/// <summary>
/// 修改密码
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnConfirm_Click(object sender, EventArgs e)
{
if (!Page.IsValid)
{
return;
}
_systemUserModel = _systemUserBll.GetModel(Convert.ToInt32(Session["userid"]));
string password = DesEncrypt.GetMd5String(txtPassword.Text);
string pwd = DesEncrypt.GetMd5String(txtPwd.Text);
if (_systemUserModel != null)
{
if (_systemUserModel.UserPwd.ToUpper() == password.ToUpper())
{
if (txtPwd.Text != txtRpwd.Text)
{
Alert("新密码和确认密码不一样!");
}
else
{
if (_systemUserModel.UserPwd == pwd || pwd.Length < 6)
{
Alert("新密码和旧密码太相似,且密码长度不少于6位,请重新设置!");
}
else
{
_systemUserModel.UserPwd = pwd;
if (_systemUserBll.Update(_systemUserModel))
{
Session.Abandon();
AlertAndParentReoload("修改成功!");
AddSystemLog("用户修改密码", "修改");
}
}
}
}
else
{
Alert("原密码不正确!");
}
}
else
{
Alert("没找到该用户!");
}
}
/// <summary>
/// 判断密码是否正确,此处给该方法传递参数illLoginCount的目的是因为该方法中将会用到允许非法登录的次数
/// </summary>
/// <param name="userName"></param>
/// <param name="illLoginCount"></param>
/// <param name="userPwd"></param>
/// <returns></returns>
public string PwdIsCorrect(string userName, int illLoginCount, string userPwd)
{
string result = "";
//以下三行为从数据库中获取用户密码
DataSet ds = _systemUserBll.GetList(" UserName='******'");
var loginCount = GetLoginCount(userName);
//判断是否超时,为了方便测试,我们暂时设定允许非法用户再次登录的时间段为1分钟(1分钟约为0.0167小时,即1/60=0.0167)
var isOverTime = IsOverTimeSpan(userName, 0.167f);
//密码输入正确
if (ds.Tables[0].Rows[0]["UserPwd"].ToString() == DesEncrypt.GetMd5String(userPwd) || ds.Tables[0].Rows[0]["UserPwd"].ToString() == userPwd)
{
//如果非法登录次数到达illLoginCount次,且没超过指定的时间范围(非法登录次数到达3次后,允许该用户能再次登录的时间段),即使帐号和密码正确也不能登录
if ((loginCount == illLoginCount) && (isOverTime == false))
{
result = "非法登录超过'+'" + illLoginCount + "'+'次,帐号:'+'" + userName + "'+' 已被锁!";
}
else //如果非法登录次数没达到illLoginCount次或已经达到illLoginCount次但已经超过了指定的时间范围,仍然可登录
{
//成功登录时清空登录记录(非法登录次数和非法登录的时间)
ClearLoginParameters(userName);
result = "成功";
}
}
else
{
//密码输入不正确
LoginWithIncorrectPwd(userName, 3);//密码输入错误时执行
//系统提示“密码不正确” 的情况有两种:(1)用户非法登录的次数未超过3次时,系统应该提示“密码不正确”。
//(2)用户非法登录次数已经达到3次,但再次登录的时间已经超过了禁止该用户登录的时间段,这时系统应该提示“密码不正确”。
//如果用户非法登录次数已经达到3次,但再次登录的时间还没超过禁止该用户登录的时间段,这时系统应该提示“帐号:**已锁”,这个功能通过LoginWithIncorrectPwd()实现。
if ((loginCount < 3) || ((loginCount == 3) && isOverTime))
{
result = "密码不正确";
}
}
return(result);
}
/// <summary>
/// 确定
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void BtnSubmit_Click(object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(Request.QueryString["id"]))
{
_systemUserModel = _systemUserBll.GetModel(Convert.ToInt32(Request.QueryString["id"]));
}
_systemUserModel.UserName = txtJobNumber.Text.Trim();
_systemUserModel.IsDelete = 1;
