locked
Password recovery Issue RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1994446809 posted

    I am trying to create password recovery link to be sent to user email. I created a table that will store password reset requests, the table has 3 columns:

    1. Id with datatype as uniqueidentifier

    2. email (with datatype as nvarchar)

    3. RequestDateTime (with datatype as datetime)

    The email column in the table is a foreign key linked to primary key email column in another table (Signup Table)

    This is the server-side code I used

    using System;
using System.Collections.Generic;
using System.Data;
using System.Web.Security;
using System.Xml.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Data.SqlClient;
using System.Configuration;
using System.Drawing;
using System.Net.Mail;
using System.Net;

public partial class PasswordRecovery : System.Web.UI.Page
{
    SqlCommand cmd = new SqlCommand();
    SqlDataAdapter sda = new SqlDataAdapter();
    DataSet ds = new DataSet();
    SqlConnection con = new SqlConnection("Data Source=(LocalDB)\\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\\Dataregister.mdf;Integrated Security=True");

    protected void Page_Load(object sender, EventArgs e)
    {

    }

    protected void btnPassRec_Click(object sender, EventArgs e)
    {
        SqlCommand cmd = new SqlCommand("SELECT * from Signup where email='"+tbEmailId.Text+"'", con);
        con.Open();
        SqlDataAdapter sda = new SqlDataAdapter(cmd);
        DataTable dt = new DataTable();
        sda.Fill(dt);

        if (dt.Rows.Count > 0)
        {
            String myGUID = Guid.NewGuid().ToString();
            var email = Convert.ToString(dt.Rows[0][0]);
            SqlCommand cmd1 = new SqlCommand("insert into ForgotPassRequests values ('"+myGUID+"','"+email+"', getdate())", con);
            cmd1.ExecuteNonQuery();

            string ToEmailAddress = dt.Rows[0][0].ToString();
            //string Username = dt.Rows[0][1].ToString();
            String EmailBody = "HI " + email + " <br/><br/> Click the link below to reset your password <br/><br/> http://localhost:55752/ResetPassword.aspx?email="+myGUID;
            MailMessage PassRecMail = new MailMessage("youremail@gmail.com", ToEmailAddress);
            PassRecMail.Body = EmailBody;
            PassRecMail.IsBodyHtml = true;
            PassRecMail.Subject = "Reset Password";

            SmtpClient SMTP = new SmtpClient("smtp.gmail.com", 587);
            SMTP.Credentials = new NetworkCredential()
            {
                UserName = "youremail@gmail.com",
                Password = "youGmailPassword"

            };
            SMTP.EnableSsl = true;
            SMTP.Send(PassRecMail);

            LblPassRec.Text = "Password Reset Link has been sent to Email";
            LblPassRec.ForeColor = Color.Green;

        }
        else
        {
            LblPassRec.Text = "User Email DOES NOT exist !";
            LblPassRec.ForeColor = Color.Red;
        }
    }
}

    When I tested this, I got an error on the browser, as shown below:

    If I change the string from "ToEmailAddress = dt.Rows[0][0].ToString();" to "ToEmailAddress = dt.Rows[0][2].ToString();" highlighted in yellow area in the code-behind:

    using System;
using System.Collections.Generic;
using System.Data;
using System.Web.Security;
using System.Xml.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Data.SqlClient;
using System.Configuration;
using System.Drawing;
using System.Net.Mail;
using System.Net;

public partial class PasswordRecovery : System.Web.UI.Page
{
    SqlCommand cmd = new SqlCommand();
    SqlDataAdapter sda = new SqlDataAdapter();
    DataSet ds = new DataSet();
    SqlConnection con = new SqlConnection("Data Source=(LocalDB)\\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\\Dataregister.mdf;Integrated Security=True");

    protected void Page_Load(object sender, EventArgs e)
    {

    }

    protected void btnPassRec_Click(object sender, EventArgs e)
    {
        SqlCommand cmd = new SqlCommand("SELECT * from Signup where email='"+tbEmailId.Text+"'", con);
        con.Open();
        SqlDataAdapter sda = new SqlDataAdapter(cmd);
        DataTable dt = new DataTable();
        sda.Fill(dt);

        if (dt.Rows.Count > 0)
        {
            String myGUID = Guid.NewGuid().ToString();
            var email = Convert.ToString(dt.Rows[0][0]);
            SqlCommand cmd1 = new SqlCommand("insert into ForgotPassRequests values ('"+myGUID+"','"+email+"', getdate())", con);
            cmd1.ExecuteNonQuery();

            string ToEmailAddress = dt.Rows[0][2].ToString();
            //string Username = dt.Rows[0][1].ToString();
            String EmailBody = "HI " + email + " <br/><br/> Click the link below to reset your password <br/><br/> http://localhost:55752/ResetPassword.aspx?email="+myGUID;
            MailMessage PassRecMail = new MailMessage("youremail@gmail.com", ToEmailAddress);
            PassRecMail.Body = EmailBody;
            PassRecMail.IsBodyHtml = true;
            PassRecMail.Subject = "Reset Password";

