protected void Button1_Click(object sender, EventArgs e)
{
if (TB_UserPw.Text.Equals(""))
ShowMessage("請輸入用戶密碼!", MessagePanel, TB_UserPw);
else
{
String ShopPW = String.Empty;
String ShopBU = String.Empty;
Boolean ShopFirst = true;
String sql = "select shop_pw, shop_first, shop_bu from rps_shopinfo where shop_id = '" + TB_UserID.Text.Trim() + "'";
try
{
Database db = new Database("rpsdb", sql, Database.WebConfig);
SqlDataReader reader = db.GetReader();
while (reader.Read())
{
ShopPW = reader["shop_pw"].ToString();
ShopFirst = reader["shop_first"].ToString().Equals("T");
ShopBU = reader["shop_bu"].ToString();
}
if (!reader.HasRows || !TB_UserPw.Text.Trim().Equals(ShopPW.Trim()))
{
TB_UserPw.Text = String.Empty;
ShowMessage("登入失敗!", MessagePanel, TB_UserPw);
db.Close();
}
else
{
Session[HF_UserToken.Value] = true;
Session["User"] = new User(TB_UserID.Text, TB_UserPw.Text, Request.UserHostAddress, HF_UserToken.Value, ShopBU);
db.Close();
String location = "";
if (ShopFirst)
location = "location.replace('/FirstLogin.aspx');";
else
location = "location.replace('/Main.aspx');";
ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "ClientScript", location, true);
}
}
catch (SqlException)
{
TB_UserPw.Text = String.Empty;
MessagePanel.Text = "資料庫連接失敗!";
}
}
}
protected void Button1_Click(object sender, EventArgs e)
{
String UserPW = "";
if (TB_NewPW.Text.Length < 6)
ShowMessage("密碼最少六個位!", MessagePanel, TB_NewPW);
else if (TB_ConfirmPW.Text.Length < 6)
ShowMessage("密碼最少六個位!", MessagePanel, TB_ConfirmPW);
else if (TB_NewPW.Text.Equals(""))
ShowMessage("請輸入新密碼!", MessagePanel, TB_NewPW);
else if (TB_ConfirmPW.Text.Equals(""))
ShowMessage("請輸入確認密碼!", MessagePanel, TB_ConfirmPW);
else if (!TB_NewPW.Text.Equals(TB_ConfirmPW.Text))
{
ShowMessage("新密碼及確認密碼不相符!", MessagePanel, TB_NewPW);
}
else
{
String sql = "select shop_pw from rps_shopinfo where shop_id = '" + this.user.ID + "'";
Database db = new Database("rpsdb", sql, Database.WebConfig);
SqlDataReader reader = db.GetReader();
while (reader.Read())
UserPW = reader["shop_pw"].ToString();
db.Close();
if (UserPW.Equals(Cryptography.MD5(TB_NewPW.Text)))
{
ShowMessage("不能使用舊密碼!請更改!", MessagePanel, TB_NewPW);
TB_NewPW.Text = String.Empty;
TB_ConfirmPW.Text = String.Empty;
}
else
{
String HashPW = Cryptography.MD5(TB_NewPW.Text);
String ShopID = user.ID;
sql = "update rps_shopinfo set shop_first = 'F', shop_pw = '" + HashPW + "' " +
"where shop_id = '" + ShopID + "'";
db = new Database("rpsdb", sql, Database.WebConfig);
db.ExecuteSql(sql);
db.Close();
String script = "alert('密碼成功更新!'); location.replace('/Main.aspx');";
ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "ClientScript", script, true);
}
}
}
public User(String ID, String PW, String IPAddress, String Token, String bu)
{
this.ID = ID;
this.PW = PW;
this.IPAddress = IPAddress;
this.Token = Token;
this.bu = bu;
this.ss = HttpContext.Current.Session.SessionID;
this.sql = "insert into rps_session values('" + this.ID + "','" + this.Token +
"','" + this.ss + "', GETDATE(), '" + this.IPAddress + "')";
this.db = new Database("rpsdb", this.sql, Database.WebConfig);
this.db.ExecuteSql(this.sql);
this.db.Close();
ResetReportParameter();
}
protected void Button1_Click(object sender, EventArgs e)
{
if (TB_NewPassword.Text.Length < 6)
ShowMessage("密碼最少六個位!", MessagePanel, TB_NewPassword);
else if (TB_ConfirmPassword.Text.Length < 6)
ShowMessage("密碼最少六個位!", MessagePanel, TB_ConfirmPassword);
else if (TB_OldPassword.Text.Equals(""))
ShowMessage("請輸入舊密碼!", MessagePanel, TB_OldPassword);
else if (TB_NewPassword.Text.Equals(""))
ShowMessage("請輸入新密碼!", MessagePanel, TB_NewPassword);
else if (TB_ConfirmPassword.Text.Equals(""))
ShowMessage("請輸入確認密碼!", MessagePanel, TB_ConfirmPassword);
else if (!TB_ConfirmPassword.Text.Equals(TB_NewPassword.Text))
{
ShowMessage("新密碼與確認密碼不吻合!", MessagePanel, TB_NewPassword);
TB_NewPassword.Text = "";
TB_ConfirmPassword.Text = "";
}
else if (!this.user.ValidatePassword(TB_OldPassword.Text))
{
ShowMessage("舊密碼不正確!", MessagePanel, TB_OldPassword);
}
else
{
MessagePanel.Text = " ";
try
{
String HashPW = Cryptography.MD5(TB_NewPassword.Text);
String sql = "update rps_shopinfo set shop_pw = '" + HashPW + "' where shop_id = '" + user.ID + "'";
Database db = new Database("rpsdb", sql, Database.WebConfig);
db.ExecuteSql(sql);
MessagePanel.Text = " ";
TB_OldPassword.Text = "";
TB_NewPassword.Text = "";
TB_ConfirmPassword.Text = "";
String script = "alert('密碼成功更新!'); location.replace('/Main.aspx');";
ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "ClientScript", script, true);
}
catch (Exception)
{
String script = "alert('密碼更新失敗!'); location.replace('/Main.aspx');";
ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "ClientScript", script, true);
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
ShowMessage(" ", MessagePanel, TB_UserPw);
String[] IPAddress = Request.ServerVariables["REMOTE_ADDR"].Split('.');
//Testing Code (Local Only)
if (IPAddress[0].Equals("172"))
{
IPAddress[0] = "10"; IPAddress[1] = "211"; IPAddress[2] = "105";
}
String sql = "select shop_bu, shop_id from rps_shopinfo " +
"where shop_ip1 = '" + IPAddress[0] + "' and shop_ip2 = '" + IPAddress[1] + "' and " +
"shop_ip3 = '" + IPAddress[2] + "' and shop_active = 'T'";
Database db = new Database("rpsdb", sql, Database.WebConfig);
SqlDataReader reader = db.GetReader();
while (reader.Read())
{
Session["bu"] = reader["shop_bu"];
Session["shop"] = reader["shop_id"];
}
if (!reader.HasRows)
{
Response.Write("您沒有權限開啟此系統!");
Response.End();
}
else
{
TB_UserID.Text = (String)Session["shop"];
}
}
}