PasswordInfo ValidateUsingPassword (string username, string password)
{
MembershipUser user = GetUser (username, true);
if (user == null)
return null;
if (!user.IsApproved || user.IsLockedOut)
return null;
PasswordInfo pi = GetPasswordInfo (username);
if (pi == null)
return null;
/* do the actual validation */
string user_password = EncodePassword (password, pi.PasswordFormat, pi.PasswordSalt);
if (user_password != pi.Password) {
UpdateUserInfo (username, pi, false, false);
return null;
}
return pi;
}