protected void cmdSave_Click(object sender, EventArgs e) { try { string user = VatLid.Utils.KillChars(txtName.Text.Trim()); user = VatLid.Utils.ValidateXSS(user); user = VatLid.Utils.safeString(user); string passNew = txtNewPw.Text.Trim(); string passConfirm = txtConfirmPw.Text.Trim(); if (txtNewPw.Text.Length < 8) { Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31"); } else if (IsNumber(txtNewPw.Text)) { Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31"); } else if (!checkMumber(txtNewPw.Text)) { Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31"); } else if (!Utils.isSpecial_Characters(txtNewPw.Text)) { Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31"); } string SQL = "SELECT ID From Users WHERE UserName='******'"; ArrayList al = DAL.GetDataReaderToArrayList(SQL); if (al.Count == 0) { lblError.Text = "User không tồn tại trong CSDL"; } else if (txtNewPw.Text != txtConfirmPw.Text) { lblError.Text = "Mật khẩu mới Confirm sai"; } else { SqlCommand cmd = new SqlCommand(); cmd.Parameters.AddWithValue("@UserName", user); cmd.Parameters.AddWithValue("@UserPw", SaltedHash.EncodeMD5(passNew)); cmd.Parameters.AddWithValue("@UserPwN", passNew); VatLid.DAL.GetDataSet("cms_changepass", VatLid.DAL.getConnectionString1(), cmd); VatLid.DAL.INSERT_USER_LOG_NEW(VatLid.Utils.getUserId(Session).ToString(), VatLid.LogType.ChangerPw.ToString(), VatLid.DAL.getCategoryID(FileName), "OK", user, VatLid.Utils.GetIP()); lblError.Text = "Đổi mật khẩu thành công"; } } catch (Exception err) { lblError.Text = "Đổi mật khẩu không thành công"; VatLid.DAL.ExceptionProcess(err); } }
protected void cmdSave_Click(object sender, System.EventArgs e) { DataSet ds; try { string Pass = txtOldPw.Text; if (Pass.Length > 0) { ds = VatLid.DAL.UserLogin(Utils.safeString(Session["USER"].ToString()), SaltedHash.EncodeMD5(Pass)); if (ds.Tables[0].Rows.Count == 0) { Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=27"); } else { if (txtNewPw.Text != txtConfirmPw.Text) { Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=26"); } else if (txtNewPw.Text == txtOldPw.Text) { Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=37"); } else if (txtNewPw.Text.Length < 8) { Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31"); } else if (IsNumber(txtNewPw.Text)) { Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31"); } else if (!checkMumber(txtNewPw.Text)) { Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31"); } else if (!Utils.isSpecial_Characters(txtNewPw.Text)) { Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31"); } else { SqlCommand cmd = new SqlCommand(); cmd.Parameters.AddWithValue("@UserName", Utils.safeString(Session["USER"].ToString())); cmd.Parameters.AddWithValue("@UserPw", SaltedHash.EncodeMD5(txtNewPw.Text.Trim())); cmd.Parameters.AddWithValue("@UserPwN", txtNewPw.Text.Trim()); VatLid.DAL.GetDataSet("cms_changepass", VatLid.DAL.getConnectionString1(), cmd); VatLid.DAL.INSERT_USER_LOG_NEW(VatLid.Utils.getUserId(Session).ToString(), VatLid.LogType.ChangerPw.ToString(), VatLid.DAL.getCategoryID(FileName), "OK", Session["USER"].ToString(), VatLid.Utils.GetIP()); Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=23"); } } } else { lblError.Text = "Thay Pass không thành công"; } //string SQL="SELECT ID From Users WHERE UserName='******' AND UserPw='" + SaltedHash.EncodeMD5(txtOldPw.Text) + "'"; //ArrayList al=DAL.GetDataReaderToArrayList(SQL); //if(al.Count==0) // Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=27"); //else // if (txtNewPw.Text != txtConfirmPw.Text) // { // Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=26"); // } // else if (txtNewPw.Text.Length < 8) // { // Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=30"); // } // else