public bool ChangePassword(int portalId, int userId, string newPassword)
{
if (MembershipProviderConfig.RequiresQuestionAndAnswer)
{
throw new Exception(Localization.GetString("CannotChangePassword", Constants.LocalResourcesFile));
}
var user = UserController.Instance.GetUserById(portalId, userId);
if (user == null)
{
return(false);
}
var membershipPasswordController = new MembershipPasswordController();
var settings = new MembershipPasswordSettings(user.PortalID);
if (settings.EnableBannedList)
{
if (membershipPasswordController.FoundBannedPassword(newPassword) || user.Username == newPassword)
{
throw new Exception(Localization.GetString("PasswordResetFailed", Constants.LocalResourcesFile));
}
}
//check new password is not in history
if (membershipPasswordController.IsPasswordInHistory(user.UserID, user.PortalID, newPassword, false))
{
throw new Exception(Localization.GetString("PasswordResetFailed_PasswordInHistory", Constants.LocalResourcesFile));
}
try
{
var passwordChanged = UserController.ResetAndChangePassword(user, newPassword);
if (!passwordChanged)
{
throw new Exception(Localization.GetString("PasswordResetFailed", Constants.LocalResourcesFile));
}
return(true);
}
catch (MembershipPasswordException exc)
{
//Password Answer missing
Logger.Error(exc);
throw new Exception(Localization.GetString("PasswordInvalid", Constants.LocalResourcesFile));
}
catch (ThreadAbortException)
{
return(true);
}
catch (Exception exc)
{
//Fail
Logger.Error(exc);
throw new Exception(Localization.GetString("PasswordResetFailed", Constants.LocalResourcesFile));
}
}
public HttpResponseMessage PasswordStrengthOptions()
{
var settings = new MembershipPasswordSettings(PortalId);
var passwordSettings = new PasswordSettingsDto {
MinLength = settings.MinPasswordLength,
MinNumberOfSpecialChars = settings.MinNonAlphanumericCharacters,
ValidationExpression = settings.ValidationExpression
};
return(Request.CreateResponse(HttpStatusCode.OK, passwordSettings));
}
public void OnSerializing(StreamingContext context)
{
var settings = new MembershipPasswordSettings(PortalController.GetCurrentPortalSettings().PortalId);
MinLength = settings.MinPasswordLength;
CriteriaAtLeastNCharsText = string.Format(CriteriaAtLeastNCharsText, MinLength);
MinNumberOfSpecialChars = settings.MinNonAlphanumericCharacters;
CriteriaSpecialCharText = MinNumberOfSpecialChars > 0 ?
string.Format(Utilities.GetLocalizedString("CriteriaAtLeastNSpecialChars"), MinNumberOfSpecialChars) :
Utilities.GetLocalizedString("CriteriaSpecialChar");
}
private void cmdChangePassword_Click(object sender, EventArgs e)
{
//1. Check New Password and Confirm are the same
if (txtPassword.Text != txtConfirmPassword.Text)
{
resetMessages.Visible = true;
var failed = Localization.GetString("PasswordMismatch");
LogFailure(failed);
lblHelp.Text = failed;
return;
}
if (UserController.ValidatePassword(txtPassword.Text) == false)
{
resetMessages.Visible = true;
var failed = Localization.GetString("PasswordResetFailed");
LogFailure(failed);
lblHelp.Text = failed;
return;
}
//Check New Password is not same as username or banned
var settings = new MembershipPasswordSettings(User.PortalID);
if (settings.EnableBannedList)
{
var m = new MembershipPasswordController();
if (m.FoundBannedPassword(txtPassword.Text) || txtUsername.Text == txtPassword.Text)
{
resetMessages.Visible = true;
var failed = Localization.GetString("PasswordResetFailed");
LogFailure(failed);
lblHelp.Text = failed;
return;
}
}
if (UserController.ChangePasswordByToken(PortalSettings.PortalId, txtUsername.Text, txtPassword.Text, ResetToken) == false)
{
resetMessages.Visible = true;
var failed = Localization.GetString("PasswordResetFailed", LocalResourceFile);
LogFailure(failed);
lblHelp.Text = failed;
}
else
{
//Log user in to site
LogSuccess();
var loginStatus = UserLoginStatus.LOGIN_FAILURE;
UserController.UserLogin(PortalSettings.PortalId, txtUsername.Text, txtPassword.Text, "", "", "", ref loginStatus, false);
RedirectAfterLogin();
}
}
public void OnSerializing(StreamingContext context)
{