_systemUserModel.TrueName = txtTrueName.Text.Trim();
_systemUserModel.Sex = ddlSex.SelectedValue;
_systemUserModel.TelphoneNumber = txtTelPhone.Text;
_systemUserModel.BirthDay = txtBirthDay.Text.Trim(); // 出生日期
_systemUserModel.EmailStr = txtEmail.Text.Trim(); //邮箱
_systemUserModel.DepartmentID = Convert.ToInt32(ddlDepart.SelectedValue);
_systemUserModel.AddTime = DateTime.Now;
_systemUserModel.AddPeople = Session["truename"].ToString();
_systemUserModel.RoleID = ddlRoles.SelectedValue;
_systemUserModel.IsEnter = Convert.ToInt32(ddlEnter.SelectedValue);
_systemUserModel.IsDelete = Convert.ToInt32(DropDownList4.SelectedValue);
_systemUserModel.XueLi = DropDownList3.SelectedValue; // 最高学历
_systemUserModel.JiaRuBenDanWeiTime = txtJiaRuBenDanWeiTime.Text; // 入职时间
_systemUserModel.SFZSerils = txtIDCard.Text;
//修改密码
if (txtPwdSure.Text != "")
{
_systemUserModel.UserPwd = DesEncrypt.GetMd5String(txtPwdSure.Text);
}
if (!string.IsNullOrEmpty(Request.QueryString["id"]))
{
if (!ActionValidator("SystemUserModify"))
{
return;
}
if (!_systemUserBll.Update(_systemUserModel))
{
return;
}
var alertStr = "用户信息修改成功!";
// 如果开启了统一身份认证,则同步修改统一身份认证上的账号密码
if (ConfigurationManager.AppSettings["HaikanPassport_IfUse"].ToLower() == "true")
{
var api = new HaikanPassportApi();
if (api.UpdateUser(_systemUserModel.UserName, _systemUserModel.UserPwd,
_systemUserModel.EmailStr) > 0)
{
alertStr += "统一身份认证系统账号同步更新了!";
}
}
else
{
alertStr += "统一身份认证系统没有配置,账号不同步!";
}
AlertAndParentReoload(alertStr);
}
else
{
var count = _systemUserBll.GetRecordCount("1=1 and UserName='******'");
if (count > 0)
{
Alert("该工号已经存在!");
return;
}
_systemUserModel.UserPwd = DesEncrypt.GetMd5String("123456");
_systemUserModel.UserName = txtJobNumber.Text.Trim();
if (ActionValidator("SystemUserAdd"))
{
// 如果开启了统一身份认证,则需要检查账号和邮箱的唯一性
if (ConfigurationManager.AppSettings["HaikanPassport_IfUse"].ToLower() == "true")
{
HaikanPassportApi api = new HaikanPassportApi();
if (api.CheckRegister(_systemUserModel.UserName, _systemUserModel.EmailStr, out _) < 1)
{
Alert("账号或者邮箱存在重复或者错误,请检查后再提交!");
return;
}
}
if (_systemUserBll.Add(_systemUserModel) > 0)
{
var alertStr = "用户信息添加成功!";
// 如果开启了统一身份认证,则同步修改统一身份认证上的账号密码
if (ConfigurationManager.AppSettings["HaikanPassport_IfUse"].ToLower() == "true")
{
HaikanPassportApi api = new HaikanPassportApi();
if (api.RegisterUser(_systemUserModel.UserName, _systemUserModel.UserPwd,
_systemUserModel.EmailStr, out string msg) > 0)
{
alertStr += "统一身份认证系统账号同步添加了!" + msg;
}
}
//empbll.Add(_employeesModel);
AlertAndParentSkip(alertStr, "SystemUserList.aspx");
}
}
}
}
/// <summary>
/// 点击登陆
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnLogin_Click(object sender, EventArgs e)
