/// <summary>
/// Change Users password Question and Answer
/// </summary>
/// <param name="username">Username to change Q&A for</param>
/// <param name="password">Password</param>
/// <param name="newPasswordQuestion">New question</param>
/// <param name="newPasswordAnswer">New answer</param>
/// <returns> Boolean depending on whether the change was successful</returns>
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
// Check arguments for null values
if ((username == null) || (password == null) || (newPasswordQuestion == null) || (newPasswordAnswer == null))
{
throw new ArgumentException("Username, Password, Password Question or Password Answer cannot be null");
}
UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt);
newPasswordAnswer = YafMembershipProvider.EncodeString(newPasswordAnswer, currentPasswordInfo.PasswordFormat, currentPasswordInfo.PasswordSalt, this.UseSalt);
if (currentPasswordInfo != null && currentPasswordInfo.IsCorrectPassword(password))
{
try
{
DB.ChangePasswordQuestionAndAnswer(this.ApplicationName, username, newPasswordQuestion, newPasswordAnswer);
return(true);
}
catch
{
// will return false...
}
}
return(false); // Invalid password return false
}
/// <summary>
/// Reset a users password - *
/// </summary>
/// <param name="username">User to be found based by Name</param>
/// <param name="answer">Verifcation that it is them</param>
/// <returns>Username as string</returns>
public override string ResetPassword(string username, string answer)
{
string newPassword = string.Empty, newPasswordEnc = string.Empty, newPasswordSalt = string.Empty, newPasswordAnswer = string.Empty;
/// Check Password reset is enabled
if (!(this.EnablePasswordReset))
{
ExceptionReporter.ThrowNotSupported("MEMBERSHIP", "RESETNOTSUPPORTED");
}
// Check arguments for null values
if (username == null)
{
ExceptionReporter.ThrowArgument("MEMBERSHIP", "USERNAMEPASSWORDNULL");
}
// get an instance of the current password information class
UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt);
if (currentPasswordInfo != null)
{
if (UseSalt && String.IsNullOrEmpty(currentPasswordInfo.PasswordSalt))
{
// get a new password salt...
newPasswordSalt = YafMembershipProvider.GenerateSalt();
}
else
{
// use existing salt...
newPasswordSalt = currentPasswordInfo.PasswordSalt;
}
if (!String.IsNullOrEmpty(answer))
{
// verify answer is correct...
if (!currentPasswordInfo.IsCorrectAnswer(answer))
{
return(null);
}
}
// create a new password
newPassword = YafMembershipProvider.GeneratePassword(this.MinRequiredPasswordLength, this.MinRequiredNonAlphanumericCharacters);
// encode it...
newPasswordEnc = YafMembershipProvider.EncodeString(newPassword, ( int )this.PasswordFormat, newPasswordSalt, this.UseSalt);
// save to the database
DB.ResetPassword(this.ApplicationName, username, newPasswordEnc, newPasswordSalt, ( int )this.PasswordFormat, this.MaxInvalidPasswordAttempts, this.PasswordAttemptWindow);
// Return unencrypted password
return(newPassword);
}
return(null);
}
/// <summary>
/// Checks the password against the one provided for validity
/// </summary>
/// <param name="passwordToCheck">
/// </param>
/// <returns>
/// The is correct password.
/// </returns>
public bool IsCorrectPassword(string passwordToCheck)
{
return
(this.Password.Equals(
YafMembershipProvider.EncodeString(
passwordToCheck,
this.PasswordFormat,
this.PasswordSalt,
this.UseSalt,
this.HashHex,
this.hashCase,
this.hashRemoveChars,
this.msCompliant)));
}
/// <summary>
/// Change Users password
/// </summary>
/// <param name="username">Username to change password for</param>
/// <param name="oldpassword">Password</param>
/// <param name="newPassword">New question</param>
/// <returns> Boolean depending on whether the change was successful</returns>
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
string newPasswordSalt = string.Empty;
string newEncPassword = string.Empty;
// Clean input
// Check password meets requirements as set by Configuration settings
if (!(this.IsPasswordCompliant(newPassword)))
{
return(false);
}
UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt);
// validate the correct user information was found...
if (currentPasswordInfo == null)
{
return(false);
}
// validate the correct user password was entered...
if (!currentPasswordInfo.IsCorrectPassword(oldPassword))
{
return(false);
}
// generate a salt if desired...
if (UseSalt)
{
newPasswordSalt = YafMembershipProvider.GenerateSalt();
}
// encode new password
newEncPassword = YafMembershipProvider.EncodeString(newPassword, ( int )this.PasswordFormat, newPasswordSalt, this.UseSalt);
// Call SQL Password to Change
DB.ChangePassword(this.ApplicationName, username, newEncPassword, newPasswordSalt, ( int )this.PasswordFormat, currentPasswordInfo.PasswordAnswer);
// Return True
return(true);
}
/// <summary>
/// Create user and add to provider
/// </summary>
/// <param name="username">Username</param>
/// <param name="password">Password</param>
/// <param name="email">Email Address</param>
/// <param name="passwordQuestion">Password Question</param>
/// <param name="passwordAnswer">Password Answer - used for password retrievals.</param>
/// <param name="isApproved">Is the User approved?</param>
/// <param name="providerUserKey">Provider User Key to identify the User</param>
/// <param name="status">Out - MembershipCreateStatus object containing status of the Create User process</param>
/// <returns> Boolean depending on whether the deletion was successful</returns>
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
{
// ValidatePasswordEventArgs e = new ValidatePasswordEventArgs( username, password, true );
// OnValidatingPassword( e );
//
//if ( e.Cancel )
//{
// status = MembershipCreateStatus.InvalidPassword;
// return null;
//}
string salt = string.Empty, pass = string.Empty;
// Check password meets requirements as set out in the web.config
if (!(this.IsPasswordCompliant(password)))
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
// Check password Question and Answer requirements.
if (this.RequiresQuestionAndAnswer)
{
if (String.IsNullOrEmpty(passwordQuestion))
{
status = MembershipCreateStatus.InvalidQuestion;
return(null);
}
if (String.IsNullOrEmpty(passwordAnswer))
{
status = MembershipCreateStatus.InvalidAnswer;
return(null);
}
}
// Check provider User Key
if (!(providerUserKey == null))
{
// IS not a duplicate key
if (!(this.GetUser(providerUserKey, false) == null))
{
status = MembershipCreateStatus.DuplicateProviderUserKey;
return(null);
}
}
// Check for unique email
if (this.RequiresUniqueEmail)
{
if (!(String.IsNullOrEmpty(this.GetUserNameByEmail(email))))
{
status = MembershipCreateStatus.DuplicateEmail; // Email exists
return(null);
}
}
// Check for unique user name
if (!(this.GetUser(username, false) == null))
{
status = MembershipCreateStatus.DuplicateUserName; // Username exists
return(null);
}
if (UseSalt)
{
salt = YafMembershipProvider.GenerateSalt();
}
pass = YafMembershipProvider.EncodeString(password, ( int )this.PasswordFormat, salt, this.UseSalt);
// Encode Password Answer
string encodedPasswordAnswer = YafMembershipProvider.EncodeString(passwordAnswer, ( int )this.PasswordFormat, salt, this.UseSalt);
// Process database user creation request
DB.CreateUser(this.ApplicationName, username, pass, salt, ( int )this.PasswordFormat, email, passwordQuestion, encodedPasswordAnswer, isApproved, providerUserKey);
status = MembershipCreateStatus.Success;
return(this.GetUser(username, false));
}
