protected void btnSubmit_Click(object sender, EventArgs e)
{
using(CSSDataContext db = new CSSDataContext())
{
// If the page loaded, then don't worry about the date at this point, they'll get a free ride if
// they camped on the page for a while. The date is just to keep the enemy from getting a hold
// of an old email and coming back in with it.
var logins = db.Logins.Where(p => p.PasswordResetGuid == new Guid(Request.Params["resetGuid"]));
foreach(var login in logins)
{
CssMembershipProvider cssMembershipProvider = new CssMembershipProvider();
string tempPassword = cssMembershipProvider.ResetPassword(login.Username, null);
cssMembershipProvider.ChangePassword(login.Username, tempPassword, txtPassword.Text);
}
db.Refresh(System.Data.Linq.RefreshMode.OverwriteCurrentValues, logins);
foreach (var login in logins)
{
// Keep anyone from reusing an old password reset mail.
login.PasswordResetGuid = Guid.Empty;
}
db.SubmitChanges();
}
divResetPassword.Visible = false;
divResetSuccess.Visible = true;
}
public static bool TryGetAuthenticatedLogin(CSSDataContext db, string username, string password, out Login login, out LoginStatus loginStatus)
{
loginStatus = LoginStatus.Authenticated;
login = Login.FindLoginByUsernameOrCallsign(db, username);
if (login == null)
loginStatus = LoginStatus.InvalidCredentials;
else if (login.IsBanned)
loginStatus = LoginStatus.AccountLocked;
else
{
CssMembershipProvider provider = new CssMembershipProvider();
if (provider.ValidateUser(login.Username, password) == false)
loginStatus = LoginStatus.InvalidCredentials;
else
loginStatus = LoginStatus.Authenticated;
}
return loginStatus == LoginStatus.Authenticated;
}