[FSOD] Forgot Password

**MikeRaarupBirk** · 12-23-2016

So i was unable to get the one in fsod working, so i made a new one.

ForgotPassword.cs

Code:

#region

using db;
using System;
using System.Collections.Specialized;
using System(DOT)IO;
using System.Net;
using System.Net.Mail;
using System.Text;
using System.Web;

#endregion

namespace server.account
{
    internal class forgotPassword : RequestHandler
    {
        protected override void HandleRequest()
        {
            using (Database db = new Database())
            {

                //Generates a random password
                string password = Database.GenerateRandomString(10);

                //Changes the users password
                var cmd = db.CreateQuery();
                cmd.CommandText = "UPDATE accounts SET password=SHA1(@password) WHERE uuid=@email;";
                cmd.Parameters.AddWithValue("@password", password);
                cmd.Parameters.AddWithValue("@email", Query["guid"]);


                if (cmd.ExecuteNonQuery() == 1)
                {

                    //Makes the email sending function
                    SmtpClient client = new SmtpClient();
                    client.Port = 587;
                    client.Host = "smtp.gmail.com";
                    client.EnableSsl = true;
                    client.Timeout = 10000;
                    client.DeliveryMethod = SmtpDeliveryMethod.Network;
                    client.UseDefaultCredentials = false;
                    client.Credentials = new System.Net.NetworkCredential("YOURSERVEREMAIL", "YOURSERVERPASSWORD"); //Email credentials



                    //Email information
                    MailMessage mm = new MailMessage("RANDOMEMAILHERE", Query["guid"], "SERVERNAME", "SERVERNAME");
                    mm.Body = "Your new password for SERVERNAME is: " + password + " hopefully you wont forget your password again.";
                    mm.BodyEncoding = UTF8Encoding.UTF8;
                    mm.DeliveryNotificationOptions = DeliveryNotificationOptions.OnFailure;


                    //Send the actual email
                    client.Send(mm);

                    //Logs the action
                    Console.ForegroundColor = ConsoleColor.Cyan;
                    Console.WriteLine("Reset Password Link sent to " + Query["guid"]);
                    Console.ForegroundColor = ConsoleColor.White;

                }
                else
                    using (StreamWriter wtr = new StreamWriter(Context.Response.OutputStream))
                        wtr.Write("<Error>Error.accountNotFound</Error>");
            }
        }
    }
}

I put some words with caps, that you'd have to change to make it work.

If you are using this, and removed encryption from passwords, you need to remove the SHA1 from this code.

Also make sure the email you are using, doesnt have any security because if it does, the email wont send.

Replace (DOT) with "."

**ETHerthethaethaetheh** · 12-23-2016

With this i can get pretty much anyones password..?

**MikeRaarupBirk** · 12-23-2016

Originally Posted by gusitis00

With this i can get pretty much anyones password..?

Ehm no? But if you used an actual email, that you have access to you can reset your password using this function.

**ETHerthethaethaetheh** · 12-23-2016

Originally Posted by MikeRaarupBirk

Ehm no? But if you used an actual email, that you have access to you can reset your password using this function.

Oh.. aight lol

**BurgerLoverMx** · 12-23-2016

Originally Posted by MikeRaarupBirk

So i was unable to get the one in fsod working, so i made a new one.

ForgotPassword.cs

Code:

#region

using db;
using System;
using System.Collections.Specialized;
using System(DOT)IO;
using System.Net;
using System.Net.Mail;
using System.Text;
using System.Web;

#endregion

namespace server.account
{
    internal class forgotPassword : RequestHandler
    {
        protected override void HandleRequest()
        {
            using (Database db = new Database())
            {

                //Generates a random password
                string password = Database.GenerateRandomString(10);

                //Changes the users password
                var cmd = db.CreateQuery();
                cmd.CommandText = "UPDATE accounts SET password=SHA1(@password) WHERE uuid=@email;";
                cmd.Parameters.AddWithValue("@password", password);
                cmd.Parameters.AddWithValue("@email", Query["guid"]);


                if (cmd.ExecuteNonQuery() == 1)
                {

                    //Makes the email sending function
                    SmtpClient client = new SmtpClient();
                    client.Port = 587;
                    client.Host = "smtp.gmail.com";
                    client.EnableSsl = true;
                    client.Timeout = 10000;
                    client.DeliveryMethod = SmtpDeliveryMethod.Network;
                    client.UseDefaultCredentials = false;
                    client.Credentials = new System.Net.NetworkCredential("YOURSERVEREMAIL", "YOURSERVERPASSWORD"); //Email credentials



                    //Email information
                    MailMessage mm = new MailMessage("RANDOMEMAILHERE", Query["guid"], "SERVERNAME", "SERVERNAME");
                    mm.Body = "Your new password for SERVERNAME is: " + password + " hopefully you wont forget your password again.";
                    mm.BodyEncoding = UTF8Encoding.UTF8;
                    mm.DeliveryNotificationOptions = DeliveryNotificationOptions.OnFailure;


                    //Send the actual email
                    client.Send(mm);

                    //Logs the action
                    Console.ForegroundColor = ConsoleColor.Cyan;
                    Console.WriteLine("Reset Password Link sent to " + Query["guid"]);
                    Console.ForegroundColor = ConsoleColor.White;

                }
                else
                    using (StreamWriter wtr = new StreamWriter(Context.Response.OutputStream))
                        wtr.Write("<Error>Error.accountNotFound</Error>");
            }
        }
    }
}

I put some words with caps, that you'd have to change to make it work.

