Example #1
0
        protected void Button1_Click(object sender, EventArgs e)
        {
            if (TB_UserPw.Text.Equals(""))
                ShowMessage("請輸入用戶密碼!", MessagePanel, TB_UserPw);
            else
            {
                String ShopPW = String.Empty;
                String ShopBU = String.Empty;
                Boolean ShopFirst = true;
                String sql = "select shop_pw, shop_first, shop_bu from rps_shopinfo where shop_id = '" + TB_UserID.Text.Trim() + "'";
                try
                {
                    Database db = new Database("rpsdb", sql, Database.WebConfig);
                    SqlDataReader reader = db.GetReader();

                    while (reader.Read())
                    {
                        ShopPW = reader["shop_pw"].ToString();
                        ShopFirst = reader["shop_first"].ToString().Equals("T");
                        ShopBU = reader["shop_bu"].ToString();
                    }

                    if (!reader.HasRows || !TB_UserPw.Text.Trim().Equals(ShopPW.Trim()))
                    {
                        TB_UserPw.Text = String.Empty;
                        ShowMessage("登入失敗!", MessagePanel, TB_UserPw);
                        db.Close();
                    }
                    else
                    {
                        Session[HF_UserToken.Value] = true;
                        Session["User"] = new User(TB_UserID.Text, TB_UserPw.Text, Request.UserHostAddress, HF_UserToken.Value, ShopBU);
                        db.Close();

                        String location = "";
                        if (ShopFirst)
                            location = "location.replace('/FirstLogin.aspx');";
                        else
                            location = "location.replace('/Main.aspx');";

                        ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "ClientScript", location, true);
                    }
                }
                catch (SqlException)
                {
                    TB_UserPw.Text = String.Empty;
                    MessagePanel.Text = "資料庫連接失敗!";
                }
            }
        }
Example #2
0
        protected void Button1_Click(object sender, EventArgs e)
        {
            String UserPW = "";

            if (TB_NewPW.Text.Length < 6)
                ShowMessage("密碼最少六個位!", MessagePanel, TB_NewPW);
            else if (TB_ConfirmPW.Text.Length < 6)
                ShowMessage("密碼最少六個位!", MessagePanel, TB_ConfirmPW);
            else if (TB_NewPW.Text.Equals(""))
                ShowMessage("請輸入新密碼!", MessagePanel, TB_NewPW);
            else if (TB_ConfirmPW.Text.Equals(""))
                ShowMessage("請輸入確認密碼!", MessagePanel, TB_ConfirmPW);
            else if (!TB_NewPW.Text.Equals(TB_ConfirmPW.Text))
            {
                ShowMessage("新密碼及確認密碼不相符!", MessagePanel, TB_NewPW);
            }
            else
            {
                String sql = "select shop_pw from rps_shopinfo where shop_id = '" + this.user.ID + "'";
                Database db = new Database("rpsdb", sql, Database.WebConfig);
                SqlDataReader reader = db.GetReader();

                while (reader.Read())
                    UserPW = reader["shop_pw"].ToString();

                db.Close();
                if (UserPW.Equals(Cryptography.MD5(TB_NewPW.Text)))
                {
                    ShowMessage("不能使用舊密碼!請更改!", MessagePanel, TB_NewPW);
                    TB_NewPW.Text = String.Empty;
                    TB_ConfirmPW.Text = String.Empty;
                }
                else
                {
                    String HashPW = Cryptography.MD5(TB_NewPW.Text);
                    String ShopID = user.ID;
                    sql = "update rps_shopinfo set shop_first = 'F', shop_pw = '" + HashPW + "' " +
                          "where shop_id = '" + ShopID + "'";
                    db = new Database("rpsdb", sql, Database.WebConfig);
                    db.ExecuteSql(sql);
                    db.Close();
                    String script = "alert('密碼成功更新!'); location.replace('/Main.aspx');";
                    ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "ClientScript", script, true);
                }
            }
        }
Example #3
0
        public User(String ID, String PW, String IPAddress, String Token, String bu)
        {
            this.ID = ID;
            this.PW = PW;
            this.IPAddress = IPAddress;
            this.Token = Token;
            this.bu = bu;
            this.ss = HttpContext.Current.Session.SessionID;

            this.sql = "insert into rps_session values('" + this.ID + "','" + this.Token +
                "','" + this.ss + "', GETDATE(), '" + this.IPAddress + "')";
            this.db = new Database("rpsdb", this.sql, Database.WebConfig);
            this.db.ExecuteSql(this.sql);
            this.db.Close();

