public override bool ChangePassword (string username, string oldPwd, string newPwd)
{
if (username != null) username = username.Trim ();
if (oldPwd != null) oldPwd = oldPwd.Trim ();
if (newPwd != null) newPwd = newPwd.Trim ();
CheckParam ("username", username, 256);
CheckParam ("oldPwd", oldPwd, 128);
CheckParam ("newPwd", newPwd, 128);
if (!CheckPassword (newPwd))
throw new ArgumentException (string.Format (
"New Password invalid. New Password length minimum: {0}. Non-alphanumeric characters required: {1}.",
MinRequiredPasswordLength,
MinRequiredNonAlphanumericCharacters));
using (DbConnection connection = CreateConnection ()) {
PasswordInfo pi = ValidateUsingPassword (username, oldPwd);
if (pi != null) {
EmitValidatingPassword (username, newPwd, false);
string db_password = EncodePassword (newPwd, pi.PasswordFormat, pi.PasswordSalt);
DbCommand command = factory.CreateCommand ();
command.Connection = connection;
command.CommandText = @"aspnet_Membership_SetPassword";
command.CommandType = CommandType.StoredProcedure;
AddParameter (command, "@ApplicationName", ApplicationName);
AddParameter (command, "@UserName", username);
AddParameter (command, "@NewPassword", db_password);
AddParameter (command, "@PasswordFormat", (int) pi.PasswordFormat);
AddParameter (command, "@PasswordSalt", pi.PasswordSalt);
AddParameter (command, "@CurrentTimeUtc", DateTime.UtcNow);
DbParameter returnValue = AddParameter (command, "@ReturnVal", ParameterDirection.ReturnValue, DbType.Int32, null);
command.ExecuteNonQuery ();
if (GetReturnValue (returnValue) != 0)
return false;
return true;
}
return false;
}
}