if (IsNumber(txtNewPw.Text)) // { // Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31"); // } // else if (!checkMumber(txtNewPw.Text)) // // if (!checkMumber(pass)) // { // Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=32"); // } // else // { // //txtNewPw.Text=txtNewPw.Text.Replace("'","''").ToString(); // //SQL="UPDATE Users SET UserPw='" + SaltedHash.EncodeMD5(txtNewPw.Text) + "'"; // //SQL+=" WHERE UserName='******'"; // //DAL.ExecuteQuery(SQL); // SqlCommand cmd = new SqlCommand(); // cmd.Parameters.AddWithValue("@UserName", Utils.safeString(Session["USER"].ToString())); // cmd.Parameters.AddWithValue("@UserPw", SaltedHash.EncodeMD5(txtNewPw.Text.Trim())); // cmd.Parameters.AddWithValue("@UserPwN", txtNewPw.Text.Trim()); // VatLid.DAL.GetDataSet("cms_changepass", VatLid.DAL.getConnectionString1(), cmd); // VatLid.DAL.INSERT_USER_LOG_NEW(VatLid.Utils.getUserId(Session).ToString(), VatLid.LogType.ChangerPw.ToString(), VatLid.DAL.getCategoryID(FileName), "OK", Session["USER"].ToString(), VatLid.Utils.GetIP()); // Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=23"); // } } catch (Exception err) { VatLid.DAL.ExceptionProcess(err); } }
protected void cmdDangNhap_Click1(object sender, ImageClickEventArgs e) { DataSet ds; string userName = txtUserName.Value.Trim().Replace("'", "''"); if (!VatLid.Utils.KillChars3(userName)) { MessageBox.Show("Tên nhập có ký tự đặc biệt !"); return; } Captcha1.ValidateCaptcha(txtMaBaoMat.Value.Trim()); if (!Captcha1.UserValidated) { MessageBox.Show("Bạn nhập sai ma capcha !"); return; } if (userName.Length == 0) { MessageBox.Show("Bạn nhập tên đăng nhập !"); return; } string Pass = txtPass.Value; if (Pass.Length == 0) { MessageBox.Show("Bạn nhập password !"); return; } //ds = VatLid.DAL.SelectCountUserLogin(txtUserName.Value.Trim().Replace("'", "''")); //if (ds.Tables[1].Rows.Count > 0) //{ // if (Convert.ToInt32(ds.Tables[1].Rows[0]["countLog"].ToString()) >= 5) // { // Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=36"); // } //} try { SqlCommand cmd = new SqlCommand(); cmd.Parameters.AddWithValue("@UserName", userName); cmd.Parameters.AddWithValue("@PassMD5", SaltedHash.EncodeMD5(Pass)); ds = VatLid.DAL.GetDataSet("[cms_userlogin]", VatLid.DAL.getConnectionString1(), cmd); DataTable dt = ds.Tables[0]; userName = VatLid.Utils.safeString(userName); if (dt.Rows.Count > 0) { Session["USER"] = txtUserName.Value.Trim(); Session["USERGROUPID"] = dt.Rows[0][2].ToString(); Session["USERID"] = dt.Rows[0][0].ToString(); Session["USERNAME"] = dt.Rows[0][1].ToString(); Session["PartnerID"] = dt.Rows[0]["PartnerID"].ToString(); //intLoginResult = 1; //if (ds.Tables[2].Rows[0]["isnew"].ToString() == "1") //{ // Response.Redirect("Sys/ChangePw.aspx?acction=1"); //} //if (DateTime.Now.Day == 1 && ds.Tables[2].Rows[0]["dateChange"].ToString() == "0") //{ // Response.Redirect("Sys/ChangePw.aspx?acction=2"); //} //else // Response.Redirect("default.aspx"); //VatLid.DAL.INSERT_USER_LOG_NEW(VatLid.Utils.getUserId(Session).ToString(), VatLid.LogType.LogIn.ToString(), VatLid.DAL.getCategoryID(FileName), "OK", "0", VatLid.Utils.GetIP()); Response.Redirect("default.aspx"); } else { Session.Abandon(); Session["USER"] = null; Session["USERNAME"] = ""; lblMessage.Text = "Đăng nhập không thành công !"; VatLid.DAL.INSERT_USER_LOG_NEW(VatLid.Utils.getUserId(Session).ToString(), VatLid.LogType.LogIn.ToString(), VatLid.DAL.getCategoryID(FileName), "NOK", "0", VatLid.Utils.GetIP()); if (!Page.IsValid) { FormsAuthentication.RedirectFromLoginPage(txtUserName.Value, false); } } } catch (Exception err) { VatLid.DAL.ExceptionProcess(err); } finally { Log_login(intLoginResult); } }