PageRenderTime 102ms CodeModel.GetById 23ms RepoModel.GetById 1ms app.codeStats 0ms

/BlogEngine/DotNetSlave.BusinessLogic/Providers/DbMembershipProvider.cs

#
C# | 829 lines | 516 code | 99 blank | 214 comment | 66 complexity | eb7e5b12ae0e1c364389d58228e709d5 MD5 | raw file
Possible License(s): LGPL-2.1, Apache-2.0, BSD-3-Clause
  1. namespace BlogEngine.Core.Providers
  2. {
  3. using System;
  4. using System.Collections.Specialized;
  5. using System.Configuration;
  6. using System.Configuration.Provider;
  7. using System.Data;
  8. using System.Data.Common;
  9. using System.Web.Security;
  10. /// <summary>
  11. /// Generic Db Membership Provider
  12. /// </summary>
  13. public class DbMembershipProvider : MembershipProvider
  14. {
  15. #region Constants and Fields
  16. /// <summary>
  17. /// The application name.
  18. /// </summary>
  19. private string applicationName;
  20. /// <summary>
  21. /// The conn string name.
  22. /// </summary>
  23. private string connStringName;
  24. /// <summary>
  25. /// The parm prefix.
  26. /// </summary>
  27. private string parmPrefix;
  28. /// <summary>
  29. /// The password format.
  30. /// </summary>
  31. private MembershipPasswordFormat passwordFormat;
  32. /// <summary>
  33. /// The table prefix.
  34. /// </summary>
  35. private string tablePrefix;
  36. #endregion
  37. #region Properties
  38. /// <summary>
  39. /// Returns the application name as set in the web.config
  40. /// otherwise returns BlogEngine. Set will throw an error.
  41. /// </summary>
  42. public override string ApplicationName
  43. {
  44. get
  45. {
  46. return this.applicationName;
  47. }
  48. set
  49. {
  50. throw new NotSupportedException();
  51. }
  52. }
  53. /// <summary>
  54. /// Hardcoded to false
  55. /// </summary>
  56. public override bool EnablePasswordReset
  57. {
  58. get
  59. {
  60. return false;
  61. }
  62. }
  63. /// <summary>
  64. /// Can password be retrieved via email?
  65. /// </summary>
  66. public override bool EnablePasswordRetrieval
  67. {
  68. get
  69. {
  70. return false;
  71. }
  72. }
  73. /// <summary>
  74. /// Hardcoded to 5
  75. /// </summary>
  76. public override int MaxInvalidPasswordAttempts
  77. {
  78. get
  79. {
  80. return 5;
  81. }
  82. }
  83. /// <summary>
  84. /// Hardcoded to 0
  85. /// </summary>
  86. public override int MinRequiredNonAlphanumericCharacters
  87. {
  88. get
  89. {
  90. return 0;
  91. }
  92. }
  93. /// <summary>
  94. /// Hardcoded to 4
  95. /// </summary>
  96. public override int MinRequiredPasswordLength
  97. {
  98. get
  99. {
  100. return 4;
  101. }
  102. }
  103. /// <summary>
  104. /// Not implemented
  105. /// </summary>
  106. public override int PasswordAttemptWindow
  107. {
  108. get
  109. {
  110. throw new NotImplementedException();
  111. }
  112. }
  113. /// <summary>
  114. /// Password format (Clear or Hashed)
  115. /// </summary>
  116. public override MembershipPasswordFormat PasswordFormat
  117. {
  118. get
  119. {
  120. return this.passwordFormat;
  121. }
  122. }
  123. /// <summary>
  124. /// Not Implemented
  125. /// </summary>
  126. public override string PasswordStrengthRegularExpression
  127. {
  128. get
  129. {
  130. throw new NotImplementedException();
  131. }
  132. }
  133. /// <summary>
  134. /// Hardcoded to false
  135. /// </summary>
  136. public override bool RequiresQuestionAndAnswer
  137. {
  138. get
  139. {
  140. return false;
  141. }
  142. }
  143. /// <summary>
  144. /// Hardcoded to false
  145. /// </summary>
  146. public override bool RequiresUniqueEmail
  147. {
  148. get
  149. {
  150. return false;
  151. }
  152. }
  153. #endregion
  154. #region Public Methods
  155. /// <summary>
  156. /// Change the password if the old password matches what is stored
  157. /// </summary>
  158. /// <param name="username">The user to update the password for.</param>
