protected void SubmitButton_Click(object sender, EventArgs e)
        {
            if (Page.IsValid)
            {
                //VERIFY THE NEW PASSWORD MEETS POLICY
                PasswordPolicy policy;
                if (_User.IsAdmin)
                {
                    policy = new MerchantPasswordPolicy();
                }
                else
                {
                    policy = new CustomerPasswordPolicy();
                }

                PasswordTestResult result = policy.TestPasswordWithFeedback(_User, Password.Text);
                if ((result & PasswordTestResult.Success) == PasswordTestResult.Success)
                {
                    _User.SetPassword(Password.Text);
                    _User.Comment = string.Empty;
                    _User.Save();
                    CommerceBuilder.Users.User.Migrate(AbleContext.Current.User, _User);
                    FormsAuthentication.SetAuthCookie(_User.UserName, false);
                    Response.Redirect(AbleCommerce.Code.NavigationHelper.GetHomeUrl());
                }
                else
                {
                    //Your password did not meet the following minimum requirements
                    if ((result & PasswordTestResult.PasswordTooShort) == PasswordTestResult.PasswordTooShort)
                    {
                        AddPasswordValidator("Password length must be at least " + policy.MinLength.ToString() + " characters.");
                    }
                    if ((result & PasswordTestResult.RequireLower) == PasswordTestResult.RequireLower)
                    {
                        AddPasswordValidator("Password must contain at least one lowercase letter.<br/>");
                    }
                    if ((result & PasswordTestResult.RequireUpper) == PasswordTestResult.RequireUpper)
                    {
                        AddPasswordValidator("Password must contain at least one uppercase letter.<br/> ");
                    }
                    if ((result & PasswordTestResult.RequireNonAlpha) == PasswordTestResult.RequireNonAlpha)
                    {
                        AddPasswordValidator("Password must contain at least one non-letter.<br/> ");
                    }
                    if ((result & PasswordTestResult.RequireNumber) == PasswordTestResult.RequireNumber)
                    {
                        AddPasswordValidator("Password must contain at least one number.<br/> ");
                    }
                    if ((result & PasswordTestResult.RequireSymbol) == PasswordTestResult.RequireSymbol)
                    {
                        AddPasswordValidator("Password must contain at least one symbol.<br/> ");
                    }

                    if ((result & PasswordTestResult.PasswordHistoryLimitation) == PasswordTestResult.PasswordHistoryLimitation)
                    {
                        AddPasswordValidator("You have recently used this password.<br/>");
                    }
                }
            }
        }
Пример #2
0
        /// <summary>
        /// Validates the password against the effective policy
        /// </summary>
        /// <returns>True if the password is valid, false if it does not meet the policy requirements.</returns>
        private bool ValidatePassword()
        {
            // GET THE INITIAL GROUP SO WE CAN DETERMINE PASSWORD POLICY TO EMPLOY
            int groupId = AlwaysConvert.ToInt(AddGroup.SelectedValue);

            CommerceBuilder.Users.Group group = GroupDataSource.Load(groupId);

            // LOAD THE APPROPRIATE PASSWORD POLICY
            PasswordPolicy policy;

            if (IsAdminGroup(group))
            {
                policy = new MerchantPasswordPolicy();
            }
            else
            {
                policy = new CustomerPasswordPolicy();
            }

            PasswordTestResult result = policy.TestPasswordWithFeedback(null, AddPassword.Text);

