public bool ChangePassword(string userName, EPasswordFormat passwordFormat, string password, out string errorMessage)
{
errorMessage = string.Empty;
if (string.IsNullOrEmpty(password))
{
errorMessage = "密码不能为空";
return(false);
}
if (password.Length < ConfigManager.SystemConfigInfo.LoginPasswordMinLength)
{
errorMessage = $"密码长度必须大于等于{ConfigManager.SystemConfigInfo.LoginPasswordMinLength}";
return(false);
}
if (!EUserPasswordRestrictionUtils.IsValid(password, ConfigManager.SystemConfigInfo.LoginPasswordRestriction))
{
errorMessage =
$"密码不符合规则,请包含{EUserPasswordRestrictionUtils.GetText(ConfigManager.SystemConfigInfo.LoginPasswordRestriction)}";
return(false);
}
string passwordSalt;
password = EncodePassword(password, passwordFormat, out passwordSalt);
return(ChangePassword(userName, passwordFormat, passwordSalt, password));
}
private bool ChangePassword(string userName, EPasswordFormat passwordFormat, string passwordSalt,
string password)
{
var isSuccess = false;
IDataParameter[] updateParms =
{
GetParameter(ParmPassword, DataType.VarChar, 255, password),
GetParameter(ParmPasswordFormat, DataType.VarChar, 50, EPasswordFormatUtils.GetValue(passwordFormat)),
GetParameter(ParmPasswordSalt, DataType.VarChar, 128, passwordSalt),
GetParameter(ParmUsername, DataType.VarChar, 255, userName)
};
try
{
ExecuteNonQuery(SqlUpdatePassword, updateParms);
AdminManager.RemoveCache(userName);
isSuccess = true;
}
catch
{
// ignored
}
return(isSuccess);
}
public static string DecodePassword(string password, EPasswordFormat passwordFormat, string passwordSalt)
{
var retval = string.Empty;
if (passwordFormat == EPasswordFormat.Clear)
{
retval = password;
}
else if (passwordFormat == EPasswordFormat.Hashed)
{
throw new Exception("can not decode hashed password");
}
else if (passwordFormat == EPasswordFormat.Encrypted)
{
var encryptor = new DesEncryptor
{
InputString = password,
DecryptKey = passwordSalt
};
encryptor.DesDecrypt();
retval = encryptor.OutString;
}
return(retval);
}
private void ChangePassword(string userName, EPasswordFormat passwordFormat, string passwordSalt, string password)
{
var userInfo = UserManager.GetUserInfoByUserName(userName);
if (userInfo == null)
{
return;
}
userInfo.PasswordFormat = EPasswordFormatUtils.GetValue(passwordFormat);
userInfo.Password = password;
userInfo.PasswordSalt = passwordSalt;
userInfo.LastResetPasswordDate = DateTime.Now;
var sqlString = $"UPDATE {TableName} SET Password = @Password, PasswordFormat = @PasswordFormat, PasswordSalt = @PasswordSalt, LastResetPasswordDate = @LastResetPasswordDate WHERE UserName = @UserName";
var updateParms = new IDataParameter[]
{
GetParameter(ParmPassword, DataType.VarChar, 255, userInfo.Password),
GetParameter(ParmPasswordFormat, DataType.VarChar, 50, userInfo.PasswordFormat),
GetParameter(ParmPasswordSalt, DataType.VarChar, 128, userInfo.PasswordSalt),
GetParameter(ParmLastResetPasswordDate, DataType.DateTime, userInfo.LastResetPasswordDate),
GetParameter(ParmUserName, DataType.VarChar, 255, userName)
};
ExecuteNonQuery(sqlString, updateParms);
LogUtils.AddUserLog(userName, "修改密码", string.Empty);
UserManager.UpdateCache(userInfo);
}
public bool CheckPassword(string password, string dbpassword, EPasswordFormat passwordFormat, string passwordSalt)
{
var pass1 = password;
var pass2 = DecodePassword(dbpassword, passwordFormat, passwordSalt);
return(pass1 == pass2);
}
public static ListItem GetListItem(EPasswordFormat type, bool selected)
{
var item = new ListItem(GetText(type), GetValue(type));
if (selected)
{
item.Selected = true;
}
return(item);
}
public static bool Equals(EPasswordFormat type, string typeStr)
{
