public string UpdateUnivDepartment(string DeptNo, string DeptName, string DeptDescription)
{
//Return Msg
string resMsg = "修改成功!";
// admin check
if (getUserStatusNo() != "1")
{
resMsg = "修改失敗,權限錯誤!";
}
else
{
string sqlStr = "UPDATE [dbo].[Department] " +
"SET [DeptName] = N'" + DeptName + "', " +
"[DeptDescription] = N'" + DeptDescription + "', " +
"[ModifyTime] = " + DBC.ChangeTimeZone() + ", " +
"[ModifyUser] = " + SqlVal2(Request.Cookies["account"]) +
"WHERE [DeptNo] = '" + DeptNo + "'";
var check = _DB_Execute(sqlStr);
//修改是否成功
if (check != 1)
{
resMsg = "修改失敗,若持續發生此問題,請與我們聯繫。";
}
}
//Return Msg
return(resMsg);
}
/// <summary>
/// 更新
/// </summary>
/// <param name="Model"></param>
/// <returns></returns>
public bool UpdateNews(NewsModel Model)
{
string sqlStr = string.Format(
@"UPDATE [dbo].[News] " +
"SET [NewsTypeNo] = {0}, " +
"[NewsTitle] = {1}, " +
"[NewsContent] = {2}, " +
"[ModifyTime] = {3}, " +
"[ModifyUser] = {4} " +
"WHERE [NewsNo] = {5}",
SqlVal2(Model.NewsTypeNo),
SqlVal2(Model.NewsTitle),
SqlVal2(Model.NewsContent.Replace("\n", "<br>")),
DBC.ChangeTimeZone(),
SqlVal2(Request.Cookies["account"]),
SqlVal2(Model.NewsNo));
var check = _DB_Execute(sqlStr);
//修改是否成功
if (check == 1)
{
//成功
return(true);
}
else
{
//失敗
return(false);
}
}
/// <summary>
/// 修改科系
/// </summary>
/// <param name="DeptNo"></param>
/// <param name="DeptName"></param>
/// <param name="DeptDescription"></param>
/// <returns></returns>
public string UpdateUnivDepartment(string DeptNo, string DeptName, string DeptDescription)
{
// admin check
if (getUserStatusNo() != "1")
{
return(null);
}
string resMsg = "";
string sqlStr = "UPDATE [dbo].[Department] " +
"SET [DeptName] = N'" + DeptName + "', " +
"[DeptDescription] = N'" + DeptDescription + "', " +
"[ModifyTime] = " + DBC.ChangeTimeZone() + ", " +
"[ModifyUser] = " + SqlVal2(Request.Cookies["account"]) +
"WHERE [DeptNo] = '" + DeptNo + "'";
var check = _DB_Execute(sqlStr);
//修改是否成功
if (check == 1)
{
resMsg = "success";
}
else
{
resMsg = "fail";
}
return(resMsg);
}
public string NewFeedBack(string TypeNo, string Title, string Content)
{
string resMsg = "";
if (TypeNo == null)
{
resMsg = "回饋類型不可為空!!";
}
else if (Title == null || Title.Length > 50)
{
resMsg = "未輸入標題或長度超出限制!!";
}
// 長度限制
else if (Content != null && Content.Length > 200)
{
resMsg = "回饋內容超出長度限制!!";
}
else
{
//SQL Insert
var sqlStr = string.Format(
@"INSERT INTO [dbo].[FeedBack](" +
"[FeedbackTypeNo]," +
"[FeedbackUser]," +
"[FeedbackTitle]," +
"[FeedbackContent]," +
"[CreateTime]" +
")VALUES(" +
"{0}," +
"{1}," +
"{2}," +
"{3}," +
"{4}",
SqlVal2(TypeNo),
SqlVal2(Request.Cookies["account"]),
SqlVal2(Title),
SqlVal2(Content),
DBC.ChangeTimeZone() + ")"
);
var check = _DB_Execute(sqlStr);
//新增是否成功
if (check == 1)
{
resMsg = "success";
}
else
{
resMsg = "fail";
}
}
return(resMsg);
}
/// <summary>
/// 更新點擊次數
/// </summary>
/// <param name="NewsNo"></param>
/// <returns></returns>
