private bool CheckSafeKey(int second)
{
HttpCookie cookie = HttpContext.Current.Request.Cookies["aries_safekey"];
if (cookie != null)
{
string value = EncrpytHelper.Decrypt(cookie.Value);
if (value.StartsWith("aries:"))
{
if (second == 0)
{
return(true);
}
int time;
if (int.TryParse(value.Split(':')[1], out time))
{
int result = int.Parse(DateTime.Now.ToString("HHmmss")) - time;
#if DEBUG
return(result > -1 && result < 120);//2分钟的调试时间
#else
return(result > -1 && result < second);
#endif
}
}
}
return(false);
}
private static Dictionary <string, string> pcTokenList = new Dictionary <string, string>();//loginID,token
/// <summary>
/// 获取授权Token(手机APP登陆调用此方法获取Token为登陆凭证)
/// </summary>
public static string GetAuthToken(string userName, string password, out string errMsg)
{
string token = string.Empty;
errMsg = string.Empty;
using (MAction action = new MAction(TableNames.Sys_User))
{
string where = string.Empty;
if (action.DalType == DalType.Txt || action.DalType == DalType.Xml)
{
where = string.Format("Status=1 and UserName='******'", userName);
}
else
{
action.SetPara("UserName", userName, System.Data.DbType.String);
where = "Status=1 and (UserName=@UserName or Phone=@UserName or Email=@UserName)";
}
if (action.Fill(where))
{
if (action.Get <DateTime>(Sys_User.PwdExpiredTime, DateTime.MaxValue) < DateTime.Now)
{
errMsg = "账号密码已过期!";
}
else
{
string pwd = action.Get <string>(Sys_User.Password);
if (pwd == EncrpytHelper.Encrypt(password))
{
string userID = action.Get <string>(Sys_User.UserID);
userName = action.Get <string>(Sys_User.UserName);
string fullName = action.Get <string>(Sys_User.FullName, userName);
if (action.DalType == DalType.Txt || action.DalType == DalType.Xml)
{
action.Set(Sys_User.LoginCount, action.Get <int>(Sys_User.LoginCount, 0) + 1);
}
else
{
action.SetExpression("LoginCount=[#ISNULL](LoginCount,0)+1");
}
action.Set(Sys_User.LastLoginTime, DateTime.Now);
action.Set(Sys_User.LastLoginIP, HttpContext.Current.Request.UserHostAddress);
//action.SetPara("UserName", userName, System.Data.DbType.String);
action.Update(where);//更新信息。
//获取角色名称
string roleIDs = action.Get <string>(Sys_User.RoleIDs);
token = EncrpytHelper.Encrypt(DateTime.Now.Day + "," + userID + "," + userName + "," + fullName + "," + roleIDs);
}
else
{
errMsg = "用户名或密码错误!";
}
}
}
else
{
errMsg = "账号不存在!";
}
}
return(token);
}
public static bool ChangePassword(string password)
{
using (MAction action = new MAction(U_AriesEnum.Sys_User))
{
action.Set(Sys_User.Password, EncrpytHelper.Encrypt(password));
return(action.Update(UserID));
}
}
private static string GetTokenValue(int index)
{
string token = Token;
if (!string.IsNullOrEmpty(token))
{
string text = EncrpytHelper.Decrypt(token);
if (!string.IsNullOrEmpty(text))
{
string[] items = text.Split(',');
if (items.Length > index)
{
return(items[index]);
}
}
}
return(string.Empty);
}
public override void Get()
{
switch (TableName)
{
case "Sys_User":
ObjName = "V_SYS_UserList";
MDataRow row = GetOne();
if (row != null)
{
row.Set("Password", EncrpytHelper.Decrypt(row.Get <string>("Password")));
jsonResult = row.ToJson();
}
break;
default:
base.Get();
break;
}
}
public void companyAuth(byte type, bool result, string errMsg)
{
string userName = Query <string>("uid");
