locked
Password recovery Issue RRS feed

  • Question

  • User-1994446809 posted

    I am trying to create password recovery link to be sent to user email. I created a table that will store password reset requests, the table has 3 columns:

    1. Id with datatype as uniqueidentifier

    2. email (with datatype as nvarchar)

    3. RequestDateTime (with datatype as datetime)

    The email column in the table is a foreign key linked to primary key email column in another table (Signup Table)

    This is the server-side code I used

    using System;
    using System.Collections.Generic;
    using System.Data;
    using System.Web.Security;
    using System.Xml.Linq;
    using System.Web;
    using System.Web.UI;
    using System.Web.UI.HtmlControls;
    using System.Web.UI.WebControls;
    using System.Web.UI.WebControls.WebParts;
    using System.Data.SqlClient;
    using System.Configuration;
    using System.Drawing;
    using System.Net.Mail;
    using System.Net;
    
    public partial class PasswordRecovery : System.Web.UI.Page
    {
        SqlCommand cmd = new SqlCommand();
        SqlDataAdapter sda = new SqlDataAdapter();
        DataSet ds = new DataSet();
        SqlConnection con = new SqlConnection("Data Source=(LocalDB)\\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\\Dataregister.mdf;Integrated Security=True");
    
        protected void Page_Load(object sender, EventArgs e)
        {
    
        }
    
        protected void btnPassRec_Click(object sender, EventArgs e)
        {
            SqlCommand cmd = new SqlCommand("SELECT * from Signup where email='"+tbEmailId.Text+"'", con);
            con.Open();
            SqlDataAdapter sda = new SqlDataAdapter(cmd);
            DataTable dt = new DataTable();
            sda.Fill(dt);
    
            if (dt.Rows.Count > 0)
            {
                String myGUID = Guid.NewGuid().ToString();
                var email = Convert.ToString(dt.Rows[0][0]);
                SqlCommand cmd1 = new SqlCommand("insert into ForgotPassRequests values ('"+myGUID+"','"+email+"', getdate())", con);
                cmd1.ExecuteNonQuery();
    
                string ToEmailAddress = dt.Rows[0][0].ToString();
                //string Username = dt.Rows[0][1].ToString();
                String EmailBody = "HI " + email + " <br/><br/> Click the link below to reset your password <br/><br/> http://localhost:55752/ResetPassword.aspx?email="+myGUID;
                MailMessage PassRecMail = new MailMessage("youremail@gmail.com", ToEmailAddress);
                PassRecMail.Body = EmailBody;
                PassRecMail.IsBodyHtml = true;
                PassRecMail.Subject = "Reset Password";
    
                SmtpClient SMTP = new SmtpClient("smtp.gmail.com", 587);
                SMTP.Credentials = new NetworkCredential()
                {
                    UserName = "youremail@gmail.com",
                    Password = "youGmailPassword"
    
                };
                SMTP.EnableSsl = true;
                SMTP.Send(PassRecMail);
    
                LblPassRec.Text = "Password Reset Link has been sent to Email";
                LblPassRec.ForeColor = Color.Green;
    
            }
            else
            {
                LblPassRec.Text = "User Email DOES NOT exist !";
                LblPassRec.ForeColor = Color.Red;
            }
        }
    }

    When I tested this, I got an error on the browser, as shown below:

    If I change the string from "ToEmailAddress = dt.Rows[0][0].ToString();" to "ToEmailAddress = dt.Rows[0][2].ToString();" highlighted in yellow area in the code-behind:

    using System;
    using System.Collections.Generic;
    using System.Data;
    using System.Web.Security;
    using System.Xml.Linq;
    using System.Web;
    using System.Web.UI;
    using System.Web.UI.HtmlControls;
    using System.Web.UI.WebControls;
    using System.Web.UI.WebControls.WebParts;
    using System.Data.SqlClient;
    using System.Configuration;
    using System.Drawing;
    using System.Net.Mail;
    using System.Net;
    
    public partial class PasswordRecovery : System.Web.UI.Page
    {
        SqlCommand cmd = new SqlCommand();
        SqlDataAdapter sda = new SqlDataAdapter();
        DataSet ds = new DataSet();
        SqlConnection con = new SqlConnection("Data Source=(LocalDB)\\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\\Dataregister.mdf;Integrated Security=True");
    
        protected void Page_Load(object sender, EventArgs e)
        {
    
        }
    
        protected void btnPassRec_Click(object sender, EventArgs e)
        {
            SqlCommand cmd = new SqlCommand("SELECT * from Signup where email='"+tbEmailId.Text+"'", con);
            con.Open();
            SqlDataAdapter sda = new SqlDataAdapter(cmd);
            DataTable dt = new DataTable();
            sda.Fill(dt);
    