int portalId = (PortalController.Instance.GetCurrentPortalSettings()) != null ? (PortalController.Instance.GetCurrentPortalSettings().PortalId) : -1;
var settings = new MembershipPasswordSettings(portalId);
MinLength = settings.MinPasswordLength;
CriteriaAtLeastNCharsText = string.Format(CriteriaAtLeastNCharsText, MinLength);
MinNumberOfSpecialChars = settings.MinNonAlphanumericCharacters;
CriteriaAtLeastNSpecialCharsText = string.Format(CriteriaAtLeastNSpecialCharsText, MinNumberOfSpecialChars);
ValidationExpression = settings.ValidationExpression;
CriteriaValidationExpressionText = string.Format(CriteriaValidationExpressionText, ValidationExpression);
}
private static void ChangePassword(UserInfo user, string password)
{
// Check New Password is Valid
if (!UserController.ValidatePassword(password))
{
App.Services.Logger.Error($"Changing password of user {user.Username} failed with PasswordInvalid error");
throw new DataNotValidException(App.Services.Localizer.GetString("PasswordInvalid"));
}
// Check New Password is not same as username or banned
var settings = new MembershipPasswordSettings(user.PortalID);
if (settings.EnableBannedList)
{
var m = new MembershipPasswordController();
if (m.FoundBannedPassword(password) || user.Username == password)
{
App.Services.Logger.Error($"Changing password of user {user.Username} failed with BannedPasswordUsed error");
throw new DataNotValidException(App.Services.Localizer.GetString("BannedPasswordUsed"));
}
}
UserController.ResetAndChangePassword(user, password);
}
private bool Validate()
{
if (!string.IsNullOrEmpty(gotcha.Value))
{
return(false);
}
CreateStatus = UserCreateStatus.AddUser;
var portalSecurity = PortalSecurity.Instance;
//Check User Editor
bool _IsValid = userForm.IsValid;
if (_IsValid)
{
var filterFlags = PortalSecurity.FilterFlag.NoScripting | PortalSecurity.FilterFlag.NoAngleBrackets | PortalSecurity.FilterFlag.NoMarkup;
var name = User.Username ?? User.Email;
var cleanUsername = PortalSecurity.Instance.InputFilter(name, filterFlags);
if (!cleanUsername.Equals(name))
{
CreateStatus = UserCreateStatus.InvalidUserName;
}
var valid = UserController.Instance.IsValidUserName(name);
if (!valid)
{
CreateStatus = UserCreateStatus.InvalidUserName;
}
var cleanEmail = PortalSecurity.Instance.InputFilter(User.Email, filterFlags);
if (!cleanEmail.Equals(User.Email))
{
CreateStatus = UserCreateStatus.InvalidEmail;
}
var cleanFirstName = PortalSecurity.Instance.InputFilter(User.FirstName, filterFlags);
if (!cleanFirstName.Equals(User.FirstName))
{
CreateStatus = UserCreateStatus.InvalidFirstName;
}
var cleanLastName = PortalSecurity.Instance.InputFilter(User.LastName, filterFlags);
if (!cleanLastName.Equals(User.LastName))
{
CreateStatus = UserCreateStatus.InvalidLastName;
}
var cleanDisplayName = PortalSecurity.Instance.InputFilter(User.DisplayName, filterFlags);
if (!cleanDisplayName.Equals(User.DisplayName))
{
CreateStatus = UserCreateStatus.InvalidDisplayName;
}
}
if (PortalSettings.Registration.RegistrationFormType == 0)
{
//Update UserName
if (PortalSettings.Registration.UseEmailAsUserName)
{
User.Username = User.Email;
if (String.IsNullOrEmpty(User.DisplayName))
{
User.DisplayName = User.Email.Substring(0, User.Email.IndexOf("@", StringComparison.Ordinal));
}
}
//Check Password is valid
if (!PortalSettings.Registration.RandomPassword)
{
//Check Password is Valid
if (CreateStatus == UserCreateStatus.AddUser && !UserController.ValidatePassword(User.Membership.Password))
{
CreateStatus = UserCreateStatus.InvalidPassword;
}
if (PortalSettings.Registration.RequirePasswordConfirm && String.IsNullOrEmpty(AuthenticationType))
{
if (User.Membership.Password != User.Membership.PasswordConfirm)
{
CreateStatus = UserCreateStatus.PasswordMismatch;
}
}
}
else
{
//Generate a random password for the user
User.Membership.Password = UserController.GeneratePassword();
User.Membership.PasswordConfirm = User.Membership.Password;
}
}
else
{
//Set Username to Email
if (String.IsNullOrEmpty(User.Username))
{
User.Username = User.Email;
}
//Set DisplayName