            if ((result & PasswordTestResult.Success) != PasswordTestResult.Success)
            {
                // THE PASSWORD DOES NOT MEET THE POLICY
                if ((result & PasswordTestResult.PasswordTooShort) == PasswordTestResult.PasswordTooShort)
                {
                    AddCustomValidationError(phPasswordValidation, AddPassword, "Password length must be at least " + policy.MinLength.ToString() + " characters.");
                }
                if ((result & PasswordTestResult.RequireUpper) == PasswordTestResult.RequireUpper)
                {
                    AddCustomValidationError(phPasswordValidation, AddPassword, "Password must contain at least one uppercase character.");
                }
                if ((result & PasswordTestResult.RequireLower) == PasswordTestResult.RequireLower)
                {
                    AddCustomValidationError(phPasswordValidation, AddPassword, "Password must contain at least one lowercase character.");
                }
                if ((result & PasswordTestResult.RequireNumber) == PasswordTestResult.RequireNumber)
                {
                    AddCustomValidationError(phPasswordValidation, AddPassword, "Password must contain at least one number.");
                }
                if ((result & PasswordTestResult.RequireSymbol) == PasswordTestResult.RequireSymbol)
                {
                    AddCustomValidationError(phPasswordValidation, AddPassword, "Password must contain at least one symbol (e.g. underscore or punctuation)");
                }
                if ((result & PasswordTestResult.RequireSymbol) == PasswordTestResult.RequireSymbol)
                {
                    AddCustomValidationError(phPasswordValidation, AddPassword, "Password must contain at least one symbol (e.g. underscore or punctuation)");
                }
                if ((result & PasswordTestResult.RequireNonAlpha) == PasswordTestResult.RequireNonAlpha)
                {
                    AddCustomValidationError(phPasswordValidation, AddPassword, "Password must contain at least one non-alphabetic character");
                }
                return(false);
            }
            return(true);
        }
Пример #3
0
 private PasswordTestResult UpdatePasswordTestResult(PasswordTestResult oldResult, PasswordTestResult newResult)
 {
     if ((oldResult & PasswordTestResult.Success) == PasswordTestResult.Success)
     {
         return(newResult);
     }
     else
     {
         return(oldResult | newResult);
     }
 }
        protected bool EnforcePasswordPolicy()
        {
            // DETERMINE THE APPROPRIATE POLICY FOR THE USER
            PasswordPolicy policy;

            if (_User.IsAdmin)
            {
                policy = new MerchantPasswordPolicy();
            }
            else
            {
                policy = new CustomerPasswordPolicy();
            }

            // CHECK IF PASSWORD MEETS POLICY
            PasswordTestResult result = policy.TestPasswordWithFeedback(NewPassword.Text.Trim());

            if ((result & PasswordTestResult.Success) == PasswordTestResult.Success)
            {
                return(true);
            }

            // PASSWORD DOES NOT MEET POLICY
            StringBuilder newErrorMessage = new StringBuilder();

            newErrorMessage.Append(PasswordPolicyValidator.ErrorMessage + "<ul>");
            if ((result & PasswordTestResult.PasswordTooShort) == PasswordTestResult.PasswordTooShort)
            {
                newErrorMessage.Append("<li>New password length must be at least " + policy.MinLength.ToString() + " characters.</li>");
            }
            if ((result & PasswordTestResult.RequireLower) == PasswordTestResult.RequireLower)
            {
                newErrorMessage.Append("<li>New password must contain at least one lowercase letter.<li>");
            }
            if ((result & PasswordTestResult.RequireUpper) == PasswordTestResult.RequireUpper)
            {
                newErrorMessage.Append("<li>New password must contain at least one uppercase letter.</li>");
            }
            if ((result & PasswordTestResult.RequireNonAlpha) == PasswordTestResult.RequireNonAlpha)
            {
                newErrorMessage.Append("<li>New password must contain at least one non-letter.</li>");
            }
            if ((result & PasswordTestResult.RequireNumber) == PasswordTestResult.RequireNumber)
            {
                newErrorMessage.Append("<li>New password must contain at least one number.</li> ");
            }
            if ((result & PasswordTestResult.RequireSymbol) == PasswordTestResult.RequireSymbol)
            {
                newErrorMessage.Append("<li>New password must contain at least one symbol.</li>");
            }
            PasswordPolicyValidator.ErrorMessage = newErrorMessage.ToString() + "</ul>";
            PasswordPolicyValidator.IsValid      = false;
            return(false);
        }
Пример #5
0
        /// <summary>
        /// Tests a user new password to see if it conforms with the rules established by the policy.
        /// </summary>
        /// <param name="user">user</param>
        /// <param name="password">password to test</param>
        /// <returns>PasswordTestResult flag indicating the test result</returns>
        public PasswordTestResult TestPasswordWithFeedback(User user, string password)
        {
            PasswordTestResult result = PasswordTestResult.Success;

