public ActionResult Login(string userName, string password, string verifyCode)
{
try
{
if (userName.IsNullOrEmpty() || password.IsNullOrEmpty() || verifyCode.IsNullOrEmpty())
{
return(Error("请求失败,缺少必要参数。"));
}
if (verifyCode.ToLower() != WebHelper.GetSession(Keys.SESSION_KEY_VCODE))
{
return(Warning("验证码错误,请重新输入。"));
}
var userEntity = userlogic.GetByUserName(userName);
if (userEntity == null)
{
return(Warning("该账户不存在,请重新输入。"));
}
if (userEntity.IsEnabled != "1")
{
return(Warning("该账户已被禁用,请联系管理员。"));
}
var userLogOnEntity = userLogOnLogic.GetByAccount(userEntity.Id);
string inputPassword = password.DESEncrypt(userLogOnEntity.SecretKey).MD5Encrypt();
if (inputPassword != userLogOnEntity.Password)
{
//LogHelper.Write(Level.Info, "系统登录", "密码错误", userEntity.Account, userEntity.RealName);
logLogic.Write(Level.Info, "系统登录", "密码错误", "", userEntity.Account, userEntity.RealName);
return(Warning("密码错误,请重新输入。"));
}
else
{
Operator operatorModel = new Operator();
operatorModel.UserId = userEntity.Id;
operatorModel.Account = userEntity.Account;
operatorModel.RealName = userEntity.RealName;
operatorModel.Avatar = userEntity.Avatar;
operatorModel.CompanyId = userEntity.CompanyId;
//operatorModel.DepartmentId = userEntity.DepartmentId;
operatorModel.LoginTime = DateTime.Now;
operatorModel.Token = Guid.NewGuid().ToString().Replace("-", "").DESEncrypt();
operatorModel.ShopID = userEntity.ShopID;
OperatorProvider.Instance.Current = operatorModel;
userLogOnLogic.UpdateLogin(userLogOnEntity);
logLogic.Write(Level.Info, "系统登录", "登录成功", "", userEntity.Account, userEntity.RealName);
return(Success());
}
}
catch (Exception ex)
{
LogHelper.WriteLog(ex.Message + "---" + ex.StackTrace);
return(Error());
}
}
/// <summary>
/// 执行SQL语句,返回只读数据集
/// </summary>
/// <param name="connection">数据库连接</param>
/// <param name="transaction">事务</param>
/// <param name="commandType">命令类型(存储过程,命令文本, 其它.)</param>
/// <param name="commandText">SQL语句或存储过程名称</param>
/// <param name="parms">查询参数</param>
/// <returns>返回只读数据集</returns>
private static MySqlDataReader ExecuteDataReader(MySqlConnection connection, MySqlTransaction transaction, CommandType commandType, string commandText, params MySqlParameter[] parms)
{
#region 开始时间
Stopwatch stopwatch = Stopwatch.StartNew();
#endregion 开始时间
MySqlCommand command = new MySqlCommand();
PrepareCommand(command, connection, transaction, commandType, commandText, parms);
MySqlDataReader dr = null;
try
{
dr = command.ExecuteReader(CommandBehavior.CloseConnection);
}
catch (Exception ex)
{
string strLog = "/*" + DateTime.Now.ToString("HH:mm:ss.fff") + "\t" + ex.Message.Replace("\r\n", String.Empty) + "*/ " + MySqlParameterCache.FormatSQLScript(String.Empty, commandType, commandText, parms).Replace("\r\n", String.Empty);
LogLogic.Write(strLog, ERROR_WRITE_LOG_PATH, ERROR_WRITE_LOG_EXTENSION);
}
#region 结束时间
stopwatch.Stop();
#endregion 结束时间
#region 输出SQLScript
if (MYSQL_SCRIPT_WRITE_LOG)
{
