//返回权限 public int CheckLogin(string username, string password) { using (SqlConnection conn = new SqlConnection(Globals.ConnectionString)) { //string password_md5 = CommonBLL.GetMD5Password(password); //get user password CommonDAL cdal = new CommonDAL(conn); DataRow dr = cdal.GetDR("select * from Server_D_UserInfor where UserName='******' "); if (null == dr) return -1; if (dr["UserPassWord"].Equals(password)) { //get total right value //get totalrightvalue ,isnull(dbo.f_GetUserTotalRightValue(id),0) as totalrightvalue string sql = "select isnull(dbo.f_GetUserTotalRightValue('"+username+"'),0) as totalrightvalue "; int totalrightvalue = Functions.ParseInt(cdal.GetFieldValueStringBySQL(sql, "totalrightvalue"), 0); return totalrightvalue; } else { return -2; } } }
protected void btnSubmit_Click(object sender, EventArgs e) { using (SqlConnection conn = new SqlConnection(Globals.ConnectionString)) { string password = this.txtPassword.Text; string newpassword = this.txtNewPassword.Text; string newpassword2 = this.txtNewPassword2.Text; //string password_md5 = CommonBLL.GetMD5Password(password); CommonDAL cdal = new CommonDAL(conn); string dPassword = ""; dPassword = cdal.GetFieldValueStringBySQL("select UserPassWord from Server_D_UserInfor where UserName='******'", "UserPassWord"); if (password.Equals(dPassword)) { //string newpassword_md5 = CommonBLL.GetMD5Password(newpassword); string sql = "update Server_D_UserInfor set UserPassWord='******' where UserName='******' " ; cdal.ExecSQL(sql); GetSuccessMsg("密码已更新" ); return; } else { GetSuccessMsg("原密码不正确" ); return; } } }
protected void btnOK_Click(object sender, EventArgs e) { using (SqlConnection conn = new SqlConnection(Globals.ConnectionString)) { CommonDAL cdal = new CommonDAL(conn); //初始密码1234509876 //string password_md5 = CommonBLL.GetMD5Password("1234509876"); string password = txtPassword.Text;//"123456"; string username = txtUsername.Text; int userid = Functions.ParseInt(ViewState["userid"], 0); string sql = ""; if (userid == 0) { //add sql = "select count(*) as cnt from Server_D_UserInfor where username ='******' "; int cnt = Functions.ParseInt(cdal.GetFieldValueStringBySQL(sql, "cnt"), 0); if (cnt > 0) { GetErrMsg("用户名已存在请重新选择."); return; } sql = " declare @username nvarchar(20) set @username='******' "; sql += " insert into [Server_D_UserInfor](username,userpassword,currentstate) values( @username,'" + password + "','ON' ) "; //sql += " declare @userid int set @userid=@@identity "; foreach (ListItem li in cblRoles.Items) { if (li.Selected) //表示某一项被选中了 { sql += " insert into user_role(username,roleid) values(@username," + li.Value + ") "; } } } else { //edit sql = " declare @username nvarchar(20) set @username='******' "; /* 不允许修改用户名,只允许修改权限; sql += " if not exists ( select * from [Server_D_UserInfor] where username=@username and id<>" + userid + " ) " + " begin update [Server_D_UserInfor] set username=@username where id=" + userid + " end "; */ //修改密码 sql += " update Server_D_UserInfor set userpassword='******' where username=@username "; sql += " delete from user_role where username=@username "; foreach (ListItem li in cblRoles.Items) { if (li.Selected) //表示某一项被选中了 { sql += " insert into user_role(username ,roleid) values(@username," + li.Value + ") "; } } } cdal.ExecSQL(sql); GetSuccessMsg("保存成功!", "userlist.aspx"); } }
protected void Page_Load(object sender, EventArgs e) { string filename = Functions.ParseStr(Request["filename"], ""); using (SqlConnection conn = new SqlConnection(Globals.ConnectionString)) { CommonDAL cdal = new CommonDAL(conn); string sql = " select count(*) as cnt from driversfiles where filename='" + filename + "' "; int cnt = Functions.ParseInt(cdal.GetFieldValueStringBySQL(sql, "cnt"), 0); sql = " select count(*) as cnt from Server_D_DriversFiles where filename='" + filename + "' "; int cnt0 = Functions.ParseInt(cdal.GetFieldValueStringBySQL(sql, "cnt"), 0); Response.Write(cnt+cnt0); } }
protected void btnOK_Click(object sender, EventArgs e) { using (SqlConnection conn = new SqlConnection(Globals.ConnectionString)) { CommonDAL cdal = new CommonDAL(conn); string rolename = txtRolename.Text; string remark = txtRemark.Text; int roleid = Functions.ParseInt(ViewState["roleid"], 0); string sql = ""; if (roleid == 0) { //add sql = "select count(*) as cnt from [role] where [name] ='" + rolename + "' "; int cnt = Functions.ParseInt(cdal.GetFieldValueStringBySQL(sql, "cnt"), 0); if (cnt > 0) { GetErrMsg("角色名已存在请重新选择."); return; } sql = " declare @rolename nvarchar(20) set @rolename='" + rolename + "' "; sql += " insert into [role](name,remark) values( @rolename,'" + remark + "' ) "; sql += " declare @roleid int set @roleid=@@identity "; foreach (ListItem li in cblRights.Items) { if (li.Selected) //表示某一项被选中了 { sql += " insert into role_right(roleid,rightid) values(@roleid," + li.Value + ") "; } } } else { //edit sql = " declare @rolename nvarchar(20) set @rolename='" + rolename + "' "; sql += " declare @roleid int set @roleid=" + roleid + " "; sql += " if not exists ( select * from [role] where [name]=@rolename and id<>@roleid ) " + " begin update [role] set [name]=@rolename where id=@roleid end "; sql += " delete from role_right where roleid=@roleid "; foreach (ListItem li in cblRights.Items) { if (li.Selected) //表示某一项被选中了 { sql += " insert into role_right(roleid,rightid) values(@roleid," + li.Value + ") "; } } } cdal.ExecSQL(sql); GetSuccessMsg("保存成功!", "rolelist.aspx"); } }