            if (password.Length < this.MinLength)
            {
                result = UpdatePasswordTestResult(result, PasswordTestResult.PasswordTooShort);
            }
            if ((this.RequireUpper) && (!Regex.IsMatch(password, "[A-Z]")))
            {
                result = UpdatePasswordTestResult(result, PasswordTestResult.RequireUpper);
            }
            if ((this.RequireLower) && (!Regex.IsMatch(password, "[a-z]")))
            {
                result = UpdatePasswordTestResult(result, PasswordTestResult.RequireLower);
            }
            if ((this.RequireNumber) && (!Regex.IsMatch(password, "[0-9]")))
            {
                result = UpdatePasswordTestResult(result, PasswordTestResult.RequireNumber);
            }
            if ((this.RequireSymbol) && (!Regex.IsMatch(password, "[^0-9a-zA-Z]")))
            {
                result = UpdatePasswordTestResult(result, PasswordTestResult.RequireSymbol);
            }
            if ((this.RequireNonAlpha) && (!Regex.IsMatch(password, "[^a-zA-Z]")))
            {
                result = UpdatePasswordTestResult(result, PasswordTestResult.RequireNonAlpha);
            }
            if (user != null)
            {
                //VERIFY THE GIVEN PASSWORD DOES NOT EXIST IN HISTORY
                DateTime historyExpirationDate = LocaleHelper.LocalNow.AddDays(-1 * this.HistoryDays);
                foreach (UserPassword oldPassword in user.Passwords)
                {
                    if ((oldPassword.PasswordNumber - 1) <= this.HistoryCount)
                    {
                        if ((this.HistoryDays == 0) || (historyExpirationDate <= oldPassword.CreateDate))
                        {
                            if (oldPassword.VerifyPassword(password))
                            {
                                result = UpdatePasswordTestResult(result, PasswordTestResult.PasswordHistoryLimitation);
                            }
                        }
                    }
                }
            }
            return(result);
        }
        protected void SaveButton_Click(object sender, EventArgs e)
        {
            if (Page.IsValid)
            {
                User   user            = AbleContext.Current.User;
                string currentUserName = user.UserName;

                // VALIDATE THE PASSWORD IF THIS IS NOT AN ANONYMOUS USER
                bool validPassword;
                if (!user.IsAnonymousOrGuest)
                {
                    validPassword = Membership.ValidateUser(currentUserName, CurrentPassword.Text);
                    if (!validPassword)
                    {
                        InvalidPassword.IsValid = false;
                        return;
                    }
                }
                else
                {
                    validPassword = true;
                }

