/// <summary>
/// 获取访问节点
/// </summary>
/// <returns></returns>
public DataTable GetUrl()
{
VerifyPage("", false);
var user = Session["CurrentUser"] as SYS_AdminUser;
if (user != null)
{
string sql = "select * from sys_pageconfig where pc_id in (select pc_id from sys_roleforpage where role_id in (select role_id from sys_userforrole where adn_id=@Adn_Id)) and PC_ParentId=0 order by pc_id desc";
DataTable mtable;
Database db = DatabaseFactory.CreateDatabase();
var paramsStr = new StringBuilder();
paramsStr.Append("@Adn_Id int");
var command = SQLServerUtiles.Get_SP_ExecuteSQL(db, sql, paramsStr.ToString());
db.AddInParameter(command, "Adn_Id", DbType.Int32, user.Adn_Id);
mtable = db.ExecuteDataSet(command).Tables[0];
return(mtable);
}
else
{
string sql = "select pc.* from [SYS_PageConfig] pc join [SYS_RoleForPage] rfp on rfp.[PC_Id]=pc.[PC_Id] join [SYS_RoleInfo] ri on ri.[Role_Id]=rfp.[Role_Id] where ri.[Role_Name]='会员单位' and pc.PC_ParentId=0 ";
Database db = DatabaseFactory.CreateDatabase();
DataTable mtable = db.ExecuteDataSet(CommandType.Text, sql).Tables[0];
return(mtable);
}
}
public static DataTable GetOrgChildren(string oId)
{
var sql = "select * from [SYS_DepartmentInfo] where Dpt_ParentId=@Dpt_ParentId ";
var paramsStr = new StringBuilder();
paramsStr.Append("@Dpt_ParentId int");
Database db = DatabaseFactory.CreateDatabase();
var command = SQLServerUtiles.Get_SP_ExecuteSQL(db, sql, paramsStr.ToString());
db.AddInParameter(command, "Dpt_ParentId", DbType.Int32, oId);
return(db.ExecuteDataSet(command).Tables[0]);
}
public static DataTable GetUserFunction(string userId)
{
var sql = "select * from [SYS_RoleForPage] rfp join [SYS_PageConfig] pc on pc.[PC_Id]=rfp.[PC_Id] and rfp.[Role_Id] in (select [Role_Id] from [SYS_UserForRole] where [Adn_Id]=@Adn_Id) ";
DataTable mtable;
Database db = DatabaseFactory.CreateDatabase();
var paramsStr = new StringBuilder();
paramsStr.Append("@Adn_Id int");
var command = SQLServerUtiles.Get_SP_ExecuteSQL(db, sql, paramsStr.ToString());
db.AddInParameter(command, "Adn_Id", DbType.Int32, userId);
mtable = db.ExecuteDataSet(command).Tables[0];
return(mtable);
}
public static bool VerifyFunctionForEmpl(int userId, string DesiredFunction)
{
var sql = "select 1 from [SYS_RoleForPage] rfp join [SYS_PageConfig] pc on pc.[PC_Id]=rfp.[PC_Id] and rfp.[Role_Id] in (select [Role_Id] from [SYS_UserForRole] where [Adn_Id]=@Adn_Id) and [PC_Name]=@PC_Name ";
Database db = DatabaseFactory.CreateDatabase();
var paramsStr = new StringBuilder();
paramsStr.Append("@Adn_Id int,@PC_Name nvarchar(100)");
var command = SQLServerUtiles.Get_SP_ExecuteSQL(db, sql, paramsStr.ToString());
db.AddInParameter(command, "Adn_Id", DbType.Int32, userId);
db.AddInParameter(command, "PC_Name", DbType.AnsiString, DesiredFunction);
var res = db.ExecuteScalar(command);
return(res != null && res != DBNull.Value);
}
public static string UserLogin(string userName, string userPassword)
{
try
{
var res = string.Empty;
const string sqlUserName = "******";
var paramsStr = new StringBuilder();
paramsStr.Append("@Mobile nvarchar(200)");
Database db = DatabaseFactory.CreateDatabase();
var command = SQLServerUtiles.Get_SP_ExecuteSQL(db, sqlUserName, paramsStr.ToString());
db.AddInParameter(command, "Mobile", DbType.AnsiString, userName);
var name = db.ExecuteScalar(command);
if (name == null || name == DBNull.Value)
{
const string sqlFacName = "SELECT * FROM UserAccount WHERE Mobile = @Mobile";
var paramsStrFac = new StringBuilder();
paramsStrFac.Append("@Mobile nvarchar(200)");
Database dbFac = DatabaseFactory.CreateDatabase();
var commandFac = SQLServerUtiles.Get_SP_ExecuteSQL(dbFac, sqlFacName, paramsStrFac.ToString());
dbFac.AddInParameter(commandFac, "Mobile", DbType.AnsiString, userName);
var nameFac = dbFac.ExecuteScalar(commandFac);
if (nameFac == null || nameFac == DBNull.Value)
{
res = "用户名有误或不存在!";
}
else
{
const string sqlFac = "SELECT * FROM UserAccount WHERE Mobile = @Mobile and PassWord=@PassWord";
paramsStrFac.Append(",@PassWord nvarchar(50)");
