Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...PasswordResetToken != ResetToken when Resetting passwordsPasswordResetToken != ResetToken when Resetting passwords
Previous
 
Next
New Post
10/1/2015 4:25 PM
 

Dear all, 

We've been having problems resetting the passwords of users. After debugging I have concluded that the PasswordResetToken is not the same with the ResetToken. The ResetToken which is supplied by email to the user seems to be valid i.e. resetToken=fa407e7d-3cb5-4b1a-9162-e3a639468040

However, the PasswordResetToken seems to be 00000000-0000-0000-0000-000000000000, therefore, it fails to work when requested by the function: UserController.ChangePasswordByToken(PortalSettings.PortalId, username, txtPassword.Text, ResetToken) inside PasswordReset.ascx.cs.

Any ideas how to fix this? This question is related to my previous one. 

This is how I get the information:

                Guid resetTokenGuid = new Guid(ResetToken);

                var user = UserController.GetUserByName(1, username);

                string sPasswordResetToken = Convert.ToString(user.PasswordResetToken);

Thanks, 

Nectarios

 

 
New Post
10/5/2015 8:58 AM
 
please check that the values are being returned correctly i.e. check "select * from vw_users"

Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
10/6/2015 2:39 PM
 

Cathal, 

thanks for the reply. All the values in the PasswordResetToken and PasswordResetExpiration of the tabel vw_users are null. 

After I requested a password reset, I received the email. Then I checked the vw_users for the user who requested the reset but the values were still null. The LastModifiedOnDate field however contains the correct datetime of the password reset request. Any ideas how to have this fixed?

Thanks

 
New Post
10/7/2015 7:23 AM
 

ok, so we know the values are generated (as there wouldn't be guid's in the mail) -however if they're not returned via vw_users that means they're not stored (you can check the users table to verify this) - if the PasswordResetToken and PasswordResetExpiration fields are null then the issue is that , and the problem is that vw_users is not returning them for some reason - at a guess I'd say that your Updateuser stored procedure is out of date (perhaps you ran some 3rd party scripts such as turbosql) and it's meant that the parameters are not handled - please check your UpdateUser and make sure it contains the columns (highlighted below)

CREATE PROCEDURE dbo.[UpdateUser]
 @UserID         int,
 @PortalID  int,
 @FirstName  nvarchar(50),
 @LastName  nvarchar(50),
 @IsSuperUser    bit,
 @Email          nvarchar(256),
 @DisplayName    nvarchar(100),
 @VanityUrl  nvarchar(100),
 @UpdatePassword bit,
 @Authorised  bit,
 @RefreshRoles bit,
 @LastIPAddress nvarchar(50),
 @passwordResetToken uniqueidentifier,
 @passwordResetExpiration datetime,

 @IsDeleted  bit,
 @LastModifiedByUserID int,
 @HmacAppId nvarchar(256),
 @HmacAppSecret nvarchar(256)
AS
 UPDATE dbo.Users
  SET
   FirstName = @FirstName,
   LastName = @LastName,
   IsSuperUser = @IsSuperUser,
   Email = @Email,
   DisplayName = @DisplayName,
   UpdatePassword = @UpdatePassword,
   [email protected],
   
[email protected],
   LastIPAddress = @LastIPAddress,
   LastModifiedByUserID = @LastModifiedByUserID,
   LastModifiedOnDate = getdate(),
   [email protected],
   [email protected]
  WHERE  UserId = @UserID
 
 IF @PortalID IS NULL
  BEGIN
   UPDATE dbo.Users
    SET
     IsDeleted = @IsDeleted
    WHERE  UserId = @UserID
  END
 ELSE
  BEGIN
   UPDATE dbo.UserPortals
    SET
     Authorised = @Authorised,
     RefreshRoles = @RefreshRoles,
     VanityUrl = @VanityUrl,
     IsDeleted = @IsDeleted
    WHERE  UserId = @UserID
     AND PortalId = @PortalID
  END


Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
10/7/2015 9:11 AM
 

Cathal, 

when I run the 'ALTER' statement based on the above code to update the UpdateUser sp (which seems to be outdated) I get an error:

Msg 207, Level 16, State 1, Procedure UpdateUser, Line 34

Invalid column name 'HmacAppId'.