if (String.IsNullOrEmpty(User.DisplayName))
{
User.DisplayName = String.IsNullOrEmpty(User.FirstName + " " + User.LastName)
? User.Email.Substring(0, User.Email.IndexOf("@", StringComparison.Ordinal))
: User.FirstName + " " + User.LastName;
}
//Random Password
if (String.IsNullOrEmpty(User.Membership.Password))
{
//Generate a random password for the user
User.Membership.Password = UserController.GeneratePassword();
}
//Password Confirm
if (!String.IsNullOrEmpty(User.Membership.PasswordConfirm))
{
if (User.Membership.Password != User.Membership.PasswordConfirm)
{
CreateStatus = UserCreateStatus.PasswordMismatch;
}
}
}
//Validate banned password
var settings = new MembershipPasswordSettings(User.PortalID);
if (settings.EnableBannedList)
{
var m = new MembershipPasswordController();
if (m.FoundBannedPassword(User.Membership.Password) || User.Username == User.Membership.Password)
{
CreateStatus = UserCreateStatus.BannedPasswordUsed;
}
}
//Validate Profanity
if (PortalSettings.Registration.UseProfanityFilter)
{
if (!portalSecurity.ValidateInput(User.Username, PortalSecurity.FilterFlag.NoProfanity))
{
CreateStatus = UserCreateStatus.InvalidUserName;
}
if (!String.IsNullOrEmpty(User.DisplayName))
{
if (!portalSecurity.ValidateInput(User.DisplayName, PortalSecurity.FilterFlag.NoProfanity))
{
CreateStatus = UserCreateStatus.InvalidDisplayName;
}
}
}
//Validate Unique User Name
UserInfo user = UserController.GetUserByName(PortalId, User.Username);
if (user != null)
{
if (PortalSettings.Registration.UseEmailAsUserName)
{
CreateStatus = UserCreateStatus.DuplicateEmail;
}
else
{
CreateStatus = UserCreateStatus.DuplicateUserName;
int i = 1;
string userName = null;
while (user != null)
{
userName = User.Username + "0" + i.ToString(CultureInfo.InvariantCulture);
user = UserController.GetUserByName(PortalId, userName);
i++;
}
User.Username = userName;
}
}
//Validate Unique Display Name
if (CreateStatus == UserCreateStatus.AddUser && PortalSettings.Registration.RequireUniqueDisplayName)
{
user = UserController.Instance.GetUserByDisplayname(PortalId, User.DisplayName);
if (user != null)
{
CreateStatus = UserCreateStatus.DuplicateDisplayName;
int i = 1;
string displayName = null;
while (user != null)
{
displayName = User.DisplayName + " 0" + i.ToString(CultureInfo.InvariantCulture);
user = UserController.Instance.GetUserByDisplayname(PortalId, displayName);
i++;
}
User.DisplayName = displayName;
}
}
//Check Question/Answer
if (CreateStatus == UserCreateStatus.AddUser && MembershipProviderConfig.RequiresQuestionAndAnswer)
{
if (string.IsNullOrEmpty(User.Membership.PasswordQuestion))
{
//Invalid Question
CreateStatus = UserCreateStatus.InvalidQuestion;
}
if (CreateStatus == UserCreateStatus.AddUser)
{
if (string.IsNullOrEmpty(User.Membership.PasswordAnswer))
{
//Invalid Question
CreateStatus = UserCreateStatus.InvalidAnswer;
}
}
}
if (CreateStatus != UserCreateStatus.AddUser)
{
_IsValid = false;
}
return(_IsValid);
}
private void cmdChangePassword_Click(object sender, EventArgs e)
{
string username = txtUsername.Text;
if (MembershipProviderConfig.RequiresQuestionAndAnswer && string.IsNullOrEmpty(txtAnswer.Text))
{
return;
}
//1. Check New Password and Confirm are the same
if (txtPassword.Text != txtConfirmPassword.Text)
{
resetMessages.Visible = true;
var failed = Localization.GetString("PasswordMismatch");
LogFailure(failed);
lblHelp.Text = failed;
return;
}
var newPassword = txtPassword.Text.Trim();
if (UserController.ValidatePassword(newPassword) == false)
{
resetMessages.Visible = true;
var failed = Localization.GetString("PasswordResetFailed");
LogFailure(failed);
lblHelp.Text = failed;
return;
}
//Check New Password is not same as username or banned
var settings = new MembershipPasswordSettings(User.PortalID);
if (settings.EnableBannedList)
{
var m = new MembershipPasswordController();
if (m.FoundBannedPassword(newPassword) || txtUsername.Text == newPassword)
{
resetMessages.Visible = true;
var failed = Localization.GetString("PasswordResetFailed");
LogFailure(failed);
lblHelp.Text = failed;
return;
}
}