            if (dt.Rows.Count > 0)
            {
                String myGUID = Guid.NewGuid().ToString();
                var email = Convert.ToString(dt.Rows[0][0]);
                SqlCommand cmd1 = new SqlCommand("insert into ForgotPassRequests values ('"+myGUID+"','"+email+"', getdate())", con);
                cmd1.ExecuteNonQuery();
    
                string ToEmailAddress = dt.Rows[0][2].ToString();
                //string Username = dt.Rows[0][1].ToString();
                String EmailBody = "HI " + email + " <br/><br/> Click the link below to reset your password <br/><br/> http://localhost:55752/ResetPassword.aspx?email="+myGUID;
                MailMessage PassRecMail = new MailMessage("youremail@gmail.com", ToEmailAddress);
                PassRecMail.Body = EmailBody;
                PassRecMail.IsBodyHtml = true;
                PassRecMail.Subject = "Reset Password";
    
                SmtpClient SMTP = new SmtpClient("smtp.gmail.com", 587);
                SMTP.Credentials = new NetworkCredential()
                {
                    UserName = "youremail@gmail.com",
                    Password = "youGmailPassword"
    
                };
                SMTP.EnableSsl = true;
                SMTP.Send(PassRecMail);
    
                LblPassRec.Text = "Password Reset Link has been sent to Email";
                LblPassRec.ForeColor = Color.Green;
    
            }
            else
            {
                LblPassRec.Text = "User Email DOES NOT exist !";
                LblPassRec.ForeColor = Color.Red;
            }
        }
    }

    I get this error:

    What do I have to do please ?

    Tuesday, June 16, 2020 9:21 PM

Answers

  • User-939850651 posted

    Hi, georgeakpan233

    I used the sample code you provided and reproduced your problem.

    Regarding the issue of "The specified string ... an e-mail address", you could break the point at the corresponding position, and then check whether the correct email address is obtained instead of other information.

    Another question, I referred to this case and successfully sent an email. Because I don’t know the structure of your other data tables, you need to make sure you get the correct email address.Please refer to the following code:

    using System;
    using System.Data;
    using System.Data.SqlClient;
    using System.Drawing;
    using System.Net;
    using System.Net.Mail;
    
    namespace Demo
    {
        public partial class PasswordRecovery : System.Web.UI.Page
        {
            SqlCommand cmd = new SqlCommand();
            SqlDataAdapter sda = new SqlDataAdapter();
            DataSet ds = new DataSet();
            SqlConnection con = new SqlConnection("data source=.; database=TestDB; integrated security=SSPI");
    
            protected void Page_Load(object sender, EventArgs e)
            {
            }
    
            protected void btnPassRec_Click(object sender, EventArgs e)
            {
                SqlCommand cmd = new SqlCommand("SELECT * from Signup where email='" + tbEmailId.Text + "'", con);
                con.Open();
                SqlDataAdapter sda = new SqlDataAdapter(cmd);
                DataTable dt = new DataTable();
                sda.Fill(dt);
    
                if (dt.Rows.Count > 0)
                {
                    String myGUID = Guid.NewGuid().ToString();
    //Get valid email address var email = Convert.ToString(dt.Rows[0][1]); SqlCommand cmd1 = new SqlCommand("insert into ForgotPassRequests values ('" + myGUID + "','" + email + "', getdate())", con); cmd1.ExecuteNonQuery(); //Get valid email address string ToEmailAddress = dt.Rows[0][1].ToString(); //string Username = dt.Rows[0][1].ToString(); String EmailBody = "HI " + email + " <br/><br/> Click the link below to reset your password <br/><br/> https://www.baidu.com/"; MailMessage PassRecMail = new MailMessage("youremail@gmail.com", ToEmailAddress); PassRecMail.Body = EmailBody; PassRecMail.IsBodyHtml = true; PassRecMail.Subject = "Reset Password"; SmtpClient SMTP = new SmtpClient("smtp.gmail.com", 587); SMTP.UseDefaultCredentials = false; SMTP.Credentials = new NetworkCredential() { UserName = "youremail@gmail.com", Password = "yourGmailPassword" }; SMTP.EnableSsl = true; SMTP.Send(PassRecMail); LblPassRec.Text = "Password Reset Link has been sent to Email"; LblPassRec.ForeColor = Color.Green; } else { LblPassRec.Text = "User Email DOES NOT exist !"; LblPassRec.ForeColor = Color.Red; } } } }

    Hope this can help you.

    Best regards,

    Xudong Peng

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, June 17, 2020 3:03 AM
  • User-939850651 posted

    Hi georgeakpan233,

    I mean this has little to do with other data tables, you just need to make sure you got the correct email address as a parameter, and

    please click link--> Less secure app access setting to change the status to "turn on", so that you can use gmail to send mail in third-party applications.