                // VALIDATE NEW PASSWORD AGASINT POLICY
                if (Password.Text.Length > 0)
                {
                    PasswordPolicy policy;
                    if (user.IsAdmin)
                    {
                        policy = new MerchantPasswordPolicy();
                    }
                    else
                    {
                        policy = new CustomerPasswordPolicy();
                    }
                    PasswordTestResult result = policy.TestPasswordWithFeedback(user, Password.Text);
                    if ((result & PasswordTestResult.Success) != PasswordTestResult.Success)
                    {
                        PasswordPolicyValidator.ErrorMessage += "<UL>";
                        if ((result & PasswordTestResult.PasswordTooShort) == PasswordTestResult.PasswordTooShort)
                        {
                            AddPwdValidationError(string.Format(PasswordPolicyLength.Text, policy.MinLength));
                        }
                        if ((result & PasswordTestResult.RequireLower) == PasswordTestResult.RequireLower)
                        {
                            AddPwdValidationError("New password must contain at least one lowercase letter.");
                        }
                        if ((result & PasswordTestResult.RequireUpper) == PasswordTestResult.RequireUpper)
                        {
                            AddPwdValidationError("New password must contain at least one uppercase letter. ");
                        }
                        if ((result & PasswordTestResult.RequireNonAlpha) == PasswordTestResult.RequireNonAlpha)
                        {
                            AddPwdValidationError("New password must contain at least one non-letter.");
                        }
                        if ((result & PasswordTestResult.RequireNumber) == PasswordTestResult.RequireNumber)
                        {
                            AddPwdValidationError("New password must contain at least one number.");
                        }
                        if ((result & PasswordTestResult.RequireSymbol) == PasswordTestResult.RequireSymbol)
                        {
                            AddPwdValidationError("New password must contain at least one symbol.");
                        }
                        if ((result & PasswordTestResult.PasswordHistoryLimitation) == PasswordTestResult.PasswordHistoryLimitation)
                        {
                            AddPwdValidationError("You have recently used this password.");
                        }
                        PasswordPolicyValidator.ErrorMessage += "</UL>";
                        PasswordPolicyValidator.IsValid       = false;
                        return;
                    }
                }
                else if (user.IsAnonymousOrGuest)
                {
                    // PASSWORD IS REQUIRED FOR NEW ANONYMOUS ACCOUNTS
                    PasswordRequiredValidator.IsValid = false;
                    return;
                }

                // IF USERNAME IS CHANGED, VALIDATE THE NEW NAME IS AVAILABLE
                string newUserName     = UserName.Text.Trim();
                bool   userNameChanged = (currentUserName != newUserName);
                if (userNameChanged)
                {
                    // CHECK IF THERE IS ALREADY A USER WITH DESIRED USERNAME
                    if (UserDataSource.GetUserIdByUserName(newUserName) > 0)
                    {
                        // A USER ALREADY EXISTS WITH THAT NAME
                        phUserNameUnavailable.Visible = true;
                        return;
                    }
                }

                // OPT-OUT REVIEW REMINDERS
                user.Settings.OptOutReviewReminders = !ReviewReminders.Checked;

                // UPDATE THE USER RECORD WITH NEW VALUES
                user.Email = Email.Text.Trim();
                user.PrimaryAddress.Email = user.Email;
                user.UserName             = newUserName;
                user.Save();

                // RESET AUTH COOKIE WITH NEW USERNAME IF NEEDED
                if (userNameChanged)
                {
                    FormsAuthentication.SetAuthCookie(newUserName, false);
                }

                // UPDATE PASSWORD IF INDICATED
                if (Password.Text.Length > 0)
                {
                    user.SetPassword(Password.Text);
                }

                // UPDATE MAILING PREFERENCES
                if (phEmailLists.Visible)
                {
                    UpdateEmailLists();
                }

                // DISPLAY RESULT
                SavedMessage.Visible = true;
            }
        }
Пример #7
0
        protected void SaveButton_Click(object sender, EventArgs e)
        {
            if (Page.IsValid)
            {
                User   user            = AbleContext.Current.User;
                string currentUserName = user.UserName;

                // VALIDATE THE PASSWORD IF THIS IS NOT AN ANONYMOUS USER
                bool validPassword;
                if (!user.IsAnonymousOrGuest)
                {
                    validPassword = Membership.ValidateUser(currentUserName, CurrentPassword.Text);
                    if (!validPassword)
                    {
                        InvalidPassword.IsValid = false;
                        return;
                    }
                }
                else
                {
                    validPassword = true;
                }

