/// <summary>
/// 將通過帳號密碼驗證的帳號寫入Cookie
/// </summary>
/// <param name="currentUser"></param>
protected override void AddCookie(ManagerCurrentUser currentUser)
{
HttpContext.Current.Response.Cookies.Add(
new HttpCookie(
HttpContext.Current.Request.Url.Authority,
FormsAuthentication.Encrypt(
new FormsAuthenticationTicket(
1,
currentUser.Account,
DateTime.Now,
DateTime.Now.AddMinutes(Section.Get.Web.CookieTimeout),
true,
Utility.RawUrlEncode(
AzDG.Encrypt(
string.Format(
"{1}{0}{2}{0}{3}{0}{4}",
CookieSplittor,
currentUser.IdentityKey,
currentUser.Account,
currentUser.Name,
currentUser.Nick)))
)))
{
Domain = HttpContext.Current.Request.Url.Authority,
Expires = DateTime.MinValue
//Expires = DateTime.Now.AddSeconds(Section.Get.Web.CookieTimeout)
});
}
public ActionResult AjaxChangePassword(string old, string pwd)
{
JsonNetResult result = new JsonNetResult();
var r = new DetailResponse();
try
{
old = Md5.Encrypt(old);
string Password = AzDG.Encrypt(pwd);
string EncryptPassword = Md5.Encrypt(pwd);
Tw.Com.Kooco.Admin.Entitys.User userDetail = ((ManagerIdentity)AuthenticatorProvider.GetUser().Identity).CurrentUser;
if (string.IsNullOrEmpty(userDetail.EncryptPassword) || !userDetail.EncryptPassword.Equals(old))
{
r.Code = "-1";
r.Data = "舊密碼驗證錯誤";
}
else if (pwd.Length < 8)
{
r.Code = "-1";
r.Data = "新密碼長度必須大於或等於8個字元";
}
else
{
int n = DataAccessProvider.User.ChangePassword(userDetail.Account, Password, EncryptPassword);
if (n == 1)
{
userDetail.Password = Password;
userDetail.EncryptPassword = EncryptPassword;
r.Ok = true;
}
else
{
r.Code = "-2";
r.Data = "修改密碼失敗";
}
}
}
catch (Exception ex)
{
Log.Error(ex.Message, ex);
r.Code = "-11";
}
result.Data = r;
return(result);
}
public static int Insert(UserParameter param)
{
using (var db = new MsSql(DbName.Official)) {
return
(Convert.ToInt32(
db.Value(
CommandType.StoredProcedure,
"[dbo].[sp_User_Ins]",
new DbParameter[] {
new SqlParameter {
Value = param.User.Account,
SqlDbType = SqlDbType.VarChar,
Size = 32,
ParameterName = "@argStrAccount",
Direction = ParameterDirection.Input
},
new SqlParameter {
Value = AzDG.Encrypt(param.User.Password),
SqlDbType = SqlDbType.VarChar,
Size = 128,
ParameterName = "@argStrPassword",
Direction = ParameterDirection.Input
},
new SqlParameter {
Value = Md5.Encrypt(param.User.Password),
SqlDbType = SqlDbType.VarChar,
Size = 64,
ParameterName = "@argStrEncryptPassword",
Direction = ParameterDirection.Input
},
new SqlParameter {
Value = param.User.FirstName,
SqlDbType = SqlDbType.NVarChar,
Size = 64,
ParameterName = "@argStrFirstName",
Direction = ParameterDirection.Input
},
new SqlParameter {
Value = param.User.LastName,
SqlDbType = SqlDbType.NVarChar,
Size = 64,
ParameterName = "@argStrLastName",
Direction = ParameterDirection.Input
}
})));
}
}
private static void AddCookie(IPrincipal managerPrincipal)
{
var currentUser = ((ManagerIdentity)managerPrincipal.Identity).CurrentUser;
Cookie.Set(
new HttpCookie(
HttpContext.Current.Request.Url.Authority,
HttpUtility.UrlEncode(AzDG.Encrypt(
string.Format(
"{1}{0}{2}",
CookieSplittor,
currentUser.IdentityKey,
currentUser.Account
))))
{
Domain = Section.Get.Web.Domain,
//Expires = DateTime.MinValue
Expires = DateTime.Now.AddSeconds(Section.Get.Web.CookieTimeout)
});
}
/// <summary>
/// 從Cookie 中取得使用者資料
/// </summary>
/// <returns></returns>
public override ManagerCurrentUser GetCookie()
{
if (!Cookie.IsExist(HttpContext.Current.Request.Url.Authority))