Msg 207, Level 16, State 1, Procedure UpdateUser, Line 35

Invalid column name 'HmacAppSecret'.

I created HmacAppId and HmacAppSecret as NVARCHAR(256) in the Users table and then tried to request a password reset. I got the following error and also I couldn't login into the portal:

AbsoluteURL:/Default.aspx

DefaultDataProvider:DotNetNuke.Data.SqlDataProvider, DotNetNuke.SqlDataProvider

ExceptionGUID:76ddf4c1-0491-4a42-b253-ae1cf29a726c

AssemblyVersion:7.4.1

PortalId:1

UserId:-1

TabId:756

RawUrl:/Home/tabid/756/ctl/SendPassword/Default.aspx?returnurl=%252f&popUp=true

Referrer:http://xyz.co.uk/Home/tabid/756/ctl/SendPassword/Default.aspx?returnurl=%252f&popUp=true

UserAgent:Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36

ExceptionHash:sYHJNZEw6ROuwZIAiImdlQ==

Message:Procedure or function 'UpdateUser' expects parameter '@VanityUrl', which was not supplied.

StackTrace:


 

InnerMessage:Procedure or function 'UpdateUser' expects parameter '@VanityUrl', which was not supplied.

InnerStackTrace:

   at System.Data.SqlClient.SqlConnection. (SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
   at System.Data.SqlClient.SqlInternalConnection. (SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
   at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
   at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
   at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean asyncWrite)
   at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource`1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean asyncWrite)
   at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
   at Microsoft.ApplicationBlocks.Data.SqlHelper.ExecuteNonQuery(SqlConnection connection, CommandType commandType, String commandText, SqlParameter[] commandParameters)
   at Microsoft.ApplicationBlocks.Data.SqlHelper.ExecuteNonQuery(String connectionString, CommandType commandType, String commandText, SqlParameter[] commandParameters)
   at Microsoft.ApplicationBlocks.Data.SqlHelper.ExecuteNonQuery(String connectionString, String spName, Object[] parameterValues)
   at DotNetNuke.Security.Membership.Data.SqlDataProvider.UpdateUser(Int32 userId, Int32 portalID, String firstName, String lastName, Boolean isSuperUser, String email, String displayName, Boolean updatePassword, Boolean isApproved, Boolean refreshRoles, String lastIpAddress, Boolean isDeleted, Int32 lastModifiedByUserID)
   at DotNetNuke.Security.Membership.AspNetMembershipProvider.UpdateUser(UserInfo user)
   at DotNetNuke.Entities.Users.UserController.UpdateUser(Int32 portalId, UserInfo user, Boolean loggedAction, Boolean clearCache)
   at DotNetNuke.Entities.Users.UserController.ResetPasswordToken(UserInfo user, Boolean sendEmail)
   at DotNetNuke.Modules.Admin.Security.SendPassword.OnSendPasswordClick(Object sender, EventArgs e)
   at System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e)
   at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument)
   at System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
   at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
   at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

 

Source:

FileName:

FileLineNumber:0

FileColumnNumber:0

Method:

Server Name: id19903

 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...PasswordResetToken != ResetToken when Resetting passwordsPasswordResetToken != ResetToken when Resetting passwords


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.

Content Layout

Subscribe to DNN Digest

DNN Digest is our monthly email newsletter. It highlights news and content from around the DNN ecosystem, such as new modules and themes, messages from leadership, blog posts and notable tweets. Keep your finger on the pulse of the ecosystem by subscribing.  


Copyright 2017 by DNN Corp Terms of Use Privacy
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out