            SmtpClient SMTP = new SmtpClient("smtp.gmail.com", 587);
            SMTP.Credentials = new NetworkCredential()
            {
                UserName = "youremail@gmail.com",
                Password = "youGmailPassword"

            };
            SMTP.EnableSsl = true;
            SMTP.Send(PassRecMail);

            LblPassRec.Text = "Password Reset Link has been sent to Email";
            LblPassRec.ForeColor = Color.Green;

        }
        else
        {
            LblPassRec.Text = "User Email DOES NOT exist !";
            LblPassRec.ForeColor = Color.Red;
        }
    }
}

    I get this error:

    What do I have to do please ?

    Tuesday, June 16, 2020 9:21 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-939850651 posted

    Hi, georgeakpan233

    I used the sample code you provided and reproduced your problem.

    Regarding the issue of "The specified string ... an e-mail address", you could break the point at the corresponding position, and then check whether the correct email address is obtained instead of other information.

    Another question, I referred to this case and successfully sent an email. Because I don’t know the structure of your other data tables, you need to make sure you get the correct email address.Please refer to the following code:

    using System;
using System.Data;
using System.Data.SqlClient;
using System.Drawing;
using System.Net;
using System.Net.Mail;

namespace Demo
{
    public partial class PasswordRecovery : System.Web.UI.Page
    {
        SqlCommand cmd = new SqlCommand();
        SqlDataAdapter sda = new SqlDataAdapter();
        DataSet ds = new DataSet();
        SqlConnection con = new SqlConnection("data source=.; database=TestDB; integrated security=SSPI");

        protected void Page_Load(object sender, EventArgs e)
        {
        }

        protected void btnPassRec_Click(object sender, EventArgs e)
        {
            SqlCommand cmd = new SqlCommand("SELECT * from Signup where email='" + tbEmailId.Text + "'", con);
            con.Open();
            SqlDataAdapter sda = new SqlDataAdapter(cmd);
            DataTable dt = new DataTable();
            sda.Fill(dt);

            if (dt.Rows.Count > 0)
            {
                String myGUID = Guid.NewGuid().ToString();
                    //Get valid email address
                var email = Convert.ToString(dt.Rows[0][1]);
                SqlCommand cmd1 = new SqlCommand("insert into ForgotPassRequests values ('" + myGUID + "','" + email + "', getdate())", con);
                cmd1.ExecuteNonQuery();
                //Get valid email address
                string ToEmailAddress = dt.Rows[0][1].ToString();
                //string Username = dt.Rows[0][1].ToString();
                String EmailBody = "HI " + email + " <br/><br/> Click the link below to reset your password <br/><br/> https://www.baidu.com/";
                MailMessage PassRecMail = new MailMessage("youremail@gmail.com", ToEmailAddress);
                PassRecMail.Body = EmailBody;
                PassRecMail.IsBodyHtml = true;
                PassRecMail.Subject = "Reset Password";

                SmtpClient SMTP = new SmtpClient("smtp.gmail.com", 587);
                SMTP.UseDefaultCredentials = false;
                SMTP.Credentials = new NetworkCredential()
                {
                    UserName = "youremail@gmail.com",
                    Password = "yourGmailPassword"

                };
                
                SMTP.EnableSsl = true;
                SMTP.Send(PassRecMail);

                LblPassRec.Text = "Password Reset Link has been sent to Email";
                LblPassRec.ForeColor = Color.Green;

            }
            else
            {
                LblPassRec.Text = "User Email DOES NOT exist !";
                LblPassRec.ForeColor = Color.Red;
            }
        }
    }
}

    Hope this can help you.

    Best regards,

    Xudong Peng

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, June 17, 2020 3:03 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-939850651 posted

    Hi georgeakpan233,

    I mean this has little to do with other data tables, you just need to make sure you got the correct email address as a parameter, and

    please click link--> Less secure app access setting to change the status to "turn on", so that you can use gmail to send mail in third-party applications.

    For more information, you will see in "learn more".