    For more information, you will see in "learn more".

    Best regards,

    Xudong Peng

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, June 18, 2020 1:58 AM
  • User-943250815 posted

    If you made changes (already recommended) and mail address are correct, mail should be sent.
    Does not matter if your website is hosted or not

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, June 18, 2020 4:05 PM

All replies

  • User-939850651 posted

    Hi, georgeakpan233

    I used the sample code you provided and reproduced your problem.

    Regarding the issue of "The specified string ... an e-mail address", you could break the point at the corresponding position, and then check whether the correct email address is obtained instead of other information.

    Another question, I referred to this case and successfully sent an email. Because I don’t know the structure of your other data tables, you need to make sure you get the correct email address.Please refer to the following code:

    using System;
    using System.Data;
    using System.Data.SqlClient;
    using System.Drawing;
    using System.Net;
    using System.Net.Mail;
    
    namespace Demo
    {
        public partial class PasswordRecovery : System.Web.UI.Page
        {
            SqlCommand cmd = new SqlCommand();
            SqlDataAdapter sda = new SqlDataAdapter();
            DataSet ds = new DataSet();
            SqlConnection con = new SqlConnection("data source=.; database=TestDB; integrated security=SSPI");
    
            protected void Page_Load(object sender, EventArgs e)
            {
            }
    
            protected void btnPassRec_Click(object sender, EventArgs e)
            {
                SqlCommand cmd = new SqlCommand("SELECT * from Signup where email='" + tbEmailId.Text + "'", con);
                con.Open();
                SqlDataAdapter sda = new SqlDataAdapter(cmd);
                DataTable dt = new DataTable();
                sda.Fill(dt);
    
                if (dt.Rows.Count > 0)
                {
                    String myGUID = Guid.NewGuid().ToString();
    //Get valid email address var email = Convert.ToString(dt.Rows[0][1]); SqlCommand cmd1 = new SqlCommand("insert into ForgotPassRequests values ('" + myGUID + "','" + email + "', getdate())", con); cmd1.ExecuteNonQuery(); //Get valid email address string ToEmailAddress = dt.Rows[0][1].ToString(); //string Username = dt.Rows[0][1].ToString(); String EmailBody = "HI " + email + " <br/><br/> Click the link below to reset your password <br/><br/> https://www.baidu.com/"; MailMessage PassRecMail = new MailMessage("youremail@gmail.com", ToEmailAddress); PassRecMail.Body = EmailBody; PassRecMail.IsBodyHtml = true; PassRecMail.Subject = "Reset Password"; SmtpClient SMTP = new SmtpClient("smtp.gmail.com", 587); SMTP.UseDefaultCredentials = false; SMTP.Credentials = new NetworkCredential() { UserName = "youremail@gmail.com", Password = "yourGmailPassword" }; SMTP.EnableSsl = true; SMTP.Send(PassRecMail); LblPassRec.Text = "Password Reset Link has been sent to Email"; LblPassRec.ForeColor = Color.Green; } else { LblPassRec.Text = "User Email DOES NOT exist !"; LblPassRec.ForeColor = Color.Red; } } } }

    Hope this can help you.

    Best regards,

    Xudong Peng

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, June 17, 2020 3:03 AM
  • User-1994446809 posted

    Hi XuDong Peng,

    Because I don’t know the structure of your other data tables

    The other data table I have, which is the Sign up table has 3 columns:

    email (datatype as nvarchar(50)) - username is stored

    pass (datatype as nvarchar(50)) - where password is stored

    con_pass (datatype as nvarchar(50)) - confirm password is stored

    Email is used as the username and as the ID of a user. The email column is the primary key of the table.

    Wednesday, June 17, 2020 9:58 AM
  • User-943250815 posted

    @georgeakpan233 for your first error, see coments of mgbheard and PatriceSC at this thread https://forums.asp.net/t/2151326.aspx

    Wednesday, June 17, 2020 2:47 PM
  • User-939850651 posted

    Hi georgeakpan233,

    I mean this has little to do with other data tables, you just need to make sure you got the correct email address as a parameter, and

    please click link--> Less secure app access setting to change the status to "turn on", so that you can use gmail to send mail in third-party applications.

    For more information, you will see in "learn more".

    Best regards,

    Xudong Peng

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, June 18, 2020 1:58 AM
  • User-1994446809 posted

    Does this have to do with the fact that my website is not hosted, as I am still building it ?

    Although I switch on my data whenever i am viewing in a browser, to test.

    Thursday, June 18, 2020 10:08 AM
  • User-943250815 posted

    If you made changes (already recommended) and mail address are correct, mail should be sent.
    Does not matter if your website is hosted or not

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, June 18, 2020 4:05 PM