protected void lb_ok_Click(object sender, EventArgs e)
{
string mErr = "";
string mg_pass, mg_pass1;
// 載入公用函數
Common_Func cfc = new Common_Func();
mg_pass = tb_mg_pass.Text.Trim();
mg_pass1 = tb_mg_pass1.Text.Trim();
if (mg_pass == "")
mErr = mErr + "「新登入密碼」沒有輸入!\\n";
else
if (cfc.CheckSQL(mg_pass))
mErr = mErr + "「新登入密碼」請勿使用特殊符號!\\n";
else if (mg_pass.Length > 12 || mg_pass.Length < 4)
mErr = mErr + "「新登入密碼」長度為4~12個字!\\n";
if (mg_pass != mg_pass1)
mErr = mErr + "「新登入密碼」與「新密碼確認」不相同!\\n";
if (mErr == "")
{
using (SqlConnection Sql_conn = new SqlConnection(WebConfigurationManager.ConnectionStrings["AppSysConnectionString"].ConnectionString))
{
string SqlString = "";
Decoder decoder = new Decoder();
Sql_conn.Open();
// 建立 SQL 修改資料的語法
SqlString = "Update Manager Set mg_pass = @mg_pass";
SqlString = SqlString + " Where mg_sid = @mg_sid";
using (SqlCommand Sql_Command = new SqlCommand(SqlString, Sql_conn))
{
Sql_Command.Parameters.AddWithValue("@mg_pass", decoder.EnCode(mg_pass));
Sql_Command.Parameters.AddWithValue("@mg_sid", lb_pg_mg_sid.Text);
Sql_Command.ExecuteNonQuery();
}
}
}
if (mErr == "")
{
mErr = "alert('密碼變更完成,新密碼該員於下次登入時生效!\\n');location.replace('10051.aspx" + lb_page.Text + "');";
}
else
mErr = "alert('" + mErr + "')";
lt_show.Text = "<script language=javascript>" + mErr + "</script>";
}
protected void lb_ok_Click(object sender, EventArgs e)
{
string mErr = "";
// 載入字串函數
String_Func sfc = new String_Func();
// 載入公用函數
Common_Func cfc = new Common_Func();
if (tb_mg_id.Text.Trim() == "")
mErr = mErr + "「登入帳號」沒有輸入!\\n";
else
if (cfc.CheckSQL(tb_mg_id.Text.Trim()))
mErr = mErr + "「登入帳號」請勿使用特殊符號!\\n";
if (tb_mg_name.Text.Trim() == "")
mErr = mErr + "「姓名」沒有輸入!\\n";
if (tb_mg_nike.Text.Trim() == "")
mErr = mErr + "「暱稱」沒有輸入!\\n";
if (tb_mg_unit.Text.Trim() == "")
mErr = mErr + "「單位」沒有輸入!\\n";
if (mErr == "")
{
using (SqlConnection Sql_conn = new SqlConnection(WebConfigurationManager.ConnectionStrings["AppSysConnectionString"].ConnectionString))
{
string SqlString = "";
Sql_conn.Open();
// 檢查「帳號」是否有其它人用過 (帳號不允許重覆)
SqlString = "Select Top 1 mg_id From Manager Where mg_id = @mg_id And mg_sid <> @mg_sid";
using (SqlCommand Sql_Command = new SqlCommand(SqlString, Sql_conn))
{
Sql_Command.Parameters.AddWithValue("@mg_id", sfc.Left(tb_mg_id.Text,12));
Sql_Command.Parameters.AddWithValue("@mg_sid", lb_pg_mg_sid.Text);
SqlDataReader Sql_Reader = Sql_Command.ExecuteReader();
if (Sql_Reader.Read())
mErr = mErr + "此「登入帳號」已經有人使用過了,請重新設定!\\n";
Sql_Reader.Close();
Sql_Reader.Dispose();
}
if (mErr == "")
{
// 建立 SQL 修改資料的語法
SqlString = "Update Manager Set mg_name = @mg_name, mg_nike = @mg_nike, mg_id = @mg_id";
SqlString = SqlString + ", mg_unit = @mg_unit, mg_desc = @mg_desc, init_time = getdate()";
SqlString = SqlString + " Where mg_sid = @mg_sid";
