public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
var oldPasswordCorrect = false;
var success = false;
using (var conn = this.CreateConnection())
{
if (conn.HasConnection)
{
using (var cmd = conn.CreateTextCommand(string.Format("SELECT password FROM {0}Users WHERE BlogID = {1}blogid AND userName = {1}name", this.tablePrefix, this.parmPrefix)))
{
// Check Old Password
cmd.Parameters.Add(conn.CreateParameter(FormatParamName("blogid"), Blog.CurrentInstance.Id.ToString()));
cmd.Parameters.Add(conn.CreateParameter(FormatParamName("name"), username));
using (var rdr = cmd.ExecuteReader())
{
if (rdr.Read())
{
var actualPassword = rdr.GetString(0);
if (actualPassword == string.Empty)
{
// This is a special case used for resetting.
if (oldPassword.ToLower() == "admin")
{
oldPasswordCorrect = true;
}
}
else
{
if (this.passwordFormat == MembershipPasswordFormat.Hashed)
{
if (actualPassword == Utils.HashPassword(oldPassword))
{
oldPasswordCorrect = true;
}
}
else if (actualPassword == oldPassword)
{
oldPasswordCorrect = true;
}
}
}
}
// Update New Password
if (oldPasswordCorrect)
{
cmd.CommandText = string.Format("UPDATE {0}Users SET password = {1}pwd WHERE BlogID = {1}blogid AND userName = {1}name", this.tablePrefix, this.parmPrefix);
cmd.Parameters.Add(conn.CreateParameter(FormatParamName("pwd"), (this.passwordFormat == MembershipPasswordFormat.Hashed ? Utils.HashPassword(newPassword) : newPassword)));
cmd.ExecuteNonQuery();
success = true;
}
}
}
}
return success;
}