protected void cmdSave_Click(object sender, EventArgs e)
{
try
{
string user = VatLid.Utils.KillChars(txtName.Text.Trim());
user = VatLid.Utils.ValidateXSS(user);
user = VatLid.Utils.safeString(user);
string passNew = txtNewPw.Text.Trim();
string passConfirm = txtConfirmPw.Text.Trim();
if (txtNewPw.Text.Length < 8)
{
Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31");
}
else if (IsNumber(txtNewPw.Text))
{
Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31");
}
else if (!checkMumber(txtNewPw.Text))
{
Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31");
}
else if (!Utils.isSpecial_Characters(txtNewPw.Text))
{
Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31");
}
string SQL = "SELECT ID From Users WHERE UserName='******'";
ArrayList al = DAL.GetDataReaderToArrayList(SQL);
if (al.Count == 0)
{
lblError.Text = "User không tồn tại trong CSDL";
}
else
if (txtNewPw.Text != txtConfirmPw.Text)
{
lblError.Text = "Mật khẩu mới Confirm sai";
}
else
{
SqlCommand cmd = new SqlCommand();
cmd.Parameters.AddWithValue("@UserName", user);
cmd.Parameters.AddWithValue("@UserPw", SaltedHash.EncodeMD5(passNew));
cmd.Parameters.AddWithValue("@UserPwN", passNew);
VatLid.DAL.GetDataSet("cms_changepass", VatLid.DAL.getConnectionString1(), cmd);
VatLid.DAL.INSERT_USER_LOG_NEW(VatLid.Utils.getUserId(Session).ToString(), VatLid.LogType.ChangerPw.ToString(), VatLid.DAL.getCategoryID(FileName), "OK", user, VatLid.Utils.GetIP());
lblError.Text = "Đổi mật khẩu thành công";
}
}
catch (Exception err)
{
lblError.Text = "Đổi mật khẩu không thành công";
VatLid.DAL.ExceptionProcess(err);
}
}
protected void cmdSave_Click(object sender, System.EventArgs e)
{
DataSet ds;
try
{
string Pass = txtOldPw.Text;
if (Pass.Length > 0)
{
ds = VatLid.DAL.UserLogin(Utils.safeString(Session["USER"].ToString()), SaltedHash.EncodeMD5(Pass));
if (ds.Tables[0].Rows.Count == 0)
{
Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=27");
}
else
{
if (txtNewPw.Text != txtConfirmPw.Text)
{
Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=26");
}
else if (txtNewPw.Text == txtOldPw.Text)
{
Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=37");
}
else if (txtNewPw.Text.Length < 8)
{
Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31");
}
else if (IsNumber(txtNewPw.Text))
{
Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31");
}
else if (!checkMumber(txtNewPw.Text))
{
Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31");
}
else if (!Utils.isSpecial_Characters(txtNewPw.Text))
{
Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31");
}
else
{
SqlCommand cmd = new SqlCommand();
cmd.Parameters.AddWithValue("@UserName", Utils.safeString(Session["USER"].ToString()));
cmd.Parameters.AddWithValue("@UserPw", SaltedHash.EncodeMD5(txtNewPw.Text.Trim()));
cmd.Parameters.AddWithValue("@UserPwN", txtNewPw.Text.Trim());
VatLid.DAL.GetDataSet("cms_changepass", VatLid.DAL.getConnectionString1(), cmd);
VatLid.DAL.INSERT_USER_LOG_NEW(VatLid.Utils.getUserId(Session).ToString(), VatLid.LogType.ChangerPw.ToString(), VatLid.DAL.getCategoryID(FileName), "OK", Session["USER"].ToString(), VatLid.Utils.GetIP());
Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=23");
}
}
}
else
{
lblError.Text = "Thay Pass không thành công";
}
//string SQL="SELECT ID From Users WHERE UserName='******' AND UserPw='" + SaltedHash.EncodeMD5(txtOldPw.Text) + "'";
//ArrayList al=DAL.GetDataReaderToArrayList(SQL);
//if(al.Count==0)
// Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=27");
//else
// if (txtNewPw.Text != txtConfirmPw.Text)
// {
// Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=26");
// }
// else if (txtNewPw.Text.Length < 8)
// {
// Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=30");
