public bool ValidOldpwd(AccountEditModels accountEditModels)
 {
     string sql = "select * from tb_user where wor_num=@wor_num";
     SqlDataReader dr = DBCommon.SqlHelper.ExecuteReader(DBCommon.SqlHelper.ConntionString, CommandType.Text, sql
         , new SqlParameter("@wor_num", accountEditModels.UserId));
     bool isValid = false;
     while (dr.Read())
     {
         string oldPwd = FormsAuthentication.HashPasswordForStoringInConfigFile(accountEditModels.Password,"SHA1");
         isValid = oldPwd == dr["pwd"].ToString();
     }
     return isValid;
 }
 public bool UpdatePwd(AccountEditModels accountEditModels)
 {
     string pwd = FormsAuthentication.HashPasswordForStoringInConfigFile(accountEditModels.Newpwd, "SHA1");
     string sql = "update tb_user set pwd=@pwd where wor_num=@wor_num";
     bool ret = DBCommon.SqlHelper.ExecuteNonQuery(DBCommon.SqlHelper.ConntionString, CommandType.Text, sql
         , new SqlParameter("@wor_num", accountEditModels.UserId)
         , new SqlParameter("pwd", pwd))>=1;
     return ret;
 }
        public JsonResult Chgpwd(AccountEditModels accountModels)
        {
            if (Session["userid"] == null)
            {
                return Json(new {result = "0", errmsg = "登陸超時請重新登陸!"});
            }
            bool ret = false;
            string errmsg = "";
            if (ModelState.IsValid)
            {

                if (ValidOldpwd(accountModels))
                {
                    ret = UpdatePwd(accountModels);
                }                
            }

            return Json(new {result = ret, errmsg = ret ? "修改成功" : "修改密碼失敗"});
        }