public static void SendRecoveryEmail(string emailAddress)
{
long id = -1;
string token = "";
string body;
using (MySqlConnection con = new MySqlConnection(ConfigurationManager.ConnectionStrings["Development"].ConnectionString))
{
con.Open();
using (MySqlCommand cmd = new MySqlCommand())
{
cmd.Connection = con;
cmd.CommandText = "SELECT users.UserID FROM users WHERE users.UserEmail = @email;";
cmd.Parameters.AddWithValue("@email", emailAddress);
cmd.Prepare();
using (MySqlDataReader reader = cmd.ExecuteReader())
{
if (reader.Read())
{
// Get data:
id = Convert.ToInt64(reader["UserID"]);
token = GenerateToken();
body = ResetManager.GenerateEmail(token);
}
else
{
// User doesn't exist. Send an email saying so!
body = ResetManager.GenerateEmail();
}
}
}
if (id != -1)
{
using (MySqlCommand cmd = new MySqlCommand())
{
cmd.Connection = con;
cmd.CommandText = "INSERT INTO passwordResets (UserID, ResetHash) VALUES (@uid, @hash);";
cmd.Parameters.AddWithValue("@uid", id);
cmd.Parameters.AddWithValue("@hash", PasswordReset.ComputeHash(token));
cmd.Prepare();
cmd.ExecuteNonQuery();
}
}
}
MailMessage email = new MailMessage(new MailAddress("The Gift Hub<*****@*****.**>"), new MailAddress(emailAddress));
email.Body = body;
email.Subject = "Password Reset";
email.IsBodyHtml = true;
using (SmtpClient sender = new SmtpClient("smtp.gmail.com", 587))
{
sender.EnableSsl = true;
sender.DeliveryMethod = SmtpDeliveryMethod.Network;
sender.UseDefaultCredentials = false;
sender.Credentials = new NetworkCredential("*****@*****.**", Resources.emailPassword);
sender.Send(email);
}
}
public static long GetUser(string token)
{
long ret;
DateTime timestamp;
// Hash and query DB for hash; if not found, throw error. Otherwise, get the user
string hashed = PasswordReset.ComputeHash(token);
using (MySqlConnection con = new MySqlConnection(ConfigurationManager.ConnectionStrings["Development"].ConnectionString))
{
con.Open();
using (MySqlCommand cmd = new MySqlCommand())
{
cmd.Connection = con;
cmd.CommandText = "SELECT passwordResets.UserID, passwordResets.TimeCreated FROM passwordResets WHERE passwordResets.ResetHash = @hash;";
cmd.Parameters.AddWithValue("@hash", hashed);
cmd.Prepare();
using (MySqlDataReader reader = cmd.ExecuteReader())
{
if (!reader.HasRows)
{
// Throw UserNotFound
throw new UserNotFoundException(Convert.FromBase64String(token));
}
else
{
reader.Read();
ret = Convert.ToInt64(reader["UserID"]);
timestamp = (DateTime)(reader["TimeCreated"]);
if (timestamp.AddMinutes(30) < DateTime.Now)
{
// More than 30 minutes have passed; throw error:
throw new PasswordResetTimeoutException();
}
}
}
}
using (MySqlCommand cmd = new MySqlCommand())
{
cmd.Connection = con;
cmd.CommandText = "DELETE FROM passwordResets WHERE passwordResets.ResetHash = @hash;";
cmd.Parameters.AddWithValue("@hash", hashed);
cmd.Prepare();
// Finish with reader, then do this
cmd.ExecuteNonQuery();
}
return(ret);
}
}
private static bool VerifyToken(string token, string hashed)
{
return(hashed.Equals(PasswordReset.ComputeHash(token)));
}