Beispiel #1
0
        private bool CheckSafeKey(int second)
        {
            HttpCookie cookie = HttpContext.Current.Request.Cookies["aries_safekey"];

            if (cookie != null)
            {
                string value = EncrpytHelper.Decrypt(cookie.Value);
                if (value.StartsWith("aries:"))
                {
                    if (second == 0)
                    {
                        return(true);
                    }
                    int time;
                    if (int.TryParse(value.Split(':')[1], out time))
                    {
                        int result = int.Parse(DateTime.Now.ToString("HHmmss")) - time;
#if DEBUG
                        return(result > -1 && result < 120);//2分钟的调试时间
#else
                        return(result > -1 && result < second);
#endif
                    }
                }
            }
            return(false);
        }
Beispiel #2
0
        private static Dictionary <string, string> pcTokenList = new Dictionary <string, string>();//loginID,token

        /// <summary>
        /// 获取授权Token(手机APP登陆调用此方法获取Token为登陆凭证)
        /// </summary>
        public static string GetAuthToken(string userName, string password, out string errMsg)
        {
            string token = string.Empty;

            errMsg = string.Empty;
            using (MAction action = new MAction(TableNames.Sys_User))
            {
                string where = string.Empty;
                if (action.DalType == DalType.Txt || action.DalType == DalType.Xml)
                {
                    where = string.Format("Status=1 and UserName='******'", userName);
                }
                else
                {
                    action.SetPara("UserName", userName, System.Data.DbType.String);
                    where = "Status=1 and (UserName=@UserName or Phone=@UserName or Email=@UserName)";
                }
                if (action.Fill(where))
                {
                    if (action.Get <DateTime>(Sys_User.PwdExpiredTime, DateTime.MaxValue) < DateTime.Now)
                    {
                        errMsg = "账号密码已过期!";
                    }
                    else
                    {
                        string pwd = action.Get <string>(Sys_User.Password);
                        if (pwd == EncrpytHelper.Encrypt(password))
                        {
                            string userID = action.Get <string>(Sys_User.UserID);
                            userName = action.Get <string>(Sys_User.UserName);
                            string fullName = action.Get <string>(Sys_User.FullName, userName);
                            if (action.DalType == DalType.Txt || action.DalType == DalType.Xml)
                            {
                                action.Set(Sys_User.LoginCount, action.Get <int>(Sys_User.LoginCount, 0) + 1);
                            }
                            else
                            {
                                action.SetExpression("LoginCount=[#ISNULL](LoginCount,0)+1");
                            }
                            action.Set(Sys_User.LastLoginTime, DateTime.Now);
                            action.Set(Sys_User.LastLoginIP, HttpContext.Current.Request.UserHostAddress);
                            //action.SetPara("UserName", userName, System.Data.DbType.String);
                            action.Update(where);//更新信息。
                            //获取角色名称
                            string roleIDs = action.Get <string>(Sys_User.RoleIDs);
                            token = EncrpytHelper.Encrypt(DateTime.Now.Day + "," + userID + "," + userName + "," + fullName + "," + roleIDs);
                        }
                        else
                        {
                            errMsg = "用户名或密码错误!";
                        }
                    }
                }
                else
                {
                    errMsg = "账号不存在!";
                }
            }
            return(token);
        }
Beispiel #3
0
 public static bool ChangePassword(string password)
 {
     using (MAction action = new MAction(U_AriesEnum.Sys_User))
     {
         action.Set(Sys_User.Password, EncrpytHelper.Encrypt(password));
         return(action.Update(UserID));
     }
 }
Beispiel #4
0
        private static string GetTokenValue(int index)
        {
            string token = Token;

            if (!string.IsNullOrEmpty(token))
            {
                string text = EncrpytHelper.Decrypt(token);
                if (!string.IsNullOrEmpty(text))
                {
                    string[] items = text.Split(',');
                    if (items.Length > index)
                    {
                        return(items[index]);
                    }
                }
            }
            return(string.Empty);
        }
Beispiel #5
0
        public override void Get()
        {
            switch (TableName)
            {
            case "Sys_User":
                ObjName = "V_SYS_UserList";
                MDataRow row = GetOne();
                if (row != null)
                {
                    row.Set("Password", EncrpytHelper.Decrypt(row.Get <string>("Password")));
                    jsonResult = row.ToJson();
                }
                break;

            default:
                base.Get();
                break;
            }
        }
Beispiel #6
0
        public void companyAuth(byte type, bool result, string errMsg)
        {
            string userName = Query <string>("uid");