  159. /// <param name="oldPassword">The current password for the specified user.</param>
  160. /// <param name="newPassword">The new password for the specified user.</param>
  161. /// <returns>The change password.</returns>
  162. public override bool ChangePassword(string username, string oldPassword, string newPassword)
  163. {
  164. var oldPasswordCorrect = false;
  165. var success = false;
  166. using (var conn = this.CreateConnection())
  167. {
  168. if (conn.HasConnection)
  169. {
  170. using (var cmd = conn.CreateTextCommand(string.Format("SELECT password FROM {0}Users WHERE BlogID = {1}blogid AND userName = {1}name", this.tablePrefix, this.parmPrefix)))
  171. {
  172. // Check Old Password
  173. cmd.Parameters.Add(conn.CreateParameter(FormatParamName("blogid"), Blog.CurrentInstance.Id.ToString()));
  174. cmd.Parameters.Add(conn.CreateParameter(FormatParamName("name"), username));
  175. using (var rdr = cmd.ExecuteReader())
  176. {
  177. if (rdr.Read())
  178. {
  179. var actualPassword = rdr.GetString(0);
  180. if (actualPassword == string.Empty)
  181. {
  182. // This is a special case used for resetting.
  183. if (oldPassword.ToLower() == "admin")
  184. {
  185. oldPasswordCorrect = true;
  186. }
  187. }
  188. else
  189. {
  190. if (this.passwordFormat == MembershipPasswordFormat.Hashed)
  191. {
  192. if (actualPassword == Utils.HashPassword(oldPassword))
  193. {
  194. oldPasswordCorrect = true;
  195. }
  196. }
  197. else if (actualPassword == oldPassword)
  198. {
  199. oldPasswordCorrect = true;
  200. }
  201. }
  202. }
  203. }
  204. // Update New Password
  205. if (oldPasswordCorrect)
  206. {
  207. cmd.CommandText = string.Format("UPDATE {0}Users SET password = {1}pwd WHERE BlogID = {1}blogid AND userName = {1}name", this.tablePrefix, this.parmPrefix);
  208. cmd.Parameters.Add(conn.CreateParameter(FormatParamName("pwd"), (this.passwordFormat == MembershipPasswordFormat.Hashed ? Utils.HashPassword(newPassword) : newPassword)));
  209. cmd.ExecuteNonQuery();
  210. success = true;
  211. }
  212. }
  213. }
  214. }
  215. return success;
  216. }
  217. /// <summary>
  218. /// Not implemented
  219. /// </summary>
  220. /// <param name="username">The user to change the password question and answer for.</param>
  221. /// <param name="password">The password for the specified user.</param>
  222. /// <param name="newPasswordQuestion">The new password question for the specified user.</param>
  223. /// <param name="newPasswordAnswer">The new password answer for the specified user.</param>
  224. /// <returns>The change password question and answer.</returns>
  225. public override bool ChangePasswordQuestionAndAnswer(
  226. string username, string password, string newPasswordQuestion, string newPasswordAnswer)
  227. {
  228. throw new NotImplementedException();
  229. }
  230. /// <summary>
  231. /// Add new user to database
  232. /// </summary>
  233. /// <param name="username">The user name for the new user.</param>
  234. /// <param name="password">The password for the new user.</param>
  235. /// <param name="email">The e-mail address for the new user.</param>
  236. /// <param name="passwordQuestion">The password question for the new user.</param>
  237. /// <param name="passwordAnswer">The password answer for the new user</param>
  238. /// <param name="approved">Whether or not the new user is approved to be validated.</param>
  239. /// <param name="providerUserKey">The unique identifier from the membership data source for the user.</param>
  240. /// <param name="status">A <see cref="T:System.Web.Security.MembershipCreateStatus"/> enumeration value indicating whether the user was created successfully.</param>
  241. /// <returns>
  242. /// A <see cref="T:System.Web.Security.MembershipUser"/> object populated with the information for the newly created user.