{
return(null);
}
try
{
// var ticket = FormsAuthentication.Decrypt(Cookie.Get(DbName.AgmOfficial));
var infoString = AzDG.Decrypt(Cookie.Get(HttpContext.Current.Request.Url.Authority));
var info = infoString.Split(new[] { CookieSplittor }, StringSplitOptions.None);
//20131203 加入快取機制
var principal = CacheProvider.Get <IPrincipal>(info[1]);
return(principal != null
? ((ManagerIdentity)(principal).Identity).CurrentUser
: User.FetchAdminUserDetail(info[1]));
}
catch (Exception ex)
{
return(null);
}
}
/// <summary>
/// 從 Cookie 或快取中取得使用者資料
/// </summary>
/// <returns></returns>
public static IPrincipal GetUser()
{
if (!Cookie.IsExist(HttpContext.Current.Request.Url.Authority))
{
return(null);
}
if (HttpContext.Current.User != null && HttpContext.Current.User.Identity.IsAuthenticated)
{
//return CacheProvider.Get<IPrincipal>(HttpContext.Current.User.Identity.Name);
//重設過期時間
AddCookie(HttpContext.Current.User);
CacheProvider.Insert(HttpContext.Current.User.Identity.Name, HttpContext.Current.User);
return(HttpContext.Current.User);
}
try
{
var infoString = AzDG.Decrypt(Cookie.Get(HttpContext.Current.Request.Url.Authority));
var info = infoString.Split(new[] { CookieSplittor }, StringSplitOptions.None);
//20131203 加入快取機制
var principal = CacheProvider.Get <IPrincipal>(info[1]);
if (principal != null)
{
AddCookie(principal);
CacheProvider.Insert(principal.Identity.Name, principal);
return(principal);
}
principal = new ManagerPrincipal(info[1]);
//重設過期時間
AddCookie(principal);
CacheProvider.Insert(info[1], principal);
return(principal);
}
catch (Exception ex)
{
return(null);
}
}
public static int Update(UserParameter param)
{
using (var db = new MsSql(DbName.Official)) {
return
(Convert.ToInt32(
db.Value(
CommandType.StoredProcedure,
"[dbo].[sp_User_Upd]",
new DbParameter[] {
new SqlParameter {
Value = param.User.IdentityKey,
SqlDbType = SqlDbType.BigInt,
ParameterName = "@argIntUserId",
Direction = ParameterDirection.Input
},
new SqlParameter {
Value =
(IsNullOrEmpty(param.User.Password))
? Empty
: AzDG.Encrypt(param.User.Password),
SqlDbType = SqlDbType.VarChar,
Size = 128,
ParameterName = "@argStrPassword",
Direction = ParameterDirection.Input
},
new SqlParameter {
Value =
(IsNullOrEmpty(param.User.Password))
? Empty
: Md5.Encrypt(param.User.Password),
SqlDbType = SqlDbType.VarChar,
Size = 64,
ParameterName = "@argStrEncryptPassword",
Direction = ParameterDirection.Input
},
new SqlParameter {
Value = IsNullOrEmpty(param.User.FirstName) ? "" : param.User.FirstName,
SqlDbType = SqlDbType.NVarChar,
Size = 64,
ParameterName = "@argStrFirstName",
Direction = ParameterDirection.Input
},
new SqlParameter {
Value = IsNullOrEmpty(param.User.LastName) ? "" : param.User.LastName,
SqlDbType = SqlDbType.NVarChar,
Size = 64,
ParameterName = "@argStrLastName",
Direction = ParameterDirection.Input
},
new SqlParameter {
Value = param.User.Status,
SqlDbType = SqlDbType.TinyInt,
ParameterName = "@argIntStatus",
Direction = ParameterDirection.Input
},
new SqlParameter {
Value = param.User.PrimaryRule,
SqlDbType = SqlDbType.BigInt,
ParameterName = "@argIntPrimaryRuleId",
Direction = ParameterDirection.Input
},
new SqlParameter {
Value = IsNullOrEmpty(param.User.RuleGroups) ? "" : param.User.RuleGroups,
SqlDbType = SqlDbType.VarChar,
Size = 8000,
ParameterName = "@argStrRuleGroups",
Direction = ParameterDirection.Input
}
})));
}
}
