Darpa

radmanmm

And finally in the PasswordRecovery control I added this code:

protected void Page_Load(object sender, EventArgs e)

{

if (Session["email"] != null) {

string username = Membership.GetUserNameByEmail(Session["email"].ToString());

PasswordRecovery1.UserName = username;

}

}

 

 

Can you explain the purpose of the above section of code?

If someone goes to the password recovery page, after  logging out their username shows in the box.  and from the logic of your handling of the email as username, i don't know what this section of code is supposed to do.

 

Darpa, this code was written quite a while ago for me, your best bet would be to wire it up and step through it.  Sorry.

Darpa

radmanmm

protected void PasswordRecovery1_VerifyingUser(object sender, LoginCancelEventArgs e) {

string username = Membership.GetUserNameByEmail(PasswordRecovery1.UserName); 

      if (string.IsNullOrEmpty(username))
        {
            lblWarning.Text = "The submitted email does not exist";
            return;
        }

if (username != null) {

//we have an email address

Session["email"] = PasswordRecovery1.UserName;

PasswordRecovery1.UserName = username;

}

else if (!String.IsNullOrEmpty(PasswordRecovery1.UserName)) {

//we have a userName

MembershipUser user = Membership.GetUser(PasswordRecovery1.UserName);

PasswordRecovery1.UserName = user.Email;

Session["email"] = user.Email;

}

}

 

You might also want to consider adding  this:

        if (string.IsNullOrEmpty(username))
        {
		// send a message to a blank warning label on the page
            WarningLabel.Text = "The submitted email does not exist";
            return;
        }

 to the password recovery, if someone enters their email in wrong or an email that doesn't exist, an exception is thrown. 

 

This is true Darpa, you should ensure that you are trapping the logic.  again since this has been such a long time, I can only guess that it was not production ready when I posted it.  Thanks for the catch.