  243. /// </returns>
  244. public override MembershipUser CreateUser(
  245. string username,
  246. string password,
  247. string email,
  248. string passwordQuestion,
  249. string passwordAnswer,
  250. bool approved,
  251. object providerUserKey,
  252. out MembershipCreateStatus status)
  253. {
  254. using (var conn = this.CreateConnection())
  255. {
  256. if (conn.HasConnection)
  257. {
  258. var sqlQuery = string.Format("INSERT INTO {0}Users (blogId, userName, password, emailAddress, lastLoginTime) VALUES ({1}blogid, {1}name, {1}pwd, {1}email, {1}login)", this.tablePrefix, this.parmPrefix);
  259. using (var cmd = conn.CreateTextCommand(sqlQuery))
  260. {
  261. var parms = cmd.Parameters;
  262. parms.Add(conn.CreateParameter(FormatParamName("blogid"), Blog.CurrentInstance.Id.ToString()));
  263. parms.Add(conn.CreateParameter(FormatParamName("name"), username));
  264. parms.Add(conn.CreateParameter(FormatParamName("pwd"), (this.passwordFormat == MembershipPasswordFormat.Hashed ? Utils.HashPassword(password) : password)));
  265. parms.Add(conn.CreateParameter(FormatParamName("email"), email));
  266. parms.Add(conn.CreateParameter(FormatParamName("login"), DateTime.Now));
  267. cmd.ExecuteNonQuery();
  268. }
  269. }
  270. }
  271. MembershipUser user = this.GetMembershipUser(username, email, DateTime.Now);
  272. status = MembershipCreateStatus.Success;
  273. return user;
  274. }
  275. /// <summary>
  276. /// Delete user from database
  277. /// </summary>
  278. /// <param name="username">The name of the user to delete.</param>
  279. /// <param name="deleteAllRelatedData">true to delete data related to the user from the database; false to leave data related to the user in the database.</param>
  280. /// <returns>The delete user.</returns>
  281. public override bool DeleteUser(string username, bool deleteAllRelatedData)
  282. {
  283. bool success = false;
  284. using (var conn = this.CreateConnection())
  285. {
  286. if (conn.HasConnection)
  287. {
  288. using (var cmd = conn.CreateTextCommand(string.Format("DELETE FROM {0}Users WHERE blogId = {1}blogid AND userName = {1}name", this.tablePrefix, this.parmPrefix)))
  289. {
  290. cmd.Parameters.Add(conn.CreateParameter(FormatParamName("blogid"), Blog.CurrentInstance.Id.ToString()));
  291. cmd.Parameters.Add(conn.CreateParameter(FormatParamName("name"), username));
  292. try
  293. {
  294. cmd.ExecuteNonQuery();
  295. success = true;
  296. }
  297. catch (Exception ex)
  298. {
  299. success = false;
  300. throw;
  301. }
  302. }
  303. }
  304. }
  305. return success;
  306. }
  307. /// <summary>
  308. /// Not implemented
  309. /// </summary>
  310. /// <param name="emailToMatch">The e-mail address to search for.</param>
  311. /// <param name="pageIndex">The index of the page of results to return. <paramref name="pageIndex"/> is zero-based.</param>
  312. /// <param name="pageSize">The size of the page of results to return.</param>
  313. /// <param name="totalRecords">The total number of matched users.</param>
  314. /// <returns>
  315. /// A <see cref="T:System.Web.Security.MembershipUserCollection"/> collection that contains a page of <paramref name="pageSize"/><see cref="T:System.Web.Security.MembershipUser"/> objects beginning at the page specified by <paramref name="pageIndex"/>.
