Pls Provide me business logic method for reset password or forget password by user id...
-
in order to reset password you have to give email link or else you can give direct web page link. before reset password. you should take email address from the user. so you can use in where clause. see my code:
protected void save\_Click(object sender, EventArgs e) { if (password.Text != "" || confirmpassword.Text != "") { if (password.Text == confirmpassword.Text) { con.Open(); SqlCommand cmd = new SqlCommand("update login set password='" + password.Text + "', confirmpassword='" + confirmpassword.Text + "' where email='" + Session\["email"\] + "'", con); cmd.ExecuteNonQuery(); con.Close(); Label1.Text = "Password Reset Successfully"; HtmlMeta meta = new HtmlMeta(); meta.HttpEquiv = "Refresh"; meta.Content = "5;url=loginuser.aspx"; this.Page.Controls.Add(meta); } else Label1.Text = "Password not Matched"; } else Label1.Text="Please Enter Password"; }ask email or username. then display password reset webpage. use email or username in where clause to update password.
if you want id then use sql query like
select id from userDetails where email=session["email"];
i hope you will understand.
thanks, Ya I understood... you have well explained!😊
-
thanks, Ya I understood... you have well explained!😊
you are welcome
-
in order to reset password you have to give email link or else you can give direct web page link. before reset password. you should take email address from the user. so you can use in where clause. see my code:
protected void save\_Click(object sender, EventArgs e) { if (password.Text != "" || confirmpassword.Text != "") { if (password.Text == confirmpassword.Text) { con.Open(); SqlCommand cmd = new SqlCommand("update login set password='" + password.Text + "', confirmpassword='" + confirmpassword.Text + "' where email='" + Session\["email"\] + "'", con); cmd.ExecuteNonQuery(); con.Close(); Label1.Text = "Password Reset Successfully"; HtmlMeta meta = new HtmlMeta(); meta.HttpEquiv = "Refresh"; meta.Content = "5;url=loginuser.aspx"; this.Page.Controls.Add(meta); } else Label1.Text = "Password not Matched"; } else Label1.Text="Please Enter Password"; }ask email or username. then display password reset webpage. use email or username in where clause to update password.
if you want id then use sql query like
select id from userDetails where email=session["email"];
i hope you will understand.
-
thanks, Ya I understood... you have well explained!😊
-
yes you are Richard. always use parameterized query.But i used this code for my college project. so i wrote like this. my suggestion also. go with parameterized query to protect from sql injection.
-
in order to reset password you have to give email link or else you can give direct web page link. before reset password. you should take email address from the user. so you can use in where clause. see my code:
protected void save\_Click(object sender, EventArgs e) { if (password.Text != "" || confirmpassword.Text != "") { if (password.Text == confirmpassword.Text) { con.Open(); SqlCommand cmd = new SqlCommand("update login set password='" + password.Text + "', confirmpassword='" + confirmpassword.Text + "' where email='" + Session\["email"\] + "'", con); cmd.ExecuteNonQuery(); con.Close(); Label1.Text = "Password Reset Successfully"; HtmlMeta meta = new HtmlMeta(); meta.HttpEquiv = "Refresh"; meta.Content = "5;url=loginuser.aspx"; this.Page.Controls.Add(meta); } else Label1.Text = "Password not Matched"; } else Label1.Text="Please Enter Password"; }ask email or username. then display password reset webpage. use email or username in where clause to update password.
if you want id then use sql query like
select id from userDetails where email=session["email"];
i hope you will understand.
Please tell me you know why this is wrong. Have a read up about subjects like SQL injection and security best practices.
This space for rent
-
... and if you follow that advice your entire system is open to every hacker in the world.
yes you are right Richard.
always use parameterized query. i used this code for my college project. so i wrote like this. my suggestion also go with parameterized query to protect from sql injection.
-
yes you are right Richard.
always use parameterized query. i used this code for my college project. so i wrote like this. my suggestion also go with parameterized query to protect from sql injection.
And you are also storing passwords in clear text, one of the most dangerous things to do. It does not matter that you are doing this as a college project. Do it right first time and you are less likely to fall into these traps when you are doing it for real. Quite frankly if you offered that as a sample of your work in a job interview you would be discounted immediately.
-
in order to reset password you have to give email link or else you can give direct web page link. before reset password. you should take email address from the user. so you can use in where clause. see my code:
protected void save\_Click(object sender, EventArgs e) { if (password.Text != "" || confirmpassword.Text != "") { if (password.Text == confirmpassword.Text) { con.Open(); SqlCommand cmd = new SqlCommand("update login set password='" + password.Text + "', confirmpassword='" + confirmpassword.Text + "' where email='" + Session\["email"\] + "'", con); cmd.ExecuteNonQuery(); con.Close(); Label1.Text = "Password Reset Successfully"; HtmlMeta meta = new HtmlMeta(); meta.HttpEquiv = "Refresh"; meta.Content = "5;url=loginuser.aspx"; this.Page.Controls.Add(meta); } else Label1.Text = "Password not Matched"; } else Label1.Text="Please Enter Password"; }ask email or username. then display password reset webpage. use email or username in where clause to update password.
if you want id then use sql query like
select id from userDetails where email=session["email"];
i hope you will understand.
Let's see: SQL Injection. Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^] How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^] Query Parameterization Cheat Sheet | OWASP[^] Storing passwords as plain text. Secure Password Authentication Explained Simply[^] Salted Password Hashing - Doing it Right[^] Letting anyone reset any password just by providing an email address. And probably several other severe security vulnerabilities which I haven't immediately spotted. Don't do it like this - not even for a simple demo or college project. Troy Hunt: Everything you ever wanted to know about building a secure password reset feature[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
Pls Provide me business logic method for reset password or forget password by user id...
Troy Hunt: Everything you ever wanted to know about building a secure password reset feature[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
And you are also storing passwords in clear text, one of the most dangerous things to do. It does not matter that you are doing this as a college project. Do it right first time and you are less likely to fall into these traps when you are doing it for real. Quite frankly if you offered that as a sample of your work in a job interview you would be discounted immediately.
Ya Kind of it make sense...
