zenani mthembu

zenani mthembu

  • 1.8k
  • 35
  • 408

reset password with link sent to email id

May 20 2019 3:58 AM
i have a page where if the user has forgotten their password they type in their email addr and if they are on the database they will be sent a link to the reset password page so they can enter their new password. firstly i generate a new guid and update my user table with it when user clicks on forgot password ,my problem is that the table is not being updated with new guid (i ran the query on sql and it worked) , the user receives the link via email to reset password but the password does not get reset. not sure what im missing
 
here is the code for both pages:
Forgot page 
  1. protected void LinkButton1_Click1(object sender, EventArgs e)  
  2.     {  
  3.         Response.Redirect("~/index.aspx");  
  4.     }  
  5.   
  6.       
  7.     public void forgotpassword()  
  8.     {  
  9.         SqlConnection con = new SqlConnection(strConnString);  
  10.         SqlCommand cmd = new SqlCommand("select * from [dbo].[Register] where pb_Email= @email", con);  
  11.         cmd.Parameters.AddWithValue("@email", txtEmailP.Text);  
  12.   
  13.         con.Open();  
  14.         SqlDataReader dr = cmd.ExecuteReader();  
  15.   
  16.         if (dr.HasRows)  
  17.             {  
  18.                 dr.Read();  
  19.   
  20.   
  21.                 string uniqueCode = Convert.ToString(System.Guid.NewGuid());  
  22.                 SqlCommand com = new SqlCommand("update [Register] set [UniqueCode] = @uniqueCode where pb_Email= @email", con);  
  23.                 com.Parameters.AddWithValue("@uniqueCode",uniqueCode);  
  24.                 com.Parameters.AddWithValue("@email",txtEmailP.Text.Trim());  
  25.   
  26.                  try  
  27.             {  
  28.                 string emailFrom = "myhost@mydomain.com";  
  29.                
  30.   
  31.   
  32.                 StringBuilder strBody = new StringBuilder();  
  33.                 //Passing emailid,username and generated unique code via querystring. For testing pass your localhost number and while making online pass your domain name instead of localhost path.  
  34.                 strBody.Append("<a href=http://localhost:7902/ResetPassword.aspx?emailId=" + txtEmailP.Text + "&uCode=" + uniqueCode + ">Click here to change your password</a>");  
  35.                 // sbody.Append("&uCode=" + uniqueCode + txtUserName.Text + ">Click here to change your password</a>");  
  36.   
  37.   
  38.   
  39.                
  40.                 string body = "<div style='border: medium solid grey; width: 500px; height: 266px;font-family: arial,sans-serif; font-size: 17px;'>";  
  41.                 body += "<h3 margin-top:0px;'>Password Recovery</h3>";  
  42.                 body += "<br />";  
  43.                 body += strBody;  
  44.                 body += "<br />";  
  45.                 body += "<br />";  
  46.                 body += "Kinds Regards";  
  47.                 body += "<br />";  
  48.                 body += "</div>";  
  49.   
  50.                 System.Net.Mail.MailMessage message = new System.Net.Mail.MailMessage();  
  51.                 //message.To.Add(emailTo);  
  52.                 //message.Subject = subject;  
  53.                 message.From = new System.Net.Mail.MailAddress(emailFrom);  
  54.                 message.IsBodyHtml = true;  
  55.                 message.Body = body;  
  56.                 message.Priority = System.Net.Mail.MailPriority.High;  
  57.                 message.Subject = "Password Reset";  
  58.   
  59.                 message.From = new System.Net.Mail.MailAddress(emailFrom);  
  60.   
  61.   
  62.                 SmtpClient SmtpMail = new SmtpClient();  
  63.                 SmtpMail.EnableSsl = true;  
  64.                 SmtpMail.Port = 25;  
  65.                 SmtpMail.Host = "myhost";  
  66.              
  67.                 System.Net.ServicePointManager.ServerCertificateValidationCallback = delegate(object s,  
  68.                           System.Security.Cryptography.X509Certificates.X509Certificate certificate,  
  69.                           System.Security.Cryptography.X509Certificates.X509Chain chain,  
  70.                           System.Net.Security.SslPolicyErrors sslPolicyErrors)  
  71.                 {  
  72.                     return true;  
  73.                 };  
  74.   
  75.                 // compare session username to username in database  
  76.                 SqlCommand command = new SqlCommand(@"SELECT Email FROM [Register] WHERE @email = [Email]");  
  77.                 command.Parameters.AddWithValue("@email", txtEmailP.Text);  
  78.   
  79.                 using (SqlConnection connection =  
  80.                            new SqlConnection(strConnString))  
  81.                 {  
  82.   
  83.                     connection.Open();  
  84.   
  85.                     command.Connection = connection;  
  86.   
