I'm trying to create a Forgot password page, that verify the user's username, email, security question and answer, before sending them to the new password page. The code below is the onClick that redirect user to the new password page.
protected void SubmitButton_Click(object sender, EventArgs e)
{
string email = Email.Text;
string user = UserName.Text;
string question = Question.Text;
string answer = Answer.Text;
string strCon = ConfigurationManager.ConnectionStrings["WebConfigConString"].ConnectionString;
SqlConnection con = new SqlConnection(strCon);
con.Open();
string strCheck = "SELECT * FROM ACCOUNT WHERE ID = @id AND EMAIL = @email AND SECURITYQUESTION = @question AND SECURITYANSWER = @answer";
SqlCommand cmdCheck = new SqlCommand(strCheck, con);
cmdCheck.Parameters.AddWithValue("@id", user);
cmdCheck.Parameters.AddWithValue("@question", question);
cmdCheck.Parameters.AddWithValue("@email", email);
cmdCheck.Parameters.AddWithValue("@answer", answer);
SqlDataReader dtrCheck = cmdCheck.ExecuteReader();
if (dtrCheck.HasRows)
{
Response.Redirect("newPassword.aspx?id=" user);
}
else
{
ErrorMsg.Text = "Invalid username or email / question and answer does not match!";
}
}
And this code below is the form segment of the aspx page for newPassword.
<form runat="server">
<div >
<asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password">
Password:</asp:Label>
<asp:TextBox ID="Password" runat="server" TextMode="Password"></asp:TextBox>
<asp:RequiredFieldValidator ID="PasswordRequired" runat="server" ControlToValidate="Password"
ErrorMessage="Password is required." ForeColor="Red">*</asp:RequiredFieldValidator>
</div>
<div >
<asp:Label ID="ConfirmPasswordLabel" runat="server" AssociatedControlID="ConfirmPassword">
Confirm Password:</asp:Label>
<asp:TextBox ID="ConfirmPassword" runat="server" TextMode="Password"></asp:TextBox>
<asp:RequiredFieldValidator ID="ConfirmPasswordRequired" runat="server" ControlToValidate="ConfirmPassword"
ErrorMessage="Confirm Password is required." ForeColor="Red">*</asp:RequiredFieldValidator>
<asp:CompareValidator ID="PasswordCompare" runat="server" ControlToCompare="Password"
ControlToValidate="ConfirmPassword" ErrorMessage="The Password and Confirmation Password must match." ForeColor="Red">*</asp:CompareValidator>
</div>
<asp:ValidationSummary ID="ValidationSummary1" runat="server" ForeColor="Red" />
<asp:Button ID="SubmitButton" runat="server" Text="Confirm" OnClick="SubmitButton_Click"/>
</form>
And this is the codebehind onclick function for newPassword:
protected void SubmitButton_Click(object sender, EventArgs e)
{
string id = Request.QueryString["id"];
string password = Password.Text;
string strCon = ConfigurationManager.ConnectionStrings["WebConfigConString"].ConnectionString;
using (SqlConnection con = new SqlConnection(strCon))
{
con.Open();
string strChange = "UPDATE ACCOUNT SET PASSWORD = @password WHERE ID = @id";
SqlCommand cmdChange = new SqlCommand(strChange, con);
cmdChange.Parameters.AddWithValue("@id", id);
cmdChange.Parameters.AddWithValue("@password", password);
cmdChange.ExecuteNonQuery();
con.Close();
Response.Redirect("login.aspx?msg=Password updated successfully!");
}
}
However, whenever I click submit after filling out the new password, it freeze for a long time then display this error :
System.ComponentModel.Win32Exception: The wait operation timed out error
CodePudding user response:
Apparently, I forgot to close the connection before redirecting the user to the newPassword.aspx, simply add a con.Close() before redirecting worked for me.