private bool UpdateNewsHits(string NewsNo)
{
if (Request.Cookies["account"] == null)
{
return(true);
}
//NewsTable
string updateSqlStr = string.Format(
@"UPDATE [dbo].[News] " +
"SET [NewsHits] = [NewsHits] + 1 " +
"WHERE [NewsNo] = " + SqlVal2(NewsNo));
var check = _DB_Execute(updateSqlStr);
if (check != 1)
{
return(false);
}
//NewsHits
string sql = string.Format(
@"INSERT INTO [dbo].[NewsHits] (
[NewsNo],
[Account],
[CreateTime])
VALUES({0}, {1}, {2})",
SqlVal2(NewsNo),
SqlVal2(Request.Cookies["account"]),
DBC.ChangeTimeZone()
);
check = _DB_Execute(sql);
if (check != 1)
{
return(false);
}
return(true);
}
public bool UpdateGrad(string year, string countryDeptNo, string graduationNumber)
{
// admin check
if (getUserStatusNo() != "1")
{
return(false);
}
int gradNumInt;
if (!int.TryParse(graduationNumber, out gradNumInt) || gradNumInt < 0)
{
return(false);
}
var sqlStr = string.Format("UPDATE [dbo].[Graduation] " +
"SET [GraduationNumber] = {0} " +
",[ModifyTime] = {1} " +
",[CreateUser] = {2} " +
"WHERE " +
"CountryDeptNo={3} AND GraduationYear={4}",
SqlVal2(graduationNumber),
DBC.ChangeTimeZone(),
SqlVal2(Request.Cookies["account"]),
SqlVal2(countryDeptNo),
SqlVal2(year));
var check = _DB_Execute(sqlStr);
//是否成功
if (check == 1)
{
return(true);
}
else
{
return(false);
}
}
/// <summary>
/// 新增國家科系
/// </summary>
/// <param name="CountryNo"></param>
/// <param name="DeptNo"></param>
/// <returns></returns>
private bool InsertCountryDept(string CountryNo, string DeptNo)
{
//檢查是否有重複的了
if (CheckInsertCountryDept(CountryNo, DeptNo))
{
return(false);
}
else
{
// 新增國家與科系的關聯
var sqlStr = string.Format("INSERT INTO [dbo].[CountryDepartment] (" +
"[CountryNo], " +
"[DeptNo], " +
"[CreateTime], " +
"[ModifyTime], " +
"[CreateUser] " +
") " +
"VALUES " +
"({0}, " +
" {1}, " +
" {2}, " +
" {3}, " +
" {4})",
CountryNo, DeptNo, DBC.ChangeTimeZone(), DBC.ChangeTimeZone(), SqlVal2(Request.Cookies["account"]));
var check = _DB_Execute(sqlStr);
//新增是否成功
if (check == 1)
{
return(true);
}
else
{
return(false);
}
}
}
public ActionResult NewNews(NewsModel Model)
{
string resMsg = "";
string checkMsg = "";
// 長度限制
if (string.IsNullOrEmpty(Model.NewsTitle) ||
string.IsNullOrEmpty(Model.NewsContent) ||
Model.NewsContent.Length > 200 ||
Model.NewsTitle.Length > 50)
{
resMsg = "標題或內容不符合長度限制!! 標題與內容不可為空,且標題要在50字內,內容不可超過200字";
checkMsg = "false";
}
else
{
checkMsg = "true";
//SQL Insert
var sqlStr = string.Format(
@"INSERT INTO [dbo].[News](" +
"[NewsTypeNo]," +
"[NewsTitle]," +
"[NewsContent]," +
"[NewsHits]," +
"[CreateTime]," +
"[ModifyTime]," +
"[NewsStart]," +
"[NewsEnd]," +
"[CreateUser]" +
")VALUES(" +
"{0}," +
"{1}," +
"{2}," +
"{3}," +
"{4}," +
"{5}," +
"{6}," +
"{7}," +
"{8})",
SqlVal2(Model.NewsTypeNo),
SqlVal2(Model.NewsTitle),
SqlVal2(Model.NewsContent.Replace("\n", "<br>")),
0,
DBC.ChangeTimeZone(),
DBC.ChangeTimeZone(),
SqlVal2(Model.NewsStart),
SqlVal2(Model.NewsEnd),
SqlVal2(Request.Cookies["account"])
);
var check = _DB_Execute(sqlStr);