  316. /// </returns>
  317. public override MembershipUserCollection FindUsersByEmail(
  318. string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
  319. {
  320. throw new NotImplementedException();
  321. }
  322. /// <summary>
  323. /// Not implemented
  324. /// </summary>
  325. /// <param name="usernameToMatch">The user name to search for.</param>
  326. /// <param name="pageIndex">The index of the page of results to return. <paramref name="pageIndex"/> is zero-based.</param>
  327. /// <param name="pageSize">The size of the page of results to return.</param>
  328. /// <param name="totalRecords">The total number of matched users.</param>
  329. /// <returns>
  330. /// A <see cref="T:System.Web.Security.MembershipUserCollection"/> collection that contains a page of <paramref name="pageSize"/><see cref="T:System.Web.Security.MembershipUser"/> objects beginning at the page specified by <paramref name="pageIndex"/>.
  331. /// </returns>
  332. public override MembershipUserCollection FindUsersByName(
  333. string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
  334. {
  335. throw new NotImplementedException();
  336. }
  337. /// <summary>
  338. /// Return all users in MembershipUserCollection
  339. /// </summary>
  340. /// <param name="pageIndex">The index of the page of results to return. <paramref name="pageIndex"/> is zero-based.</param>
  341. /// <param name="pageSize">The size of the page of results to return.</param>
  342. /// <param name="totalRecords">The total number of matched users.</param>
  343. /// <returns>
  344. /// A <see cref="T:System.Web.Security.MembershipUserCollection"/> collection that contains a page of <paramref name="pageSize"/><see cref="T:System.Web.Security.MembershipUser"/> objects beginning at the page specified by <paramref name="pageIndex"/>.
  345. /// </returns>
  346. public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
  347. {
  348. var users = new MembershipUserCollection();
  349. using (var conn = this.CreateConnection())
  350. {
  351. if (conn.HasConnection)
  352. {
  353. using (var cmd = conn.CreateTextCommand(string.Format("SELECT username, EmailAddress, lastLoginTime FROM {0}Users WHERE BlogID = {1}blogid ", this.tablePrefix, this.parmPrefix)))
  354. {
  355. cmd.Parameters.Add(conn.CreateParameter(FormatParamName("blogid"), Blog.CurrentInstance.Id.ToString()));
  356. using (var rdr = cmd.ExecuteReader())
  357. {
  358. while (rdr.Read())
  359. {
  360. users.Add(this.GetMembershipUser(rdr.GetString(0), rdr.GetString(1), rdr.GetDateTime(2)));
  361. }
  362. }
  363. }
  364. }
  365. }
  366. totalRecords = users.Count;
  367. return users;
  368. }
  369. /// <summary>
  370. /// Not implemented
  371. /// </summary>
  372. /// <returns>
  373. /// The get number of users online.
  374. /// </returns>
  375. public override int GetNumberOfUsersOnline()
  376. {
  377. throw new NotImplementedException();
  378. }
  379. /// <summary>
  380. /// Not implemented
  381. /// </summary>
  382. /// <param name="username">The user to retrieve the password for.</param>
  383. /// <param name="answer">The password answer for the user.</param>
  384. /// <returns>The get password.</returns>
  385. public override string GetPassword(string username, string answer)
  386. {
  387. throw new NotImplementedException();
  388. }
  389. /// <summary>
  390. /// Gets user information from the data source based on the unique identifier for the membership user. Provides an option to update the last-activity date/time stamp for the user.
  391. /// </summary>
  392. /// <param name="providerUserKey">The unique identifier for the membership user to get information for.</param>
  393. /// <param name="userIsOnline">true to update the last-activity date/time stamp for the user; false to return user information without updating the last-activity date/time stamp for the user.</param>
  394. /// <returns>
  395. /// A <see cref="T:System.Web.Security.MembershipUser"/> object populated with the specified user's information from the data source.
  396. /// </returns>
  397. public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
  398. {
  399. return this.GetUser(providerUserKey.ToString(), userIsOnline);
  400. }
  401. /// <summary>
  402. /// Gets information from the data source for a user. Provides an option to update the last-activity date/time stamp for the user.
  403. /// </summary>
  404. /// <param name="username">The name of the user to get information for.</param>
  405. /// <param name="userIsOnline">true to update the last-activity date/time stamp for the user; false to return user information without updating the last-activity date/time stamp for the user.</param>
  406. /// <returns>
  407. /// A <see cref="T:System.Web.Security.MembershipUser"/> object populated with the specified user's information from the data source.