            ResetReportParameter();
        }
 protected void Button1_Click(object sender, EventArgs e)
 {
     if (TB_NewPassword.Text.Length < 6)
         ShowMessage("密碼最少六個位!", MessagePanel, TB_NewPassword);
     else if (TB_ConfirmPassword.Text.Length < 6)
         ShowMessage("密碼最少六個位!", MessagePanel, TB_ConfirmPassword);
     else if (TB_OldPassword.Text.Equals(""))
         ShowMessage("請輸入舊密碼!", MessagePanel, TB_OldPassword);
     else if (TB_NewPassword.Text.Equals(""))
         ShowMessage("請輸入新密碼!", MessagePanel, TB_NewPassword);
     else if (TB_ConfirmPassword.Text.Equals(""))
         ShowMessage("請輸入確認密碼!", MessagePanel, TB_ConfirmPassword);
     else if (!TB_ConfirmPassword.Text.Equals(TB_NewPassword.Text))
     {
         ShowMessage("新密碼與確認密碼不吻合!", MessagePanel, TB_NewPassword);
         TB_NewPassword.Text = "";
         TB_ConfirmPassword.Text = "";
     }
     else if (!this.user.ValidatePassword(TB_OldPassword.Text))
     {
         ShowMessage("舊密碼不正確!", MessagePanel, TB_OldPassword);
     }
     else
     {
         MessagePanel.Text = "&nbsp;";
         try
         {
             String HashPW = Cryptography.MD5(TB_NewPassword.Text);
             String sql = "update rps_shopinfo set shop_pw = '" + HashPW + "' where shop_id = '" + user.ID + "'";
             Database db = new Database("rpsdb", sql, Database.WebConfig);
             db.ExecuteSql(sql);
             MessagePanel.Text = "&nbsp;";
             TB_OldPassword.Text = "";
             TB_NewPassword.Text = "";
             TB_ConfirmPassword.Text = "";
             String script = "alert('密碼成功更新!'); location.replace('/Main.aspx');";
             ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "ClientScript", script, true);
         }
         catch (Exception)
         {
             String script = "alert('密碼更新失敗!'); location.replace('/Main.aspx');";
             ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "ClientScript", script, true);
         }
     }
 }
Example #5
0
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!Page.IsPostBack)
            {
                ShowMessage("&nbsp;", MessagePanel, TB_UserPw);

                String[] IPAddress = Request.ServerVariables["REMOTE_ADDR"].Split('.');

                //Testing Code (Local Only)
                if (IPAddress[0].Equals("172"))
                {
                    IPAddress[0] = "10"; IPAddress[1] = "211"; IPAddress[2] = "105";
                }

                String sql = "select shop_bu, shop_id from rps_shopinfo " +
                    "where shop_ip1 = '" + IPAddress[0] + "' and shop_ip2 = '" + IPAddress[1] + "' and " +
                    "shop_ip3 = '" + IPAddress[2] + "' and shop_active = 'T'";

                Database db = new Database("rpsdb", sql, Database.WebConfig);
                SqlDataReader reader = db.GetReader();

                while (reader.Read())
                {
                    Session["bu"] = reader["shop_bu"];
                    Session["shop"] = reader["shop_id"];
                }

                if (!reader.HasRows)
                {
                    Response.Write("您沒有權限開啟此系統!");
                    Response.End();
                }
                else
                {
                    TB_UserID.Text = (String)Session["shop"];
                }
            }
        }