//新增是否成功
if (check == 1)
{
resMsg = "新增成功";
//return View("NewNews", "Success!!");
}
else
{
resMsg = "Failed";
}
}
//return View("NewNews", "Fail :(");
ViewData["result"] = resMsg;
ViewData["NewsTypes"] = NewsTypes;
ViewData["checkMsg"] = checkMsg;
TempData["Message"] = resMsg;
if (checkMsg == "false" || resMsg == "Failed")
{
return(View(Model));
}
/*else
* {
* //return RedirectToAction("ShowNews");
* return View(Model);
* }
*/
return(View(Model));
}
/// <summary>
/// 撈DB最新消息
/// </summary>
/// <param name="NewsNo"></param>
/// <param name="GetCount"></param>
/// <returns></returns>
private DataTable GetNews(string NewsNo, string GetCount = "")
{
//若取得數量不為空
if (!string.IsNullOrEmpty(GetCount))
{
GetCount = string.Format("TOP({0})", GetCount);
}
//若取得NewsNo不為空
if (!string.IsNullOrEmpty(NewsNo))
{
var sqlStr = string.Format("" +
"SELECT NewsNo, [dbo].[News].NewsTypeNo, TypeName, NewsTitle, NewsContent, NewsHits, Convert(varchar(10), NewsStart,111) as NewsStart , Convert(varchar(10), NewsEnd,111) as NewsEnd " +
"FROM [dbo].[News] INNER JOIN [dbo].[NewsType] on [dbo].[News].NewsTypeNo = [dbo].[NewsType].NewsTypeNo " +
"where NewsNo = {0}", NewsNo
);
string resMsg = "";
var check = UpdateNewsHits(NewsNo);
//修改是否成功
if (check)
{
resMsg = "success";
}
else
{
resMsg = "fail";
}
ViewData["result"] = resMsg;
//Return
return(_DB_GetData(sqlStr));
}
else
{
//SQL 順便做有效時間塞選
var sqlStr = string.Format("SELECT {0} " +
"NewsNo," +
"NType.NewsTypeNo," +
"TypeName," +
"NewsTitle," +
"NewsContent," +
"NewsHits," +
"Convert(varchar(10), NewsStart, 111) as NewsStart," +
"Convert(varchar(10), NewsEnd, 111) as NewsEnd " +
"FROM [dbo].[News] as News INNER JOIN[dbo].[NewsType] as NType on NType.NewsTypeNo = News.NewsTypeNo " +
"where NewsEnd >= (SELECT convert(varchar, {1}, 111))" +
"ORDER BY NewsStart,News.CreateTime DESC", GetCount, DBC.ChangeTimeZone()
);
//Return
return(_DB_GetData(sqlStr));
}
}
public string InsertUnivDepartment(string DeptName, string DeptDescription)
{
// admin check
if (getUserStatusNo() != "1")
{
return("權限錯誤!");
}
//Return Msg
string resMsg = "新增成功!";
if (DeptName == null || DeptName.Length > 50)
{
resMsg = "未輸入科系或長度超過限制!!";
}
else if (DeptDescription != null && DeptDescription.Length > 200)//長度限制
{
resMsg = "敘述超出長度限制!!";
}
else
{
//檢查科系名稱是否已經存在
var sqlStr = string.Format("SELECT DeptNo From [dbo].[Department] WHERE DeptName={0}", SqlVal2(DeptName));
var data = _DB_GetData(sqlStr);
if (data.Rows.Count > 0)
{
//科系名稱已存在
resMsg = "新增失敗,該科系已存在!";
}
else
{
//SQL Insert
sqlStr = string.Format(
@"INSERT INTO [dbo].[Department](" +
"[DeptName]," +
"[DeptDescription]," +
"[CreateTime]," +
"[ModifyTime]," +
"[CreateUser] " +
") " +
"VALUES(" +
"{0}," +
"{1}," +
"{2}," +
"{3}," +
"{4}",
SqlVal2(DeptName),
SqlVal2(DeptDescription),
DBC.ChangeTimeZone(),
DBC.ChangeTimeZone(),
SqlVal2(Request.Cookies["account"]) + ")"
);
//執行是否成功
if (_DB_Execute(sqlStr) != 1)
{
resMsg = "新增失敗,若持續發生此問題,請聯絡我們。";