  87.                     SqlDataReader reader = command.ExecuteReader();  
  88.   
  89.                     // Call Read before accessing data.  
  90.                     while (reader.Read())  
  91.                     {  
  92.   
  93.                         var to = new MailAddress(reader["Email"].ToString());  
  94.                         message.To.Add(to);  
  95.   
  96.                     }  
  97.   
  98.                     // Passing values to smtp object          
  99.                     SmtpMail.Send(message);  
  100.   
  101.   
  102.   
  103.     
  104.                     ScriptManager.RegisterStartupScript(thisthis.GetType(), "redirect""alert('request submitted.an email will be sent to you'); window.location='" + Request.ApplicationPath + "index.aspx';"true);  
  105.               ;  
  106.   
  107.                     // Call Close when done reading.  
  108.                     reader.Close();  
  109.                 }  
  110.   
  111.   
  112.   
  113.             }  
  114.   
  115.                   
  116.   
  117.             catch (Exception ex)  
  118.             {  
  119.                 throw ex;  
  120.             }  
  121.   
  122.   
  123.         }  
  124.                   
  125.             }  
  126.   
  127.       
  128.     protected void Button1_Click(object sender, EventArgs e)  
  129.     {  
  130.   
  131.         //this.forgot();  
  132.         this.forgotpassword();  
  133.     }  
  134. }  
 Reset page
  1. protected void Page_Load(object sender, EventArgs e)  
  2.    {  
  3.        if (!Page.IsPostBack)  
  4.        {  
  5.            SqlDataReader dr;  
  6.            try  
  7.            {  
  8.                SqlConnection con = new SqlConnection(strConnString);  
  9.                SqlCommand cmd = new SqlCommand("select Email,UniqueCode from [Register] where UniqueCode=@uniqueCode and Email=@email", con);  
  10.                cmd.Parameters.AddWithValue("@uniqueCode", Convert.ToString(Request.QueryString["uCode"]));  
  11.                cmd.Parameters.AddWithValue("@email", Convert.ToString(Request.QueryString["emailId"]));  
  12.   
  13.                con.Open();  
  14.                dr = cmd.ExecuteReader();  
  15.                dr.Close();  
  16.                con.Close();  
  17.            }  
  18.   
  19.            catch (Exception)  
  20.            {  
  21.                //ClientScript.RegisterStartupScript(GetType(), "alert", ex.ToString(), true);  
  22.   
  23.            }  
  24.   
  25.   
  26.        }  
  27.    }  
  28.         
  29.    private string Encrypt(string clearText)  
  30.    {  
  31.        string EncryptionKey = "ABCDEFGHIJKLMNOPQRSTUVWXYZ123456789";  
  32.        byte[] clearBytes = Encoding.Unicode.GetBytes(clearText);  
  33.        using (Aes encryptor = Aes.Create())  
  34.        {  
  35.            Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });  
  36.            encryptor.Key = pdb.GetBytes(32);  
  37.            encryptor.IV = pdb.GetBytes(16);  
  38.            using (MemoryStream ms = new MemoryStream())  
  39.            {  
  40.                using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write))  
  41.                {  
  42.                    cs.Write(clearBytes, 0, clearBytes.Length);  
  43.                    cs.Close();  
  44.                }  
  45.                clearText = Convert.ToBase64String(ms.ToArray());  
  46.            }  
  47.        }  
  48.        return clearText;  
  49.    }  
  50.   
  51.      
  52.    protected void Button1_Click(object sender, EventArgs e)  
  53.    {  
  54.        try  
  55.        {  
  56.            SqlConnection con = new SqlConnection(strConnString);  
  57.            // Here we will update the new password and also set the unique code to null so that it can be used only for once.  
  58.            SqlCommand cmd = new SqlCommand("update [Register] set UniqueCode='',Password=@pwd where uniqueCode=@uniqueCode and Email=@emailid", con);  
  59.            cmd.Parameters.AddWithValue("@uniqueCode", Convert.ToString(Request.QueryString["uCode"]));  
  60.            cmd.Parameters.AddWithValue("@emailid", Convert.ToString(Request.QueryString["emailId"]));  
  61.   
  62.            cmd.Parameters.AddWithValue("@pwd", Encrypt(txtNewPassword.Text.Trim()));  
  63.            if (con.State == ConnectionState.Closed)  
  64.            {  
  65.                con.Open();  
  66.            }  
  67.            cmd.ExecuteNonQuery();  
  68.   
  69.            txtNewPassword.Text = string.Empty;  
  70.            ClientScript.RegisterStartupScript(GetType(), "alert""alert('password updated');"true);  
  71.            con.Close();  
  72.            cmd.Dispose();  
  73.            //Response.Redirect("~/index.aspx");  
  74.        }  
  75.        catch (Exception)  
  76.        {  
  77.            //ClientScript.RegisterStartupScript(GetType(), "alert", ex.Message.ToString(), true);  
  78.        }  
  79.         
  80.    }  
 

Answers (1)