public void ProcessRequest(HttpContext context)
{
string userId = FooSessionHelper.GetUserObjectFromCookie(context).UserId;
string jsonString = new StreamReader(context.Request.InputStream).ReadToEnd();
var resetObj = JsonConvert.DeserializeObject <ResetObject>(jsonString);
string password = resetObj.Password.Trim();
string confirmation = resetObj.Confirmation.Trim();
if (password != confirmation)
{
context.Response.Write("Reset Failed");
}
if (!String.IsNullOrEmpty(password))
{
bool reset = do_reset.UpdatePassword(userId, password);
if (reset)
{
string email = FooEmailHelper.GetEmailForAccount(userId);
var emailObj = new EmailObject
{
Body =
"Your FooBlog password has been reset. If you did not perform this action, please contact a FooBlog administrator using your registered email account",
Subject = "FooBlog Password Reset",
ToAddress = email
};
FooEmailHelper.SendEmail(emailObj);
context.Response.Write("Reset OK");
}
else
{
context.Response.Write("Reset Failed");
}
}
}
protected void submitButton_Click(object sender, EventArgs e)
{
string email = emailText.Text.Trim();
if (!String.IsNullOrEmpty(email) || !FooStringHelper.IsValidEmailAddress(email))
{
if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
{
if (FooEmailHelper.CheckIfEmailExists(email, null))
{
UserObject user = GetUserObjByEmail(email);
if (user != null)
{
string resetToken = FooStringHelper.RandomString(24);
string resetId = MakeResetRequest(user.UserId, resetToken);
string resetUrl = FooStringHelper.MakeResetUrl(resetId, resetToken);
string emailBody =
String.Format(
"Hi {0},<br/><br/>Your FooBlog password for account '{1}' can be reset by visiting the following link:<br/><br/><a href=\"{2}\">{3}</a><br/><br/>The link is valid for 24 hours. If you did not request this reset, simply do not visit the link - your current password will remain unchanged.<br/><br/>Cheers,<br/>The FooBlog Team.",
user.UserAlias, user.Username, resetUrl, resetUrl);
const string emailSubject = "FooBlog Password Reset";
var mailObj = new EmailObject {
Body = emailBody, Subject = emailSubject, ToAddress = email
};
bool sendMail = FooEmailHelper.SendEmail(mailObj);
if (sendMail)
{
errorPanel.Visible = false;
formPanel.Visible = false;
successPanel.Visible = true;
successLabel.Text = "A reset link has been sent to your registered email account.";
}
}
else
{
errorPanel.Visible = true;
errorLabel.Text = "Invalid details.";
}
}
else
{
errorPanel.Visible = true;
errorLabel.Text = "Invalid request.";
}
}
else
{
errorPanel.Visible = true;
errorLabel.Text = "Invalid details.";
}
}
else
{
errorPanel.Visible = true;
errorLabel.Text = "Incomplete or invalid details.";
}
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
}
protected void submitButton_Click(object sender, EventArgs e)
{
string password = passText.Text.Trim();
string confirmation = confirmText.Text.Trim();
if (password != confirmation)
{
errorLabel.Text = "The password and confirmation do not match.";
return;
}
string resetId = Request.QueryString["id"];
string token = Request.QueryString["token"];
if (!String.IsNullOrEmpty(resetId) && !String.IsNullOrEmpty(token) && !String.IsNullOrEmpty(password))
{
if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
{
string userId = GetAccountForReset(resetId, token);
if (!String.IsNullOrEmpty(userId))
{
bool doReset = UpdatePassword(userId, password);
if (doReset)
{
errorPanel.Visible = false;
formPanel.Visible = false;
successPanel.Visible = true;
string email = FooEmailHelper.GetEmailForAccount(userId);
var emailObj = new EmailObject
{
Body =
"Your FooBlog password has been reset. If you did not perform this action, please contact a FooBlog administrator using your registered email account",
Subject = "FooBlog Password Reset",
ToAddress = email
};
FooEmailHelper.SendEmail(emailObj);
successLabel.Text =
"Your password has been reset. You can proceed to <a href=\"login.aspx\">login</a> again.";
errorPanel.Visible = false;
errorLabel.Text = "";
}
}
}
else
{
errorPanel.Visible = true;
errorLabel.Text = "Invalid request.";
}
}
else
{
errorPanel.Visible = true;
errorLabel.Text = "Passwords do not match.";
}
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
}