protected bool ChangePassword(string token, UserAcc account) { try { var isActive = con.ValidatePasswordRecoveryAttempt(token, account.username) == 1; if (isActive) { var user = con.GetUserInfo(account.username).SingleOrDefault(); if (user != null) { //check if the user actually exists string SHASalt = MembershipProvider.CreateNewSaltString(); //Create Salt String byte[] saltBytes = Convert.FromBase64String(SHASalt); //Convert Salt String //Generte Hash and Salt for new password and add it to the Database var SHAHash = MembershipProvider.GenerateHash(account.password, saltBytes); //used only for external, so set permission to 2 con.Set_PasswordPermissions(user.UserID.ToString(), SHAHash, SHASalt); return(true); } else { return(false); //user doesnt exist } } else { return(false); //username is null } } catch (Exception ex) { ExceptionLog.LogException(ex); return(false); //error occured } }