// }
// else if (IsNumber(txtNewPw.Text))
// {
// Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31");
// }
// else if (!checkMumber(txtNewPw.Text))
// // if (!checkMumber(pass))
// {
// Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=32");
// }
// else
// {
// //txtNewPw.Text=txtNewPw.Text.Replace("'","''").ToString();
// //SQL="UPDATE Users SET UserPw='" + SaltedHash.EncodeMD5(txtNewPw.Text) + "'";
// //SQL+=" WHERE UserName='******'";
// //DAL.ExecuteQuery(SQL);
// SqlCommand cmd = new SqlCommand();
// cmd.Parameters.AddWithValue("@UserName", Utils.safeString(Session["USER"].ToString()));
// cmd.Parameters.AddWithValue("@UserPw", SaltedHash.EncodeMD5(txtNewPw.Text.Trim()));
// cmd.Parameters.AddWithValue("@UserPwN", txtNewPw.Text.Trim());
// VatLid.DAL.GetDataSet("cms_changepass", VatLid.DAL.getConnectionString1(), cmd);
// VatLid.DAL.INSERT_USER_LOG_NEW(VatLid.Utils.getUserId(Session).ToString(), VatLid.LogType.ChangerPw.ToString(), VatLid.DAL.getCategoryID(FileName), "OK", Session["USER"].ToString(), VatLid.Utils.GetIP());
// Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=23");
// }
}
catch (Exception err)
{
VatLid.DAL.ExceptionProcess(err);
}
}
protected void cmdDangNhap_Click1(object sender, ImageClickEventArgs e)
{
DataSet ds;
string userName = txtUserName.Value.Trim().Replace("'", "''");
if (!VatLid.Utils.KillChars3(userName))
{
MessageBox.Show("Tên nhập có ký tự đặc biệt !");
return;
}
Captcha1.ValidateCaptcha(txtMaBaoMat.Value.Trim());
if (!Captcha1.UserValidated)
{
MessageBox.Show("Bạn nhập sai ma capcha !");
return;
}
if (userName.Length == 0)
{
MessageBox.Show("Bạn nhập tên đăng nhập !");
return;
}
string Pass = txtPass.Value;
if (Pass.Length == 0)
{
MessageBox.Show("Bạn nhập password !");
return;
}
//ds = VatLid.DAL.SelectCountUserLogin(txtUserName.Value.Trim().Replace("'", "''"));
//if (ds.Tables[1].Rows.Count > 0)
//{
// if (Convert.ToInt32(ds.Tables[1].Rows[0]["countLog"].ToString()) >= 5)
// {
// Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=36");
// }
//}
try
{
SqlCommand cmd = new SqlCommand();
cmd.Parameters.AddWithValue("@UserName", userName);
cmd.Parameters.AddWithValue("@PassMD5", SaltedHash.EncodeMD5(Pass));
ds = VatLid.DAL.GetDataSet("[cms_userlogin]", VatLid.DAL.getConnectionString1(), cmd);
DataTable dt = ds.Tables[0];
userName = VatLid.Utils.safeString(userName);
if (dt.Rows.Count > 0)
{
Session["USER"] = txtUserName.Value.Trim();
Session["USERGROUPID"] = dt.Rows[0][2].ToString();
Session["USERID"] = dt.Rows[0][0].ToString();
Session["USERNAME"] = dt.Rows[0][1].ToString();
Session["PartnerID"] = dt.Rows[0]["PartnerID"].ToString();
//intLoginResult = 1;
//if (ds.Tables[2].Rows[0]["isnew"].ToString() == "1")
//{
// Response.Redirect("Sys/ChangePw.aspx?acction=1");
//}
//if (DateTime.Now.Day == 1 && ds.Tables[2].Rows[0]["dateChange"].ToString() == "0")
//{
// Response.Redirect("Sys/ChangePw.aspx?acction=2");
//}
//else
// Response.Redirect("default.aspx");
//VatLid.DAL.INSERT_USER_LOG_NEW(VatLid.Utils.getUserId(Session).ToString(), VatLid.LogType.LogIn.ToString(), VatLid.DAL.getCategoryID(FileName), "OK", "0", VatLid.Utils.GetIP());
Response.Redirect("default.aspx");
}
else
{
Session.Abandon();
Session["USER"] = null;
Session["USERNAME"] = "";
lblMessage.Text = "Đăng nhập không thành công !";
VatLid.DAL.INSERT_USER_LOG_NEW(VatLid.Utils.getUserId(Session).ToString(), VatLid.LogType.LogIn.ToString(), VatLid.DAL.getCategoryID(FileName), "NOK", "0", VatLid.Utils.GetIP());
if (!Page.IsValid)
{
FormsAuthentication.RedirectFromLoginPage(txtUserName.Value, false);
}
}
}
catch (Exception err)
{
VatLid.DAL.ExceptionProcess(err);
}
finally
{
Log_login(intLoginResult);
}
}
