Password Recovery without using ASP.Net Membership

Question

I’m working on a website using VB (ASP.NET)

I want to implement a password recovery code without using the controls in asp.net

I didn’t use ASP.Net Membership for logging in, I have MSSQL database with USER table

What I really I need is:

when the user forget his/her password, he/she enters the email then press a button to submit, then I have to find this email in the user table, retrieve the user name and password, generate new a random password, update the password with the new generated one, and finally send an email to the user with the username and the new generated password.

How can I do that ? Please help me Thank you

Answer 1

SqlConnection objconnection = new SqlConnection();
protected void Page_Load(object sender, EventArgs e)
{
    //objconnection = new OleDbConnection(ConfigurationManager.ConnectionStrings["Constr"].ConnectionString);
   // objconnection.Close();
   // lblInfo.Visible = false;
}
protected void Button1_Click(object sender, EventArgs e)
{    
    String strUsername = txtUsername.Text;
    String strPassword = txtCurrentpassword.Text;
    SqlConnection con = new SqlConnection("Data Source=ARUN-PC\\SQLEXPRESS;Initial Catalog=newspaper;Integrated Security=True");
    con.Open();
    //objectcon=new ObjectCon(); 


    SqlCommand objcommand;
    SqlDataReader objdatareader;

    //OleDbCommand cmd = new OleDbCommand("Select Username,Password from Admin", objconnection);
    //OleDbDataReader dr;
    //jcon = new objcon(); 
    objcommand = new SqlCommand("Select Username,Password *from Login", objconnection);
    objdatareader =objcommand.ExecuteReader();
    {
        if (txtUsername.Text ==objdatareader.GetValue(0).ToString())

            if (txtCurrentpassword.Text ==objdatareader.GetValue(1).ToString())
            {
                SqlCommand cmd = new SqlCommand("Update Login set Password='" + txtNewPassword.Text + "' where Username ='" + txtUsername.Text + "'", objconnection);
                cmd.ExecuteNonQuery();
            }
            else
            {

                lblInfo.Visible = true;
            }

        else
        {

            lblInfo.Visible = true;
        }

    }
    con.Close();
}

}

Answer 2

• when the user forget his/her password, he/she enters the email then press a button to submit

  Create a WebForm, with two <asp:textbox/> and a <asp:button/>, wire up the button's OnClick event

• then I have to find this email in the user table, retrieve the user name and password

  Use ADO.NET to query the database using the form values posted

  Retrieving Data Using a DataReader (ADO.NET)

• generate new a random password

  Search Google for a good random password generator

• update the password with the new generated one

  Use ADO.NET to connect to the db and execute an update statement with SqlCommand.ExecuteNonQuery

• send an email to the user with the username and the new generated password

  Use System.Net.Mail to send an email

  Sending Email with System.Net.Mail