public override bool ValidateUser(string username, string password)
{
var validated = false;
using (var conn = this.CreateConnection())
{
if (conn.HasConnection)
{
using (var cmd = conn.CreateTextCommand(string.Format("SELECT password FROM {0}Users WHERE BlogID = {1}blogid AND UserName = {1}name", this.tablePrefix, this.parmPrefix)))
{
cmd.Parameters.Add(conn.CreateParameter(FormatParamName("blogid"), Blog.CurrentInstance.Id.ToString()));
cmd.Parameters.Add(conn.CreateParameter(FormatParamName("name"), username));
using (var rdr = cmd.ExecuteReader())
{
if (rdr.Read())
{
var storedPwd = rdr.GetString(0);
if (storedPwd == string.Empty)
{
// This is a special case used for resetting.
if (password.ToLower() == "admin")
{
validated = true;
}
}
else
{
if (this.passwordFormat == MembershipPasswordFormat.Hashed)
{
if (storedPwd == Utils.HashPassword(password))
{
validated = true;
}
}
else if (storedPwd == password)
{
validated = true;
}
}
}
}
}
}
}
return validated;
}