}
}
}
//Return
return(resMsg);
}
/// <summary>
/// 修改會員資料
/// </summary>
/// <param name="Model"></param>
/// <returns></returns>
public bool UpdateMember(MemberModels Model)
{
var sqlStr = "";
DateTime Temp = new DateTime();
//檢查年分
if (Model.Birthday != null)
{
Temp = (DateTime)Model.Birthday;
if (Temp.Year <= 1970)
{
return(false);
}
}
if (!string.IsNullOrEmpty(Model.StatusNo))
{
sqlStr = string.Format(
@"UPDATE [dbo].[Member] " +
"SET [Actualname] = {0}, " +
"[Username] = {1}, " +
"[Birthday] = {2}, " +
"[Gender] = {3}, " +
"[StatusNo] = {4}, " +
"[ModifyTime] = {5} " +
"WHERE [Account] = {6}",
SqlVal2(Model.Actualname),
SqlVal2(Model.Username),
SqlVal2(Model.Birthday),
SqlVal2(Model.Gender),
SqlVal2(Model.StatusNo),
DBC.ChangeTimeZone(),
SqlVal2(Model.Account)
);
}
else
{
sqlStr = string.Format(
@"UPDATE [dbo].[Member] " +
"SET [Actualname] = {0}, " +
"[Username] = {1}, " +
"[Birthday] = {2}, " +
"[Gender] = {3}, " +
"[ModifyTime] = {4} " +
"WHERE [Account] = {5}",
SqlVal2(Model.Actualname),
SqlVal2(Model.Username),
SqlVal2(Model.Birthday),
SqlVal2(Model.Gender),
DBC.ChangeTimeZone(),
SqlVal2(Model.Account)
);
}
var check = _DB_Execute(sqlStr);
//修改是否成功
if (check == 1)
{
//成功
return(true);
}
else
{
//失敗
return(false);
}
}
public bool InsertGrad(string year, string countryDeptNo, string gradNum)
{
if (getUserStatusNo() != "1")
{ // admin check
return(false);
}
else
{
// 檢查是否重複新增
var sqlSelect = string.Format("select 1 from [dbo].[Graduation] " +
"where GraduationYear={0} and CountryDeptNo={1}", SqlVal2(year), SqlVal2(countryDeptNo));
var dataSelect = _DB_GetData(sqlSelect);
if (dataSelect.Rows.Count > 0)
{
return(false);
}
}
int gradNumInt;
if (!int.TryParse(gradNum, out gradNumInt) || gradNumInt < 0)
{
return(false);
}
var sqlStr = string.Format("INSERT INTO [dbo].[Graduation] " +
"([CountryDeptNo] " +
",[GraduationYear] " +
",[GraduationNumber] " +
",[CreateTime] " +
",[ModifyTime] " +
",[CreateUser]) " +
"VALUES( " +
" {0} " +
",{1} " +
",{2} " +
",{3} " +
",{4} " +
",{5}) ", SqlVal2(countryDeptNo), SqlVal2(year), SqlVal2(gradNum), DBC.ChangeTimeZone(), DBC.ChangeTimeZone(), SqlVal2(Request.Cookies["account"]));
var check = _DB_Execute(sqlStr);
//新增是否成功
if (check == 1)
{
return(true);
}
else
{
return(false);
}
}
public ActionResult ChangePassword(AccountModels Model)
{
//把驗證碼寫進資料庫
//sql where
var sqlWhere = string.Format("Account = {0}", SqlVal2(Model.Account));
//sql str
var sqlStr = string.Format("UPDATE Member SET Password = {0}, PwdChangeCheck = {1}, ModifyTime = {2} where {3} and 1=1",
SqlVal2(SHA256_Encryption(Model.Password)), SqlVal2("0"), DBC.ChangeTimeZone(), sqlWhere);
//SQL Check Update成功(True)或失敗(False)
if (_DB_Execute(sqlStr) == 1)
{
// 刪除cookie,預設使用者關閉瀏覽器時清除
Response.Cookies.Delete("userName");
Response.Cookies.Delete("account");
//修改成功,重新登入
return(RedirectToAction("Login", "Account", new AccountModels()
{
Account = Model.Account
}));
}
else
{
//修改失敗,回傳
return(View(new AccountModels()
{
ok = false, ResultMessage = "修改失敗"
}));
}
}
public bool PasswordMailVerify(Member Model)
{
//SQL Insert Member
var sqlStr = string.Format("select Account,Username from [dbo].[Member] where Account = {0}", SqlVal2(Model.Account));
//SQL Check
var data = _DB_GetData(sqlStr);
//資料庫內是否有此帳號
if (data.Rows.Count > 0)
{
//AutoMail實體化
AutoMailClass mail = new AutoMailClass();
#region 亂數密碼
string ranNumber = "0123456789";
string ranUpper = "ABCDEFGHJKLMNOPQRSTUVWXYZ";
string ranLower = "abcdefghijkmnopqrstuvwxyz";
string ranSymbol = "!@#$%^&*";
//密碼長度
int passwordLength = 10;
//密碼 char
char[] chars = new char[passwordLength];
//Random 亂數實體化
Random rnd = new Random();
//開始亂數
for (int i = 0; i < passwordLength; i++)
{
if (i % 5 == 0)
{
chars[i] = ranNumber[rnd.Next(0, ranNumber.Length)];
}
else if (i % 3 == 0)
{
chars[i] = ranUpper[rnd.Next(0, ranUpper.Length)];
}
else if (i % 2 == 0)
{
chars[i] = ranLower[rnd.Next(0, ranLower.Length)];
}
else
{
chars[i] = ranSymbol[rnd.Next(0, ranSymbol.Length)];
}
}
//New Password
string pwd = new string(chars);
#endregion
//發送新密碼
if (mail.ForgetPasswordSend(Model.Account, data.Rows[0].ItemArray.GetValue(1).ToString(), pwd))
{
//把新密碼寫進資料庫
//sql where
var sqlWhere = string.Format("Account = {0}", SqlVal2(Model.Account));
//sql str
sqlStr = string.Format("UPDATE Member SET Password = {0}, PwdChangeCheck = {1}, ModifyTime = {2} where {3} and 1=1",
SqlVal2(SHA256_Encryption(pwd)), SqlVal2("1"), DBC.ChangeTimeZone(), sqlWhere);
//SQL Check Update成功(True)或失敗(False)
return(_DB_Execute(sqlStr) == 1 ? true : false);
}
else
{
//信件發送失敗
return(false);
}
}
else
{
//寄送失敗 找不到此帳號
return(false);
}
}
public ActionResult Register(Member Model)
{
Model.ok = true;
Model.MailCheck = "0";
Model.StatusNo = "0";
Model.PwdChangeCheck = "0";
//SQL Insert Member
var sqlStr = string.Format(
@"INSERT INTO [dbo].[Member] (" +
"[Account]," +
"[Password]," +
"[Username]," +
"[Actualname]," +
"[Gender]," +
"[Birthday]," +
"[MailCheck]," +
"[PwdChangeCheck]," +
"[CreateTime]," +
"[AccountStart]," +
"[StatusNo]" +
")VALUES(" +
"{0}," +
"{1}," +
"{2}," +
"{3}," +
"{4}," +
"{5}," +
"{6}," +
"{7}," +
"{8}," +
"{9}," +
"{10}",
SqlVal2(Model.Account),
SqlVal2(SHA256_Encryption(Model.Password)),
SqlVal2(Model.Username),
SqlVal2(Model.Actualname),
SqlVal2(Model.Gender),
SqlVal2(Model.Birthday),
SqlVal2(Model.MailCheck),
SqlVal2(Model.PwdChangeCheck),
DBC.ChangeTimeZone(),
DBC.ChangeTimeZone(),
SqlVal2(Model.StatusNo) + ")"
);
//SQL Check
var check = _DB_Execute(sqlStr);
//新增是否成功
if (check == 1)
{
//信箱驗證
if (RegisterMailVerify(Model))//Model.Account, Model.Username
{
Model.ResultMessage = "註冊成功";
//註冊成功
return(RedirectToAction("MailVerify", "Account", new Verify()
{
Account = Model.Account, Username = Model.Username
}));
}
else
{
Model.ok = false;
Model.ResultMessage = "驗證信發送失敗";
}
}
else
{
Model.ok = false;
Model.ResultMessage = "註冊失敗";
//註冊失敗
//return View(Model);
}
return(View(Model));
}