if (PortalController.GetPortalSettingAsBoolean("Registration_UseEmailAsUserName", PortalId, false))
{
var testUser = UserController.GetUserByEmail(PortalId, username); // one additonal call to db to see if an account with that email actually exists
if (testUser != null)
{
username = testUser.Username; //we need the username of the account in order to change the password in the next step
}
}
string errorMessage;
string answer = String.Empty;
if (MembershipProviderConfig.RequiresQuestionAndAnswer)
{
answer = txtAnswer.Text;
}
if (UserController.ChangePasswordByToken(PortalSettings.PortalId, username, newPassword, answer, ResetToken, out errorMessage) == false)
{
resetMessages.Visible = true;
var failed = errorMessage;
LogFailure(failed);
lblHelp.Text = failed;
}
else
{
//check user has a valid profile
var user = UserController.GetUserByName(PortalSettings.PortalId, username);
var validStatus = UserController.ValidateUser(user, PortalSettings.PortalId, false);
if (validStatus == UserValidStatus.UPDATEPROFILE)
{
LogSuccess();
ViewState.Add("PageNo", 3);
Response.Redirect(Globals.NavigateURL(PortalSettings.ActiveTab.TabID, "Login"));
}
else
{
//Log user in to site
LogSuccess();
var loginStatus = UserLoginStatus.LOGIN_FAILURE;
UserController.UserLogin(PortalSettings.PortalId, username, txtPassword.Text, "", "", "", ref loginStatus, false);
RedirectAfterLogin();
}
}
}
private void cmdUpdate_Click(object sender, EventArgs e)
{
if ((this.UseCaptcha && this.ctlCaptcha.IsValid) || !this.UseCaptcha)
{
if (this.IsUserOrAdmin == false)
{
return;
}
// 1. Check New Password and Confirm are the same
if (this.txtNewPassword.Text != this.txtNewConfirm.Text)
{
this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordMismatch));
return;
}
// 2. Check New Password is Valid
if (!UserController.ValidatePassword(this.txtNewPassword.Text))
{
this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordInvalid));
return;
}
// 3. Check old Password is Provided
if (!this.IsAdmin && string.IsNullOrEmpty(this.txtOldPassword.Text))
{
this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordMissing));
return;
}
// 4. Check New Password is ddifferent
if (!this.IsAdmin && this.txtNewPassword.Text == this.txtOldPassword.Text)
{
this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordNotDifferent));
return;
}
// 5. Check New Password is not same as username or banned
var membershipPasswordController = new MembershipPasswordController();
var settings = new MembershipPasswordSettings(this.User.PortalID);
if (settings.EnableBannedList)
{
if (membershipPasswordController.FoundBannedPassword(this.txtNewPassword.Text) || this.User.Username == this.txtNewPassword.Text)
{
this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.BannedPasswordUsed));
return;
}
}
// check new password is not in history
if (membershipPasswordController.IsPasswordInHistory(this.User.UserID, this.User.PortalID, this.txtNewPassword.Text, false))
{
this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed));
return;
}
if (!this.IsAdmin && this.txtNewPassword.Text == this.txtOldPassword.Text)
{
this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordNotDifferent));
return;
}
if (!this.IsAdmin)
{
try
{
this.OnPasswordUpdated(UserController.ChangePassword(this.User, this.txtOldPassword.Text, this.txtNewPassword.Text)
? new PasswordUpdatedEventArgs(PasswordUpdateStatus.Success)
: new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed));
}
catch (MembershipPasswordException exc)
{
// Password Answer missing
Logger.Error(exc);
this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.InvalidPasswordAnswer));
}
catch (ThreadAbortException)
{
// Do nothing we are not logging ThreadAbortxceptions caused by redirects
}
catch (Exception exc)
{
// Fail
Logger.Error(exc);
this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed));
}
}
else
{
try
{
this.OnPasswordUpdated(UserController.ResetAndChangePassword(this.User, this.txtNewPassword.Text)
? new PasswordUpdatedEventArgs(PasswordUpdateStatus.Success)
: new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed));
