locked
Forgotten password (updating password) RRS feed

  • Question

  • User1324547905 posted

    I'm back again with another issue i'm having with my forgotten password implementation. I've managed to get an email to send and have a GUID stored into a user table in the database.

    I've then managed to get the "newPassword" page to load if the GUID in the link matches the GUID in the table.

            [HttpGet]
            public IActionResult newPassword()
            {
                //grabs the code from the email
                string code = HttpContext.Request.Query["code"];
    
                //grabs the user from the table with the ResetToken equal to GUID
                var usersObj =
               _context.Users
               .Where(x => x.ResetToken == code)
               .SingleOrDefault();
    
               //if the UserObj isn't null direct to page
               if( usersObj != null)
                {
                    string code1 = code;
                    return View(usersObj);
                }
               //if UserObj is empty redirect to different page
                else
                {
                    ViewBag.errorMessage = "Email address is invalid.";
                    return Redirect("/Authentication/Login");
                }
            }

    I'm now struggling with the next bit of code in which the user inputs their password into the box and it saves it into the database. I've got an idea on how I'm meant to set it out and what's needed I'm just failing to implement it. At the minute the UsersObj just returns empty.

    HTML

                @using (@Html.BeginForm("resetPassword", "Authentication", FormMethod.Post))
                {
                    <input type="password" id="Password" name="Password" class="form-control" placeholder="Password" required>
                    <input type="password" id="ConfirmPassword" name="Password" class="form-control" placeholder="Confirm Password" onChange="checkPasswordMatch()" required>
                    <div class="registrationFormAlert" id="divCheckPasswordMatch"> </div>
                    <p><input type="submit" name="submit" value="Submit"></p>
                }

    Controller

     [HttpPost]
            public IActionResult resetPassword(Users users)
            {
    
                var usersObj =
                 _context.Users
                 .Where(x => x.Id == users.Id)
                 .SingleOrDefault();
    
                //gets the new password off the form
                string newPassword = Request.Form["Password"];
    
                //grabs the user from the table with the ResetToken equal to GUID
                var oldUser = _context.Users.Where(x => x.Id == users.Id).Single();
    //stores the user in a variable oldUser.Password = usersObj.Password;
    //stores the new password _context.SaveChanges();
    //hash password //Users.Password = BCrypt.Net.BCrypt.HashPassword(Users.Password); return View(); }

    Thursday, July 23, 2020 11:25 AM

Answers

  • User1686398519 posted

    Hi Jimbeanmy,

    1. Because you did not set the user Id on the page, the parameter users.Id value received by resetPassword is empty. Therefore, the query result usersObj is empty.You need to add the Id of the user on the page.
      • @Html.HiddenFor(m => m.Id)
    2. Jimbeamy

      oldUser.Password = usersObj.Password;
      • Here you have not changed the old password.You should modify it like this.
      • oldUser.Password = newPassword;
    3. Jimbeamy

      <input type="password" id="Password" name="Password" class="form-control" placeholder="Password" required>
      <input type="password" id="ConfirmPassword" name="Password" class="form-control" placeholder="Confirm Password" onChange="checkPasswordMatch()" required>
      • Because the value of the parameter is obtained based on the name, when the two names are the same, the "Request.Form[" Password"]" you use will get a collection of all the values ​​whose name is "Password".You can rename it.
      • <input type="password" id="ConfirmPassword" name="ConfirmPassword" class="form-control" placeholder="Confirm Password" onChange="checkPasswordMatch()" required>

    Controller(Just give the modified code.)

            [HttpPost]
            public IActionResult resetPassword(Users users)
            {
                string newPassword = Request.Form["Password"];
                var oldUser = _context.Users.Where(x => x.Id == users.Id).Single();
                oldUser.Password = newPassword;
                _context.SaveChanges();
                return RedirectToAction("Index");
            }

