Click here to Skip to main content
15,868,306 members
Please Sign up or sign in to vote.
3.00/5 (1 vote)
See more:
I have a password recovery control on a form and when I enter an email address I get an error "Email Address Not Registered" but it is in the database. What did I do wrong with in my code?

C#
using System;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
using System.Net.Mail;

public partial class ForgotPassword : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void btnPass_Click(object sender, EventArgs e)
    {
        //Create Connection String And SQL Statement
        string strConnection = ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString;
        string strSelect = "SELECT EmailAddress, Password FROM Tablepass WHERE EmailAddress ='" + TextBoxEA.Text + "'";

        SqlConnection connection = new SqlConnection(strConnection);
        SqlCommand command = new SqlCommand();
        command.Connection = connection;
        command.CommandType = CommandType.Text;
        command.CommandText = strSelect;

        SqlParameter email = new SqlParameter("@EmailAddress", SqlDbType.VarChar, 50);
        email.Value = TextBoxEA.Text.Trim().ToString();
        command.Parameters.Add(email);

        //Create Dataset to store results and DataAdapter to fill Dataset 
        DataSet dsPwd = new DataSet();
        connection.Open();
        SqlDataAdapter dAdapter = new SqlDataAdapter(command);
        dAdapter.Fill(dsPwd);
        connection.Close();
        if (dsPwd.Tables[0].Rows.Count < 0)
        {
            MailMessage loginInfo = new MailMessage();
            loginInfo.To.Add(TextBoxEA.Text.ToString());
            loginInfo.From = new MailAddress("YourID@sasccoc.org");
            loginInfo.Subject = "Forgot Password Information";

            loginInfo.Body = "EmailAddress: " + dsPwd.Tables[0].Rows[0]["EmailAddress"] + "<br /><br />Password: " + dsPwd.Tables[0].Rows[0]["Password"] + "<br /><br />";
            loginInfo.IsBodyHtml = true;
            SmtpClient smtp = new SmtpClient();
            smtp.Host = "mail.sasccoc.org";
            smtp.Port = 25;
            smtp.EnableSsl = true;
            smtp.Credentials = new System.Net.NetworkCredential("YourEmailID@sasccoc.org", "YourEmailPassword");
            smtp.Send(loginInfo);
            lblMessage.Text = "Password is sent to you email id,you can now <a href='Login.aspx'>Login</a>";

            try
            {
                smtp.Send(loginInfo);
            }
            catch (Exception ex)
            {

                lblMessage.Text = "Oops, Something Went Wrong When We Tried to Send The Email";
                return;
            }

        }
        else
        {
            lblMessage.Text = "Email Address Not Registered";
        }

    }
}
Posted

1 solution

Please, don't do that.
Storing passwords in clear text is a major security risk. Hash them instead: Password Storage: How to do it.[^]
Then when they forget their password, reset it to a random value (a GUID is good) and email them the new value. That way, you aren't sending the password to someone who has just picked up your laptop while you are out of the office...

A GUID is a good choice, because it is too long to remember easily, so it encourages the user to change it to something they can remember.
 
Share this answer
 
Comments
Computer Wiz99 15-Nov-13 12:27pm    
OriginalGriff, Thanks for the information. I will get to it. Why is the code not sending the email?
José Amílcar Casimiro 15-Nov-13 13:19pm    
if (dsPwd.Tables[0].Rows.Count < 0) is this ok?
Computer Wiz99 15-Nov-13 13:20pm    
What do you mean?
José Amílcar Casimiro 15-Nov-13 14:00pm    
It seems that the algorithm sends the email if the user exists in the database. The condition is correct?
Computer Wiz99 15-Nov-13 14:02pm    
Right, and I used a emailaddress in the database to send the email and it will not work. My error message comes up. "Email Address Not Registered" but I know it is in the database.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900