}
catch (MembershipPasswordException exc)
{
// Password Answer missing
Logger.Error(exc);
this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.InvalidPasswordAnswer));
}
catch (ThreadAbortException)
{
// Do nothing we are not logging ThreadAbortxceptions caused by redirects
}
catch (Exception exc)
{
// Fail
Logger.Error(exc);
this.OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed));
}
}
}
}
/// <summary>
///
/// </summary>
/// <param name="portalId"></param>
/// <param name="AuthenticationType"></param>
/// <param name="newUser"></param>
/// <returns></returns>
public UserCreateStatus Validate(int portalId, string AuthenticationType, UserInfo newUser)
{
var membUtils = new DnnMembershipUtilities(portalId);
UserCreateStatus CreateStatus = UserCreateStatus.AddUser;
var portalSecurity = new PortalSecurity();
//Check User Editor
//bool _IsValid = base.View.RegistrationForm.IsValid;
if (membUtils.RegistrationFormType == 0)
{
//Update UserName
if (membUtils.UseEmailAsUserName)
{
newUser.Username = newUser.Email;
if (String.IsNullOrEmpty(newUser.DisplayName))
{
newUser.DisplayName = newUser.Email.Substring(0, newUser.Email.IndexOf("@", StringComparison.Ordinal));
}
}
//Check Password is valid
if (!membUtils.RandomPassword)
{
//Check Password is Valid
if (CreateStatus == UserCreateStatus.AddUser && !UserController.ValidatePassword(newUser.Membership.Password))
{
CreateStatus = UserCreateStatus.InvalidPassword;
}
if (membUtils.RequirePasswordConfirm && String.IsNullOrEmpty(AuthenticationType))
{
if (newUser.Membership.Password != newUser.Membership.PasswordConfirm)
{
CreateStatus = UserCreateStatus.PasswordMismatch;
}
}
}
else
{
//Generate a random password for the user
newUser.Membership.Password = UserController.GeneratePassword();
newUser.Membership.PasswordConfirm = newUser.Membership.Password;
}
}
else
{
//Set Username to Email
if (String.IsNullOrEmpty(newUser.Username))
{
newUser.Username = newUser.Email;
}
//Set DisplayName
if (String.IsNullOrEmpty(newUser.DisplayName))
{
newUser.DisplayName = String.IsNullOrEmpty(String.Format("{0} {1}", newUser.FirstName, newUser.LastName))
? newUser.Email.Substring(0, newUser.Email.IndexOf("@", StringComparison.Ordinal))
: String.Format("{0} {1}", newUser.FirstName, newUser.LastName);
}
//Random Password
if (String.IsNullOrEmpty(newUser.Membership.Password))
{
//Generate a random password for the user
newUser.Membership.Password = UserController.GeneratePassword();
}
//Password Confirm
if (!String.IsNullOrEmpty(newUser.Membership.PasswordConfirm))
{
if (newUser.Membership.Password != newUser.Membership.PasswordConfirm)
{
CreateStatus = UserCreateStatus.PasswordMismatch;
}
}
}
//Validate banned password
var settings = new MembershipPasswordSettings(newUser.PortalID);
if (settings.EnableBannedList)
{
var m = new MembershipPasswordController();
if (m.FoundBannedPassword(newUser.Membership.Password) || newUser.Username == newUser.Membership.Password)
{
CreateStatus = UserCreateStatus.BannedPasswordUsed;
}
}
//Validate Profanity
if (UseProfanityFilter)
{
if (!portalSecurity.ValidateInput(newUser.Username, PortalSecurity.FilterFlag.NoProfanity))
{
CreateStatus = UserCreateStatus.InvalidUserName;
}
if (!String.IsNullOrEmpty(newUser.DisplayName))
{
if (!portalSecurity.ValidateInput(newUser.DisplayName, PortalSecurity.FilterFlag.NoProfanity))
{
CreateStatus = UserCreateStatus.InvalidDisplayName;
}
}
}
//Validate Unique User Name
UserInfo user = UserController.GetUserByName(portalId, newUser.Username);
if (user != null)
{
if (membUtils.UseEmailAsUserName)
{
CreateStatus = UserCreateStatus.DuplicateEmail;
}
else
{
CreateStatus = UserCreateStatus.DuplicateUserName;
int i = 1;
string userName = null;
while (user != null)
{
userName = String.Format("{0}0{1}", newUser.Username, i.ToString(CultureInfo.InvariantCulture));
user = UserController.GetUserByName(portalId, userName);
i++;
}
newUser.Username = userName;
}
}
//Validate Unique Display Name
if (CreateStatus == UserCreateStatus.AddUser && RequireUniqueDisplayName)
{