            using (MAction action = new MAction("data0073", CrossDb.GetConn("data0073")))
            {
                MDataRow row = null;
                string where = string.Format("USER_LOGIN_NAME='{0}' AND ACTIVE_FLAG=0", userName);
                if (action.Fill(where))
                {
                    row = action.Data;
                }
                if (row == null || row.Count == 0)
                {
                    result = false;
                    errMsg = LangConst.NoCompanyAuth;
                }
            }
            if (type == 1)//页面直接调用时重写Token
            {
                using (MAction action = new MAction(TableNames.Sys_User))
                {
                    string where = string.Format("Status=1 and UserName='******'", userName);
                    if (action.Fill(where))
                    {
                        string userID = action.Get <string>(Sys_User.UserID);
                        userName = action.Get <string>(Sys_User.UserName);
                        string fullName = action.Get <string>(Sys_User.FullName, userName);
                        string roleIDs  = action.Get <string>(Sys_User.RoleIDs);
                        string token    = EncrpytHelper.Encrypt(DateTime.Now.Day + "," + userID + "," + userName + "," + fullName + "," + roleIDs);
                        UserAuth.SetToken(token, userName);
                        UserAuth.WriteCookie(token, userName, "");
                    }
                    else
                    {
                        result = false;
                        errMsg = LangConst.UserNotExists;
                    }
                }
            }
            jsonResult = JsonHelper.OutResult(result, errMsg);
        }
Beispiel #7
0
        /// <summary>
        /// 添加用户by CYQ
        /// </summary>
        /// <returns></returns>
        public string AddUser()
        {
            string jsonResult = string.Empty;
            bool   result     = false;
            string userName   = Query <string>("userName");
            string pwd        = Query <string>("password");

            using (MAction action = new MAction(TableNames.Sys_User))
            {
                action.BeginTransation();
                if (!action.Exists("UserName = '******'"))
                {
                    action.Set("Password", EncrpytHelper.Encrypt(pwd));//加密
                    if (action.Insert(true, InsertOp.ID))
                    {
                        string userID = action.Get <string>(Sys_User.UserID);

                        action.ResetTable(TableNames.Sys_UserInfo);
                        action.Set(Sys_UserInfo.UserInfoID, userID);
                        action.AllowInsertID = true;
                        result = action.Insert(true);
                        if (!result)
                        {
                            action.RollBack();
                        }
                        else
                        {
                            jsonResult = JsonHelper.OutResult(result, result ? "添加用户成功!" : "添加用户失败!");
                        }
                    }
                }
                else
                {
                    jsonResult = JsonHelper.OutResult(false, "帐号已存在,请重新输入");
                }
                action.EndTransation();
            }

            return(jsonResult);
        }
Beispiel #8
0
        /// <summary>
        /// 更新用户by CYQ
        /// </summary>
        /// <param name="objName"></param>
        public string UpdateUser()
        {
            bool   result = false;
            string pwd    = Query <string>("Password");
            string userID = Query <string>("UserID");

            using (MAction action = new MAction(TableNames.Sys_User))
            {
                action.BeginTransation();
                if (!string.IsNullOrEmpty(pwd))
                {
                    action.Set(Sys_User.Password, EncrpytHelper.Encrypt(pwd));//加密
                }
                result = action.Update(userID, true);
                if (result)
                {
                    action.ResetTable(TableNames.Sys_UserInfo);
                    if (action.Exists(userID))
                    {
                        if (action.Data.Count > 1)//有自定义列
                        {
                            result = action.Update(userID, true);
                        }
                    }
                    else
                    {
                        action.Set(Sys_UserInfo.UserInfoID, userID);
                        action.AllowInsertID = true;
                        result = action.Insert(true);
                    }
                }
                if (!result)
                {
                    action.RollBack();
                }
                action.EndTransation();
            }
            return(JsonHelper.OutResult(result, result ? "更新成功!" : "更新失败!"));
        }
Beispiel #9
0
        public static async Task <UserProfile> UserProfileSave(DatabaseSettings databaseSettings, Guid userID, SqlConnection connection, SqlTransaction transaction, UserProfile userProfile)
        {
            UserProfile returnValue = null;

            using (SqlCommand command = connection.CreateCommand())
            {
                command.CommandText = "dyt.UserProfileSave";
                command.CommandType = CommandType.StoredProcedure;
                command.Connection  = connection;
                command.Transaction = transaction;

