Ejemplo n.º 1
0
    public string GetStaffID(string _userID, string _password)
    {
        DataTable dt = new DataTable();

        _userID = _userID.Replace("1=1", "BADSTRING!@").Trim();
        _userID = _userID.Replace("--", "BADSTRING!@").Trim();
        _password = _password.Replace("1=1", "BADSTRING!@").Trim();
        _password = _password.Replace("--", "BADSTRING!@").Trim();
        
        /*
        var utf8 = Encoding.UTF8;
        byte[] utfBytes = utf8.GetBytes(_password);
        _password = utf8.GetString(utfBytes, 0, utfBytes.Length);                      
        */

        Users user = new Users();
        string encrypPassword = user.GetEncryptPassword(_password);

        string staffID = "";
        //string encrypPassword = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(_password, "SHA1").ToLower();

        try
        {
            dt = this.SelectQuery("SELECT TOP 1 * FROM View_Authority WHERE User_ID = '" + _userID + "' AND Status = 'True'").Tables[0];
        }
        catch
        {
            dt = null;
        }

        foreach (DataRow dr in dt.Rows)
        {
            if (dr["User_Password"].ToString().Equals(encrypPassword))
            {
                staffID = dr["User_ID"].ToString();
            }
        }
        return staffID;

    }
Ejemplo n.º 2
0
    /// <summary>
    /// 更新登入者密碼
    /// </summary>
    /// <returns>true:更新成功;false:更新失敗</returns>
    public bool Updateuserpwd(string userid, string pwd)
    {
        bool success = false;
        if (userid == null || userid.Length == 0 || pwd == null || pwd.Length == 0)
        {
             success=false;
        }
        else
        {
            Users user = new Users();
            string encrypPassword = user.GetEncryptPassword(pwd);      
            string sql = "UPDATE Users SET User_Password='******' ,Update_Time = getdate() WHERE User_ID='" + userid + "'";
             success=this.ExecuteStatement(sql);

        }
        return success;
    }
Ejemplo n.º 3
0
    protected void cmd_Save_Click(object sender, EventArgs e)
    {
        if (!CheckExistText(txt_UserName))
        {
            ShowPageMsg("請輸入使用者姓名");
            return;
        }
        if (!CheckExistText(txt_User_ID))
        {
            ShowPageMsg("請輸入使用者代號");
            return;
        }
        if (_operator == null)
        {
            _operator = new UserRole();
        }
        Security sec = new Security();
        Users user = new Users();
        bool suc = true;
        try
        {
                user.User_ID = this.txt_User_ID.Text.Trim();
                user.User_Name = this.txt_UserName.Text;
                if (txt_Password.Text.Length > 0)
                    user.User_Password = user.GetEncryptPassword(this.txt_Password.Text.Trim());
                user.Create_Time = DateTime.Now;
                //if (ddl_department.SelectedValue != "-1")
                //{
                //    user.DepartmentID = Convert.ToInt32(ddl_department.SelectedValue);
                //}
                user.Phone = txt_tel.Text;
                user.Email = txt_email.Text;
                user.Status = chk_Status.Checked;
                user.Expire_Time = DateTime.Now;
                user.Update_Time = DateTime.Now;

            if (this.hidden_Action.Value.Equals("add"))
            {
                //新增User
                if (user.Add())
                {
                    
                    sec.SaveLog(this.txt_User_ID.Text.Trim(), "add user", "AuthManage", "success", Session["LoginStaffID"].ToString());
                }
                else
                {
                    suc = false;
                    sec.SaveLog(this.txt_User_ID.Text.Trim(), "add user", "AuthManage", "fault", Session["LoginStaffID"].ToString());
                }

                //新增User Role
                string role = "";
                for (int i = 0; i < this.gv.Rows.Count; i++)
                {
                    CheckBox chk = (CheckBox)this.gv.Rows[i].Cells[0].Controls[1];
                    if (chk.Checked)
                    {
                        _operator.User_ID = this.txt_User_ID.Text.Trim();
                        _operator.Role_ID = this.gv.Rows[i].Cells[1].Text.Trim();
                        suc &= _operator.AddUserRole();
                        role += _operator.Role_ID + ",";
                    }
                }
                sec.SaveLog(this.txt_User_ID.Text.Trim(), "add userrole", "AuthManage", "role[" + role.TrimEnd(',') + "]", Session["LoginStaffID"].ToString());
            }
            else
            {
                //儲存User Role
                _operator.DeleteUserRole(this.hidden_ID.Value);
                string role = "";
                for (int i = 0; i < this.gv.Rows.Count; i++)
                {
                    CheckBox chk = (CheckBox)this.gv.Rows[i].Cells[0].Controls[1];
                    if (chk.Checked)
                    {
                        _operator.User_ID = this.hidden_ID.Value;
                        _operator.Role_ID = this.gv.Rows[i].Cells[1].Text.Trim();
                        suc &= _operator.AddUserRole();
                        role += _operator.Role_ID + ",";
                    }
                }
                sec.SaveLog(this.hidden_ID.Value, "save userrole", "AuthManage", "role[" + role.TrimEnd(',') + "]", Session["LoginStaffID"].ToString());

                //儲存狀態
                switch (this.chk_Status.Checked)
                {
                    case true:
                        user.SaveStatus(this.hidden_ID.Value, "1");
                        break;
                    case false:
                        user.SaveStatus(this.hidden_ID.Value, "0");
                        break;
                    default:
                        break;
                }
                suc = user.EditUser(user);
                
                
                sec.SaveLog(this.hidden_ID.Value, "save status", "AuthManage", "status[" + this.chk_Status.Checked + "]", Session["LoginStaffID"].ToString());
            }

            if (suc)
            {
                ShowMsgAndRedirect(UpdatePanel1, "修改成功", "AuthList.aspx");
                //ShowPageMsg("儲存成功");
            }
            else
            {
                ShowMsgAndRedirect(UpdatePanel1, "儲存失敗", "AuthList.aspx");
                //ShowPageMsg("儲存失敗");
            }
        }
        catch (Exception ex)
        {
            ShowMsgAndRedirect(UpdatePanel1, "儲存失敗", "AuthList.aspx");
        }
    }