diff --git a/WebGoat/AddNewUser.aspx.cs b/WebGoat/AddNewUser.aspx.cs index 419da841..70a8cd1c 100644 --- a/WebGoat/AddNewUser.aspx.cs +++ b/WebGoat/AddNewUser.aspx.cs @@ -12,89 +12,81 @@ namespace OWASP.WebGoat.NET { - public partial class AddNewUser : System.Web.UI.Page - { - const string passwordQuestion = "What is your favorite color"; + public partial class AddNewUser : System.Web.UI.Page + { + const string passwordQuestion = "What is your favorite color?"; - protected void Page_Load(object sender, EventArgs e) - { - if (!Page.IsPostBack) - SecurityQuestion.Text = passwordQuestion; - } + protected void Page_Load(object sender, EventArgs e) + { + if (!Page.IsPostBack) + SecurityQuestion.Text = passwordQuestion; + } - protected void CreateAccountButton_Click(object sender, EventArgs e) - { - MembershipCreateStatus createStatus; - - MembershipUser newUser = - Membership.CreateUser(Username.Text, Password.Text, - Email.Text, passwordQuestion, - SecurityAnswer.Text, true, - out createStatus); - - if(newUser == null) - Console.WriteLine("New User is null!"); - - switch (createStatus) - { - case MembershipCreateStatus.Success: - CreateAccountResults.Text = "The user account was successfully created!"; - break; - - case MembershipCreateStatus.DuplicateUserName: - CreateAccountResults.Text = "There already exists a user with this username."; - break; - - case MembershipCreateStatus.DuplicateEmail: - CreateAccountResults.Text = "There already exists a user with this email address."; - break; - - case MembershipCreateStatus.InvalidEmail: - CreateAccountResults.Text = "There email address you provided in invalid."; - break; - - case MembershipCreateStatus.InvalidAnswer: - CreateAccountResults.Text = "There security answer was invalid."; - break; - - case MembershipCreateStatus.InvalidPassword: - CreateAccountResults.Text = "The password you provided is invalid. It must be seven characters long and have at least one non-alphanumeric character."; - break; - - default: - CreateAccountResults.Text = "There was an unknown error; the user account was NOT created."; - break; - } - } + protected void CreateAccountButton_Click(object sender, EventArgs e) + { + MembershipCreateStatus createStatus; - protected void RegisterUser_CreatingUser(object sender, LoginCancelEventArgs e) - { - /* - string trimmedUserName = RegisterUser.UserName.Trim(); - if (RegisterUser.UserName.Length != trimmedUserName.Length) - { - // Show the error message - InvalidUserNameOrPasswordMessage.Text = "The username cannot contain leading or trailing spaces."; - InvalidUserNameOrPasswordMessage.Visible = true; - - // Cancel the create user workflow - e.Cancel = true; - } - else - { - // Username is valid, make sure that the password does not contain the username - if (RegisterUser.Password.IndexOf(RegisterUser.UserName, StringComparison.OrdinalIgnoreCase) >= 0) - { - // Show the error message - InvalidUserNameOrPasswordMessage.Text = "The username may not appear anywhere in the password."; - InvalidUserNameOrPasswordMessage.Visible = true; - - // Cancel the create user workflow - e.Cancel = true; - } - } - */ - } - } -} + MembershipUser newUser = + Membership.CreateUser(Username.Text, Password.Text, + Email.Text, passwordQuestion, + SecurityAnswer.Text, true, + out createStatus); + + if (newUser == null) + Console.WriteLine("New User is null!"); + + switch (createStatus) + { + case MembershipCreateStatus.Success: + CreateAccountResults.Text = "The user account was successfully created!"; + break; + + case MembershipCreateStatus.DuplicateUserName: + CreateAccountResults.Text = "There already exists a user with this username."; + break; + + case MembershipCreateStatus.DuplicateEmail: + CreateAccountResults.Text = "There already exists a user with this email address."; + break; + case MembershipCreateStatus.InvalidEmail: + CreateAccountResults.Text = "The email address you provided is invalid."; + break; + + case MembershipCreateStatus.InvalidAnswer: + CreateAccountResults.Text = "The security answer was invalid."; + break; + + case MembershipCreateStatus.InvalidPassword: + CreateAccountResults.Text = "The password you provided is invalid. It must be seven characters long and have at least one non-alphanumeric character."; + break; + + default: + CreateAccountResults.Text = "There was an unknown error; the user account was NOT created."; + break; + } + } + + protected void RegisterUser_CreatingUser(object sender, LoginCancelEventArgs e) + { + /* + string trimmedUserName = RegisterUser.UserName.Trim(); + if (RegisterUser.UserName.Length != trimmedUserName.Length) + { + InvalidUserNameOrPasswordMessage.Text = "The username cannot contain leading or trailing spaces."; + InvalidUserNameOrPasswordMessage.Visible = true; + e.Cancel = true; + } + else + { + if (RegisterUser.Password.IndexOf(RegisterUser.UserName, StringComparison.OrdinalIgnoreCase) >= 0) + { + InvalidUserNameOrPasswordMessage.Text = "The username may not appear anywhere in the password."; + InvalidUserNameOrPasswordMessage.Visible = true; + e.Cancel = true; + } + } + */ + } + } +}