protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Session["AdminName"] == null || Session["AdminName"].ToString().Trim() == "")
{
Response.Write("<script>alert('对不起,您没有登录!');parent.location.href='Login.aspx'</script>");
return;
}
else
{
Cms.DAL.Admin dal = new DAL.Admin();
Cms.Model.Admin model = new Cms.Model.Admin();
model = dal.GetModelByName(Session["AdminName"].ToString());
if (model != null)
{
if (model.RealName.Length <= 6)
{
lblSignIn.Text = model.RealName;
}
else
{
lblSignIn.Text = model.RealName.Substring(0, 5) + "...";
}
}
}
}
}
//添加管理员
protected void btnSave_Click(object sender, EventArgs e)
{
Cms.Model.Admin model = new Cms.Model.Admin();
Cms.DAL.Admin dal = new Cms.DAL.Admin();
string userName = txtUserName.Text.Trim();
string userPwd = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(this.txtUserPwd.Text.ToString(), "MD5");
//检测用户名是否存在
if (dal.Exists(userName))
{
MessageBox.Show(this, "该用户名已经存在!");
return;
}
model.UserName = userName;
model.UserPwd = userPwd;
model.RealName = txtRealName.Text;
model.Telephone = txtTelephone.Text;
model.Address = txtAddress.Text;
dal.Add(model);
//保存日志
MessageBox.Show(this, "添加管理员成功!");
}
private void ShowInfo(int editID)
{
Cms.DAL.Admin dal = new Cms.DAL.Admin();
Cms.Model.Admin model = new Cms.Model.Admin();
model = dal.GetModelByID(editID);
txtUserName.Text = model.UserName;
txtRealName.Text = model.RealName;
txtTelephone.Text = model.Telephone;
txtAddress.Text = model.Address;
}
private void ShowInfo(int editID)
{
Cms.DAL.Admin dal = new Cms.DAL.Admin();
Cms.Model.Admin model = new Cms.Model.Admin();
model = dal.GetModelByID(editID);
txtUserName.Text = model.UserName;
txtRealName.Text = model.RealName;
txtTelephone.Text = model.Telephone;
txtAddress.Text = model.Address;
}
/// <summary>
/// 删除一条数据
/// </summary>
public bool Delete(int Id)
{
Cms.Model.Admin model = GetModelByID(Id);
if (model == null)
{
return(false);
}
StringBuilder strSql = new StringBuilder();
strSql.Append("delete from UserInfo ");
strSql.Append(" where userid=@userid");
SqlParameter[] parametersUser =
{
new SqlParameter("@userid", SqlDbType.Int, 4)
};
parametersUser[0].Value = Id;
int rows = DbHelperSQL.ExecuteSql(strSql.ToString(), parametersUser);
if (rows > 0)
{
}
else
{
return(false);
}
strSql = new StringBuilder();
strSql.Append("delete from Staff ");
strSql.Append(" where StaffId=@StaffId");
SqlParameter[] parameters =
{
new SqlParameter("@StaffId", SqlDbType.Int, 4)
};
parameters[0].Value = model.StaffID;
rows = DbHelperSQL.ExecuteSql(strSql.ToString(), parameters);
if (rows > 0)
{
return(true);
}
else
{
return(false);
}
}
protected void btnSave_Click(object sender, EventArgs e)
{
Cms.DAL.Admin dal = new Cms.DAL.Admin();
Cms.Model.Admin model = dal.GetModelByID(this.Id);
string UserPwd = this.txtUserPwd.Text.ToString();
if (UserPwd != null && UserPwd != "")
{
model.UserPwd = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(UserPwd, "MD5");;
}
model.RealName = txtRealName.Text;
model.Telephone = txtTelephone.Text;
model.Address = txtAddress.Text;
dal.Update(model);
//保存日志
MessageBox.Show(this, "管理员修改成功!");
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Session["AdminName"] == null || Session["AdminName"].ToString().Trim() == "")
{
Response.Write("<script>alert('对不起,您没有登录!');parent.location.href='Login.aspx'</script>");
return;
}
else
{
Cms.DAL.Admin dal = new DAL.Admin();