    Best regards,

    Xudong Peng

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, June 18, 2020 1:58 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-943250815 posted

    If you made changes (already recommended) and mail address are correct, mail should be sent.
    Does not matter if your website is hosted or not

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, June 18, 2020 4:05 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-939850651 posted

    Hi, georgeakpan233

    I used the sample code you provided and reproduced your problem.

    Regarding the issue of "The specified string ... an e-mail address", you could break the point at the corresponding position, and then check whether the correct email address is obtained instead of other information.

    Another question, I referred to this case and successfully sent an email. Because I don’t know the structure of your other data tables, you need to make sure you get the correct email address.Please refer to the following code:

    using System;
using System.Data;
using System.Data.SqlClient;
using System.Drawing;
using System.Net;
using System.Net.Mail;

namespace Demo
{
    public partial class PasswordRecovery : System.Web.UI.Page
    {
        SqlCommand cmd = new SqlCommand();
        SqlDataAdapter sda = new SqlDataAdapter();
        DataSet ds = new DataSet();
        SqlConnection con = new SqlConnection("data source=.; database=TestDB; integrated security=SSPI");

        protected void Page_Load(object sender, EventArgs e)
        {
        }

        protected void btnPassRec_Click(object sender, EventArgs e)
        {
            SqlCommand cmd = new SqlCommand("SELECT * from Signup where email='" + tbEmailId.Text + "'", con);
            con.Open();
            SqlDataAdapter sda = new SqlDataAdapter(cmd);
            DataTable dt = new DataTable();
            sda.Fill(dt);

            if (dt.Rows.Count > 0)
            {
                String myGUID = Guid.NewGuid().ToString();
                    //Get valid email address
                var email = Convert.ToString(dt.Rows[0][1]);
                SqlCommand cmd1 = new SqlCommand("insert into ForgotPassRequests values ('" + myGUID + "','" + email + "', getdate())", con);
                cmd1.ExecuteNonQuery();
                //Get valid email address
                string ToEmailAddress = dt.Rows[0][1].ToString();
                //string Username = dt.Rows[0][1].ToString();
                String EmailBody = "HI " + email + " <br/><br/> Click the link below to reset your password <br/><br/> https://www.baidu.com/";
                MailMessage PassRecMail = new MailMessage("youremail@gmail.com", ToEmailAddress);
                PassRecMail.Body = EmailBody;
                PassRecMail.IsBodyHtml = true;
                PassRecMail.Subject = "Reset Password";

                SmtpClient SMTP = new SmtpClient("smtp.gmail.com", 587);
                SMTP.UseDefaultCredentials = false;
                SMTP.Credentials = new NetworkCredential()
                {
                    UserName = "youremail@gmail.com",
                    Password = "yourGmailPassword"

                };
                
                SMTP.EnableSsl = true;
                SMTP.Send(PassRecMail);

                LblPassRec.Text = "Password Reset Link has been sent to Email";
                LblPassRec.ForeColor = Color.Green;

            }
            else
            {
                LblPassRec.Text = "User Email DOES NOT exist !";
                LblPassRec.ForeColor = Color.Red;
            }
        }
    }
}

    Hope this can help you.

    Best regards,

    Xudong Peng

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, June 17, 2020 3:03 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1994446809 posted

    Hi XuDong Peng,

    Because I don’t know the structure of your other data tables

    The other data table I have, which is the Sign up table has 3 columns:

    email (datatype as nvarchar(50)) - username is stored

    pass (datatype as nvarchar(50)) - where password is stored

    con_pass (datatype as nvarchar(50)) - confirm password is stored

    Email is used as the username and as the ID of a user. The email column is the primary key of the table.

    Wednesday, June 17, 2020 9:58 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-943250815 posted

    @georgeakpan233 for your first error, see coments of mgbheard and PatriceSC at this thread https://forums.asp.net/t/2151326.aspx

    Wednesday, June 17, 2020 2:47 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-939850651 posted

    Hi georgeakpan233,

    I mean this has little to do with other data tables, you just need to make sure you got the correct email address as a parameter, and

    please click link--> Less secure app access setting to change the status to "turn on", so that you can use gmail to send mail in third-party applications.

    For more information, you will see in "learn more".

    Best regards,

    Xudong Peng

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, June 18, 2020 1:58 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1994446809 posted

    Does this have to do with the fact that my website is not hosted, as I am still building it ?

    Although I switch on my data whenever i am viewing in a browser, to test.

    Thursday, June 18, 2020 10:08 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-943250815 posted

    If you made changes (already recommended) and mail address are correct, mail should be sent.
    Does not matter if your website is hosted or not

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, June 18, 2020 4:05 PM