  408. /// </returns>
  409. public override MembershipUser GetUser(string username, bool userIsOnline)
  410. {
  411. MembershipUser user = null;
  412. using (var conn = this.CreateConnection())
  413. {
  414. if (conn.HasConnection)
  415. {
  416. using (var cmd = conn.CreateTextCommand(string.Format("SELECT username, EmailAddress, lastLoginTime FROM {0}Users WHERE BlogID = {1}blogid AND UserName = {1}name", this.tablePrefix, this.parmPrefix)))
  417. {
  418. cmd.Parameters.Add(conn.CreateParameter(FormatParamName("blogid"), Blog.CurrentInstance.Id.ToString()));
  419. cmd.Parameters.Add(conn.CreateParameter(FormatParamName("name"), username));
  420. using (var rdr = cmd.ExecuteReader())
  421. {
  422. if (rdr.Read())
  423. {
  424. user = this.GetMembershipUser(username, rdr.GetString(1), rdr.GetDateTime(2));
  425. }
  426. }
  427. }
  428. }
  429. }
  430. return user;
  431. }
  432. /// <summary>
  433. /// Gets the user name associated with the specified e-mail address.
  434. /// </summary>
  435. /// <param name="email">The e-mail address to search for.</param>
  436. /// <returns>
  437. /// The user name associated with the specified e-mail address. If no match is found, return null.
  438. /// </returns>
  439. public override string GetUserNameByEmail(string email)
  440. {
  441. if (email == null)
  442. {
  443. throw new ArgumentNullException("email");
  444. }
  445. string userName = null;
  446. using (var conn = this.CreateConnection())
  447. {
  448. if (conn.HasConnection)
  449. {
  450. using (var cmd = conn.CreateTextCommand(string.Format("SELECT userName FROM {0}Users WHERE BlogID = {1}blogid AND emailAddress = {1}email", this.tablePrefix, this.parmPrefix)))
  451. {
  452. cmd.Parameters.Add(conn.CreateParameter(FormatParamName("blogid"), Blog.CurrentInstance.Id.ToString()));
  453. cmd.Parameters.Add(conn.CreateParameter(FormatParamName("email"), email));
  454. using (var rdr = cmd.ExecuteReader())
  455. {
  456. if (rdr.Read())
  457. {
  458. userName = rdr.GetString(0);
  459. }
  460. }
  461. }
  462. }
  463. }
  464. return userName;
  465. }
  466. /// <summary>
  467. /// Initializes the provider
  468. /// </summary>
  469. /// <param name="name">
  470. /// Configuration name
  471. /// </param>
  472. /// <param name="config">
  473. /// Configuration settings
  474. /// </param>
  475. public override void Initialize(string name, NameValueCollection config)
  476. {
  477. if (config == null)
  478. {
  479. throw new ArgumentNullException("config");
  480. }
  481. if (string.IsNullOrEmpty(name))
  482. {
  483. name = "DbMembershipProvider";
  484. }
  485. if (Utils.IsMono)
  486. {
  487. // Mono dies with a "Unrecognized attribute: description" if a description is part of the config.
