protected override bool CheckPassword(string password, string dbpassword, MembershipPasswordFormat passwordFormat, TrackProtectMembershipProvider provider)
{
string pass1 = password;
string pass2 = dbpassword;
switch (passwordFormat)
{
case MembershipPasswordFormat.Encrypted:
pass2 = provider.UnEncodePassword(dbpassword);
break;
case MembershipPasswordFormat.Hashed:
pass2 = provider.EncodePassword(password);
break;
}
return (pass1 == pass2);
}
public override string ResetPassword(
string username,
string applicationname,
string answer,
string newPassword,
int passwordAttemptWindow,
bool requiresQuestionAndAnswer,
MembershipPasswordFormat passwordFormat,
int maxInvalidPasswordAttempts,
TrackProtectMembershipProvider provider)
{
int rowsAffected;
using (MySqlConnection conn = new MySqlConnection(GetConnectionString()))
{
using (MySqlCommand cmd = new MySqlCommand(QRY_GET_USER_CREDENTIALS, conn))
{
cmd.Parameters.Add("@username", MySqlDbType.VarChar, 50).Value = username;
cmd.Parameters.Add("@applicationname", MySqlDbType.VarChar, 100).Value = applicationname;
MySqlDataReader reader = null;
try
{
conn.Open();
reader = cmd.ExecuteReader(CommandBehavior.SingleRow);
string passwordAnswer;
if (reader.HasRows)
{
reader.Read();
if (reader.GetBoolean(1))
throw new MembershipPasswordException("The supplied user is locked out.");
passwordAnswer = reader.GetString(0);
}
else
{
throw new MembershipPasswordException("The supplied user name is not found.");
}
if (requiresQuestionAndAnswer && !CheckPassword(answer, passwordAnswer, passwordFormat, provider))
{
UpdateFailureCount(username, applicationname, "passwordAnswer", passwordAttemptWindow,
maxInvalidPasswordAttempts);
throw new MembershipPasswordException("Incorrect password answer");
}
}
catch (MySqlException ex)
{
if (WriteExceptionsToEventLog)
{
WriteToEventLog(ex, "ResetPassword");
throw new ProviderException(EXCEPTION_MESSAGE);
}
else
{
throw;
}
}
finally
{
if (reader != null)
reader.Close();
conn.Close();
}
}
using (MySqlCommand cmd = new MySqlCommand(QRY_UPDATE_USER_CREDENTIALS, conn))
{
cmd.Parameters.Add("@username", MySqlDbType.VarChar, 50).Value = username;
cmd.Parameters.Add("@applicationname", MySqlDbType.VarChar, 100).Value = applicationname;
cmd.Parameters.Add("@password", MySqlDbType.VarChar, 200).Value = newPassword;
try
{
conn.Open();
rowsAffected = cmd.ExecuteNonQuery();
}
catch (MySqlException ex)
{
if (WriteExceptionsToEventLog)
{
WriteToEventLog(ex, "ResetPassword");
throw new ProviderException(EXCEPTION_MESSAGE);
}
else
{
throw;
}
}
finally
{
conn.Close();
}
}
}
if (rowsAffected > 0)
return newPassword;
throw new MembershipPasswordException("User not found, or user is locked out. Password not reset.");
}
public abstract string ResetPassword(string username, string applicationname, string answer, string newPassword,
int passwordAttemptWindow, bool requiresQuestionAndAnswer,
MembershipPasswordFormat passwordFormat, int maxInvalidPasswordAttempts,
TrackProtectMembershipProvider provider);
protected abstract bool CheckPassword(string password, string dbpassword, MembershipPasswordFormat passwordFormat, TrackProtectMembershipProvider provider);
public string ResetPassword(
string username,
string applicationname,
string answer,
string newPassword,
int passwordAttemptWindow,
bool requiresQuestionAndAnswer,
MembershipPasswordFormat passwordFormat,
int maxInvalidPasswordAttempts,
TrackProtectMembershipProvider provider)
{
int rowsAffected = 0;
using (NpgsqlConnection conn = new NpgsqlConnection(GetConnectionString()))
{
string query = string.Format(
QRY_GET_USER_CREDENTIALS,
username,
applicationname);
using (NpgsqlCommand cmd = new NpgsqlCommand(query, conn))
{
string passwordAnswer = string.Empty;
NpgsqlDataReader reader = null;
try
{
conn.Open();
reader = cmd.ExecuteReader(CommandBehavior.SingleRow);
if (reader.HasRows)
{
reader.Read();
if (reader.GetBoolean(1))
throw new MembershipPasswordException("The supplied user is locked out.");
passwordAnswer = reader.GetString(0);
}
else
{
throw new MembershipPasswordException("The supplied user name is not found.");
}
if (requiresQuestionAndAnswer && !CheckPassword(answer, passwordAnswer, passwordFormat, provider))
{
UpdateFailureCount(username, applicationname, "passwordAnswer", passwordAttemptWindow, maxInvalidPasswordAttempts);
throw new MembershipPasswordException("Incorrect password answer");
}
query = string.Format(
QRY_UPDATE_USER_CREDENTIALS,
newPassword,
username,
applicationname);
using (NpgsqlCommand updateCmd = new NpgsqlCommand(QRY_UPDATE_USER_CREDENTIALS, conn))
{
rowsAffected = updateCmd.ExecuteNonQuery();
}
}
catch (NpgsqlException ex)
{
if (WriteExceptionsToEventLog)
{
WriteToEventLog(ex, "ResetPassword");
throw new ProviderException(EXCEPTION_MESSAGE);
}
else
{
throw ex;
}
}
finally
{
if (reader != null)
reader.Close();
conn.Close();
}
}
}
if (rowsAffected > 0)
return newPassword;
throw new MembershipPasswordException("User not found, or user is locked out. Password not reset.");
}