using (MAction action = new MAction("data0073", CrossDb.GetConn("data0073")))
{
MDataRow row = null;
string where = string.Format("USER_LOGIN_NAME='{0}' AND ACTIVE_FLAG=0", userName);
if (action.Fill(where))
{
row = action.Data;
}
if (row == null || row.Count == 0)
{
result = false;
errMsg = LangConst.NoCompanyAuth;
}
}
if (type == 1)//页面直接调用时重写Token
{
using (MAction action = new MAction(TableNames.Sys_User))
{
string where = string.Format("Status=1 and UserName='******'", userName);
if (action.Fill(where))
{
string userID = action.Get <string>(Sys_User.UserID);
userName = action.Get <string>(Sys_User.UserName);
string fullName = action.Get <string>(Sys_User.FullName, userName);
string roleIDs = action.Get <string>(Sys_User.RoleIDs);
string token = EncrpytHelper.Encrypt(DateTime.Now.Day + "," + userID + "," + userName + "," + fullName + "," + roleIDs);
UserAuth.SetToken(token, userName);
UserAuth.WriteCookie(token, userName, "");
}
else
{
result = false;
errMsg = LangConst.UserNotExists;
}
}
}
jsonResult = JsonHelper.OutResult(result, errMsg);
}
/// <summary>
/// 添加用户by CYQ
/// </summary>
/// <returns></returns>
public string AddUser()
{
string jsonResult = string.Empty;
bool result = false;
string userName = Query <string>("userName");
string pwd = Query <string>("password");
using (MAction action = new MAction(TableNames.Sys_User))
{
action.BeginTransation();
if (!action.Exists("UserName = '******'"))
{
action.Set("Password", EncrpytHelper.Encrypt(pwd));//加密
if (action.Insert(true, InsertOp.ID))
{
string userID = action.Get <string>(Sys_User.UserID);
action.ResetTable(TableNames.Sys_UserInfo);
action.Set(Sys_UserInfo.UserInfoID, userID);
action.AllowInsertID = true;
result = action.Insert(true);
if (!result)
{
action.RollBack();
}
else
{
jsonResult = JsonHelper.OutResult(result, result ? "添加用户成功!" : "添加用户失败!");
}
}
}
else
{
jsonResult = JsonHelper.OutResult(false, "帐号已存在,请重新输入");
}
action.EndTransation();
}
return(jsonResult);
}
/// <summary>
/// 更新用户by CYQ
/// </summary>
/// <param name="objName"></param>
public string UpdateUser()
{
bool result = false;
string pwd = Query <string>("Password");
string userID = Query <string>("UserID");
using (MAction action = new MAction(TableNames.Sys_User))
{
action.BeginTransation();
if (!string.IsNullOrEmpty(pwd))
{
action.Set(Sys_User.Password, EncrpytHelper.Encrypt(pwd));//加密
}
result = action.Update(userID, true);
if (result)
{
action.ResetTable(TableNames.Sys_UserInfo);
if (action.Exists(userID))
{
if (action.Data.Count > 1)//有自定义列
{
result = action.Update(userID, true);
}
}
else
{
action.Set(Sys_UserInfo.UserInfoID, userID);
action.AllowInsertID = true;
result = action.Insert(true);
}
}
if (!result)
{
action.RollBack();
}
action.EndTransation();
}
return(JsonHelper.OutResult(result, result ? "更新成功!" : "更新失败!"));
}
public static async Task <UserProfile> UserProfileSave(DatabaseSettings databaseSettings, Guid userID, SqlConnection connection, SqlTransaction transaction, UserProfile userProfile)
{
UserProfile returnValue = null;
using (SqlCommand command = connection.CreateCommand())
{
command.CommandText = "dyt.UserProfileSave";
command.CommandType = CommandType.StoredProcedure;
command.Connection = connection;
command.Transaction = transaction;
SqlParameter parameter = null;