Database dbFacInfo = DatabaseFactory.CreateDatabase();
var commandFacInfo = SQLServerUtiles.Get_SP_ExecuteSQL(dbFacInfo, sqlFac, paramsStrFac.ToString());
dbFacInfo.AddInParameter(commandFacInfo, "Mobile", DbType.AnsiString, userName);
dbFacInfo.AddInParameter(commandFacInfo, "PassWord", DbType.AnsiString, userPassword);
var dataReader = dbFacInfo.ExecuteReader(commandFacInfo);
if (dataReader.Read())
{
var user = new FactroyInfo().ReaderBind(dataReader);
if (user.Status != 1)
{
res = "帐号异常或被锁定!";
}
else
{
HttpContext.Current.Session["FrontUser"] = new UserAccount().ReaderBind(dataReader);
}
}
else
{
res = "密码输入错误!";
}
}
}
else
{
const string sqlUser = "******";
paramsStr.Append(",@PassWord nvarchar(50)");
Database dbUser = DatabaseFactory.CreateDatabase();
var commandUser = SQLServerUtiles.Get_SP_ExecuteSQL(dbUser, sqlUser, paramsStr.ToString());
dbUser.AddInParameter(commandUser, "Mobile", DbType.AnsiString, userName);
dbUser.AddInParameter(commandUser, "PassWord", DbType.AnsiString, userPassword);
var dataReader = dbUser.ExecuteReader(commandUser);
if (dataReader.Read())
{
var user = new UserAccount().ReaderBind(dataReader);
if (user.Status != 1)
{
res = "帐号异常或被锁定!";
}
else
{
HttpContext.Current.Session["FrontUser"] = new UserAccount().ReaderBind(dataReader);
}
}
else
{
res = "密码输入错误!";
}
}
return(res);
}
catch (Exception)
{
return("登录失败");
}
}
/// <summary>
/// 用户登录 返回空""成功,否则返回失败信息
/// </summary>
/// <param name="userName"></param>
/// <param name="userPassword"></param>
/// <returns></returns>
public static string Login(string userName, string userPassword)
{
try
{
var res = string.Empty;
const string sqlUserName = "******";
var paramsStr = new StringBuilder();
paramsStr.Append("@Adn_UserName nvarchar(50)");
Database db = DatabaseFactory.CreateDatabase();
var command = SQLServerUtiles.Get_SP_ExecuteSQL(db, sqlUserName, paramsStr.ToString());
db.AddInParameter(command, "Adn_UserName", DbType.AnsiString, userName);
var name = db.ExecuteScalar(command);
if (name == null || name == DBNull.Value)
{
const string sqlFacName = "SELECT * FROM FactroyInfo WHERE ConCell = @Adn_UserName";
var paramsStrFac = new StringBuilder();
paramsStrFac.Append("@Adn_UserName nvarchar(50)");
Database dbFac = DatabaseFactory.CreateDatabase();
var commandFac = SQLServerUtiles.Get_SP_ExecuteSQL(dbFac, sqlFacName, paramsStrFac.ToString());
dbFac.AddInParameter(commandFac, "Adn_UserName", DbType.AnsiString, userName);
var nameFac = dbFac.ExecuteScalar(commandFac);
if (nameFac == null || nameFac == DBNull.Value)
{
res = "用户名有误或不存在!";
}
else
{
const string sqlFac = "SELECT * FROM FactroyInfo WHERE ConCell = @Adn_UserName and PassWord=@Adn_Password";
paramsStrFac.Append(",@Adn_Password nvarchar(50)");
Database dbFacInfo = DatabaseFactory.CreateDatabase();
var commandFacInfo = SQLServerUtiles.Get_SP_ExecuteSQL(dbFacInfo, sqlFac, paramsStrFac.ToString());
dbFacInfo.AddInParameter(commandFacInfo, "Adn_UserName", DbType.AnsiString, userName);
dbFacInfo.AddInParameter(commandFacInfo, "Adn_Password", DbType.AnsiString, userPassword);
var dataReader = dbFacInfo.ExecuteReader(commandFacInfo);
if (dataReader.Read())
{
HttpContext.Current.Session["CurrentFacUser"] = new FactroyInfo().ReaderBind(dataReader);
}
else
{
res = "密码输入错误!";
}
}
}
else
{
const string sqlUser = "******";
paramsStr.Append(",@Adn_Password nvarchar(50)");
Database dbUser = DatabaseFactory.CreateDatabase();
var commandUser = SQLServerUtiles.Get_SP_ExecuteSQL(dbUser, sqlUser, paramsStr.ToString());
dbUser.AddInParameter(commandUser, "Adn_UserName", DbType.AnsiString, userName);
dbUser.AddInParameter(commandUser, "Adn_Password", DbType.AnsiString, userPassword);
var dataReader = dbUser.ExecuteReader(commandUser);
if (dataReader.Read())
{
var orgUsersDal = new OrgUsers();
var user = orgUsersDal.ReaderBind(dataReader);
user.LastLoginTime = DateTime.Now;
orgUsersDal.Update(user);
HttpContext.Current.Session["CurrentUser"] = user;
}
else
{
res = "用户名或密码输入错误!";
}
}
return(res);
}
catch (Exception)
{
return("登录失败");
}
}