  488. if (!string.IsNullOrEmpty(config["description"]))
  489. {
  490. config.Remove("description");
  491. }
  492. }
  493. else
  494. {
  495. if (string.IsNullOrEmpty(config["description"]))
  496. {
  497. config.Remove("description");
  498. config.Add("description", "Generic Database Membership Provider");
  499. }
  500. }
  501. base.Initialize(name, config);
  502. // Connection String
  503. if (config["connectionStringName"] == null)
  504. {
  505. config["connectionStringName"] = "BlogEngine";
  506. }
  507. this.connStringName = config["connectionStringName"];
  508. config.Remove("connectionStringName");
  509. // Table Prefix
  510. if (config["tablePrefix"] == null)
  511. {
  512. config["tablePrefix"] = "be_";
  513. }
  514. this.tablePrefix = config["tablePrefix"];
  515. config.Remove("tablePrefix");
  516. // Parameter character
  517. if (config["parmPrefix"] == null)
  518. {
  519. config["parmPrefix"] = "@";
  520. }
  521. this.parmPrefix = config["parmPrefix"];
  522. config.Remove("parmPrefix");
  523. // Application Name
  524. if (config["applicationName"] == null)
  525. {
  526. config["applicationName"] = "BlogEngine";
  527. }
  528. this.applicationName = config["applicationName"];
  529. config.Remove("applicationName");
  530. // Password Format
  531. if (config["passwordFormat"] == null)
  532. {
  533. config["passwordFormat"] = "Hashed";
  534. this.passwordFormat = MembershipPasswordFormat.Hashed;
  535. }
  536. else if (string.Compare(config["passwordFormat"], "clear", true) == 0)
  537. {
  538. this.passwordFormat = MembershipPasswordFormat.Clear;
  539. }
  540. else
  541. {
  542. this.passwordFormat = MembershipPasswordFormat.Hashed;
  543. }
  544. config.Remove("passwordFormat");
  545. // Throw an exception if unrecognized attributes remain
  546. if (config.Count > 0)
  547. {
  548. var attr = config.GetKey(0);
  549. if (!string.IsNullOrEmpty(attr))
  550. {
  551. throw new ProviderException(string.Format("Unrecognized attribute: {0}", attr));
  552. }
  553. }
  554. }
  555. /// <summary>
  556. /// Resets a user's password to a new, automatically generated password.
  557. /// </summary>
  558. /// <param name="username">The user to reset the password for.</param>
  559. /// <param name="answer">The password answer for the specified user.</param>
  560. /// <returns>The new password for the specified user.</returns>
  561. public override string ResetPassword(string username, string answer)
  562. {
  563. if (string.IsNullOrEmpty(username))
  564. {
  565. return string.Empty;
  566. }
  567. var oldPassword = string.Empty;
  568. var randomPassword = Utils.RandomPassword();
  569. using (var conn = this.CreateConnection())
  570. {
  571. if (conn.HasConnection)
  572. {
  573. using (var cmd = conn.CreateTextCommand(string.Format("SELECT password FROM {0}Users WHERE BlogID = {1}blogid AND userName = {1}name", this.tablePrefix, this.parmPrefix)))
  574. {
  575. // Check Old Password
  576. cmd.Parameters.Add(conn.CreateParameter(FormatParamName("blogid"), Blog.CurrentInstance.Id.ToString()));
  577. cmd.Parameters.Add(conn.CreateParameter(FormatParamName("name"), username));
  578. using (var rdr = cmd.ExecuteReader())
  579. {
  580. if (rdr.Read())
  581. {
  582. oldPassword = rdr.GetString(0);
  583. }
  584. }
  585. // Update Password
  586. if (!string.IsNullOrEmpty(oldPassword))
  587. {
  588. cmd.CommandText = string.Format("UPDATE {0}Users SET password = {1}pwd WHERE BlogID = {1}blogid AND userName = {1}name", this.tablePrefix, this.parmPrefix);
  589. cmd.Parameters.Add(conn.CreateParameter(FormatParamName("pwd"), (this.passwordFormat == MembershipPasswordFormat.Hashed ? Utils.HashPassword(randomPassword) : randomPassword)));
  590. cmd.ExecuteNonQuery();
  591. return randomPassword;
  592. }
  593. }
  594. }
  595. }
  596. return string.Empty;
  597. }
  598. /// <summary>
  599. /// Not implemented
  600. /// </summary>
  601. /// <param name="userName">The membership user whose lock status you want to clear.</param>
  602. /// <returns>The unlock user.</returns>
  603. public override bool UnlockUser(string userName)
  604. {
  605. throw new NotImplementedException();
  606. }
