Code for forgot password, email not sent out. C#

Question

1.00/5 (1 vote)

See more:

C#

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System;
using System.Data;
using System.Data.SqlClient;
using System.Net.Mail;
using System.Configuration;

public partial class ForgotPassword : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void btnSubmit_Click(object sender, EventArgs e)
    {
        try {
            DataSet ds = new DataSet();
            string connectionString = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
            using (SqlConnection con = new SqlConnection(connectionString))
            {
                con.Open();
                SqlCommand cmd = new SqlCommand("SELECT UserName, Password FROM Users Where Email='" + txtEmail.Text.Trim() + "'", con);
                SqlDataAdapter da = new SqlDataAdapter(cmd);
                da.Fill(ds);
                con.Close();
            }
            if (ds.Tables[0].Rows.Count>0)
            {
                MailMessage msg = new MailMessage();
                msg.From = new MailAddress(txtEmail.Text);
                msg.To.Add(txtEmail.Text);
                msg.Subject="Share It: Password Recovery";
                msg.Body="Hi, " + ds.Tables[0].Rows[0]["FirstName"] +" " + ds.Tables[0].Rows[0]["LastName"] +"<br />As requested, here is your login details<br /><br />Your Username: " + ds.Tables[0].Rows[0]["UserName"] + "<br /><br />Your Password: " + ds.Tables[0].Rows[0]["Password"] + "<br /><br />Thank you for trusting us! Hope to hear from you soon!<br /><br />";
                msg.IsBodyHtml = true;

                SmtpClient smtp = new SmtpClient("smtp.gamil.com", 587);
                smtp.UseDefaultCredentials = false;
                //smtp.Host = "smtp.gmail.com";
                //smtp.Port = 587;
                smtp.Credentials = new System.Net.NetworkCredential("theresakang93@gmail.com", "passwordremoved");
                smtp.EnableSsl = true;
                smtp.Send(msg);
                lbltxt.Text = "Your Password Details Sent to your mail.";
            }
        
            else
            
                lbltxt.Text = "The Email you entered does not exists.";
        }    
        catch (Exception ex) {
        
                Console.WriteLine("{0} Exception caught.", ex);
                lbltxt.Text = "Unable to send";
            }

Posted 9-Jan-14 17:29pm

TheresaKang93

Updated 8-Jan-20 22:05pm

Ron Beyer

v3

Add a Solution

Comments

Ron Beyer 9-Jan-14 23:36pm

"Thank you for trusting us", I like that, even though you store passwords in clear text in your database, are susceptible to SQL injection attacks making it easy to steal all your users passwords and emails, and posted the password to your email account...

TheresaKang93 9-Jan-14 23:45pm

I understand. But I am just a student trying to do a sample coding for my homework.

Ron Beyer 9-Jan-14 23:47pm

I'm pretty sure your "from" address has to be the same as your account username for gmail, otherwise its called relaying and I'm pretty sure GMail doesn't allow it.

Sergey Alexandrovich Kryukov 9-Jan-14 23:53pm

Well, it only makes it even more important to avoid doing bad things when you are just learning. I'll post some links to help you...
—SA

Sergey Alexandrovich Kryukov 9-Jan-14 23:57pm

But then it's only more important to avoid doing bad things when you are just learning. I added an answer with some references to help you. Please feel free to comment on it and ask some follow-up questions if you have any.
—SA

Sergey Alexandrovich Kryukov 9-Jan-14 23:52pm

Correct. This is a big no-no way. Passwords should never be stored. Usually, a cryptographic hash value is stored and hash is compared with hash, the original password is never needed for authentication (could be a surprise for OP :-) and is never restored; instead, if someone forgets one's password, a brand new password should be created.
—SA

TheresaKang93 10-Jan-14 0:01am

I know password should not be store. But im still a beginner, and my teacher asked us to save it to database and then make a forgot password

Sergey Alexandrovich Kryukov 10-Jan-14 1:47am

In other words, your teacher asked you to do a wrong thing. Very nice. Are you sure attending your school makes any sense? :-)
—SA

Yvan Rodrigues 10-Jan-14 21:12pm

Ask your teacher to contact any of us, and we would be happy to give some guidance. As you probably figured out, those of us who chose this as our career take it very seriously. Sadly it is "professionals" who are responsible for disasters like Adobe, Target, etc. -- huge, completely avoidable disasters caused by people who probably listened to their teachers.

3 solutions

Solution 1

Having seen this code, I would never use your website, due to all the security holes.

But, if the email is not sent, then your mail server is not set up correctly, not a big leap from how bad this code is.

Nowadays, passwords get stored encrypted, and it is impossible to send someone their password, all you can do, generally, is send a reset link that uses a GUID to associate with a user, or a temp password they need to change the next time they log in.

Posted 9-Jan-14 17:50pm

Christian Graus

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ) · Accepted Answer · 2014-01-09T17:53:00

Solution 2

Refer my answer - sending email to gmail from asp.net[^].
This works pretty good. Tested.

If you are getting any Exception, please reply me with that. I will, help.

Posted 9-Jan-14 17:53pm

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ)

Comments

Ron Beyer 9-Jan-14 23:56pm

Got my 5, pretty sure the problem here is the "from" address.

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ) 10-Jan-14 0:01am

Thanks a lot Ron Beyer... :)

TheresaKang93 10-Jan-14 0:24am

Thank you so much! :)

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ) 10-Jan-14 0:31am

Most welcome buddy. :)

Sergey Alexandrovich Kryukov · Accepted Answer · 2014-01-09T17:56:00

Solution 3

Please see the comments to the questions, Ron's and mine.

Please see my past answers for some further detail:
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
Decryption of Encrypted Password[^],
storing password value int sql server with secure way[^].

—SA

Posted 9-Jan-14 17:56pm

Sergey Alexandrovich Kryukov

Comments

Ron Beyer 9-Jan-14 23:57pm

+5!

Sergey Alexandrovich Kryukov 10-Jan-14 1:48am

Thank you, Ron. I hope you saw another OP's response, same thing again, "but im still a beginner, and my teacher asked us to..." This is so pathological...
—SA

Ron Beyer 10-Jan-14 8:56am

Some people aim to pass, others aim to excel.

Sergey Alexandrovich Kryukov 10-Jan-14 10:26am

...and some aim to fail :-)
—SA