protected bool ChangePassword(string token, UserAcc account)
{
try
{
var isActive = con.ValidatePasswordRecoveryAttempt(token, account.username) == 1;
if (isActive)
{
var user = con.GetUserInfo(account.username).SingleOrDefault();
if (user != null)
{ //check if the user actually exists
string SHASalt = MembershipProvider.CreateNewSaltString(); //Create Salt String
byte[] saltBytes = Convert.FromBase64String(SHASalt); //Convert Salt String
//Generte Hash and Salt for new password and add it to the Database
var SHAHash = MembershipProvider.GenerateHash(account.password, saltBytes);
//used only for external, so set permission to 2
con.Set_PasswordPermissions(user.UserID.ToString(), SHAHash, SHASalt);
return(true);
}
else
{
return(false); //user doesnt exist
}
}
else
{
return(false); //username is null
}
}
catch (Exception ex)
{
ExceptionLog.LogException(ex);
return(false); //error occured
}
}