                // VALIDATE NEW PASSWORD AGASINT POLICY
                if (Password.Text.Length > 0)
                {
                    PasswordPolicy policy;
                    if (user.IsAdmin)
                    {
                        policy = new MerchantPasswordPolicy();
                    }
                    else
                    {
                        policy = new CustomerPasswordPolicy();
                    }
                    PasswordTestResult result = policy.TestPasswordWithFeedback(user, Password.Text);
                    if ((result & PasswordTestResult.Success) != PasswordTestResult.Success)
                    {
                        PasswordPolicyValidator.ErrorMessage += "<UL>";
                        if ((result & PasswordTestResult.PasswordTooShort) == PasswordTestResult.PasswordTooShort)
                        {
                            AddPwdValidationError(string.Format(PasswordPolicyLength.Text, policy.MinLength));
                        }
                        if ((result & PasswordTestResult.RequireLower) == PasswordTestResult.RequireLower)
                        {
                            AddPwdValidationError("New password must contain at least one lowercase letter.");
                        }
                        if ((result & PasswordTestResult.RequireUpper) == PasswordTestResult.RequireUpper)
                        {
                            AddPwdValidationError("New password must contain at least one uppercase letter. ");
                        }
                        if ((result & PasswordTestResult.RequireNonAlpha) == PasswordTestResult.RequireNonAlpha)
                        {
                            AddPwdValidationError("New password must contain at least one non-letter.");
                        }
                        if ((result & PasswordTestResult.RequireNumber) == PasswordTestResult.RequireNumber)
                        {
                            AddPwdValidationError("New password must contain at least one number.");
                        }
                        if ((result & PasswordTestResult.RequireSymbol) == PasswordTestResult.RequireSymbol)
                        {
                            AddPwdValidationError("New password must contain at least one symbol.");
                        }
                        if ((result & PasswordTestResult.PasswordHistoryLimitation) == PasswordTestResult.PasswordHistoryLimitation)
                        {
                            AddPwdValidationError("You have recently used this password.");
                        }
                        PasswordPolicyValidator.ErrorMessage += "</UL>";
                        PasswordPolicyValidator.IsValid       = false;
                        return;
                    }
                }
                else if (user.IsAnonymousOrGuest)
                {
                    // PASSWORD IS REQUIRED FOR NEW ANONYMOUS ACCOUNTS
                    PasswordRequiredValidator.IsValid = false;
                    return;
                }

                // UPDATE THE USER RECORD WITH NEW VALUES
                user.Save();

                // UPDATE PASSWORD IF INDICATED
                if (Password.Text.Length > 0)
                {
                    user.SetPassword(Password.Text);
                }

                // DISPLAY RESULT
                ConfirmationMsg.Visible = true;
            }
        }
Пример #8
0
        protected void ChangePasswordButton_Click(object sender, EventArgs e)
        {
            if (Page.IsValid)
            {
                //VERIFY THE GIVEN USERNAME IS VALID
                User user = UserDataSource.LoadForUserName(UserName.Text);
                if ((user != null) && !string.IsNullOrEmpty(UserName.Text) && !string.IsNullOrEmpty(_LastPasswordValue))
                {
                    //VERIFY CURRENT PASSWORD IS CORRECT
                    if (Membership.ValidateUser(UserName.Text, _LastPasswordValue))
                    {
                        //VERIFY THE NEW PASSWORD MEETS POLICY
                        MerchantPasswordPolicy policy = new MerchantPasswordPolicy();
                        PasswordTestResult     result = policy.TestPasswordWithFeedback(user, NewPassword.Text);
                        if ((result & PasswordTestResult.Success) == PasswordTestResult.Success && !NewPassword.Text.Equals(_LastPasswordValue))
                        {
                            // PASSWORD CHANGE SUCCEEDED, REDIRECT TO THE MERCHANT ADMIN
                            user.SetPassword(NewPassword.Text);
                            FormsAuthentication.SetAuthCookie(UserName.Text, false);
                            Response.Redirect("~/Admin/Default.aspx");
                        }
                        else
                        {
                            //REDISPLAY THE PASSWORD REQUIREMENST
                            ShowPasswordExpired();

