/// <summary>
/// Change Users password Question and Answer
/// </summary>
/// <param name="username">Username to change Q&A for</param>
/// <param name="password">Password</param>
/// <param name="newPasswordQuestion">New question</param>
/// <param name="newPasswordAnswer">New answer</param>
/// <returns> Boolean depending on whether the change was successful</returns>
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
// Check arguments for null values
if ((username == null) || (password == null) || (newPasswordQuestion == null) || (newPasswordAnswer == null))
{
throw new ArgumentException("Username, Password, Password Question or Password Answer cannot be null");
}
UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt);
newPasswordAnswer = YafMembershipProvider.EncodeString(newPasswordAnswer, currentPasswordInfo.PasswordFormat, currentPasswordInfo.PasswordSalt, this.UseSalt);
if (currentPasswordInfo != null && currentPasswordInfo.IsCorrectPassword(password))
{
try
{
DB.ChangePasswordQuestionAndAnswer(this.ApplicationName, username, newPasswordQuestion, newPasswordAnswer);
return(true);
}
catch
{
// will return false...
}
}
return(false); // Invalid password return false
}
/// <summary>
/// Validates a user by user name / password
/// </summary>
/// <param name="userName">Username</param>
/// <param name="userName">Password</param>
/// /// <returns>True/False whether username/password match what is on database.</returns>
public override bool ValidateUser(string username, string password)
{
UserPasswordInfo currentUser = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt);
if (currentUser != null && currentUser.IsApproved)
{
return(currentUser.IsCorrectPassword(password));
}
return(false);
}
/// <summary>
/// Reset a users password - *
/// </summary>
/// <param name="username">User to be found based by Name</param>
/// <param name="answer">Verifcation that it is them</param>
/// <returns>Username as string</returns>
public override string ResetPassword(string username, string answer)
{
string newPassword = string.Empty, newPasswordEnc = string.Empty, newPasswordSalt = string.Empty, newPasswordAnswer = string.Empty;
/// Check Password reset is enabled
if (!(this.EnablePasswordReset))
{
ExceptionReporter.ThrowNotSupported("MEMBERSHIP", "RESETNOTSUPPORTED");
}
// Check arguments for null values
if (username == null)
{
ExceptionReporter.ThrowArgument("MEMBERSHIP", "USERNAMEPASSWORDNULL");
}
// get an instance of the current password information class
UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt);
if (currentPasswordInfo != null)
{
if (UseSalt && String.IsNullOrEmpty(currentPasswordInfo.PasswordSalt))
{
// get a new password salt...
newPasswordSalt = YafMembershipProvider.GenerateSalt();
}
else
{
// use existing salt...
newPasswordSalt = currentPasswordInfo.PasswordSalt;
}
if (!String.IsNullOrEmpty(answer))
{
// verify answer is correct...
if (!currentPasswordInfo.IsCorrectAnswer(answer))
{
return(null);
}
}
// create a new password
newPassword = YafMembershipProvider.GeneratePassword(this.MinRequiredPasswordLength, this.MinRequiredNonAlphanumericCharacters);
// encode it...
newPasswordEnc = YafMembershipProvider.EncodeString(newPassword, ( int )this.PasswordFormat, newPasswordSalt, this.UseSalt);
// save to the database
DB.ResetPassword(this.ApplicationName, username, newPasswordEnc, newPasswordSalt, ( int )this.PasswordFormat, this.MaxInvalidPasswordAttempts, this.PasswordAttemptWindow);
// Return unencrypted password
return(newPassword);
}
return(null);
}
/// <summary>
/// Change Users password
/// </summary>
/// <param name="username">Username to change password for</param>
/// <param name="oldpassword">Password</param>
/// <param name="newPassword">New question</param>
/// <returns> Boolean depending on whether the change was successful</returns>
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
string newPasswordSalt = string.Empty;
string newEncPassword = string.Empty;
// Clean input
// Check password meets requirements as set by Configuration settings
if (!(this.IsPasswordCompliant(newPassword)))
{
return(false);
}
UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt);
// validate the correct user information was found...
if (currentPasswordInfo == null)
{
return(false);
}
// validate the correct user password was entered...
if (!currentPasswordInfo.IsCorrectPassword(oldPassword))
{
return(false);
}
// generate a salt if desired...
if (UseSalt)
{
newPasswordSalt = YafMembershipProvider.GenerateSalt();
}
// encode new password
newEncPassword = YafMembershipProvider.EncodeString(newPassword, ( int )this.PasswordFormat, newPasswordSalt, this.UseSalt);
// Call SQL Password to Change
DB.ChangePassword(this.ApplicationName, username, newEncPassword, newPasswordSalt, ( int )this.PasswordFormat, currentPasswordInfo.PasswordAnswer);
// Return True
return(true);
}
/// <summary>
/// Retrieves the Users password (if EnablePasswordRetrieval is true)
/// </summary>
/// <param name="username">Username to retrieve password for</param>
/// <param name="answer">Answer to the Users Membership Question</param>
/// <param name="newPasswordQuestion">New question</param>
/// <param name="newPasswordAnswer">New answer</param>
/// <returns> Password unencrypted</returns>
public override string GetPassword(string username, string answer)
{
if (!this.EnablePasswordRetrieval)
{
ExceptionReporter.ThrowNotSupported("MEMBERSHIP", "PASSWORDRETRIEVALNOTSUPPORTED");
}
// Check for null arguments
if ((username == null) || (answer == null))
{
ExceptionReporter.ThrowArgument("MEMBERSHIP", "USERNAMEPASSWORDNULL");
}
UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt);
if (currentPasswordInfo != null && currentPasswordInfo.IsCorrectAnswer(answer))
{
return(YafMembershipProvider.DecodeString(currentPasswordInfo.Password, currentPasswordInfo.PasswordFormat));
}
return(null);
}
