protected void BtnChange_Click(object sender, EventArgs e)
{
User u = Utils.GetUser(Session);
string email = u != null ? u.Email : tbEmail.Text;
bool canProceed = true;
string hashPasswd = Hashing.Hash(tbPasswd1.Text);
if (String.IsNullOrEmpty(email)) // czy wypełniono email
{
SetState(checkEmail, State.Wrong);
canProceed = false;
}
if (String.IsNullOrEmpty(tbPasswd1.Text)) // czy wypełniono pierwsze hasło
{
SetState(checkPasswd1, State.Wrong);
canProceed = false;
}
if (String.IsNullOrEmpty(tbPasswd2.Text)) // czy wypełniono drugie hasło
{
SetState(checkPasswd2, State.Wrong);
canProceed = false;
}
if (canProceed) // jeśli tak to drugi etap weryfikacji
{
// Pobranie hasła do danego maila
sqlEmailPassword.CancelSelectOnNullParameter = false;
sqlEmailPassword.SelectCommand = "SELECT [Email], [Password] FROM [Users] WHERE ([Email] = '" + email + "')";
DataView dv = SQLHelper.SQLSelect(sqlEmailPassword);
if (dv.Count == 0) // jeśli nie ma adresu
{
SetState(checkEmail, State.Wrong);
labCheckEmail.InnerText = "Nie odnaleziono adresu w bazie danych";
canProceed = false;
}
if (tbPasswd1.Text != tbPasswd2.Text) // jeśli hasła są różne
{
SetState(checkPasswd1, State.Wrong);
SetState(checkPasswd2, State.Wrong);
labCheckPasswd.InnerText = "Hasła nie są zgodne.";
canProceed = false;
}
else if (tbPasswd2.Text.Length < 8) // jeśli hasło za krótkie
{
SetState(checkPasswd1, State.Wrong);
SetState(checkPasswd2, State.Wrong);
labCheckPasswd.InnerText = "Hasło musi mieć minimum 8 znaków.";
canProceed = false;
}
else if (Hashing.ComparePasswords(tbPasswd1.Text, dv[0][1].ToString())) // jeśli takie jak stare hasło
{
SetState(checkPasswd1, State.Wrong);
SetState(checkPasswd2, State.Wrong);
labCheckPasswd.InnerText = "Nowe hasło musi być różne od starego hasła.";
canProceed = false;
}
if (canProceed)
{
// aktualizacja hasła w bazie
sqlEmailPassword.UpdateCommand = "UPDATE [Users] SET [Password] = '" + hashPasswd + "' WHERE [Email] = '" + email + "'";
sqlEmailPassword.Update();
Session[Utils.PASSWDCHANGED] = tbEmail.Text;
if (Utils.GetUser(Session) != null)
{
Response.Redirect("UserInfo.aspx"); // powrót na stronę usera jeśli zalogowany
}
else
{
Response.Redirect("LoginChange.aspx"); // na stronę informacyjną jeśli nie
}
}
}
}
protected void BtnRegister_Click(object sender, EventArgs e)
{
bool canProceed = true;
// Imię
if (String.IsNullOrWhiteSpace(tbName.Text))
{
SetState(checkName, State.Wrong);
canProceed = false;
}
else
{
SetState(checkName, State.Right);
}
// Nazwisko
if (String.IsNullOrWhiteSpace(tbLastname.Text))
{
SetState(checkLastname, State.Wrong);
canProceed = false;
}
else
{
SetState(checkLastname, State.Right);
}
// Email
labCheckEmail.InnerText = "";
if (String.IsNullOrWhiteSpace(tbEmail.Text))
{
SetState(checkEmail, State.Wrong);
canProceed = false;
}
else
{
DataView dv = SQLHelper.SQLSelect(SqlShopDatabaseSelectEmail);
if (dv.Count == 0)
{
SetState(checkEmail, State.Right);
}
else
{
SetState(checkEmail, State.Wrong);
labCheckEmail.InnerText = "Na ten adres już założono konto.";
canProceed = false;
}
}
// Hasło
bool passwordsReady = true;
labCheckPasswd.InnerText = "";
if (String.IsNullOrEmpty(tbPasswd1.Text))
{
SetState(checkPasswd1, State.Wrong);
canProceed = passwordsReady = false;
}
if (String.IsNullOrEmpty(tbPasswd2.Text))
{
SetState(checkPasswd2, State.Wrong);
canProceed = passwordsReady = false;
}
if (passwordsReady)
{
if (tbPasswd1.Text != tbPasswd2.Text)