string strTestSQL = MySqlParameterCache.FormatSQLScript(String.Empty, commandType, commandText, parms);
SQLScriptWriteLog(stopwatch.ElapsedMilliseconds, strTestSQL.Replace("\r\n", String.Empty));
}
#endregion 输出SQLScript
return(dr);
}
/// <summary>
/// 输出SQL脚本到Log
/// </summary>
/// <param name="dateTimeBegin">开始时间</param>
/// <param name="dateTimeEnd">结束时间</param>
/// <param name="strSQLScript">输出SQL脚本</param>
public static void SQLScriptWriteLog(long longMilliseconds, string strSQLScript)
{
try
{
string strUrl = ClientModel.GetUrl();
string strUserHostAddress = ClientModel.GetIPAdderss();
string strLog = "/*" + longMilliseconds.ToString().PadLeft(8, ' ') + "ms " + DateTime.Now.ToString("HH:mm:ss.fff") + " " + strUserHostAddress.PadLeft(15, ' ') + "*/ " + strSQLScript + " /*" + strUrl + "*/";
LogLogic.Write(strLog, MYSQL_SCRIPT_WRITE_LOG_PATH, MYSQL_SCRIPT_WRITE_LOG_EXTENSION);
}
catch
{
}
}
/// <summary>
/// 执行SQL语句,返回结果集
/// </summary>
/// <param name="connection">数据库连接</param>
/// <param name="transaction">事务</param>
/// <param name="commandType">命令类型(存储过程,命令文本, 其它.)</param>
/// <param name="commandText">SQL语句或存储过程名称</param>
/// <param name="parms">查询参数</param>
/// <returns>返回结果集</returns>
private static DataSet ExecuteDataSet(MySqlConnection connection, MySqlTransaction transaction, CommandType commandType, string commandText, params MySqlParameter[] parms)
{
#region 开始时间
Stopwatch stopwatch = Stopwatch.StartNew();
#endregion 开始时间
MySqlCommand command = new MySqlCommand();
PrepareCommand(command, connection, transaction, commandType, commandText, parms);
MySqlDataAdapter adapter = new MySqlDataAdapter(command);
DataSet ds = new DataSet();
try
{
adapter.Fill(ds);
}
catch (Exception ex)
{
string strLog = "/*" + DateTime.Now.ToString("HH:mm:ss.fff") + "\t" + ex.Message.Replace("\r\n", String.Empty) + "*/ " + MySqlParameterCache.FormatSQLScript(String.Empty, commandType, commandText, parms).Replace("\r\n", String.Empty);
LogLogic.Write(strLog, ERROR_WRITE_LOG_PATH, ERROR_WRITE_LOG_EXTENSION);
}
if (commandText.IndexOf("@") > 0)
{
string strCommandText = commandText.ToLower();
int index = strCommandText.IndexOf("where ");
if (index < 0)
{
index = strCommandText.IndexOf("\nwhere");
}
if (index > 0)
{
ds.ExtendedProperties.Add("SQL", strCommandText.Substring(0, index - 1)); //将获取的语句保存在表的一个附属数组里,方便更新时生成CommandBuilder
}
else
{
ds.ExtendedProperties.Add("SQL", strCommandText); //将获取的语句保存在表的一个附属数组里,方便更新时生成CommandBuilder
}
}
else
{
ds.ExtendedProperties.Add("SQL", commandText); //将获取的语句保存在表的一个附属数组里,方便更新时生成CommandBuilder
}
foreach (DataTable dt in ds.Tables)
{
dt.ExtendedProperties.Add("SQL", ds.ExtendedProperties["SQL"]);
}
command.Parameters.Clear();
#region 结束时间
stopwatch.Stop();
#endregion 结束时间
#region 输出SQLScript
if (MYSQL_SCRIPT_WRITE_LOG)
{
string strTestSQL = MySqlParameterCache.FormatSQLScript(String.Empty, commandType, commandText, parms);
SQLScriptWriteLog(stopwatch.ElapsedMilliseconds, strTestSQL.Replace("\r\n", String.Empty));
}
#endregion 输出SQLScript
return(ds);
}
