how to update a password providing a security question and previous password is correct

Question

0.00/5 (No votes)

See more:

can i update password if i give the correct security question and old password. by the question you may get i have a login form which stores three thing a security question a password and a username. i have a form on which there is a textbox on which username have to type and then a second form will open which will contain the security question of the user i want to add a update thiing like forgot your pasword then just reset it or change your pasword till now i have done that coding is

C#

public void button1_Click(object sender, EventArgs e)
        {
            {
                SqlConnection con = new SqlConnection();
                con.ConnectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename=c:\documents and settings\aquib\my documents\visual studio 2010\Projects\labelnameinsecondformtry\labelnameinsecondformtry\Database1.mdf;Integrated Security=True;User Instance=True";
                string q = ("select SEC_QUESTION,PASSWORD from Table1 where USERNAME='" + textBox1.Text + "'");
                con.Open();
                SqlCommand cmd = new SqlCommand(q, con);
                SqlDataReader dr = cmd.ExecuteReader();
                if (dr.HasRows == true)
                {
                    Form2 f2 = new Form2();
                    while (dr.Read())
                    {
                        f2.label1.Text = dr["SEC_QUESTION"].ToString();
                        f2.textBox2.Text = dr["PASSWORD"].ToString();
                    }
                    dr.Close();
                    con.Close();
                    f2.Show();
                }

Posted 1-Sep-12 7:28am

sariqkhan

Updated 1-Sep-12 7:30am

Kenneth Haugland

v2

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Espen Harlinn · Answer 1 · 2012-09-01T11:26:00

Solution 2

Have a look at: ASP.NET Authentication[^], Forms Authentication Provider[^], Managing Users by Using Membership[^] and ASP.NET Login Controls[^]

Pay attention to the The ChangePassword Control which allows users to change their password. The user must first supply the original password and then create and confirm the new password. If the original password is correct, the user password is changed to the new password. The control also includes support for sending an e-mail message about the new password.

Use the mechanisms provided by .Net, the ChangePassword Control can be customized to suit your needs.

Perhaps you'll be interested in this: Storing Passwords Securely[^]

Best regards
Espen Harlinn

Posted 1-Sep-12 11:26am

Espen Harlinn

Updated 2-Sep-12 0:58am

v3

Comments

Wendelius 2-Sep-12 2:11am

You're correct. Probably this is ASP.NET so using these would be the right way to go. 5'd

Espen Harlinn 2-Sep-12 4:30am

Thank you, Mika - sounds like OP is not using a one way hash, and that he is actually storing the passwords in the db :shudder:

Wendelius 2-Sep-12 5:33am

Yep, sounds like that.

sariqkhan 2-Sep-12 23:20pm

bro. My project is small and i dont want to make it complex. So because of it i dont use SHA.... And by the way there is no such step by step implementation of SHA for beginers.
Can you help me in this?

Espen Harlinn 3-Sep-12 5:37am

Forms authentication is already implemented by .Net - so I'm not telling you to implement it, just to use what's already there. Forms authenticaton uses the SHA-1 algorithm.

sariqkhan 3-Sep-12 8:12am

can you exagerate the form authentication. i am building windows form not asp.net page. How can i implement that technique?

Espen Harlinn 3-Sep-12 8:32am

Ah, I really thought you were talking about an asp.net application. For a Windows Forms application I would consider using the PrincipalPermissionAttribute http://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermissionattribute.aspx

If you really require a customized setup you can have a look at: http://msdn.microsoft.com/en-us/magazine/cc163807.aspx

shaikh-adil 7-Oct-12 0:44am

thanx bro

Wendelius · Answer 2 · 2012-09-01T07:40:00

Solution 1

Do you mean how you change the password. If that's the question, as long as you have necessary privileges, you can use the ALTER LOGIN[^] statement to change the password. For example:

SQL

ALTER LOGIN SomeLoginName WITH PASSWORD = 'NewPasswordToBeSet';

Note: Never directly concatenate values to your SQL statement. That leaves you open to SQL injections, data type conversion problems and so on. Instead use SqlParameter[^].

Posted 1-Sep-12 7:40am

Wendelius

Comments

[no name] 1-Sep-12 14:53pm

I don't think this will be helpful for him.

Wendelius 1-Sep-12 14:56pm

Why do think that?

[no name] 1-Sep-12 14:59pm

beacuse he just want to update the table column values not altering the table.
The answer will too long.
So I left it.
You please try and help him.
I'm not insulting you.
Just what I understand for the question.
Sorry if you misunderstand.

Wendelius 1-Sep-12 15:03pm

Don't worry, I don't feel insulted at all :)

You may be right that he simply wants to update a row in a table. Hopefully the OP comes in with comments to clarify the situation.

[no name] 1-Sep-12 15:13pm

yes, lets wait.

sariqkhan 1-Sep-12 23:21pm

okay.. Lets wait. I think its a simple query. I have to get onto the sql queries for that. I am trying and i will post my second question which will be to correct the queries because i am not sooo good that in first try it will be a success.