Cms.Model.Admin model = new Cms.Model.Admin();
model = dal.GetModelByName(Session["AdminName"].ToString());
if (model != null)
{
if (model.RealName.Length <= 6)
lblSignIn.Text = model.RealName;
else
lblSignIn.Text = model.RealName.Substring(0, 5) + "...";
}
}
}
}
//添加管理员
protected void btnSave_Click(object sender, EventArgs e)
{
Cms.Model.Admin model = new Cms.Model.Admin();
Cms.DAL.Admin dal = new Cms.DAL.Admin();
string userName = txtUserName.Text.Trim();
string userPwd = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(this.txtUserPwd.Text.ToString(), "MD5");
//检测用户名是否存在
if (dal.Exists(userName))
{
MessageBox.Show(this, "该用户名已经存在!");
return;
}
model.UserName = userName;
model.UserPwd = userPwd;
model.RealName = txtRealName.Text;
model.Telephone = txtTelephone.Text;
model.Address = txtAddress.Text;
dal.Add(model);
//保存日志
MessageBox.Show(this, "添加管理员成功!");
}
protected void logindl_Click(object sender, ImageClickEventArgs e)
{
if ((Session["CheckCode"] != null) && (Session["CheckCode"].ToString() != ""))
{
#region 记录登录次数
if (Session["AdminLoginSun"] == null)
{
Session["AdminLoginSun"] = 1;
}
else
{
Session["AdminLoginSun"] = Convert.ToInt32(Session["AdminLoginSun"]) + 1;
}
//判断登录
if (Session["AdminLoginSun"] != null && Convert.ToInt32(Session["AdminLoginSun"]) > 3)
{
this.logindl.Enabled = false;
this.txtCode.Text = "";
this.txtName.Enabled = false;
this.txtPwd.Enabled = false;
MessageBox.Show(this, "对不起,你错误登录了三次,系统登录锁定!");
}
#endregion
string UserName = txtName.Text.Trim();
string UserPwd = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(this.txtPwd.Text.ToString(), "MD5");
if (UserName.Equals("") || UserPwd.Equals(""))
{
MessageBox.Show(this, "请输入您要登录用户名或密码!");
}
else
{
if (Session["CheckCode"].ToString().ToLower() != this.txtCode.Text.ToLower())
{
MessageBox.Show(this, "您输入的验证码不正确,请重新输入!");
this.txtCode.Text = "";
Session["CheckCode"] = null;
return;
}
else
{
Session["CheckCode"] = null;
}
if (dal.chkAdminLogin(UserName, UserPwd))
{
Cms.Model.Admin model = new Cms.Model.Admin();
model = dal.GetModelByName(UserName);
Session["AdminNo"] = model.Id;
Session["AdminName"] = model.UserName;
//设置超时时间
Session.Timeout = 120;
Session["AdminLoginSun"] = null;
Response.Redirect("Frame.aspx");
}
else
{
MessageBox.Show(this, "您输入的用户名或密码不正确,请重新输入!");
//保存日志
new Web.UI.ManagePage().SaveLogs(UserName, "[用户登录] 状态:登录失败!");
}
}
}
else
{
MessageBox.Show(this, "请输入验证码!");
}
}
/// <summary>
/// 根据用户名取得一行数据给Model
/// </summary>
/// <param name="userName"></param>
/// <returns></returns>
public Cms.Model.Admin GetModelByName(string UserName)
{
StringBuilder strSql = new StringBuilder();
strSql.Append("select top 1 userid,username,password,realname2,departmentId,roleid,StaffId,userbh from UserInfo ");
strSql.Append(" where UserName=@UserName ");
SqlParameter[] parameters = {
new SqlParameter("@UserName", SqlDbType.NVarChar,30)
};
parameters[0].Value = UserName;
Cms.Model.Admin model = new Cms.Model.Admin();
DataSet ds = DbHelperSQL.Query(strSql.ToString(), parameters);
if (ds.Tables[0].Rows.Count > 0)
{
if (ds.Tables[0].Rows[0]["userid"] != null && ds.Tables[0].Rows[0]["userid"].ToString() != "")
{
model.Id = int.Parse(ds.Tables[0].Rows[0]["userid"].ToString());
}
if (ds.Tables[0].Rows[0]["username"] != null && ds.Tables[0].Rows[0]["username"].ToString() != "")
{
model.UserName = ds.Tables[0].Rows[0]["username"].ToString();
}