using (SqlCommand Sql_Command = new SqlCommand(SqlString, Sql_conn))
{
Sql_Command.Parameters.Clear();
// 擷取字串到資料庫所規範的大小 sfc.Left(string mdata, int leng)
Sql_Command.Parameters.AddWithValue("@mg_sid", lb_pg_mg_sid.Text);
Sql_Command.Parameters.AddWithValue("@mg_name", sfc.Left(tb_mg_name.Text, 12));
Sql_Command.Parameters.AddWithValue("@mg_nike", sfc.Left(tb_mg_nike.Text, 12));
Sql_Command.Parameters.AddWithValue("@mg_id", sfc.Left(tb_mg_id.Text, 12));
Sql_Command.Parameters.AddWithValue("@mg_unit", sfc.Left(tb_mg_unit.Text, 50));
Sql_Command.Parameters.AddWithValue("@mg_desc", sfc.Left(tb_mg_desc.Text, 1000));
Sql_Command.ExecuteNonQuery();
}
}
}
}
if (mErr == "")
{
mErr = "alert('資料修改完成!\\n');location.replace('10051.aspx" + lb_page.Text + "');";
}
else
mErr = "alert('" + mErr + "')";
lt_show.Text = "<script language=javascript>" + mErr + "</script>";
}
protected void lb_ok_Click(object sender, EventArgs e)
{
string mErr = "";
int mg_sid = -1;
// 載入字串函數
String_Func sfc = new String_Func();
// 載入公用函數
Common_Func cfc = new Common_Func();
if (tb_mg_id.Text.Trim() == "")
mErr += "「登入帳號」沒有輸入!\\n";
else
if (cfc.CheckSQL(tb_mg_id.Text.Trim()))
mErr += "「登入帳號」請勿使用特殊符號!\\n";
if (tb_mg_pass.Text.Trim() == "")
mErr += "「登入密碼」沒有輸入!\\n";
else
if (cfc.CheckSQL(tb_mg_pass.Text.Trim()))
mErr += "「登入密碼」請勿使用特殊符號!\\n";
else if (tb_mg_pass.Text.Trim().Length > 12 || tb_mg_pass.Text.Trim().Length < 4)
mErr += "「登入密碼」長度為4~12個字!!\\n";
if (tb_mg_pass.Text != tb_mg_pass1.Text)
mErr += "「登入密碼」與「密碼確認」不相同!\\n";
if (tb_mg_name.Text.Trim() == "")
mErr += "「姓名」沒有輸入!\\n";
if (tb_mg_nike.Text.Trim() == "")
mErr += "「暱稱」沒有輸入!\\n";
if (tb_mg_unit.Text.Trim() == "")
mErr += "「單位」沒有輸入!\\n";
if (mErr == "")
{
using (SqlConnection Sql_conn = new SqlConnection(WebConfigurationManager.ConnectionStrings["AppSysConnectionString"].ConnectionString))
{
string SqlString = "";
Decoder decoder = new Decoder();
// 建立 SQL 的語法
SqlString = "Insert Into Manager (mg_name, mg_nike, mg_id, mg_pass, mg_unit, mg_desc)";
SqlString += " Values (@mg_name, @mg_nike, @mg_id, @mg_pass, @mg_unit, @mg_desc);";
SqlString += "Select @mg_sid = Scope_Identity()";
using (SqlCommand Sql_Command = new SqlCommand())
{
Sql_Command.Connection = Sql_conn;
Sql_Command.CommandText = SqlString;
// 擷取字串到資料庫所規範的大小 sfc.Left(string mdata, int leng)
Sql_Command.Parameters.AddWithValue("@mg_name", sfc.Left(tb_mg_name.Text, 12));
Sql_Command.Parameters.AddWithValue("@mg_nike", sfc.Left(tb_mg_nike.Text, 12));
Sql_Command.Parameters.AddWithValue("@mg_id", sfc.Left(tb_mg_id.Text, 12));
Sql_Command.Parameters.AddWithValue("@mg_pass", decoder.EnCode(sfc.Left(tb_mg_pass.Text, 12)));
Sql_Command.Parameters.AddWithValue("@mg_unit", sfc.Left(tb_mg_unit.Text, 50));
Sql_Command.Parameters.AddWithValue("@mg_desc", sfc.Left(tb_mg_desc.Text, 1000));
