Ejemplo n.º 1
0
        protected void Page_Load(object sender, EventArgs e)
        {
            string UserName = "";

            if (Session["UserName2"] != null && Session["UserID"] != null)
            {
                UserName = Session["UserName2"].ToString();
                //正常退出时应该改写活跃用户记录
                string sql = "delete from activeuser where username='******'";
                DbHelperSQL.ExecuteSql(sql);

                string userid = Session["UserID"].ToString();

                LoginRecordBLL     bll  = new LoginRecordBLL();
                List <LoginRecord> list = bll.GetList(" userid=" + userid + " order by id desc");
                string             sql2 = "update loginrecord set BY1='" + System.DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss") + "' where id=" + list[0].ID;
                DbHelperSQL.ExecuteSql(sql2);
            }
            Session["UserID"]    = 0;
            Session["UserName"]  = "";
            Session["UserName2"] = null;
            Session.Abandon();
            FormsAuthentication.SignOut();
            Response.Redirect("Index.aspx");
        }
Ejemplo n.º 2
0
        protected void Button1_Click(object sender, EventArgs e)
        {
            if ("".Equals(tbUserName.Value.Trim()))
            {
                this.ClientScript.RegisterStartupScript(this.GetType(), "noUser", "alert('用户名不能为空!');", true);
                return;
            }

            #region 查看当前用户是否已经被锁定(根据系统设定的最大密码错误次数和启用该功能的开关)
            string PassWordErrorRecord = StringEncodeAndDecode.Decode(ConfigurationManager.AppSettings["PassWordErrorRecord"].ToString()).ToUpper();
            if (PassWordErrorRecord.Equals("QIYONG") && !CheckErrorRecord())
            {
                this.ClientScript.RegisterStartupScript(this.GetType(), "noUser", "alert('您今天的密码错误次数已经达到上限,系统拒绝您今天登陆!');", true);
                return;
            }
            #endregion

            FormsAuthentication.Initialize();
            UserBll           userBll = new UserBll();
            thesis.model.User spcUser = userBll.GetModel(tbUserName.Value.Trim().ToLower());
            if (spcUser != null && spcUser.MM.Equals(StringEncodeAndDecode.Encode(tbPassword.Value.Trim())))
            {
                //写入日志
                OperationLogBll olBll = new OperationLogBll();
                OperationLog    oLog  = new OperationLog();
                oLog.SPECIES12_ID = spcUser.ID;
                string ipaddress = ClientIPAddress.getIPAddress();
                oLog.RQSJ = DateTime.Now;
                oLog.NR   = spcUser.NAME + "成功登录本系统【" + ipaddress + "】!";
                oLog.ENR  = spcUser.NAME + "load successfully[" + ipaddress + "]!";
                olBll.Add(oLog);

                //修改用户的登录信息,添加用户登陆日志

                /*修改用户的最新登陆日期和访问量*/
                string logindate = System.DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
                spcUser.HOLD1 = logindate;
                spcUser.HOLD2 = spcUser.HOLD2.Trim().Equals("") ? "1" : (int.Parse(spcUser.HOLD2) + 1).ToString();

                userBll.Update(spcUser);

                /*写入登陆日志*/

                LoginRecordBLL loginbll = new LoginRecordBLL();
                LoginRecord    record   = new LoginRecord();
                record.USERID    = spcUser.ID;
                record.IPADDRESS = ipaddress;
                record.LOGINDATE = logindate;
                record.BY2       = "";
                record.BY1       = "";

                loginbll.Add(record);


                // 为了实现认证,创建一个新的票据
                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
                    1,                                    // 票据版本号
                    tbUserName.Value.Trim(),              // 票据持有者
                    DateTime.Now,                         //分配票据的时间
                    DateTime.Now.AddMinutes(30),          // 失效时间
                    true,                                 // 需要用户的 cookie
                    "spcuser",                            // 用户数据,可以作为用户的角色
                    FormsAuthentication.FormsCookiePath); //cookie有效路径
                //使用机器码machine key加密cookie,为了安全传送
                string     hash   = FormsAuthentication.Encrypt(ticket);
                HttpCookie cookie = new HttpCookie(
                    FormsAuthentication.FormsCookieName, // 认证cookie的名称
                    hash);                               //加密之后的cookie