if (ds.Tables[0].Rows[0]["password"] != null && ds.Tables[0].Rows[0]["password"].ToString() != "")
{
model.UserPwd = ds.Tables[0].Rows[0]["password"].ToString();
}
if (ds.Tables[0].Rows[0]["realname2"] != null && ds.Tables[0].Rows[0]["realname2"].ToString() != "")
{
model.RealName = ds.Tables[0].Rows[0]["realname2"].ToString();
}
if (ds.Tables[0].Rows[0]["departmentId"] != null && ds.Tables[0].Rows[0]["departmentId"].ToString() != "")
{
model.DepartID = int.Parse(ds.Tables[0].Rows[0]["departmentId"].ToString());
}
if (ds.Tables[0].Rows[0]["roleid"] != null && ds.Tables[0].Rows[0]["roleid"].ToString() != "")
{
model.RoleID = int.Parse(ds.Tables[0].Rows[0]["roleid"].ToString());
}
if (ds.Tables[0].Rows[0]["StaffId"] != null && ds.Tables[0].Rows[0]["StaffId"].ToString() != "")
{
model.StaffID = int.Parse(ds.Tables[0].Rows[0]["StaffId"].ToString());
}
if (ds.Tables[0].Rows[0]["userbh"] != null && ds.Tables[0].Rows[0]["userbh"].ToString() != "")
{
model.UserBH = ds.Tables[0].Rows[0]["userbh"].ToString();
}
strSql = new StringBuilder();
strSql.Append("select top 1 StaffName,StaffTel,StaffAddres from Staff ");
strSql.Append(" where StaffId=@StaffId ");
SqlParameter[] parametersStaff = {
new SqlParameter("@StaffId", SqlDbType.Int,4)};
parametersStaff[0].Value = model.StaffID;
DataSet dsStaff = DbHelperSQL.Query(strSql.ToString(), parametersStaff);
if (dsStaff.Tables[0].Rows.Count > 0)
{
if (dsStaff.Tables[0].Rows[0]["StaffTel"] != null && dsStaff.Tables[0].Rows[0]["StaffTel"].ToString() != "")
{
model.Telephone = dsStaff.Tables[0].Rows[0]["StaffTel"].ToString();
}
if (dsStaff.Tables[0].Rows[0]["StaffAddres"] != null && dsStaff.Tables[0].Rows[0]["StaffAddres"].ToString() != "")
{
model.Address = dsStaff.Tables[0].Rows[0]["StaffAddres"].ToString();
}
return model;
}
else
{
return null;
}
}
else
{
return null;
}
}
protected void logindl_Click(object sender, ImageClickEventArgs e)
{
if ((Session["CheckCode"] != null) && (Session["CheckCode"].ToString() != ""))
{
#region 记录登录次数
if (Session["AdminLoginSun"] == null)
{
Session["AdminLoginSun"] = 1;
}
else
{
Session["AdminLoginSun"] = Convert.ToInt32(Session["AdminLoginSun"]) + 1;
}
//判断登录
if (Session["AdminLoginSun"] != null && Convert.ToInt32(Session["AdminLoginSun"]) > 3)
{
this.logindl.Enabled = false;
this.txtCode.Text = "";
this.txtName.Enabled = false;
this.txtPwd.Enabled = false;
MessageBox.Show(this, "对不起,你错误登录了三次,系统登录锁定!");
}
#endregion
string UserName = txtName.Text.Trim();
string UserPwd = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(this.txtPwd.Text.ToString(), "MD5");
if (UserName.Equals("") || UserPwd.Equals(""))
{
MessageBox.Show(this, "请输入您要登录用户名或密码!");
}
else
{
if (Session["CheckCode"].ToString().ToLower() != this.txtCode.Text.ToLower())
{
MessageBox.Show(this, "您输入的验证码不正确,请重新输入!");
this.txtCode.Text = "";
Session["CheckCode"] = null;
return;
}
else
{
Session["CheckCode"] = null;
}
if (dal.chkAdminLogin(UserName, UserPwd))
{
Cms.Model.Admin model = new Cms.Model.Admin();
model = dal.GetModelByName(UserName);
Session["AdminNo"] = model.Id;
Session["AdminName"] = model.UserName;
//设置超时时间
Session.Timeout = 120;
Session["AdminLoginSun"] = null;
Response.Redirect("Frame.aspx");
}
else
{
MessageBox.Show(this, "您输入的用户名或密码不正确,请重新输入!");
//保存日志
new Web.UI.ManagePage().SaveLogs(UserName, "[用户登录] 状态:登录失败!");
}
}
}
else
{
MessageBox.Show(this, "请输入验证码!");
}
}
/// <summary>
/// 增加一条数据