user = TestableUserController.Instance.GetUserByDisplayname(portalId, newUser.DisplayName);
if (user != null)
{
CreateStatus = UserCreateStatus.DuplicateDisplayName;
int i = 1;
string displayName = null;
while (user != null)
{
displayName = String.Format("{0} 0{1}", newUser.DisplayName, i.ToString(CultureInfo.InvariantCulture));
user = TestableUserController.Instance.GetUserByDisplayname(portalId, displayName);
i++;
}
newUser.DisplayName = displayName;
}
}
//Check Question/Answer
if (CreateStatus == UserCreateStatus.AddUser && MembershipProviderConfig.RequiresQuestionAndAnswer)
{
if (string.IsNullOrEmpty(newUser.Membership.PasswordQuestion))
{
//Invalid Question
CreateStatus = UserCreateStatus.InvalidQuestion;
}
if (CreateStatus == UserCreateStatus.AddUser)
{
if (string.IsNullOrEmpty(newUser.Membership.PasswordAnswer))
{
//Invalid Question
CreateStatus = UserCreateStatus.InvalidAnswer;
}
}
}
return(CreateStatus);
}
private void cmdChangePassword_Click(object sender, EventArgs e)
{
//1. Check New Password and Confirm are the same
if (txtPassword.Text != txtConfirmPassword.Text)
{
resetMessages.Visible = true;
var failed = Localization.GetString("PasswordMismatch");
LogFailure(failed);
lblHelp.Text = failed;
return;
}
if (UserController.ValidatePassword(txtPassword.Text) == false)
{
resetMessages.Visible = true;
var failed = Localization.GetString("PasswordResetFailed");
LogFailure(failed);
lblHelp.Text = failed;
return;
}
//Check New Password is not same as username or banned
var settings = new MembershipPasswordSettings(User.PortalID);
if (settings.EnableBannedList)
{
var m = new MembershipPasswordController();
if (m.FoundBannedPassword(txtPassword.Text) || txtUsername.Text == txtPassword.Text)
{
resetMessages.Visible = true;
var failed = Localization.GetString("PasswordResetFailed");
LogFailure(failed);
lblHelp.Text = failed;
return;
}
}
string username = txtUsername.Text;
if (PortalController.GetPortalSettingAsBoolean("Registration_UseEmailAsUserName", PortalId, false))
{
var testUser = UserController.GetUserByEmail(PortalId, username); // one additonal call to db to see if an account with that email actually exists
if (testUser != null)
{
username = testUser.Username; //we need the username of the account in order to change the password in the next step
}
}
if (UserController.ChangePasswordByToken(PortalSettings.PortalId, username, txtPassword.Text, ResetToken) == false)
{
resetMessages.Visible = true;
var failed = Localization.GetString("PasswordResetFailed", LocalResourceFile);
LogFailure(failed);
lblHelp.Text = failed;
}
else
{
//Log user in to site
LogSuccess();
var loginStatus = UserLoginStatus.LOGIN_FAILURE;
UserController.UserLogin(PortalSettings.PortalId, username, txtPassword.Text, "", "", "", ref loginStatus, false);
RedirectAfterLogin();
}
}
public dynamic Index(Entities.ResetPassword PasswordReset)
{
dynamic actionResult = new ExpandoObject();
try
{
PasswordReset.ResetToken = HttpContext.Current.Request.UrlReferrer.AbsoluteUri.Split('/')[HttpContext.Current.Request.UrlReferrer.AbsoluteUri.Split('/').Length - 1];
UserInfo UserInfo = UserController.GetUserByPasswordResetToken(PortalSettings.Current.PortalId, PasswordReset.ResetToken);
_ipAddress = UserRequestIPAddressController.Instance.GetUserRequestIPAddress(new HttpRequestWrapper(HttpContext.Current.Request));
string username = PasswordReset.Username;
if (PasswordReset.Password != PasswordReset.ConfirmPassword)
{
string failed = Localization.GetString("PasswordMismatch");
LogFailure(failed, UserInfo);
actionResult.IsSuccess = false;
actionResult.Message = failed;
return(actionResult);
}
string newPassword = PasswordReset.Password.Trim();
if (UserController.ValidatePassword(newPassword) == false)
{
string failed = Localization.GetString("PasswordResetFailed");
LogFailure(failed, UserInfo);
actionResult.IsSuccess = false;
actionResult.Message = failed;
return(actionResult);
}
MembershipPasswordSettings settings = new MembershipPasswordSettings(PortalSettings.Current.PortalId);
if (settings.EnableBannedList)
{