if (string.IsNullOrEmpty(typeStr))
{
return(false);
}
if (string.Equals(GetValue(type).ToLower(), typeStr.ToLower()))
{
return(true);
}
return(false);
}
private int InsertWithoutValidation(UserInfo userInfo, string password, EPasswordFormat passwordFormat, string passwordSalt)
{
var sqlString = $"INSERT INTO {TableName} (UserName, Password, PasswordFormat, PasswordSalt, CreateDate, LastResetPasswordDate, LastActivityDate, CountOfLogin, CountOfFailedLogin, GroupId, IsChecked, IsLockedOut, DisplayName, Email, Mobile, AvatarUrl, Gender, Birthday, WeiXin, QQ, WeiBo, Bio, SettingsXml) VALUES (@UserName, @Password, @PasswordFormat, @PasswordSalt, @CreateDate, @LastResetPasswordDate, @LastActivityDate, @CountOfLogin, @CountOfFailedLogin, @GroupId, @IsChecked, @IsLockedOut, @DisplayName, @Email, @Mobile, @AvatarUrl, @Gender, @Birthday, @WeiXin, @QQ, @WeiBo, @Bio, @SettingsXml)";
userInfo.CreateDate = DateTime.Now;
userInfo.LastActivityDate = DateTime.Now;
userInfo.LastResetPasswordDate = DateTime.Now;
userInfo.DisplayName = AttackUtils.FilterXss(userInfo.DisplayName);
userInfo.Email = AttackUtils.FilterXss(userInfo.Email);
userInfo.Mobile = AttackUtils.FilterXss(userInfo.Mobile);
userInfo.AvatarUrl = AttackUtils.FilterXss(userInfo.AvatarUrl);
userInfo.Gender = AttackUtils.FilterXss(userInfo.Gender);
userInfo.Birthday = AttackUtils.FilterXss(userInfo.Birthday);
userInfo.WeiXin = AttackUtils.FilterXss(userInfo.WeiXin);
userInfo.Qq = AttackUtils.FilterXss(userInfo.Qq);
userInfo.WeiBo = AttackUtils.FilterXss(userInfo.WeiBo);
userInfo.Bio = AttackUtils.FilterXss(userInfo.Bio);
var settingsXml = userInfo.ToString(UserAttribute.AllAttributes.Value);
var parameters = new IDataParameter[]
{
GetParameter(ParmUserName, DataType.VarChar, 255, userInfo.UserName),
GetParameter(ParmPassword, DataType.VarChar, 255, password),
GetParameter(ParmPasswordFormat, DataType.VarChar, 50, EPasswordFormatUtils.GetValue(passwordFormat)),
GetParameter(ParmPasswordSalt, DataType.VarChar, 128, passwordSalt),
GetParameter(ParmCreateDate, DataType.DateTime, userInfo.CreateDate),
GetParameter(ParmLastResetPasswordDate, DataType.DateTime, userInfo.LastResetPasswordDate),
GetParameter(ParmLastActivityDate, DataType.DateTime, userInfo.LastActivityDate),
GetParameter(ParmCountOfLogin, DataType.Integer, userInfo.CountOfLogin),
GetParameter(ParmCountOfFailedLogin, DataType.Integer, userInfo.CountOfFailedLogin),
GetParameter(ParmGroupId, DataType.Integer, userInfo.GroupId),
GetParameter(ParmIsChecked, DataType.VarChar, 18, userInfo.IsChecked.ToString()),
GetParameter(ParmIsLockedOut, DataType.VarChar, 18, userInfo.IsLockedOut.ToString()),
GetParameter(ParmDisplayname, DataType.VarChar, 255, userInfo.DisplayName),
GetParameter(ParmEmail, DataType.VarChar, 255, userInfo.Email),
GetParameter(ParmMobile, DataType.VarChar, 20, userInfo.Mobile),
GetParameter(ParmAvatarUrl, DataType.VarChar, 200, userInfo.AvatarUrl),
GetParameter(ParmGender, DataType.VarChar, 255, userInfo.Gender),
GetParameter(ParmBirthday, DataType.VarChar, 50, userInfo.Birthday),
GetParameter(ParmWeixin, DataType.VarChar, 255, userInfo.WeiXin),
GetParameter(ParmQq, DataType.VarChar, 255, userInfo.Qq),
GetParameter(ParmWeibo, DataType.VarChar, 255, userInfo.WeiBo),
GetParameter(ParmBio, DataType.Text, userInfo.Bio),
GetParameter(ParmSettingsXml, DataType.Text, settingsXml)
};
return(ExecuteNonQueryAndReturnId(TableName, UserAttribute.Id, sqlString, parameters));
}
public static string GetText(EPasswordFormat type)
{
if (type == EPasswordFormat.Clear)
{
return("不加密");
}
if (type == EPasswordFormat.Hashed)
{
return("不可逆方式加密");
}
if (type == EPasswordFormat.Encrypted)