/// </summary>
public int Add(Cms.Model.Admin model)
{
StringBuilder strSql = new StringBuilder();
strSql.Append("insert into Staff(");
strSql.Append("StaffName,StaffTel,StaffAddres)");
strSql.Append(" values (");
strSql.Append("@StaffName,@StaffTel,@StaffAddres)");
strSql.Append(";select @@IDENTITY");
SqlParameter[] parameters =
{
new SqlParameter("@StaffName", SqlDbType.VarChar, 50),
new SqlParameter("@StaffTel", SqlDbType.VarChar, 50),
new SqlParameter("@StaffAddres", SqlDbType.VarChar, 50)
};
parameters[0].Value = model.RealName;
parameters[1].Value = model.Telephone;
parameters[2].Value = model.Address;
object obj = DbHelperSQL.GetSingle(strSql.ToString(), parameters);
if (obj == null)
{
return(0);
}
else
{
model.StaffID = Convert.ToInt32(obj);
}
strSql = new StringBuilder();
strSql.Append("insert into UserInfo(");
strSql.Append("username,password,realname2,departmentId,roleid,StaffId,userbh)");
strSql.Append(" values (");
strSql.Append("@username,@password,@realname2,@departmentId,@roleid,@StaffId,@userbh)");
strSql.Append(";select @@IDENTITY");
SqlParameter[] parametersUser =
{
new SqlParameter("@username", SqlDbType.NVarChar, 50),
new SqlParameter("@password", SqlDbType.Char, 32),
new SqlParameter("@realname2", SqlDbType.NVarChar, 50),
new SqlParameter("@departmentId", SqlDbType.Int, 4),
new SqlParameter("@roleid", SqlDbType.Int, 4),
new SqlParameter("@StaffId", SqlDbType.Int, 4),
new SqlParameter("@userbh", SqlDbType.NVarChar, 50)
};
parametersUser[0].Value = model.UserName;
parametersUser[1].Value = model.UserPwd;
parametersUser[2].Value = model.RealName;
parametersUser[3].Value = model.DepartID;
parametersUser[4].Value = model.RoleID;
parametersUser[5].Value = model.StaffID;
parametersUser[6].Value = model.UserBH;
obj = DbHelperSQL.GetSingle(strSql.ToString(), parametersUser);
if (obj == null)
{
return(0);
}
else
{
return(Convert.ToInt32(obj));
}
}
/// <summary>
/// 根据用户ID取得一行数据给Model
/// </summary>
/// <param name="userName"></param>
/// <returns></returns>
public Cms.Model.Admin GetModelByID(int ID)
{
StringBuilder strSql = new StringBuilder();
strSql.Append("select top 1 userid,username,password,realname2,departmentId,roleid,StaffId,userbh from UserInfo ");
strSql.Append(" where userid=@userid ");
SqlParameter[] parameters =
{
new SqlParameter("@userid", SqlDbType.Int, 30)
};
parameters[0].Value = ID;
Cms.Model.Admin model = new Cms.Model.Admin();
DataSet ds = DbHelperSQL.Query(strSql.ToString(), parameters);
if (ds.Tables[0].Rows.Count > 0)
{
if (ds.Tables[0].Rows[0]["userid"] != null && ds.Tables[0].Rows[0]["userid"].ToString() != "")
{
model.Id = int.Parse(ds.Tables[0].Rows[0]["userid"].ToString());
}
if (ds.Tables[0].Rows[0]["username"] != null && ds.Tables[0].Rows[0]["username"].ToString() != "")
{
model.UserName = ds.Tables[0].Rows[0]["username"].ToString();
}
if (ds.Tables[0].Rows[0]["password"] != null && ds.Tables[0].Rows[0]["password"].ToString() != "")
{
model.UserPwd = ds.Tables[0].Rows[0]["password"].ToString();
}
if (ds.Tables[0].Rows[0]["realname2"] != null && ds.Tables[0].Rows[0]["realname2"].ToString() != "")
{
model.RealName = ds.Tables[0].Rows[0]["realname2"].ToString();
}
if (ds.Tables[0].Rows[0]["departmentId"] != null && ds.Tables[0].Rows[0]["departmentId"].ToString() != "")
{
model.DepartID = int.Parse(ds.Tables[0].Rows[0]["departmentId"].ToString());
}
