密码恢复控制错误 [英] Password Recovery control error

问题描述

我在表单上有一个密码恢复控件，当我输入一个电子邮件地址时，我收到错误电子邮件地址未注册但它在数据库中。在我的代码中我做错了什么？

I have a password recovery control on a form and when I enter an email address I get an error "Email Address Not Registered" but it is in the database. What did I do wrong with in my code?

using System;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
using System.Net.Mail;

public partial class ForgotPassword : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void btnPass_Click(object sender, EventArgs e)
    {
        //Create Connection String And SQL Statement
        string strConnection = ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString;
        string strSelect = "SELECT EmailAddress, Password FROM Tablepass WHERE EmailAddress ='" + TextBoxEA.Text + "'";

        SqlConnection connection = new SqlConnection(strConnection);
        SqlCommand command = new SqlCommand();
        command.Connection = connection;
        command.CommandType = CommandType.Text;
        command.CommandText = strSelect;

        SqlParameter email = new SqlParameter("@EmailAddress", SqlDbType.VarChar, 50);
        email.Value = TextBoxEA.Text.Trim().ToString();
        command.Parameters.Add(email);

        //Create Dataset to store results and DataAdapter to fill Dataset 
        DataSet dsPwd = new DataSet();
        connection.Open();
        SqlDataAdapter dAdapter = new SqlDataAdapter(command);
        dAdapter.Fill(dsPwd);
        connection.Close();
        if (dsPwd.Tables[0].Rows.Count < 0)
        {
            MailMessage loginInfo = new MailMessage();
            loginInfo.To.Add(TextBoxEA.Text.ToString());
            loginInfo.From = new MailAddress("YourID@sasccoc.org");
            loginInfo.Subject = "Forgot Password Information";

            loginInfo.Body = "EmailAddress: " + dsPwd.Tables[0].Rows[0]["EmailAddress"] + "<br /><br />Password: " + dsPwd.Tables[0].Rows[0]["Password"] + "<br /><br />";
            loginInfo.IsBodyHtml = true;
            SmtpClient smtp = new SmtpClient();
            smtp.Host = "mail.sasccoc.org";
            smtp.Port = 25;
            smtp.EnableSsl = true;
            smtp.Credentials = new System.Net.NetworkCredential("YourEmailID@sasccoc.org", "YourEmailPassword");
            smtp.Send(loginInfo);
            lblMessage.Text = "Password is sent to you email id,you can now <a href='Login.aspx'>Login</a>";

            try
            {
                smtp.Send(loginInfo);
            }
            catch (Exception ex)
            {

                lblMessage.Text = "Oops, Something Went Wrong When We Tried to Send The Email";
                return;
            }

        }
        else
        {
            lblMessage.Text = "Email Address Not Registered";
        }

    }
}

推荐答案

请不要这样做。

以明文形式存储密码是一个主要的安全风险。请改为使用它们：密码存储：如何操作。 [< a href =http://www.codeproject.com/Tips/186585/Password-Storage-How-to-do-ittarget =_ blanktitle =New Window> ^ ] br />
然后当他们忘记密码时，将其重置为随机值（GUID是好的）并通过电子邮件发送新值。这样，你就不会把密码发送给那些在你不在办公室时拿起你的笔记本电脑的人...



一个GUID很好选择，因为它太长而不易记，所以它鼓励用户将其改为他们能记住的东西。

Please, don't do that.
Storing passwords in clear text is a major security risk. Hash them instead: Password Storage: How to do it.[^]
Then when they forget their password, reset it to a random value (a GUID is good) and email them the new value. That way, you aren't sending the password to someone who has just picked up your laptop while you are out of the office...

A GUID is a good choice, because it is too long to remember easily, so it encourages the user to change it to something they can remember.

这篇关于密码恢复控制错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！