Database Storage with the ASP.NET Web Matrix: Update Page - Calling the Function

(Page 3 of 4 )

You now need a sub to call the function, so switch back to Design view and double-click the Update button element.  We will use the same code to blank any message text at the beginning of the sub to reset any error messages that the user may have already received when viewing the page. Add the following code to the sub:

lblUsernameError.Text = ""
lblPasswordLengthError.Text = ""
lblNewPasswordError.Text = ""

If you remember the Registration page we created a couple of examples ago, you’ll know that the password a user chooses is written to the database table in an MD5 encrypted format, so we will also need to build that capability into this page.  The code in this is exactly the same as it was in the Registration page:

Dim hashMethod as string
    hashMethod = "MD5"
    Dim encryptPassword as string
    encryptPassword = FormsAuthentication.HashPasswordForStoringInConfigFile
(txtNewPassword.Text, hashMethod)

All we need now is an If statement to either display an error message, or execute the data operation if the username exists and the new password meets the predefined criteria.  These criteria are essentially the same as the ones in the Registration page; namely that the two password fields must match, and that the new password should be more than seven characters long:

If txtNewPassword.Text.Length < 7 then
      lblPasswordLengthError.Text = "* Your password is not
secure, please ensure it is 7 characters or more"
Else if txtNewPassword.Text <> txtVerifyNewPassword.Text Then
      lblNewPasswordError.Text = "* Verify password must match
password"
Else if updateUserPass(txtUsername.Text, encryptPassword) = 0
Then
      lblUsernameError.Text = "* Your username does not appear to
exist"
Else
      updateUserPass(txtUsername.Text, encryptPassword)
End If

That is all we need.  Save the file in the private folder of the site’s directory structure; as with the previous example page, we will insist that only authenticated visitors can access the page.  To test the page properly, you may find it useful to register two different usernames with the same password so that they show up in your database table with the same MD5 hash.  This way, you will know for sure when you update the password of one of the usernames, because it will no longer exactly match the hash of the other username.

Next: Taking Care of Security >>
 

More ASP.NET Articles
More By Dan Wellman

Comments On: Database Storage with the ASP.NET Web Matrix: Update Page

· Hi all,Welcome to the fourth and penultimate article in the Web Matrix series. ...   >>> Post your comment now!