protected void btnOK_Click(object sender, EventArgs e)
{
if (txtUserPWD.Text == "")
{
txtUserEnterPWD.Text = "";
lblMessage.Text = "修改失败!密码不能为空!";
}
else
{
if (txtUserPWD.Text != txtUserEnterPWD.Text)
{
txtUserPWD.Text = "";
txtUserEnterPWD.Text = "";
lblMessage.Text = "修改失败!两次密码不一致!";
}
//防止SQL注入式攻击
else if (txtUserPWD.Text.ToString().ToLower().IndexOf("select") != -1 || txtUserPWD.Text.ToString().ToLower().IndexOf(";") != -1 || txtUserPWD.Text.ToString().ToLower().IndexOf("delete") != -1 || txtUserPWD.Text.ToString().ToLower().IndexOf("insert") != -1 || txtUserPWD.Text.ToString().ToLower().IndexOf("update") != -1 || txtUserEnterPWD.Text.ToString().ToLower().IndexOf("select") != -1 || txtUserEnterPWD.Text.ToString().ToLower().IndexOf("update") != -1 || txtUserEnterPWD.Text.ToString().ToLower().IndexOf("delete") != -1 || txtUserEnterPWD.Text.ToString().ToLower().IndexOf("insert") != -1 || txtUserEnterPWD.Text.ToString().ToLower().IndexOf(";") != -1)
{
txtUserPWD.Text = "";
txtUserEnterPWD.Text = "";
lblMessage.Text = "含有关键词,请重新输入!";
}
else
{
DataTable dt = AddSQLStringToDAL.GetOldPWD(Session["UserID"].ToString());
//查询原密码,是加密后的
string OldPWD = "";
if (dt.Rows.Count != 0)
{
OldPWD = dt.Rows[0]["UserPWD"].ToString();
}
//将原密码插入到TabPassword表
if (AddSQLStringToDAL.InsertTabPassword(Session["UserID"].ToString(), OldPWD, System.DateTime.Now.ToString()))
{
}
AddSQLStringToDAL.Update("TabTeachers", "UserPWD", FormsAuthentication.HashPasswordForStoringInConfigFile(txtUserPWD.Text, "MD5").ToString(), "UserID", txtUserID.Text);
lblMessage.Text = "修改成功!";
}
}
}