public override void OnActionExecuting(ActionExecutingContext filterContext)
{
User u = (User)filterContext.ActionParameters["u"];
if (u.NAME == null || u.CUSTOMERCODE == null)
{
return;
}
UserChangePWD ucp = new UserChangePWD();
ucp.NAME = u.NAME;
ucp.PASSWORD = u.PASSWORD;
ucp.CUSTOMERCODE = u.CUSTOMERCODE;
bool valid = filterContext.Controller.ValidateRequest;
if (valid)
{
DataTable dt_user = new DataTable();
dt_user = DBMgr.GetDataTable("select a.*,b.code from sys_user a inner join cusdoc.sys_customer b on a.customerid=b.id where lower(a.name) = '" + u.NAME.ToLower() + "' and lower(b.code)='" + u.CUSTOMERCODE.ToLower() + "'");
if (dt_user.Rows.Count > 0)
{
if (dt_user.Rows[0]["TYPE"] + "" != "4" && dt_user.Rows[0]["ENABLED"] + "" == "1")
{
DataTable dt_superpwd = new DataTable();
dt_superpwd = DBMgr.GetDataTable("select * from sys_superpwd where PWD='" + u.PASSWORD + "'");
if (dt_superpwd.Rows.Count <= 0)//超级管理员
{
if (dt_user.Rows[0]["POINTS"] + "" != "1")
{
//filterContext.Result = new RedirectResult("/Home/Modpwd");
//ViewEngineCollection vec = new ViewEngineCollection();
//RazorViewEngine razorViewEngine=new RazorViewEngine();
//razorViewEngine.ViewLocationFormats = new[] { "~/Views/Home/Modpwd.cshtml" };
//vec.Add(razorViewEngine);
filterContext.Result = new ViewResult
{
ViewName = "Modpwd",
ViewData = new ViewDataDictionary <UserChangePWD>(ucp)
// ViewEngineCollection = vec
};
if (ucp.PASSWORD != null)
{
string sql = @"select a.*,b.code
from sys_user a
inner join cusdoc.sys_customer b on a.customerid=b.id
where lower(a.name) = '" + u.NAME.ToLower() + "' and a.password = '******' and lower(b.code)='" + u.CUSTOMERCODE.ToLower() + "'";
DataTable dt = DBMgr.GetDataTable(sql);
if (dt.Rows.Count <= 0)
{
ucp.PASSWORD = string.Empty;
}
}
}
}
}
}
}
}
public ActionResult ChangePassword(string obj)
{
BaseResult br = new BaseResult();
try
{
UserChangePWD model = JSON.Deserialize <UserChangePWD>(obj);
if (string.IsNullOrEmpty(model.oldPassword))
{
br.Success = false;
br.Message.Add("原密码不能为空!");
br.Data = null;
return(Json(br));
}
if (string.IsNullOrEmpty(model.newPassword))
{
br.Success = false;
br.Message.Add("新密码不能为空!");
br.Data = null;
return(Json(br));
}
model.id_user = GetLoginInfo <string>("id_user");
model.id_edit = GetLoginInfo <string>("id_user");
br = BusinessFactory.Account.ChangePassword(model);
if (br.Success)
{
WriteDBLog(LogFlag.Base, br.Message);
}
}
catch (CySoftException ex)
{
throw ex;
}
catch (Exception ex)
{
throw ex;
}
return(Json(br));
}
public ActionResult Modpwd(UserChangePWD ucp)
{
if (ModelState.IsValid)
{
string sql = @"select a.*,b.code
from sys_user a
inner join cusdoc.sys_customer b on a.customerid=b.id
where lower(a.name) = '" + ucp.NAME.ToLower() + "' and a.password = '******' and lower(b.code)='" + ucp.CUSTOMERCODE.ToLower() + "'";
DataTable dt = DBMgr.GetDataTable(sql);
if (dt.Rows.Count > 0)
{
if (ucp.NEWPASSWORD == ucp.CONFIRMPASSWORD)
{
if (ucp.NEWPASSWORD == ucp.PASSWORD)
{
ModelState.AddModelError("ERROR", "新旧密码不能相同!");
return(View(ucp));
}
else
{
UpPassword(ucp.NAME, ucp.NEWPASSWORD, ucp.CUSTOMERCODE);
Response.Write(@"<script Language=Javascript> alert('密码修改成功,请重新登陆!');window.location.href='/Account/Login'; </script>");
// Response.Redirect("/Account/Login");
}
}
else
{
ModelState.AddModelError("ERROR", "两次密码不一致!");
return(View(ucp));
}
}
else
{
ModelState.AddModelError("OLD_ERROR", "原密码错误!");
return(View(ucp));
}
}
return(View(ucp));
}