MembershipPasswordController m = new MembershipPasswordController();
if (m.FoundBannedPassword(newPassword) || username == newPassword)
{
string failed = Localization.GetString("PasswordResetFailed");
LogFailure(failed, UserInfo);
actionResult.IsSuccess = false;
actionResult.Message = failed;
return(actionResult);
}
}
if (PortalController.GetPortalSettingAsBoolean("Registration_UseEmailAsUserName", PortalSettings.Current.PortalId, false))
{
UserInfo testUser = UserController.GetUserByEmail(PortalSettings.Current.PortalId, username); // one additonal call to db to see if an account with that email actually exists
if (testUser != null)
{
username = testUser.Username; //we need the username of the account in order to change the password in the next step
}
}
if (UserController.ChangePasswordByToken(PortalSettings.PortalId, username, newPassword, null, PasswordReset.ResetToken, out string errorMessage) == false)
{
string failed = errorMessage;
LogFailure(failed, UserInfo);
actionResult.IsSuccess = false;
actionResult.Message = failed;
return(actionResult);
}
else
{
//check user has a valid profile
UserInfo user = UserController.GetUserByName(PortalSettings.PortalId, username);
UserValidStatus validStatus = UserController.ValidateUser(user, PortalSettings.PortalId, false);
if (validStatus == UserValidStatus.UPDATEPROFILE)
{
LogSuccess(UserInfo);
}
else
{
//Log user in to site
LogSuccess(UserInfo);
UserLoginStatus loginStatus = UserLoginStatus.LOGIN_FAILURE;
UserController.UserLogin(PortalSettings.PortalId, username, PasswordReset.Password, "", "", "", ref loginStatus, false);
actionResult.Message = Localization.GetString("ChangeSuccessful", LocalResourceFile);
}
}
actionResult.IsSuccess = true;
actionResult.IsRedirect = true;
actionResult.RedirectURL = Managers.ResetPasswordManager.RedirectAfterLogin();
}
catch (Exception ex)
{
actionResult.IsSuccess = false;
actionResult.Message = ex.Message;
}
return(actionResult);
}
private void cmdUpdate_Click(Object sender, EventArgs e)
{
if ((UseCaptcha && ctlCaptcha.IsValid) || !UseCaptcha)
{
UserInfo usersData = DotNetNuke.Entities.Users.UserController.GetUserByName(user_Name);
if (IsUserOrAdmin == false && !currentUser.IsInRole("clubadmin"))
{
return;
}
//1. Check New Password and Confirm are the same
if (txtNewPassword.Text != txtNewConfirm.Text)
{
OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordMismatch));
return;
}
//2. Check New Password is Valid
if (!UserController.ValidatePassword(txtNewPassword.Text))
{
OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordInvalid));
return;
}
//3. Check old Password is Provided
if (!IsAdmin && String.IsNullOrEmpty(txtOldPassword.Text) && !currentUser.IsInRole("clubadmin"))
{
OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordMissing));
return;
}
//4. Check New Password is ddifferent
if (!IsAdmin && txtNewPassword.Text == txtOldPassword.Text && !currentUser.IsInRole("clubadmin"))
{
OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordNotDifferent));
return;
}
//5. Check New Password is not same as username or banned
var settings = new MembershipPasswordSettings(User.PortalID);
if (settings.EnableBannedList)
{
var m = new MembershipPasswordController();
if (m.FoundBannedPassword(txtNewPassword.Text) || User.Username == txtNewPassword.Text)
{
OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.BannedPasswordUsed));
return;
}
}
if (!IsAdmin && txtNewPassword.Text == txtOldPassword.Text && !currentUser.IsInRole("clubadmin"))
{
OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordNotDifferent));
return;
}
if (!IsAdmin && !currentUser.IsInRole("clubadmin"))
{
try
{
OnPasswordUpdated(UserController.ChangePassword(User, txtOldPassword.Text, txtNewPassword.Text)
? new PasswordUpdatedEventArgs(PasswordUpdateStatus.Success)
: new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed));
}
catch (MembershipPasswordException exc)
{
//Password Answer missing
Logger.Error(exc);
OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.InvalidPasswordAnswer));
}
catch (ThreadAbortException)
{
