/// <summary>
/// 设置用户密码
/// 返回值:0=异常,1=成功,-1=用户不存在,-2=旧密码错误
/// </summary>
/// <param name="userId">为0时表示使用userName</param>
/// <param name="userName">为空时表示使用userId</param>
/// <param name="oldUserPwd">旧密码(原文)</param>
/// <param name="newUserPwd">新密码</param>
/// <param name="isCheckOldPwd">是否验证旧密码</param>
/// <returns></returns>
public int SetUserPwd(int userId, string userName, string oldUserPwd, string newUserPwd, bool isCheckOldPwd)
{
//oldUserPwd = CryptHelper.MD5CmsUserPwd(oldUserPwd);
//newUserPwd = CryptHelper.MD5CmsUserPwd(newUserPwd);
// 用户与旧密码判断
UserInfo info = GetUserInfo(userId, userName);
if (info == null)
{
return(-1); // 用户不存在
}
else if (isCheckOldPwd)
{
oldUserPwd = nwbase_utils.Encryption.MD5Hash(oldUserPwd);
oldUserPwd = nwbase_utils.Encryption.MD5HashWithSalt(oldUserPwd, info.PwdSalt);
if (info.RawUserPwd != oldUserPwd)
{
return(-2);
}
else
{
oldUserPwd += ":" + info.PwdSalt;
}
}
string salt = new nwbase_utils.UniqueRandom(100000).Next().ToString().PadLeft(5, '0');
string newPwd = newUserPwd;
newPwd = nwbase_utils.Encryption.MD5Hash(newPwd);
newPwd = nwbase_utils.Encryption.MD5HashWithSalt(newPwd, salt);
newPwd += ":" + salt;
string sql = @"update RightUsers set userPwd=@NewUserPwd where userId=@UserId ";
List <MySqlParameter> paramList = new List <MySqlParameter>();
paramList.Add(new MySqlParameter("@NewUserPwd", newPwd));
paramList.Add(new MySqlParameter("@UserId", info.UserId));
if (isCheckOldPwd)
{
sql += " and userPwd=@OldUserpwd;";
paramList.Add(new MySqlParameter("@OldUserpwd", oldUserPwd));
}
int ret = MySqlHelper.ExecuteNonQuery(_connStr, sql, paramList.ToArray());
if (ret > 0)
{
nwbase_utils.Cache.CacheHelper.DelCache(string.Format("rightUserInfo_{0}", info.UserId.ToString()), true);
nwbase_utils.Cache.CacheHelper.DelCache("rightUserList", true);
return(1);
}
else
{
return(-2);
}
return(0);
}
/// <summary>
/// 新增用户
/// 返回新增用户的ID:0=异常失败,-1=用户名已经存在
/// </summary>
/// <param name="info">用户信息实体,有效字段包括:TeamType/TeamId/UserName/UserPwd/RealName/NickName/Status</param>
/// <returns></returns>
public int AddUser(UserInfo info)
{
// 用户名重复性检测,经过这个检测仍有极少可能出错,以异常形式表现
if (GetUserInfo(0, info.UserName) != null)
{
return(-1);
}
string salt = new nwbase_utils.UniqueRandom(100000).Next().ToString().PadLeft(5, '0');
string newPwd = info.UserPwd;
newPwd = nwbase_utils.Encryption.MD5Hash(newPwd);
newPwd = nwbase_utils.Encryption.MD5HashWithSalt(newPwd, salt);
newPwd += ":" + salt;
info.UserPwd = newPwd;
string sql = @"insert into RightUsers(TeamType,TeamRefId,TeamFlag,TeamName,UserName,UserPwd,RealName,NickName,Status)
values(@TeamType, @TeamRefId, @TeamFlag, @TeamName, @UserName, @UserPwd, @RealName, @NickName, @Status); select last_insert_id();";
List <MySqlParameter> paramList = new List <MySqlParameter>();
paramList.Add(new MySqlParameter("@TeamType", info.TeamType));
paramList.Add(new MySqlParameter("@TeamRefId", info.TeamRefId));
paramList.Add(new MySqlParameter("@TeamFlag", info.TeamFlag));
paramList.Add(new MySqlParameter("@TeamName", info.TeamName));
paramList.Add(new MySqlParameter("@UserName", info.UserName));
paramList.Add(new MySqlParameter("@UserPwd", info.UserPwd));
paramList.Add(new MySqlParameter("@RealName", info.RealName));
paramList.Add(new MySqlParameter("@NickName", info.NickName));
paramList.Add(new MySqlParameter("@Status", info.Status));
object ret = MySqlHelper.ExecuteScalar(_connStr, sql, paramList.ToArray());
int id = Tools.GetInt(ret, 0);
if (id > 0)
{
nwbase_utils.Cache.CacheHelper.DelCache("rightUserList", true);
return(id);
}
return(0);
}