                //将cookie的失效时间设置为和票据tikets的失效时间一致
                if (ticket.IsPersistent)
                {
                    cookie.Expires = ticket.Expiration;
                }

                //添加cookie到页面请求响应中
                Response.Cookies.Add(cookie);

                // 将用户转向到之前请求的页面,
                // 如果之前没有请求任何页面,就转向到首页
                string returnUrl = Request.QueryString["ReturnUrl"];
                if (returnUrl == null)
                {
                    returnUrl = "Default.aspx";
                }

                // 不要调用 FormsAuthentication.RedirectFromLoginPage 方法,
                // 因为它会把刚才添加的票据(cookie)替换掉
                #region 清除密码错误记录
                if (PassWordErrorRecord.Equals("QIYONG"))
                {
                    string del = "delete from ERRORPASSWORDRECORD where username='******' and ERRORDATE='" + System.DateTime.Now.ToString("yyyy-MM-dd") + "'";
                    DbHelperSQL.ExecuteSql(del);
                }
                #endregion

                #region 清除超时用户,同时清除自己以前的登录记录(目的是防止因为Session过期而导致的重新登陆拒绝问题)
                string LimitOnline = StringEncodeAndDecode.Decode(ConfigurationManager.AppSettings["LimitOnline"]);
                if (!LimitOnline.ToUpper().Equals("XJTUCIMSSPC"))
                {
                    if (DelTimeOut(this.tbUserName.Value.ToString()))
                    {
                        WriteActiveUser(this.tbUserName.Value.ToString());
                        Session["userwrx"] = spcUser;

                        Session["UserName2"] = tbUserName.Value.ToString();
                        Session["UserID"]    = spcUser.ID;
                        Response.Redirect(returnUrl);
                    }
                    else
                    {
                        this.ClientScript.RegisterStartupScript(this.GetType(), "noUser", "alert('当前用户已经登录,不能重复登录!');", true);
                    }
                }
                else
                {
                    Session["userwrx"] = spcUser;

                    Session["UserName2"] = tbUserName.Value.ToString();
                    Session["UserID"]    = spcUser.ID;
                    Response.Redirect(returnUrl);
                }

                #endregion
            }
            else
            {
                if (PassWordErrorRecord.Equals("QIYONG"))
                {
                    string  sql_sel      = "select * from ERRORPASSWORDRECORD where username='******' and ERRORDATE='" + System.DateTime.Now.ToString("yyyy-MM-dd") + "'";
                    DataSet ds           = DbHelperSQL.Query(sql_sel);
                    int     max_error    = 5;
                    int     remain_error = 4;

                    if (!StringEncodeAndDecode.Decode(ConfigurationManager.AppSettings["ErrorRecordNum"].ToString()).Equals(""))
                    {
                        max_error = int.Parse(StringEncodeAndDecode.Decode(ConfigurationManager.AppSettings["ErrorRecordNum"].ToString()));
                    }
                    if (ds.Tables[0].Rows.Count == 0)//还没有错误过
                    {
                        string sql_ins = "insert into ERRORPASSWORDRECORD(username,IPADDRESS,ERRORNUM,ERRORDATE)values('" + this.tbUserName.Value + "','" + ClientIPAddress.getIPAddress() + "',1,'" + System.DateTime.Now.ToString("yyyy-MM-dd") + "')";
                        DbHelperSQL.ExecuteSql(sql_ins);
                    }
                    else
                    {
                        string sql_update = "update ERRORPASSWORDRECORD set ERRORNUM=ERRORNUM+1 where username='******' and ERRORDATE='" + System.DateTime.Now.ToString("yyyy-MM-dd") + "'";
                        DbHelperSQL.ExecuteSql(sql_update);
                        remain_error = max_error - int.Parse(ds.Tables[0].Rows[0]["ERRORNUM"].ToString()) - 1;
                    }
                    this.ClientScript.RegisterStartupScript(this.GetType(), "noUser", "alert('错误的用户名/密码,您还有【" + remain_error + "】次尝试机会!');", true);
                }
                else
                {
                    this.ClientScript.RegisterStartupScript(this.GetType(), "noUser", "alert('错误的用户名/密码!');", true);
                }
            }
        }