//Do nothing we are not logging ThreadAbortxceptions caused by redirects
}
catch (Exception exc)
{
//Fail
Logger.Error(exc);
OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed));
}
}
else
{
try
{
if (CanUpdateUsername())
{
UserController.ChangeUsername(user_Id, txtUserName.Text);
}
UserInfo UserInfoDetails = DotNetNuke.Entities.Users.UserController.GetUserById(PortalId, user_Id);
UserInfoDetails.Membership.Email = txtEmailID.Text;
UserInfoDetails.Email = txtEmailID.Text;
UserController.UpdateUser(PortalId, UserInfoDetails);
bool flag = ResetAndChangePassword(usersData, txtNewPassword.Text);
OnPasswordUpdated(flag ? new PasswordUpdatedEventArgs(PasswordUpdateStatus.Success)
: new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed));
if (flag)
{
PwdStatus.Text = "Password Changed Successfully";
PwdStatus.Visible = true;
statusPassword.Attributes.Add("class", "smallMessage successMessage");
statusPassword.Attributes.Add("style", "display:block");
}
else
{
PwdStatus.Text = "Password Changed Failed";
PwdStatus.Visible = true;
statusPassword.Attributes.Add("class", "smallMessage failureMessage");
statusPassword.Attributes.Add("style", "display:block");
}
}
catch (MembershipPasswordException exc)
{
//Password Answer missing
Logger.Error(exc);
OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.InvalidPasswordAnswer));
}
catch (ThreadAbortException)
{
//Do nothing we are not logging ThreadAbortxceptions caused by redirects
}
catch (Exception exc)
{
//Fail
Logger.Error(exc);
OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed));
}
//try
//{
//}
//catch (Exception exc)
//{
// Logger.Error(exc);
// //var args = new UserUpdateErrorArgs(User.UserID, User.Username, "EmailError");
// //OnUserUpdateError(args);
//}
}
}
}
/// -----------------------------------------------------------------------------
/// <summary>
/// cmdUpdate_Click runs when the Update Button is clicked
/// </summary>
/// <remarks>
/// </remarks>
/// <history>
/// [cnurse] 03/03/2006 created
/// </history>
/// -----------------------------------------------------------------------------
private void cmdUpdate_Click(Object sender, EventArgs e)
{
if (IsUserOrAdmin == false)
{
return;
}
//1. Check New Password and Confirm are the same
if (txtNewPassword.Text != txtNewConfirm.Text)
{
OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordMismatch));
return;
}
//2. Check New Password is Valid
if (!UserController.ValidatePassword(txtNewPassword.Text))
{
OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordInvalid));
return;
}
//3. Check old Password is Provided
if (!IsAdmin && String.IsNullOrEmpty(txtOldPassword.Text))
{
OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordMissing));
return;
}
//4. Check New Password is ddifferent
if (!IsAdmin && txtNewPassword.Text == txtOldPassword.Text)
{
OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordNotDifferent));
return;
}
//5. Check New Password is not same as username or banned
var settings = new MembershipPasswordSettings(User.PortalID);
if (settings.EnableBannedList)
{
var m = new MembershipPasswordController();
if (m.FoundBannedPassword(txtNewPassword.Text) || User.Username == txtNewPassword.Text)
{
OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.BannedPasswordUsed));
return;
}
}
if (!IsAdmin && txtNewPassword.Text == txtOldPassword.Text)
{
OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordNotDifferent));
return;
}
try
{
OnPasswordUpdated(UserController.ChangePassword(User, txtOldPassword.Text, txtNewPassword.Text)
? new PasswordUpdatedEventArgs(PasswordUpdateStatus.Success)
: new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed));
}
catch (MembershipPasswordException exc)
{
//Password Answer missing
Logger.Error(exc);
OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.InvalidPasswordAnswer));
}
catch (ThreadAbortException)
{
//Do nothing we are not logging ThreadAbortxceptions caused by redirects
}
catch (Exception exc)
{
//Fail
Logger.Error(exc);
OnPasswordUpdated(new PasswordUpdatedEventArgs(PasswordUpdateStatus.PasswordResetFailed));
}
}