                            //"Your new password did not meet the following minimum requirements:<br/>";
                            if ((result & PasswordTestResult.PasswordTooShort) == PasswordTestResult.PasswordTooShort)
                            {
                                AddPasswordExpiredValidator(string.Format(PasswordPolicyLength.Text, policy.MinLength));
                            }
                            if ((result & PasswordTestResult.RequireLower) == PasswordTestResult.RequireLower)
                            {
                                AddPasswordExpiredValidator("New password must contain at least one lowercase letter.<br/>");
                            }
                            if ((result & PasswordTestResult.RequireUpper) == PasswordTestResult.RequireUpper)
                            {
                                AddPasswordExpiredValidator("New password must contain at least one uppercase letter.<br/> ");
                            }
                            if ((result & PasswordTestResult.RequireNonAlpha) == PasswordTestResult.RequireNonAlpha)
                            {
                                AddPasswordExpiredValidator("New password must contain at least one non-letter.<br/> ");
                            }
                            if ((result & PasswordTestResult.RequireNumber) == PasswordTestResult.RequireNumber)
                            {
                                AddPasswordExpiredValidator("New password must contain at least one number.<br/> ");
                            }
                            if ((result & PasswordTestResult.RequireSymbol) == PasswordTestResult.RequireSymbol)
                            {
                                AddPasswordExpiredValidator("New password must contain at least one symbol.<br/> ");
                            }

                            if ((result & PasswordTestResult.PasswordHistoryLimitation) == PasswordTestResult.PasswordHistoryLimitation)
                            {
                                AddPasswordExpiredValidator("You have recently used this password.<br/>");
                            }
                            if (NewPassword.Text.Equals(_LastPasswordValue))
                            {
                                AddPasswordExpiredValidator("You new password must be different from your current password.<br/>");
                            }
                        }
                    }
                }
            }
        }
        public async Task <ActionResult> Do(PasswordChangeRequestModel model)
        {
            try
            {
                this.rateLimiter.ThrowOnRateLimitExceeded(model.UserName, this.Request);

                if (!this.ModelState.IsValid)
                {
                    return(this.View(model));
                }

                if (model.NewPassword != model.ConfirmNewPassword)
                {
                    this.ModelState.AddModelError(nameof(model.ConfirmNewPassword), Resources.UIMessages.PasswordsDoNotMatch);
                    return(this.View(model));
                }

                PasswordTestResult result = await this.passwordManager.TestPassword(model.UserName, model.NewPassword).ConfigureAwait(false);

                if (result.Code != PasswordTestResultCode.Approved)
                {
                    this.ModelState.AddModelError(nameof(model.ConfirmNewPassword), result.ToString());
                    return(this.View(model));
                }

                await this.ChangePassword(model.UserName, model.CurrentPassword, model.NewPassword).ConfigureAwait(false);

                model.Success = true;

                if (model.Redirect != null)
                {
                    if (this.ValidRedirectUri(model.Redirect))
                    {
                        return(new RedirectResult(model.Redirect));
                    }
                    else
                    {
                        model.Redirect = null;
                    }
                }