If you are using this, and removed encryption from passwords, you need to remove the SHA1 from this code.

Also make sure the email you are using, doesnt have any security because if it does, the email wont send.

Replace (DOT) with "."

Thanks Mike

**New** · 12-23-2016

Originally Posted by MikeRaarupBirk

"Forgot your password? We'll email it."

We'll email it? Like a new random one, or the actual password which is supposed to be hashed?

**einaras** · 12-23-2016

Originally Posted by PKTINOS

We'll email it? Like a new random one, or the actual password which is supposed to be hashed?

Originally Posted by MikeRaarupBirk

its random.

**New** · 12-23-2016

Originally Posted by einaras

its random.

Damn the pic attracted my attention. Should've read the entire thread.

**BurgerLoverMx** · 12-23-2016

Problem though, if someone just sends a password reset request for any email, and the owner doesn't know of it, then he gets his password reset even if he didn't want that.

**MikeRaarupBirk** · 12-23-2016

Originally Posted by BurgerLoverMx

Problem though, if someone just sends a password reset request for any email, and the owner doesn't know of it, then he gets his password reset even if he didn't want that.

just dont share email with anyone and ur fine

**ZeusAlmighty** · 12-24-2016

Originally Posted by MikeRaarupBirk

just dont share email with anyone and ur fine

Thats pretty true, considering people wont know what email you used unless you show them by accident. However if you made a time limiter like 24 hours or something, would be better as people might spam it.

Nice work though

**B3CLAWED** · 12-25-2016

Got a big error: prntscr(dot)com/dnwlu0 please help XD

**MikeRaarupBirk** · 12-26-2016

Originally Posted by B3CLAWED

Got a big error: prntscr(dot)com/dnwlu0 please help XD

Works fine for me, are you sure that the email u put into the code is non-secured? And filled all the "CAPS" words i wrote?

**Nikolai Belinski** · 12-26-2016

Originally Posted by gusitis00

With this i can get pretty much anyones password..?

there is already a tutorial for that....

- - - Updated - - -

Originally Posted by MikeRaarupBirk

So i was unable to get the one in fsod working, so i made a new one.

ForgotPassword.cs

Code:

#region

using db;
using System;
using System.Collections.Specialized;
using System(DOT)IO;
using System.Net;
using System.Net.Mail;
using System.Text;
using System.Web;

#endregion

namespace server.account
{
    internal class forgotPassword : RequestHandler
    {
        protected override void HandleRequest()
        {
            using (Database db = new Database())
            {

                //Generates a random password
                string password = Database.GenerateRandomString(10);

                //Changes the users password
                var cmd = db.CreateQuery();
                cmd.CommandText = "UPDATE accounts SET password=SHA1(@password) WHERE uuid=@email;";
                cmd.Parameters.AddWithValue("@password", password);
                cmd.Parameters.AddWithValue("@email", Query["guid"]);


                if (cmd.ExecuteNonQuery() == 1)
                {

                    //Makes the email sending function
                    SmtpClient client = new SmtpClient();
                    client.Port = 587;
                    client.Host = "smtp.gmail.com";
                    client.EnableSsl = true;
                    client.Timeout = 10000;
                    client.DeliveryMethod = SmtpDeliveryMethod.Network;
                    client.UseDefaultCredentials = false;
                    client.Credentials = new System.Net.NetworkCredential("YOURSERVEREMAIL", "YOURSERVERPASSWORD"); //Email credentials



                    //Email information
                    MailMessage mm = new MailMessage("RANDOMEMAILHERE", Query["guid"], "SERVERNAME", "SERVERNAME");
                    mm.Body = "Your new password for SERVERNAME is: " + password + " hopefully you wont forget your password again.";
                    mm.BodyEncoding = UTF8Encoding.UTF8;
                    mm.DeliveryNotificationOptions = DeliveryNotificationOptions.OnFailure;


                    //Send the actual email
                    client.Send(mm);

                    //Logs the action
                    Console.ForegroundColor = ConsoleColor.Cyan;
                    Console.WriteLine("Reset Password Link sent to " + Query["guid"]);
                    Console.ForegroundColor = ConsoleColor.White;

                }
                else
                    using (StreamWriter wtr = new StreamWriter(Context.Response.OutputStream))
                        wtr.Write("<Error>Error.accountNotFound</Error>");
            }
        }
    }
}

I put some words with caps, that you'd have to change to make it work.

If you are using this, and removed encryption from passwords, you need to remove the SHA1 from this code.

Also make sure the email you are using, doesnt have any security because if it does, the email wont send.

Replace (DOT) with "."

This fix is pretty neat. +1

**B3CLAWED** · 12-26-2016

Originally Posted by MikeRaarupBirk

Works fine for me, are you sure that the email u put into the code is non-secured? And filled all the "CAPS" words i wrote?

What do you mean by non-secured? Because I didn't put a phone number or backup email

Thread: [FSOD] Forgot Password

Thread Tools

Display

[FSOD] Forgot Password

The Following 4 Users Say Thank You to MikeRaarupBirk For This Useful Post:

The Following User Says Thank You to einaras For This Useful Post:

The Following User Says Thank You to BurgerLoverMx For This Useful Post:

The Following User Says Thank You to ZeusAlmighty For This Useful Post:

The Following User Says Thank You to Nikolai Belinski For This Useful Post:

Similar Threads

[Help Request] forgot password+email

[Help Request] forgot password plz help

forgot password

forgot password

Forgot password, and now?