I'm back again with another issue i'm having with my forgotten password implementation. I've managed to get an email to send and have a GUID stored into a user table in the database.
I've then managed to get the "newPassword" page to load if the GUID in the link matches the GUID in the table.
[HttpGet]
public IActionResult newPassword()
{
//grabs the code from the email
string code = HttpContext.Request.Query["code"];
//grabs the user from the table with the ResetToken equal to GUID
var usersObj =
_context.Users
.Where(x => x.ResetToken == code)
.SingleOrDefault();
//if the UserObj isn't null direct to page
if( usersObj != null)
{
string code1 = code;
return View(usersObj);
}
//if UserObj is empty redirect to different page
else
{
ViewBag.errorMessage = "Email address is invalid.";
return Redirect("/Authentication/Login");
}
}
I'm now struggling with the next bit of code in which the user inputs their password into the box and it saves it into the database. I've got an idea on how I'm meant to set it out and what's needed I'm just failing to implement it. At the minute the UsersObj
just returns empty.
[HttpPost]
public IActionResult resetPassword(Users users)
{
var usersObj =
_context.Users
.Where(x => x.Id == users.Id)
.SingleOrDefault();
//gets the new password off the form
string newPassword = Request.Form["Password"];
//grabs the user from the table with the ResetToken equal to GUID
var oldUser = _context.Users.Where(x => x.Id == users.Id).Single();
//stores the user in a variable
oldUser.Password = usersObj.Password;
//stores the new password
_context.SaveChanges();
//hash password
//Users.Password = BCrypt.Net.BCrypt.HashPassword(Users.Password);
return View();
}
I'm now struggling with the next bit of code in which the user inputs their password into the box and it saves it into the database. I've got an idea on how I'm meant to set it out and what's needed I'm just failing to implement it. At the minute the UsersObj
just returns empty.
The HTML form does submit a user Id but the LINQ query is dependent on the form submitting a user id. I assume the GUID is part of the URL. I'm guessing you can use the Guid to get the user Id. Either add the GUID to the BeginForm as a route parameter
or place the GUID in a hidden field within the form.
Because you did not set the user Id on the page, the parameter
users.Id value received by resetPassword is empty. Therefore, the query result
usersObj is empty.You need to add the Id of the user on the page.
@Html.HiddenFor(m => m.Id)
Jimbeamy
oldUser.Password = usersObj.Password;
Here you have not changed the old password.You should modify it like this.
Because the value of the parameter is obtained based on the name, when the two names are the same, the "Request.Form[" Password"]" you use will get a collection ofall the values whose name is "Password".You can rename it.
.NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today.
Member
2 Points
3 Posts
Forgotten password (updating password)
Jul 23, 2020 11:25 AM|Jimbeamy|LINK
I'm back again with another issue i'm having with my forgotten password implementation. I've managed to get an email to send and have a GUID stored into a user table in the database.
I've then managed to get the "newPassword" page to load if the GUID in the link matches the GUID in the table.
[HttpGet] public IActionResult newPassword() { //grabs the code from the email string code = HttpContext.Request.Query["code"]; //grabs the user from the table with the ResetToken equal to GUID var usersObj = _context.Users .Where(x => x.ResetToken == code) .SingleOrDefault(); //if the UserObj isn't null direct to page if( usersObj != null) { string code1 = code; return View(usersObj); } //if UserObj is empty redirect to different page else { ViewBag.errorMessage = "Email address is invalid."; return Redirect("/Authentication/Login"); } }I'm now struggling with the next bit of code in which the user inputs their password into the box and it saves it into the database. I've got an idea on how I'm meant to set it out and what's needed I'm just failing to implement it. At the minute the UsersObj just returns empty.
HTML
@using (@Html.BeginForm("resetPassword", "Authentication", FormMethod.Post)) { <input type="password" id="Password" name="Password" class="form-control" placeholder="Password" required> <input type="password" id="ConfirmPassword" name="Password" class="form-control" placeholder="Confirm Password" onChange="checkPasswordMatch()" required> <div class="registrationFormAlert" id="divCheckPasswordMatch"> </div> <p><input type="submit" name="submit" value="Submit"></p> }Controller
[HttpPost] public IActionResult resetPassword(Users users) { var usersObj = _context.Users .Where(x => x.Id == users.Id) .SingleOrDefault(); //gets the new password off the form string newPassword = Request.Form["Password"]; //grabs the user from the table with the ResetToken equal to GUID var oldUser = _context.Users.Where(x => x.Id == users.Id).Single();//stores the user in a variable oldUser.Password = usersObj.Password;
//stores the new password _context.SaveChanges();
//hash password //Users.Password = BCrypt.Net.BCrypt.HashPassword(Users.Password); return View(); }
All-Star
53081 Points
23655 Posts
Re: Forgotten password (updating password)
Jul 23, 2020 01:07 PM|mgebhard|LINK
The HTML form does submit a user Id but the LINQ query is dependent on the form submitting a user id. I assume the GUID is part of the URL. I'm guessing you can use the Guid to get the user Id. Either add the GUID to the BeginForm as a route parameter or place the GUID in a hidden field within the form.
Contributor
2770 Points
789 Posts
Re: Forgotten password (updating password)
Jul 24, 2020 06:23 AM|YihuiSun|LINK
Hi Jimbeanmy,
oldUser.Password = newPassword;<input type="password" id="ConfirmPassword" name="ConfirmPassword" class="form-control" placeholder="Confirm Password" onChange="checkPasswordMatch()" required>Controller(Just give the modified code.)
[HttpPost] public IActionResult resetPassword(Users users) { string newPassword = Request.Form["Password"]; var oldUser = _context.Users.Where(x => x.Id == users.Id).Single(); oldUser.Password = newPassword; _context.SaveChanges(); return RedirectToAction("Index"); }newPassword
Here is the result.
Best regards,
Yihui Sun