/// <summary>
/// 验证密码是否正确
/// </summary>
/// <param name="password">密码字符串</param>
/// <returns>正确返回true,否则返回false</returns>
public bool ComparePassword(string password)
{
try
{
string encryptPasswordBase64 = HisEncryption.EncodeString(_passwordKey, HisEncryption.PasswordLength, password);
return(encryptPasswordBase64 == m_Password);
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
}
/// <summary>
/// 改变用户密码
/// </summary>
/// <param name="user">User对象</param>
/// <param name="oldPassword">原密码</param>
/// <param name="newPassword">新密码</param>
public void ChangeUserPassword(Users user, string oldPassword, string newPassword)
{
try
{
if (user == null)
{
throw new ArgumentNullException("user", Resources.UserInfoIsNull);
}
if (user.ComparePassword(oldPassword))
{
DateTime now = DateTime.Now;
string encryptDateTime = now.ToString("yyyyMMdd") + now.ToString("T");
string encryptNewPassword = HisEncryption.EncodeString(
encryptDateTime, HisEncryption.PasswordLength, newPassword);
//***********************************Modified By wwj 2011-06-07*************************************
//DataAccessFactory.DefaultDataAccess.ExecuteNoneQuery(string.Format(UpdateCZRYK, encryptNewPassword, encryptDateTime, user.ID));
SqlParameter[] sqlParam = new SqlParameter[]
{
new SqlParameter("@ID", SqlDbType.VarChar),
new SqlParameter("@Passwd", SqlDbType.VarChar),
new SqlParameter("@RegDate", SqlDbType.VarChar)
};
sqlParam[0].Value = user.Id;
sqlParam[1].Value = encryptNewPassword;
sqlParam[2].Value = encryptDateTime;
sql_helper.ExecuteNoneQuery("usp_UpdateUserPassword", sqlParam, CommandType.StoredProcedure);
//***************************************************************************************************
user.Password = newPassword;
user.PasswordKey = encryptNewPassword;
}
else
{
throw new InvalidUserPasswordException("原密码不正确");
}
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
}