Allow an unapproved user to change email address
Writing this with reference to the thread on asp.net forums. This post assumes you are using ASP.NET membership feature. Although the concept can be used if you have the same scenario.
Scenario:
You allow users to register on your website and send them an account activation link to the email address they provided while registration. So ideally you have user information (username,password,etc..) stored in your database but the account is not Approved. Once the user clicks the activiation link in the email that you sent them, the acount gets activated i.e.Approved.
Now what if accidently the email address the user entered is invalid due to some reason. As seen in the thread link, you forgot to validate the email address. So sending activation link will fail or say email will sent to wrong address. So now you have all user information in the database i.e. username/password etc but invalid email address.
So now how will you let the user change the email address? Before user can change the email address you would definitly want to validate the user but Membership.ValidateUser method will fail since the user is not approved yet.
How....?
Design a ChangeEmail.aspx with 3 Textboxes --- txtUserName, txtPassword and txtNewEmail and a Button --- btnChangeEmail.
Partial ChangeEmail.aspx :
<
body> <form id="form1" runat="server"> <div> <strong><span style="font-size: 24pt">Change Email:
<br /> </span></strong> <asp:Label ID="Label1" runat="server" Text="User Name"></asp:Label> <asp:TextBox ID="txtUsername" runat="server"></asp:TextBox><br /> <asp:Label ID="Label2" runat="server" Text="Password"></asp:Label> <asp:TextBox ID="txtPassword" runat="server"></asp:TextBox><br /> <asp:Label ID="Label3" runat="server" Text="New Email"></asp:Label> <asp:TextBox ID="txtNewEmail" runat="server"></asp:TextBox><br /> <asp:Button ID="btnChangeEmail" runat="server" Text="Button" OnClick="btnChangeEmail_Click" /> </div></form></
body>
ChangeEmail.aspx.cs :
protected void btnChangeEmail_Click(object sender, EventArgs e){
MembershipUser user = Membership.GetUser(txtUsername.Text); //Check if user does existif (user != null){
//Check if unapproved user wants to change the email if (user.IsApproved == false){
//Temporary approve that useruser.IsApproved = true;Membership.UpdateUser(user); //Verify the user before you change the email address if (Membership.ValidateUser(txtUsername.Text, txtPassword.Text))
{
Membership.UpdateUser(user); //Here you can write your code to send a new activation Link to the user To new Email addressuser.Email = txtNewEmail.Text;
}
//Undo the approve until user clicks the approval linkuser.IsApproved = false;Membership.UpdateUser(user);}
//If an approved user wants to change the email else{
if (Membership.ValidateUser(txtUsername.Text, txtPassword.Text)){
user.Email = txtNewEmail.Text;
Membership.UpdateUser(user);}
}
}
}
Some Points to Note:
- Take care of the Email Validation by using RegularExpression Validator Controls or something similar
- The ChangeEmail.aspx will now work for users who are approved as well as unapproved.
I know this post is not too organized ...but hope it serves the purpose.
Reference: