private void btnSave_Click(object sender, EventArgs e)
        {
            string staffId = AdUtil.GetUserIdByUsername(GlobalService.User, "kmhk.local").Replace("hk", "");

            if (!IsPasswordCorrect(staffId, txtPassword.Text))
            {
                MessageBox.Show("Your password is not valid.");
                return;
            }

            if (txtNewPassword.Text.Length < 5)
            {
                MessageBox.Show("Password must be at least 4 digits.");
                return;
            }

            string datetime = DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss");

            //string originalPwd = GetOriginalPassword(staffId);

            //string insertText = string.Format("insert into TB_HR_PWD_LOG (pl_datetime, pl_staff, pl_old, pl_new) values ('{0}', N'{1}', '{2}', '{3}')", datetime, GlobalService.User, originalPwd, txtNewPassword.Text);
            //DataServiceHR.GetInstance().ExecuteNonQuery(insertText);

            string ePwd = security.Encrypt(txtNewPassword.Text);

            string updateText = string.Format("update TB_HR_PWD set p_password = '******' where p_staffid = '{1}'", ePwd, staffId);

            DataServiceHR.GetInstance().ExecuteNonQuery(updateText);

            MessageBox.Show("Record has been saved.");
        }
        private bool IsPasswordCorrect(string staffId, string password)
        {
            string query  = string.Format("select p_password from TB_HR_PWD where p_staffid = '{0}'", staffId.Trim());
            string result = DataServiceHR.GetInstance().ExecuteScalar(query).ToString();

            string serverPwd = result == "-----" ? result : security.Decrypt(result.ToString().Trim());

            if (serverPwd != password)
            {
                return(false);
            }

            return(true);
        }
Beispiel #3
0
        private void SaveData()
        {
            string staffId = AdUtil.GetUserIdByUsername(GlobalService.User, "kmhk.local").Replace("hk", "");

            string datetime = DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss");

            string originalPwd = GetOriginalPassword(staffId);

            string insertText = string.Format("insert into TB_HR_PWD_LOG (pl_datetime, pl_staff, pl_old, pl_new) values ('{0}', N'{1}', '{2}', '{3}')", datetime, GlobalService.User, originalPwd, txtPassword.Text);

            DataServiceHR.GetInstance().ExecuteNonQuery(insertText);

            string updateText = string.Format("update TB_HR_PWD set p_password = '******' where p_staffid = '{1}'", txtPassword.Text, staffId);

            DataServiceHR.GetInstance().ExecuteNonQuery(updateText);

            DialogResult = DialogResult.OK;
        }
Beispiel #4
0
        public static string GetHead(string staff)
        {
            string query = string.Format("select s_head from TB_C_STAFF where s_name = N'{0}'", staff.Trim());

            return(DataServiceHR.GetInstance().ExecuteScalar(query).ToString());
        }
        private string GetOriginalPassword(string staffId)
        {
            string query = string.Format("select p_password from TB_HR_PWD where p_staffid = '{0}'", staffId);

            return(security.Decrypt(DataServiceHR.GetInstance().ExecuteScalar(query).ToString()));
        }