{
return("可逆方式加密");
}
throw new Exception();
}
public static string GetValue(EPasswordFormat type)
{
if (type == EPasswordFormat.Clear)
{
return("Clear");
}
if (type == EPasswordFormat.Hashed)
{
return("Hashed");
}
if (type == EPasswordFormat.Encrypted)
{
return("Encrypted");
}
throw new Exception();
}
public static string EncodePassword(string password, EPasswordFormat passwordFormat, out string passwordSalt)
{
var retval = string.Empty;
passwordSalt = string.Empty;
if (passwordFormat == EPasswordFormat.Clear)
{
retval = password;
}
else if (passwordFormat == EPasswordFormat.Hashed)
{
passwordSalt = GenerateSalt();
var src = Encoding.Unicode.GetBytes(password);
var buffer2 = Convert.FromBase64String(passwordSalt);
var dst = new byte[buffer2.Length + src.Length];
Buffer.BlockCopy(buffer2, 0, dst, 0, buffer2.Length);
Buffer.BlockCopy(src, 0, dst, buffer2.Length, src.Length);
var algorithm = HashAlgorithm.Create("SHA1");
if (algorithm == null)
{
return(retval);
}
var inArray = algorithm.ComputeHash(dst);
retval = Convert.ToBase64String(inArray);
}
else if (passwordFormat == EPasswordFormat.Encrypted)
{
passwordSalt = GenerateSalt();
var encryptor = new DesEncryptor
{
InputString = password,
EncryptKey = passwordSalt
};
encryptor.DesEncrypt();
retval = encryptor.OutString;
}
return(retval);
}
public AdministratorInfo(string userName, string password, EPasswordFormat passwordFormat, string passwordSalt, DateTime creationDate, DateTime lastActivityDate, int countOfLogin, int countOfFailedLogin, string creatorUserName, bool isLockedOut, string publishmentSystemIdCollection, int publishmentSystemId, int departmentId, int areaId, string displayName, string email, string mobile)
{
UserName = userName;
Password = password;
PasswordFormat = passwordFormat;
PasswordSalt = passwordSalt;
CreationDate = creationDate;
LastActivityDate = lastActivityDate;
CountOfLogin = countOfLogin;
CountOfFailedLogin = countOfFailedLogin;
CreatorUserName = creatorUserName;
IsLockedOut = isLockedOut;
PublishmentSystemIdCollection = publishmentSystemIdCollection;
PublishmentSystemId = publishmentSystemId;
DepartmentId = departmentId;
AreaId = areaId;
_displayName = displayName;
Email = email;
Mobile = mobile;
}
private void ChangePassword(AdministratorInfo adminInfo, EPasswordFormat passwordFormat, string passwordSalt,
string password)
{
adminInfo.Password = password;
adminInfo.PasswordFormat = EPasswordFormatUtils.GetValue(passwordFormat);
adminInfo.PasswordSalt = passwordSalt;
var sqlString =
$"UPDATE {TableName} SET Password = @Password, PasswordFormat = @PasswordFormat, PasswordSalt = @PasswordSalt WHERE Id = @Id";
IDataParameter[] updateParms =
{
GetParameter(ParmPassword, DataType.VarChar, 255, adminInfo.Password),
GetParameter(ParmPasswordFormat, DataType.VarChar, 50, adminInfo.PasswordFormat),
GetParameter(ParmPasswordSalt, DataType.VarChar, 128, adminInfo.PasswordSalt),
GetParameter(ParmId, DataType.Integer, adminInfo.Id)
};
ExecuteNonQuery(sqlString, updateParms);
AdminManager.RemoveCache(adminInfo);
}
public string GetPassword(string password, EPasswordFormat passwordFormat, string passwordSalt)
{
return(DecodePassword(password, passwordFormat, passwordSalt));
}
public bool CheckPassword(string password, bool isPasswordMd5, string dbpassword, EPasswordFormat passwordFormat,
string passwordSalt)
{
var decodePassword = DecodePassword(dbpassword, passwordFormat, passwordSalt);
if (isPasswordMd5)
{
return(password == AuthUtils.Md5ByString(decodePassword));
}
return(password == decodePassword);
}
public static bool Equals(string typeStr, EPasswordFormat type)
{
return(Equals(type, typeStr));
}