                return(this.View("Success"));
            }
            catch (NotFoundException)
            {
                Logger.Error($"The password change attempt for user {model.UserName} failed because the user was not found in the directory");
                this.ModelState.AddModelError(nameof(model.CurrentPassword), Resources.UIMessages.InvalidUserOrPassword);
                return(this.View(model));
            }
            catch (PasswordIncorrectException)
            {
                Logger.Error($"The password change attempt for user {model.UserName} failed because the current password was incorrect");
                this.ModelState.AddModelError(nameof(model.CurrentPassword), Resources.UIMessages.InvalidUserOrPassword);
                return(this.View(model));
            }
            catch (PasswordDoesNotMeetPolicyException)
            {
                Logger.Error($"The password change attempt for user {model.UserName} failed because AD rejected the password change");
                this.ModelState.AddModelError(nameof(model.ConfirmNewPassword), Resources.UIMessages.PasswordRejectedByAdPolicy);
                return(this.View(model));
            }
            catch (RateLimitExceededException ex)
            {
                Logger.Error(ex.Message);
                return(this.View("RateLimitExceeded"));
            }
            catch (Exception ex)
            {
                Logger.Error(ex, "An unhandled exception occurred when attempting the password change");
                this.ModelState.AddModelError(nameof(model.ConfirmNewPassword), Resources.UIMessages.UnhandledError);
                return(this.View(model));
            }
        }
Пример #10
0
        protected void ChangePasswordButton_Click(object sender, EventArgs e)
        {
            if (Page.IsValid)
            {
                //VERIFY CURRENT PASSWORD IS CORRECT
                User u = AbleContext.Current.User;
                if (u.CheckPassword(CurrentPassword.Text))
                {
                    //VERIFY THE NEW PASSWORD MEETS POLICY
                    PasswordPolicy     policy = new MerchantPasswordPolicy();
                    PasswordTestResult result = policy.TestPasswordWithFeedback(u, NewPassword.Text);
                    if ((result & PasswordTestResult.Success) == PasswordTestResult.Success)
                    {
                        u.SetPassword(NewPassword.Text);
                        ShowChangePassword.Visible     = false;
                        ChangePasswordPanel.Visible    = false;
                        PasswordChangedMessage.Visible = true;
                    }
                    else
                    {
                        if (CurrentPassword.Text.Equals(NewPassword.Text))
                        {
                            AddPasswordValidator("Your new password is the same as your current password.");
                        }
                        else
                        {
                            //"Your new password did not meet the following minimum requirements:<br/>";
                            if ((result & PasswordTestResult.PasswordTooShort) == PasswordTestResult.PasswordTooShort)
                            {
                                AddPasswordValidator(string.Format(PasswordPolicyLength.Text, policy.MinLength));
                            }
                            if ((result & PasswordTestResult.RequireLower) == PasswordTestResult.RequireLower)
                            {
                                AddPasswordValidator("New password must contain at least one lowercase letter.<br/>");
                            }
                            if ((result & PasswordTestResult.RequireUpper) == PasswordTestResult.RequireUpper)
                            {
                                AddPasswordValidator("New password must contain at least one uppercase letter.<br/> ");
                            }
                            if ((result & PasswordTestResult.RequireNonAlpha) == PasswordTestResult.RequireNonAlpha)
                            {
                                AddPasswordValidator("New password must contain at least one non-letter.<br/> ");
                            }
                            if ((result & PasswordTestResult.RequireNumber) == PasswordTestResult.RequireNumber)
                            {
                                AddPasswordValidator("New password must contain at least one number.<br/> ");
                            }
                            if ((result & PasswordTestResult.RequireSymbol) == PasswordTestResult.RequireSymbol)
                            {
                                AddPasswordValidator("New password must contain at least one symbol.<br/> ");
                            }

                            if ((result & PasswordTestResult.PasswordHistoryLimitation) == PasswordTestResult.PasswordHistoryLimitation)
                            {
                                AddPasswordValidator("You have recently used this password.<br/>");
                            }
                        }
                        ChangePasswordPanel.Visible = true;
                        ShowChangePassword.Visible  = false;
                    }
                }
                else
                {
                    CustomValidator validator = new CustomValidator();
                    validator.ErrorMessage    = "You did not type your current password correctly.";
                    validator.Text            = "*";
                    validator.IsValid         = false;
                    validator.ValidationGroup = "UserStatus";
                    phCustomValidator.Controls.Add(validator);

                    ChangePasswordPanel.Visible = true;
                    ShowChangePassword.Visible  = false;
                }
            }
        }