{
SetState(checkPasswd1, State.Wrong);
SetState(checkPasswd2, State.Wrong);
canProceed = passwordsReady = false;
labCheckPasswd.InnerText = "Hasła nie są zgodne.";
}
else if (tbPasswd1.Text.Length < 8)
{
SetState(checkPasswd1, State.Wrong);
SetState(checkPasswd2, State.Wrong);
canProceed = passwordsReady = false;
labCheckPasswd.InnerText = "Hasło powinno mieć przynajmiej 8 znaków.";
}
else
{
SetState(checkPasswd1, State.Right);
SetState(checkPasswd2, State.Right);
}
}
Debug.WriteLine("");
if (!IsReCaptchValid())
{
Debug.WriteLine("reCAPTCHA nie jest prawidłowa.");
canProceed = false;
}
else
{
Debug.WriteLine("reCAPTCHA Prawidłowa.");
}
if (canProceed)
{
tbPasswd1.Text = Hashing.Hash(tbPasswd1.Text);
int result = sqlShopDatabaseInsert.Insert();
if (result > 0)
{
DataView dv = SQLHelper.SQLSelect(SqlInsertVerification); // get new user ID
string verificationString = Hashing.Hash(dv[0]["Id"].ToString() + DateTime.Now.ToString()); // hash id to get verification key
SqlInsertVerification.InsertCommand =
String.Format("INSERT INTO [Verification] VALUES ({0}, '{1}')", dv[0]["Id"], verificationString); // prepare insert key to table
Debug.WriteLine(SqlInsertVerification.InsertCommand);
SqlInsertVerification.Insert(); // insert
Mailing.SendEmail(tbEmail.Text, verificationString); // send email
Session[Utils.FIRSTREGISTER] = true;
Response.Redirect("LoginChange.aspx");
}
else
{
Utils.MessageBox("Konto nie mogło zostać założone.", this);
}
}
}
protected void BtnChange_Click(object sender, EventArgs e)
{
Session[Utils.EMAILCHANGING] = true;
bool canProceed = true;
if (String.IsNullOrEmpty(tbEmail.Text))
{
SetState(checkEmail, State.Wrong);
canProceed = false;
}
labCheckPasswd.InnerText = "";
if (String.IsNullOrEmpty(tbPasswd.Text))
{
SetState(checkPasswd, State.Wrong);
labCheckPasswd.InnerText = "Wprowadź hasło";
canProceed = false;
}
if (canProceed)
{
// czy email już istnieje w bazie
sqlDeleteUpdate.SelectCommand = "SELECT [Id] FROM [Users] WHERE [Email] = '" + tbEmail.Text + "'";
DataView dv = SQLHelper.SQLSelect(sqlDeleteUpdate);
labCheckEmail.InnerText = "";
if (dv.Count > 0)
{
SetState(checkEmail, State.Wrong);
labCheckEmail.InnerText = "Podany adres email istnieje już w bazie danych.";
}
else
{
// czy hasło do konta jest zgodne
int userId = Utils.GetUser(Session).Id;
sqlDeleteUpdate.SelectCommand = "SELECT [Password], [Active] FROM [Users] WHERE [Id] = " + userId;
dv = SQLHelper.SQLSelect(sqlDeleteUpdate);
if (Hashing.ComparePasswords(tbPasswd.Text, dv[0][0].ToString()))
{
// zaktualizuj maila i wyłącz konto
sqlDeleteUpdate.UpdateCommand = "UPDATE [Users] SET [Email] = '" + tbEmail.Text + "', [Active] = 0 WHERE [Id] = " + userId;
sqlDeleteUpdate.Update();
string hash = Hashing.Hash(userId + DateTime.Now.ToString()); // generate new hash
if (!(bool)dv[0][1]) // if inactive
{
sqlDeleteUpdate.UpdateCommand = "UPDATE [Verification] SET [Code] = '" + hash + "' WHERE [UserId] = " + userId;
sqlDeleteUpdate.Update(); // update database
}
else // if active account
{
sqlDeleteUpdate.InsertCommand = "INSERT INTO [Verification] VALUES (" + userId + ", '" + hash + "')";
sqlDeleteUpdate.Insert();
}
Mailing.SendEmail(tbEmail.Text, hash); // send new email
Utils.GetUser(Session).Email = tbEmail.Text;
Utils.GetUser(Session).Active = false;
Session[Utils.EMAILCHANGED] = true;
Session[Utils.EMAILCHANGING] = null;
Response.Redirect(Request.RawUrl);
}
}
}
}