirthday; tourOp.AddUser(user); // Generae password token that will be used in the email link to authenticate user string resetToken = Guid.NewGuid().ToString(); // Hash the reset token HashComputer hashComp = new HashComputer(); string resetTokenHash = hashComp.GetPasswordHashAndSalt(resetToken); AUser theNewUser = tourOp.GetUser(user.Username); // Generate the html link sent via email theNewUser.ResetToken = resetTokenHash; tourOp.EditUser(theNewUser); // Email stuff string subject = "New account in TourGuideWebsite"; string body = "You have a new account in TourGuideWebsite. " + "To reset your password <a href='" + Url.Action("ResetPassword", "Account", new { rt = resetToken }, "http") + "'>Click here</a>"; string from = "*****@*****.**"; MailMessage message = new MailMessage(from, user.UserEmail); message.Subject = subject; message.Body = body; message.IsBodyHtml = true; SmtpClient client = new SmtpClient("smtp.gmail.com", 587) { UseDefaultCredentials = false, EnableSsl = true, Timeout = 20000, Credentials = new NetworkCredential("*****@*****.**", "henhqwcfvmtzplgb") }; // Attempt to send the email try { client.Send(message); } catch (Exception e) { TempData["EmailException"] = "Issue sending email: " + e.Message; } return RedirectToAction("Index"); } else { userdetails.Username = null; return View(); } } else { return View(userdetails); } } catch(Exception e) { TempData["Exception"] = "" + e.Message; return View(userdetails); } }
public ActionResult Edit(string id, UserDetails userDetails) { try { if (ModelState.IsValid) { BTourGuideOp tourOp = new BTourGuideOp(); AUser user = tourOp.GetUser(userDetails.Username); user.UserFirstName = userDetails.UserFirstName; user.UserLastName = userDetails.UserLastName; user.UserPhone = userDetails.UserPhone; user.UserEmail = userDetails.UserEmail; user.UserBirthday = userDetails.UserBirthday; tourOp.EditUser(user); return RedirectToAction("Index"); } else return View(userDetails); } catch(Exception e) { TempData["EditException"] = "Error in user edit: " + e.Message; return View(userDetails); } }
public ActionResult ForgotPassword(ForgotPassword model) { try { if (ModelState.IsValid) { // Get the user by email: BTourGuideOp tourOp = new BTourGuideOp(); List<AUser> users = tourOp.GetUsers(); AUser user = users.FirstOrDefault(u => u.UserEmail == model.Email); if (user != null) // If a user with the email provided was found { // Generae password token that will be used in the email link to authenticate user string resetToken = Guid.NewGuid().ToString(); // Hash the reset token HashComputer hashComp = new HashComputer(); string resetTokenHash = hashComp.GetPasswordHashAndSalt(resetToken); // Generate the html link sent via email user.ResetToken = resetTokenHash; tourOp.EditUser(user); string resetLink = "<a href='" + Url.Action("ResetPassword", "Account", new { rt = resetToken }, "http") + "'>Reset Password Link</a>"; // Email stuff string subject = "Reset your password for TourGuideWebsite"; string body = "Your link: " + resetLink; string from = "*****@*****.**"; MailMessage message = new MailMessage(from, model.Email); message.Subject = subject; message.Body = body; message.IsBodyHtml = true; SmtpClient client = new SmtpClient("smtp.gmail.com", 587) { UseDefaultCredentials = false, EnableSsl = true, Timeout = 20000, Credentials = new NetworkCredential("*****@*****.**", "henhqwcfvmtzplgb") }; // Attempt to send the email try { client.Send(message); ViewBag.Message = "A reset password email has been sent."; return View(); } catch (Exception e) { TempData["EmailException"] = "Issue sending email: " + e.Message; } } // For testing: //else // Email not found //{ // /* Note: You may not want to provide the following information // * since it gives an intruder information as to whether a // * certain email address is registered with this website or not. // * If you're really concerned about privacy, you may want to // * forward to the same "Success" page regardless whether an // * user was found or not. This is only for illustration purposes. // */ // ModelState.AddModelError("", "No user found by that email."); //} } return View(model); } catch (Exception e) { TempData["Exception"] = "" + e.Message; return View(model); } }
public ActionResult UserProfile(UserProfile userProfile) { try { if (ModelState.IsValid) { BTourGuideOp tourOp = new BTourGuideOp(); string username = User.Identity.Name; AUser user = tourOp.GetUser(username); user.UserPhone = userProfile.UserChanges.UserPhone; user.UserEmail = userProfile.UserChanges.UserEmail; tourOp.EditUser(user); return RedirectToAction("Index", "Home"); } else return View(userProfile); } catch(Exception e) { TempData["UserProfileException"] = "" + e.Message; return View(userProfile); } }
public ActionResult ResetPassword(ResetPassword model) { try { if (ModelState.IsValid) { BTourGuideOp tourOp = new BTourGuideOp(); List<AUser> users = tourOp.GetUsers(); // hasing the resetToken from the url HashComputer hashComp = new HashComputer(); string hashedResetToken = hashComp.GetPasswordHashAndSalt(model.ReturnToken); // Checking if the hash matches the resetToken from the DB AUser user = users.FirstOrDefault(u => u.ResetToken == hashedResetToken); if (user != null) { // password salting & hashing PasswordManager passMan = new PasswordManager(); string salt = null; string passwordHash = passMan.GeneratePasswordHash(model.Password, out salt); user.UserPassword = passwordHash; user.Salt = salt; user.ResetToken = null; tourOp.EditUser(user); ViewBag.Message = "Successfully Changed"; } else { ViewBag.Message = "Something went wrong!"; } } return View(model); } catch(Exception e) { TempData["Exception"] = "" + e.Message; return View(); } }