{
// 先判断验证码
_systemSetModel = _systemSetBll.GetModel(_systemSetBll.GetMaxId());
// 判断是否需要验证码
if (_systemSetModel.IsIdentifyingCode.ToString() == "0")
{
if (Session["yzm"] != null && !string.Equals(Session["yzm"].ToString(), TxtYZM.Text, StringComparison.CurrentCultureIgnoreCase))
{
Alert("验证码错误");
return;
}
}
// sql注入风险检查
if (SystemPage.SqlFilter(TxtUserName.Text.Trim()) || SystemPage.SqlFilter(TxtUserPwd.Text.Trim()))
{
Alert("帐号错误,请注意非法字符!");
return;
}
// 密码可能是原文或者md5加密后的
var strWhere = "UserName = '******' and (UserPWD = '" + DesEncrypt.GetMd5String(TxtUserPwd.Text.Trim()) + "' or UserPWD = '" + TxtUserPwd.Text.Trim() + "')";
var d = _systemUserBll.GetList(" UserName='******'");
if (d.Tables[0].Rows.Count > 0)
{
// 检测是否非法登录3次
var verify = _illegalityLogin.PwdIsCorrect(TxtUserName.Text.Trim(), 3, TxtUserPwd.Text.Trim());
if (verify == "成功")
{
// 获取该用户的相关信息
var ds = _systemUserBll.GetModelList(strWhere);
if (ds.Count <= 0)
{
Alert("对不起,没有找到对应的用户!");
return;
}
_systemUserModel = ds[0];
if (_systemUserModel == null)
{
Alert("对不起,没有找到对应的用户!");
return;
}
if (_systemUserModel.IsEnter == 1)
{
Alert("对不起,您已被禁止登录!");
return;
}
// 获取角色和权限
var roleId = Convert.ToInt32(_systemUserModel.RoleID);
_systemRolesModel = _systemRolesBll.GetModel(roleId);
if (_systemRolesModel != null)
{
Session["roleId"] = _systemUserModel.RoleID;
Session["RoleName"] = _systemRolesModel.RoleName;
Session["ActionStr"] = _systemRolesModel.Actionstr;
}
// 个人信息
Session["userid"] = _systemUserModel.ID;
Session["TrueName"] = _systemUserModel.TrueName;
Session["username"] = TxtUserName.Text.Trim();
Session["Department"] = _systemUserModel.DepartmentID;
Session["BirthDay"] = _systemUserModel.BirthDay;
Session["IdentityCard"] = _systemUserModel.SFZSerils; //身份证号码
Session["Sex"] = _systemUserModel.Sex;
Session["JiaRuBenDanWeiTime"] = _systemUserModel.JiaRuBenDanWeiTime; // 入职时间
Session["TelephoneNumber"] = _systemUserModel.TelphoneNumber; // 联系电话
// 判断是否选择了记住密码
if (chkRemembered.Checked)
{
var cookie = new HttpCookie("RememberPWD");
cookie.Values.Add("Name", TxtUserName.Text.Trim());
// 如果长度大于20,可以判定为md5加密后的密码,直接保存即可,否则需要加密后保存
cookie.Values.Add("UserPwd",
TxtUserPwd.Text.Trim().Length > 20
? TxtUserPwd.Text.Trim()
: DesEncrypt.GetMd5String(TxtUserPwd.Text.Trim()));
cookie.Expires = DateTime.Now.AddDays(60.0);// 有效期2个月
HttpContext.Current.Response.Cookies.Add(cookie);
}
// 左侧菜单,保存到cookies中
var menuStr = BindStr();
if (menuStr != "")
{
DataCache.SetCache("HaikanSchoolProjects-" + Session["userid"], menuStr);
}
// 跳转到主界面
Response.Redirect("/General/Main.aspx");
}
else
{
Alert(verify);
}
}
else
{
Alert("不存在该用户");
}
}