    newPassword

    @model WebApplication7.Models.Users
    @using (@Html.BeginForm("resetPassword", "Test4", FormMethod.Post,new {id="formtest" }))
    {
        @Html.HiddenFor(m => m.Id)
        <input type="password" id="Password" name="Password" class="form-control" placeholder="Password" required>
        <input type="password" id="ConfirmPassword" name="ConfirmPassword" class="form-control" placeholder="Confirm Password" onChange="checkPasswordMatch()" required>
        <div class="registrationFormAlert" id="divCheckPasswordMatch"> </div>
        <p><input type="submit" name="submit" value="Submit"></p>
    }
    @section scripts{
        <script>
            $("#formtest").submit(function (event) {
                if (!checkPasswordMatch()) {
                    alert("Inconsistent passwords"); return false;
                }
            });
            $("#ConfirmPassword").blur(function () {
                if (!checkPasswordMatch()){
                    alert("Inconsistent passwords");
                }
            });
            function checkPasswordMatch() {
                    var pwd = $("#Password").val();
                    var confpwd = $("#ConfirmPassword").val();
                    return pwd != confpwd?false:true;
            }
        </script>
    }

    Here is the result.

    Best regards,

    Yihui Sun

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, July 24, 2020 6:23 AM

All replies

  • User475983607 posted

    I'm now struggling with the next bit of code in which the user inputs their password into the box and it saves it into the database. I've got an idea on how I'm meant to set it out and what's needed I'm just failing to implement it. At the minute the UsersObj just returns empty.

    The HTML form does submit a user Id but the LINQ query is dependent on the form submitting a user id.  I assume the GUID is part of the URL.  I'm guessing you can use the Guid to get the user Id.  Either add the GUID to the BeginForm as a route parameter or place the GUID in a hidden field within the form.

    Thursday, July 23, 2020 1:07 PM
  • User1686398519 posted

    Hi Jimbeanmy,

    1. Because you did not set the user Id on the page, the parameter users.Id value received by resetPassword is empty. Therefore, the query result usersObj is empty.You need to add the Id of the user on the page.
      • @Html.HiddenFor(m => m.Id)
    2. Jimbeamy

      oldUser.Password = usersObj.Password;
      • Here you have not changed the old password.You should modify it like this.
      • oldUser.Password = newPassword;
    3. Jimbeamy

      <input type="password" id="Password" name="Password" class="form-control" placeholder="Password" required>
      <input type="password" id="ConfirmPassword" name="Password" class="form-control" placeholder="Confirm Password" onChange="checkPasswordMatch()" required>
      • Because the value of the parameter is obtained based on the name, when the two names are the same, the "Request.Form[" Password"]" you use will get a collection of all the values ​​whose name is "Password".You can rename it.
      • <input type="password" id="ConfirmPassword" name="ConfirmPassword" class="form-control" placeholder="Confirm Password" onChange="checkPasswordMatch()" required>

    Controller(Just give the modified code.)

            [HttpPost]
            public IActionResult resetPassword(Users users)
            {
                string newPassword = Request.Form["Password"];
                var oldUser = _context.Users.Where(x => x.Id == users.Id).Single();
                oldUser.Password = newPassword;
                _context.SaveChanges();
                return RedirectToAction("Index");
            }

    newPassword

    @model WebApplication7.Models.Users
    @using (@Html.BeginForm("resetPassword", "Test4", FormMethod.Post,new {id="formtest" }))
    {
        @Html.HiddenFor(m => m.Id)
        <input type="password" id="Password" name="Password" class="form-control" placeholder="Password" required>
        <input type="password" id="ConfirmPassword" name="ConfirmPassword" class="form-control" placeholder="Confirm Password" onChange="checkPasswordMatch()" required>
        <div class="registrationFormAlert" id="divCheckPasswordMatch"> </div>
        <p><input type="submit" name="submit" value="Submit"></p>
    }
    @section scripts{
        <script>
            $("#formtest").submit(function (event) {
                if (!checkPasswordMatch()) {
                    alert("Inconsistent passwords"); return false;
                }
            });
            $("#ConfirmPassword").blur(function () {
                if (!checkPasswordMatch()){
                    alert("Inconsistent passwords");
                }
            });
            function checkPasswordMatch() {
                    var pwd = $("#Password").val();
                    var confpwd = $("#ConfirmPassword").val();
                    return pwd != confpwd?false:true;
            }
        </script>
    }

    Here is the result.

    Best regards,

    Yihui Sun

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, July 24, 2020 6:23 AM