SqlParameter spt_mg_sid = Sql_Command.Parameters.Add("@mg_sid", SqlDbType.Int);
spt_mg_sid.Direction = ParameterDirection.Output;
Sql_conn.Open();
Sql_Command.ExecuteNonQuery();
// 取得新增資料的主鍵值
mg_sid = (int)spt_mg_sid.Value;
}
}
}
if (mErr == "")
{
mErr = "alert('存檔完成!\\n請繼續設定該員的權限.....\\n');location.replace('10051.aspx" + lb_page.Text + "&sid=" + mg_sid.ToString() + "');";
}
else
mErr = "alert('" + mErr + "')";
lt_show.Text = "<script language=javascript>" + mErr + "</script>";
}
protected void bn_ok_Click(object sender, EventArgs e)
{
Common_Func cfc = new Common_Func();
string mErr = "", mg_npass = "";
mg_npass = tb_npass.Text.Trim();
if (tb_spass.Text.Trim() == "")
mErr = mErr + "請輸入「原登入密碼」!\\n";
if (mg_npass == "")
mErr = mErr + "請輸入「新登入密碼」!\\n";
else if (cfc.CheckSQL(mg_npass))
mErr = mErr + "「新登入密碼」請勿使用特殊符號!\\n";
else if (mg_npass.Length > 12 || mg_npass.Length < 4)
mErr = mErr + "「新登入密碼」長度為4~12個字!\\n";
if (mg_npass != tb_rpass.Text.Trim())
mErr = mErr + "「新登入密碼」與「新密碼確認」輸入的資料不同!\\n";
else
{
if (tb_spass.Text.Trim() == tb_npass.Text.Trim())
mErr = mErr + "「原登入密碼」與「新登入密碼」不可相同!\\n";
}
if (mErr == "")
{
string mg_pass = "", mg_id = "";
string SqlString = "";
SqlConnection Sql_conn;
SqlCommand Sql_command;
SqlDataReader Sql_reader;
Decoder dcd = new Decoder();
SqlString = "Select Top 1 mg_id, mg_pass From Manager Where mg_sid = @mg_sid";
Sql_conn = new SqlConnection(WebConfigurationManager.ConnectionStrings["AppSysConnectionString"].ConnectionString);
Sql_conn.Open();
Sql_command = new SqlCommand(SqlString, Sql_conn);
Sql_command.Parameters.AddWithValue("@mg_sid", Session["mg_sid"].ToString());
Sql_reader = Sql_command.ExecuteReader();
if (Sql_reader.Read())
{
mg_id = Sql_reader["mg_id"].ToString().Trim();
// 取得登入者於 mg_pass 欄位中的密碼並加以解密。
mg_pass = dcd.DeCode(Sql_reader["mg_pass"].ToString().Trim());
}
Sql_reader.Close();
// 比對資料表中的帳號和密碼是否與使用者所輸入者相符。
if (mg_id == tb_id.Text.Trim() && mg_pass == tb_spass.Text.Trim())
{
// 加密使用者所輸入的新密碼。
mg_pass = dcd.EnCode(tb_npass.Text.Trim());
// 更新密碼。
SqlString = "Update Manager Set mg_pass = @mg_pass Where mg_sid = @mg_sid and mg_id = @mg_id";
Sql_command.Parameters.Clear();
Sql_command = new SqlCommand(SqlString, Sql_conn);
Sql_command.Parameters.AddWithValue("@mg_sid", Session["mg_sid"].ToString());
Sql_command.Parameters.AddWithValue("@mg_id", mg_id);
Sql_command.Parameters.AddWithValue("@mg_pass", mg_pass);
Sql_command.ExecuteNonQuery();
mErr = "密碼已更新完成,會在下一次登入時生效!\\n";
}
else
{
// 為避免有駭客入侵,不可明確表示是那個欄位輸入錯誤的訊息。
mErr = mErr + "「使用者帳號」或「原登入密碼」輸入錯誤!\\n";
}
Sql_command.Dispose();
Sql_conn.Close();
}
Literal txtMsg = new Literal();
// 傳送錯誤訊息
txtMsg.Text = "<script language=javascript>alert('" + mErr + "');</script>";
// 利用 javascript 傳送錯誤訊息或進入功能頁面
Page.Controls.Add(txtMsg);
}