public string InsertUser(string info, string roleid, string departid)
{
var ent = JsonHelper.DeserializeJsonToObject <PRIVS_USER>(info);
var gid = Guid.NewGuid();
var dbContext = DBHelperPool.Instance.GetDbHelper();
ent.NAMEPassword = DESHelper.EncodePassword(ent.NAME);
ent.PASSWORD = DESHelper.EncodePassword(ent.PASSWORD);
ent.ID = gid.ToString();
ent.DEPARTMENTID = departid;
var nameToValue = ent.GetNameToValueDic("NoAddField");
var sql = dbContext.insertByParamsReturnSQL(DataTableName, nameToValue);
var listSql = new List <string> {
sql
};
var roleArr = roleid.Split(',');
var roleTemplate = "INSERT INTO PRIVS_USER_ROLE(USERID,ROLEID) values ('{0}','{1}') ";
listSql.AddRange(roleArr.Select(item => string.Format(roleTemplate, gid, item)));
var bIsSuccess = dbContext.executeTransactionSQLList(listSql);
return(JsonHelper.SerializeObject(new ResultModel(bIsSuccess, bIsSuccess ? "新建用户信息成功!" : "新建用户信息失败!")));
}
private string CommonLogion(string userName, string pwd, string code = "")
{
if (!string.IsNullOrEmpty(code) && code != SessionHelper.GetCheckCode())
{
return(JsonHelper.SerializeObject(new ResultModel(false, "短信验证码错误!")));
}
var context = DBHelperPool.Instance.GetDbHelper();
if (context == null)
{
return(JsonHelper.SerializeObject(new ResultModel(false, "数据库连接错误!")));
}
var sql = @"
select a.*,c.Name as POSITIONNAME,b.ROLENAME as LEADERName,d.NAME as DEPARTMENTName from PRIVS_USER a
left join PRIVS_DEPARTMENT d on a.DEPARTMENTID=d.id
left join PRIVS_LEADER b on a.ID=b.USERID
left join PRIVS_POSITION c on a.POSITIONID=c.ID where a.Name='{1}' and Password='******'"; //a.NAMEPassword='******'
//防注入代码记得放开
var dt = context.getDataTableResult(string.Format(sql, DESHelper.EncodePassword(pwd), userName)); // DESHelper.EncodePassword(userName),
if (dt == null || dt.Rows.Count == 0)
{
var dtUser = context.getDataTableResult(
$"select * from PRIVS_USER where NAME='{userName}'");
var strMsgUser = dtUser != null && dtUser.Rows.Count > 0 ? "密码错误!" : "用户名错误!";
return(JsonHelper.SerializeObject(new ResultModel(false, strMsgUser)));
}
return(JsonHelper.SerializeObject(ToolResult.Success(dt)));
}
public string UpdateUserPassword(string userid, string newPwd)
{
var context = DBHelperPool.Instance.GetDbHelper();
if (context == null)
{
return(JsonHelper.SerializeObject(new ResultModel(false, "数据库连接错误!")));
}
var updateM = $@"update PRIVS_USER set PASSWORD='******' where ID='{userid}'";
var i = context.execute(updateM) > 0;
return(JsonHelper.SerializeObject(new ResultModel(i, i ? "修改密码成功!" : "修改失败,请联系管理员!")));
}
public string GetMessageCode(string userName)
{
try
{
DateTime dataTime = DateTime.Now;
// 验证请求验证码用户是否存在,若不存在,返回特定字符串给前台 [4/7/2015 ZYQ]
var context = DBHelperPool.Instance.GetDbHelper();
var dtUser = context.getDataTableResult(string.Format("select * from PRIVS_USER where NAMEPassword='******'", DESHelper.EncodePassword(userName)));
if (dtUser == null || dtUser.Rows.Count == 0)
{
return(JsonHelper.SerializeObject(new ResultModel(false, "用户名不存在!")));
}
string phonenumber = dtUser.Rows[0]["MOBILE"] + "";
//获取验证信息
string checkCode = GenerateRandomNumber(4);
SessionHelper.SetCheckCode(checkCode);
string smsCode = "【国信司南】短信登录验证码为:" + checkCode + ",此验证码只用于登录您在 中国世界文化遗产监测预警总平台 用户的帐号,验证码提供给他人将导致您的帐号信息被盗,请勿转发。";
//获取短信ID
long smsID = dataTime.ToFileTime();
// 验证码存入数据库 [4/7/2015 ZYQ]
//softwareSerialNo注册序列号(正式发布需要改为读取配置文件)
string softwareSerialNo = "9SDK-EMY-0229-JCWUO";
//key:用户自定义key值,相当于注册时候的密码(正式发布需要改为读取配置文件)
string key = "951040";
YMMessageCheck ymMessageCheck = new YMMessageCheck(softwareSerialNo, key);
int iresult = ymMessageCheck.Send_sms(phonenumber, smsCode, smsID);
return(JsonHelper.SerializeObject(new ResultModel(true, iresult >= 0? "验证发送成功!":"验证发送失败!")));
}
catch (Exception ex)
{
return(JsonHelper.SerializeObject(new ResultModel(false, ex.Message)));
}
}