  607. /// <summary>
  608. /// Update User Data (not password)
  609. /// </summary>
  610. /// <param name="user">A <see cref="T:System.Web.Security.MembershipUser"/> object that represents the user to update and the updated information for the user.</param>
  611. public override void UpdateUser(MembershipUser user)
  612. {
  613. using (var conn = this.CreateConnection())
  614. {
  615. if (conn.HasConnection)
  616. {
  617. using (var cmd = conn.CreateTextCommand(string.Format("UPDATE {0}Users SET emailAddress = {1}email WHERE BlogId = {1}blogId AND userName = {1}name", this.tablePrefix, this.parmPrefix)))
  618. {
  619. var parms = cmd.Parameters;
  620. parms.Add(conn.CreateParameter(FormatParamName("blogid"), Blog.CurrentInstance.Id.ToString()));
  621. parms.Add(conn.CreateParameter(FormatParamName("name"), user.UserName));
  622. parms.Add(conn.CreateParameter(FormatParamName("email"), user.Email));
  623. cmd.ExecuteNonQuery();
  624. }
  625. }
  626. }
  627. }
  628. /// <summary>
  629. /// Check username and password
  630. /// </summary>
  631. /// <param name="username">The name of the user to validate.</param>
  632. /// <param name="password">The password for the specified user.</param>
  633. /// <returns>The validate user.</returns>
  634. public override bool ValidateUser(string username, string password)
  635. {
  636. var validated = false;
  637. using (var conn = this.CreateConnection())
  638. {
  639. if (conn.HasConnection)
  640. {
  641. using (var cmd = conn.CreateTextCommand(string.Format("SELECT password FROM {0}Users WHERE BlogID = {1}blogid AND UserName = {1}name", this.tablePrefix, this.parmPrefix)))
  642. {
  643. cmd.Parameters.Add(conn.CreateParameter(FormatParamName("blogid"), Blog.CurrentInstance.Id.ToString()));
  644. cmd.Parameters.Add(conn.CreateParameter(FormatParamName("name"), username));
  645. using (var rdr = cmd.ExecuteReader())
  646. {
  647. if (rdr.Read())
  648. {
  649. var storedPwd = rdr.GetString(0);
  650. if (storedPwd == string.Empty)
  651. {
  652. // This is a special case used for resetting.
  653. if (password.ToLower() == "admin")
  654. {
  655. validated = true;
  656. }
  657. }
  658. else
  659. {
  660. if (this.passwordFormat == MembershipPasswordFormat.Hashed)
  661. {
  662. if (storedPwd == Utils.HashPassword(password))
  663. {
  664. validated = true;
  665. }
  666. }
  667. else if (storedPwd == password)
  668. {
  669. validated = true;
  670. }
  671. }
  672. }
  673. }
  674. }
  675. }
  676. }
  677. return validated;
  678. }
  679. #endregion
  680. #region Methods
  681. private DbConnectionHelper CreateConnection()
  682. {
  683. var settings = ConfigurationManager.ConnectionStrings[this.connStringName];
  684. return new DbConnectionHelper(settings);
  685. }
  686. /// <summary>
  687. /// Returns a formatted parameter name to include this DbBlogProvider instance's paramPrefix.
  688. /// </summary>
  689. /// <param name="parameterName"></param>
  690. /// <returns></returns>
  691. private string FormatParamName(string parameterName)
  692. {
  693. return string.Format("{0}{1}", this.parmPrefix, parameterName);
  694. }
  695. /// <summary>
  696. /// Gets membership user.
  697. /// </summary>
  698. /// <param name="userName">
  699. /// The user name.
  700. /// </param>
  701. /// <param name="email">
  702. /// The email.
  703. /// </param>
  704. /// <param name="lastLogin">
  705. /// The last login.
  706. /// </param>
  707. /// <returns>
  708. /// A MembershipUser.
  709. /// </returns>
  710. private MembershipUser GetMembershipUser(string userName, string email, DateTime lastLogin)
  711. {
  712. var user = new MembershipUser(
  713. this.Name, // Provider name
  714. userName, // Username
  715. userName, // providerUserKey
  716. email, // Email
  717. string.Empty, // passwordQuestion
  718. string.Empty, // Comment
  719. true, // approved
  720. false, // isLockedOut
  721. DateTime.Now, // creationDate
  722. lastLogin, // lastLoginDate
  723. DateTime.Now, // lastActivityDate
  724. DateTime.Now, // lastPasswordChangedDate
  725. new DateTime(1980, 1, 1)); // lastLockoutDate
  726. return user;
  727. }
  728. #endregion
  729. }
  730. }