parameter = command.Parameters.Add("@uMachineName", SqlDbType.NVarChar, 50);
parameter.Value = Environment.MachineName;
parameter = command.Parameters.Add("@uServerName", SqlDbType.NVarChar, 50);
parameter.Value = databaseSettings.Name;
parameter = command.Parameters.Add("@uAppName", SqlDbType.NVarChar, 50);
parameter.Value = "Daytona";
parameter = command.Parameters.Add("@UserID", SqlDbType.UniqueIdentifier);
parameter.Direction = ParameterDirection.InputOutput;
if (Guid.Empty.Equals(userProfile.UserID) == true)
{
parameter.Value = DBNull.Value;
}
else
{
parameter.Value = userProfile.UserID;
}
parameter = command.Parameters.Add("@FirstName", SqlDbType.NVarChar, 30);
parameter.Value = userProfile.FirstName;
parameter = command.Parameters.Add("@LastName", SqlDbType.NVarChar, 30);
parameter.Value = userProfile.LastName;
parameter = command.Parameters.Add("@Email", SqlDbType.NVarChar, 255);
parameter.Value = userProfile.Email;
parameter = command.Parameters.Add("@MobilePhone", SqlDbType.NVarChar, 50);
if (string.IsNullOrEmpty(userProfile.MobilePhone))
{
parameter.Value = DBNull.Value;
}
else
{
parameter.Value = userProfile.MobilePhone;
}
string loginPasswordHash = string.Empty;
string passwordValidityHash = string.Empty;
if (string.IsNullOrEmpty(userProfile.Password) == false)
{
loginPasswordHash = EncrpytHelper.SecureHash(userProfile.Password.ToLower());
}
parameter = command.Parameters.Add("@LoginPasswordHash", SqlDbType.VarChar, 255);
parameter.Value = loginPasswordHash ?? string.Empty;
parameter = command.Parameters.Add("@PasswordValidityHash", SqlDbType.VarChar, 255);
parameter.Value = passwordValidityHash ?? string.Empty;
parameter = command.Parameters.Add("@IsPasswordChangeRequired", SqlDbType.Bit);
parameter.Value = userProfile.IsPasswordChangeRequired;
parameter = command.Parameters.Add("@LoginID", SqlDbType.NVarChar, 50);
parameter.Value = userProfile.LoginID;
parameter = command.Parameters.Add("@IsLoginAllowed", SqlDbType.Bit);
parameter.Value = userProfile.IsLoginAllowed;
parameter = command.Parameters.Add("@Name", SqlDbType.NVarChar, 50);
parameter.Value = userProfile.Name;
await command.ExecuteNonQueryAsync();
userProfile.UserID = (Guid)command.Parameters["@UserID"].Value;
returnValue = userProfile;
}
return(returnValue);
}
public static User AuthenticateUser(DatabaseSettings databaseSettings, string loginID, string loginPassword)
{
User user = new User();
using (SqlConnection connection = new SqlConnection(databaseSettings.SqlClientConnectionString))
{
connection.Open();
using (SqlCommand command = connection.CreateCommand())
{
command.CommandText = "csAuthenticateUser";
command.CommandType = CommandType.StoredProcedure;
command.Parameters.Add("@LoginID", SqlDbType.NVarChar, 50).Value = loginID;
command.Parameters.Add("@LoginPassword", SqlDbType.NVarChar, 50).Value = EncrpytHelper.Encrypt(loginPassword, ProjectConstants.FullEncryptionKey);
using (SqlDataReader reader = command.ExecuteReader())
{
while (reader.Read())
{
if (Convert.IsDBNull(reader["UserID"]) == false)
{
user.UserID = (Guid)reader["UserID"];
}
if (Convert.IsDBNull(reader["LoginID"]) == false)
{
user.LoginID = (string)reader["LoginID"];
}
if (Convert.IsDBNull(reader["Name"]) == false)
{
user.Name = (string)reader["Name"];
}
}
reader.Close();
}
connection.Close();
}
}
return(user);
}