public string InsertUser(string info, string roleid, string departid) { var ent = JsonHelper.DeserializeJsonToObject <PRIVS_USER>(info); var gid = Guid.NewGuid(); var dbContext = DBHelperPool.Instance.GetDbHelper(); ent.NAMEPassword = DESHelper.EncodePassword(ent.NAME); ent.PASSWORD = DESHelper.EncodePassword(ent.PASSWORD); ent.ID = gid.ToString(); ent.DEPARTMENTID = departid; var nameToValue = ent.GetNameToValueDic("NoAddField"); var sql = dbContext.insertByParamsReturnSQL(DataTableName, nameToValue); var listSql = new List <string> { sql }; var roleArr = roleid.Split(','); var roleTemplate = "INSERT INTO PRIVS_USER_ROLE(USERID,ROLEID) values ('{0}','{1}') "; listSql.AddRange(roleArr.Select(item => string.Format(roleTemplate, gid, item))); var bIsSuccess = dbContext.executeTransactionSQLList(listSql); return(JsonHelper.SerializeObject(new ResultModel(bIsSuccess, bIsSuccess ? "新建用户信息成功!" : "新建用户信息失败!"))); }
private string CommonLogion(string userName, string pwd, string code = "") { if (!string.IsNullOrEmpty(code) && code != SessionHelper.GetCheckCode()) { return(JsonHelper.SerializeObject(new ResultModel(false, "短信验证码错误!"))); } var context = DBHelperPool.Instance.GetDbHelper(); if (context == null) { return(JsonHelper.SerializeObject(new ResultModel(false, "数据库连接错误!"))); } var sql = @" select a.*,c.Name as POSITIONNAME,b.ROLENAME as LEADERName,d.NAME as DEPARTMENTName from PRIVS_USER a left join PRIVS_DEPARTMENT d on a.DEPARTMENTID=d.id left join PRIVS_LEADER b on a.ID=b.USERID left join PRIVS_POSITION c on a.POSITIONID=c.ID where a.Name='{1}' and Password='******'"; //a.NAMEPassword='******' //防注入代码记得放开 var dt = context.getDataTableResult(string.Format(sql, DESHelper.EncodePassword(pwd), userName)); // DESHelper.EncodePassword(userName), if (dt == null || dt.Rows.Count == 0) { var dtUser = context.getDataTableResult( $"select * from PRIVS_USER where NAME='{userName}'"); var strMsgUser = dtUser != null && dtUser.Rows.Count > 0 ? "密码错误!" : "用户名错误!"; return(JsonHelper.SerializeObject(new ResultModel(false, strMsgUser))); } return(JsonHelper.SerializeObject(ToolResult.Success(dt))); }
public string UpdateUserPassword(string userid, string newPwd) { var context = DBHelperPool.Instance.GetDbHelper(); if (context == null) { return(JsonHelper.SerializeObject(new ResultModel(false, "数据库连接错误!"))); } var updateM = $@"update PRIVS_USER set PASSWORD='******' where ID='{userid}'"; var i = context.execute(updateM) > 0; return(JsonHelper.SerializeObject(new ResultModel(i, i ? "修改密码成功!" : "修改失败,请联系管理员!"))); }
public string GetMessageCode(string userName) { try { DateTime dataTime = DateTime.Now; // 验证请求验证码用户是否存在,若不存在,返回特定字符串给前台 [4/7/2015 ZYQ] var context = DBHelperPool.Instance.GetDbHelper(); var dtUser = context.getDataTableResult(string.Format("select * from PRIVS_USER where NAMEPassword='******'", DESHelper.EncodePassword(userName))); if (dtUser == null || dtUser.Rows.Count == 0) { return(JsonHelper.SerializeObject(new ResultModel(false, "用户名不存在!"))); } string phonenumber = dtUser.Rows[0]["MOBILE"] + ""; //获取验证信息 string checkCode = GenerateRandomNumber(4); SessionHelper.SetCheckCode(checkCode); string smsCode = "【国信司南】短信登录验证码为:" + checkCode + ",此验证码只用于登录您在 中国世界文化遗产监测预警总平台 用户的帐号,验证码提供给他人将导致您的帐号信息被盗,请勿转发。"; //获取短信ID long smsID = dataTime.ToFileTime(); // 验证码存入数据库 [4/7/2015 ZYQ] //softwareSerialNo注册序列号(正式发布需要改为读取配置文件) string softwareSerialNo = "9SDK-EMY-0229-JCWUO"; //key:用户自定义key值,相当于注册时候的密码(正式发布需要改为读取配置文件) string key = "951040"; YMMessageCheck ymMessageCheck = new YMMessageCheck(softwareSerialNo, key); int iresult = ymMessageCheck.Send_sms(phonenumber, smsCode, smsID); return(JsonHelper.SerializeObject(new ResultModel(true, iresult >= 0? "验证发送成功!":"验证发送失败!"))); } catch (Exception ex) { return(JsonHelper.SerializeObject(new ResultModel(false, ex.Message))); } }