                SqlParameter parameter = null;

                parameter       = command.Parameters.Add("@uMachineName", SqlDbType.NVarChar, 50);
                parameter.Value = Environment.MachineName;

                parameter       = command.Parameters.Add("@uServerName", SqlDbType.NVarChar, 50);
                parameter.Value = databaseSettings.Name;

                parameter       = command.Parameters.Add("@uAppName", SqlDbType.NVarChar, 50);
                parameter.Value = "Daytona";


                parameter           = command.Parameters.Add("@UserID", SqlDbType.UniqueIdentifier);
                parameter.Direction = ParameterDirection.InputOutput;
                if (Guid.Empty.Equals(userProfile.UserID) == true)
                {
                    parameter.Value = DBNull.Value;
                }
                else
                {
                    parameter.Value = userProfile.UserID;
                }

                parameter       = command.Parameters.Add("@FirstName", SqlDbType.NVarChar, 30);
                parameter.Value = userProfile.FirstName;
                parameter       = command.Parameters.Add("@LastName", SqlDbType.NVarChar, 30);
                parameter.Value = userProfile.LastName;
                parameter       = command.Parameters.Add("@Email", SqlDbType.NVarChar, 255);
                parameter.Value = userProfile.Email;
                parameter       = command.Parameters.Add("@MobilePhone", SqlDbType.NVarChar, 50);
                if (string.IsNullOrEmpty(userProfile.MobilePhone))
                {
                    parameter.Value = DBNull.Value;
                }
                else
                {
                    parameter.Value = userProfile.MobilePhone;
                }

                string loginPasswordHash    = string.Empty;
                string passwordValidityHash = string.Empty;
                if (string.IsNullOrEmpty(userProfile.Password) == false)
                {
                    loginPasswordHash = EncrpytHelper.SecureHash(userProfile.Password.ToLower());
                }
                parameter       = command.Parameters.Add("@LoginPasswordHash", SqlDbType.VarChar, 255);
                parameter.Value = loginPasswordHash ?? string.Empty;

                parameter       = command.Parameters.Add("@PasswordValidityHash", SqlDbType.VarChar, 255);
                parameter.Value = passwordValidityHash ?? string.Empty;

                parameter       = command.Parameters.Add("@IsPasswordChangeRequired", SqlDbType.Bit);
                parameter.Value = userProfile.IsPasswordChangeRequired;

                parameter       = command.Parameters.Add("@LoginID", SqlDbType.NVarChar, 50);
                parameter.Value = userProfile.LoginID;

                parameter       = command.Parameters.Add("@IsLoginAllowed", SqlDbType.Bit);
                parameter.Value = userProfile.IsLoginAllowed;

                parameter       = command.Parameters.Add("@Name", SqlDbType.NVarChar, 50);
                parameter.Value = userProfile.Name;

                await command.ExecuteNonQueryAsync();

                userProfile.UserID = (Guid)command.Parameters["@UserID"].Value;
                returnValue        = userProfile;
            }
            return(returnValue);
        }
Beispiel #10
0
        public static User AuthenticateUser(DatabaseSettings databaseSettings, string loginID, string loginPassword)
        {
            User user = new User();

            using (SqlConnection connection = new SqlConnection(databaseSettings.SqlClientConnectionString))
            {
                connection.Open();

                using (SqlCommand command = connection.CreateCommand())
                {
                    command.CommandText = "csAuthenticateUser";
                    command.CommandType = CommandType.StoredProcedure;
                    command.Parameters.Add("@LoginID", SqlDbType.NVarChar, 50).Value       = loginID;
                    command.Parameters.Add("@LoginPassword", SqlDbType.NVarChar, 50).Value = EncrpytHelper.Encrypt(loginPassword, ProjectConstants.FullEncryptionKey);

                    using (SqlDataReader reader = command.ExecuteReader())
                    {
                        while (reader.Read())
                        {
                            if (Convert.IsDBNull(reader["UserID"]) == false)
                            {
                                user.UserID = (Guid)reader["UserID"];
                            }

                            if (Convert.IsDBNull(reader["LoginID"]) == false)
                            {
                                user.LoginID = (string)reader["LoginID"];
                            }

                            if (Convert.IsDBNull(reader["Name"]) == false)
                            {
                                user.Name = (string)reader["Name"];
                            }
                        }

                        reader.Close();
                    }

                    connection.Close();
                }
            }
            return(user);
        }