if (ds.Tables[0].Rows[0]["roleid"] != null && ds.Tables[0].Rows[0]["roleid"].ToString() != "")
{
model.RoleID = int.Parse(ds.Tables[0].Rows[0]["roleid"].ToString());
}
if (ds.Tables[0].Rows[0]["StaffId"] != null && ds.Tables[0].Rows[0]["StaffId"].ToString() != "")
{
model.StaffID = int.Parse(ds.Tables[0].Rows[0]["StaffId"].ToString());
}
if (ds.Tables[0].Rows[0]["userbh"] != null && ds.Tables[0].Rows[0]["userbh"].ToString() != "")
{
model.UserBH = ds.Tables[0].Rows[0]["userbh"].ToString();
}
strSql = new StringBuilder();
strSql.Append("select top 1 StaffName,StaffTel,StaffAddres from Staff ");
strSql.Append(" where StaffId=@StaffId ");
SqlParameter[] parametersStaff =
{
new SqlParameter("@StaffId", SqlDbType.Int, 4)
};
parametersStaff[0].Value = model.StaffID;
DataSet dsStaff = DbHelperSQL.Query(strSql.ToString(), parametersStaff);
if (dsStaff.Tables[0].Rows.Count > 0)
{
if (dsStaff.Tables[0].Rows[0]["StaffTel"] != null && dsStaff.Tables[0].Rows[0]["StaffTel"].ToString() != "")
{
model.Telephone = dsStaff.Tables[0].Rows[0]["StaffTel"].ToString();
}
if (dsStaff.Tables[0].Rows[0]["StaffAddres"] != null && dsStaff.Tables[0].Rows[0]["StaffAddres"].ToString() != "")
{
model.Address = dsStaff.Tables[0].Rows[0]["StaffAddres"].ToString();
}
return(model);
}
else
{
return(null);
}
}
else
{
return(null);
}
}
/// <summary>
/// 更新一条数据
/// </summary>
public bool Update(Cms.Model.Admin model)
{
StringBuilder strSql = new StringBuilder();
strSql.Append("update Staff set ");
strSql.Append("StaffName=@StaffName,");
strSql.Append("StaffTel=@StaffTel,");
strSql.Append("StaffAddres=@StaffAddres");
strSql.Append(" where StaffId=@StaffId");
SqlParameter[] parameters =
{
new SqlParameter("@StaffName", SqlDbType.VarChar, 50),
new SqlParameter("@StaffTel", SqlDbType.VarChar, 50),
new SqlParameter("@StaffAddres", SqlDbType.VarChar, 50),
new SqlParameter("@StaffId", SqlDbType.Int, 4),
};
parameters[0].Value = model.RealName;
parameters[1].Value = model.Telephone;
parameters[2].Value = model.Address;
parameters[3].Value = model.StaffID;
int rows = DbHelperSQL.ExecuteSql(strSql.ToString(), parameters);
if (rows > 0)
{
}
else
{
return(false);
}
strSql = new StringBuilder();
strSql.Append("update UserInfo set ");
strSql.Append("username=@username,");
strSql.Append("password=@password,");
strSql.Append("realname2=@realname2,");
strSql.Append("departmentId=@departmentId,");
strSql.Append("roleid=@roleid,");
strSql.Append("StaffId=@StaffId,");
strSql.Append("userbh=@userbh");
strSql.Append(" where userid=@userid");
SqlParameter[] parametersUser =
{
new SqlParameter("@username", SqlDbType.NVarChar, 50),
new SqlParameter("@password", SqlDbType.Char, 32),
new SqlParameter("@realname2", SqlDbType.NVarChar, 50),
new SqlParameter("@departmentId", SqlDbType.Int, 4),
new SqlParameter("@roleid", SqlDbType.Int, 4),
new SqlParameter("@StaffId", SqlDbType.Int, 4),
new SqlParameter("@userbh", SqlDbType.NVarChar, 50),
new SqlParameter("@userid", SqlDbType.Int, 4)
};
parametersUser[0].Value = model.UserName;
parametersUser[1].Value = model.UserPwd;
parametersUser[2].Value = model.RealName;
parametersUser[3].Value = model.DepartID;
parametersUser[4].Value = model.RoleID;
parametersUser[5].Value = model.StaffID;
parametersUser[6].Value = model.UserBH;
parametersUser[7].Value = model.Id;
rows = DbHelperSQL.ExecuteSql(strSql.ToString(), parametersUser);
if (rows > 0)
{
return(true);
}
else
{
return(false);
}
}
