/// <summary>
/// 修改密码
/// </summary>
/// <param name="username">用户名</param>
/// <param name="oldPassword">旧密码</param>
/// <param name="newPassword">新密码</param>
/// <returns>是否修改成功</returns>
public bool ChangePassword(string username, string oldPassword, string newPassword)
{
if(new Regex(@UsernameRegularExpression).IsMatch(username.Trim())
&& new Regex(@PasswordStrengthRegularExpression).IsMatch(newPassword))
{
//初始化局部变量
var factory = SqlClientFactory.Create();
var client = factory.CreateSqlClient();
var parameters = client.CreateParameters();
StringBuilder sql = new StringBuilder();
sql.AppendLine(@"SELECT FIRST 1 U.SYSID,M.MEMBERID,M.PASSWORD,M.PASSWORDSALT,M.PASSWORDFORMAT");
sql.AppendLine(@"FROM WEB_LOGINUSERS U,WEB_MEMBERSHIP M");
sql.AppendLine(@"WHERE U.SYSID=1 AND M.SYSID=U.SYSID AND M.USERID=U.USERID AND U.LOWEREDUSERNAME=@LOWEREDUSERNAME");
parameters.Add(client.CreateParameter("@LOWEREDUSERNAME", username.ToLower().Trim()));
var result = client.GetDynamicCollection(sql.ToString(), parameters.ToArray());
if (result != null && result.Count() > 0)
{
var userinfo = result.First();
var encryptor = new Sealong.Web.Security.Encryption.AesEncryptor();
String encodePassword = String.Empty;
var passwordFormat = Enum.Parse(typeof(System.Web.Security.MembershipPasswordFormat), userinfo.PasswordFormat);
if (passwordFormat == System.Web.Security.MembershipPasswordFormat.Clear)
{
encodePassword = oldPassword.Trim();
}
else if (passwordFormat == System.Web.Security.MembershipPasswordFormat.Encrypted)
{
encodePassword = encryptor.Encrypt(oldPassword.Trim(), userinfo.PasswordSalt);
}
else
{
encodePassword = oldPassword.Trim().GetHashCode().ToString();
}
String encodeNewPassword = String.Empty;
if (userinfo.Password == encodePassword && passwordFormat == System.Web.Security.MembershipPasswordFormat.Clear)
{
encodeNewPassword = newPassword.Trim();
}
else if (userinfo.Password == encodePassword && passwordFormat == System.Web.Security.MembershipPasswordFormat.Encrypted)
{
encodeNewPassword = encryptor.Encrypt(newPassword.Trim(), userinfo.PasswordSalt);
}
else
{
encodeNewPassword = newPassword.Trim().GetHashCode().ToString();
}
StringBuilder updateClause = new StringBuilder();
updateClause.AppendLine("UPDATE WEB_MEMBERSHIP SET (PASSWORD=@PASSWORD)");
updateClause.AppendLine("WHERE SYSID=@SYSID AND MEMBERID=@MEMBERID");
var updateParameters = client.CreateParameters();
updateParameters.Add(client.CreateParameter("@PASSWORD", encodeNewPassword));
updateParameters.Add(client.CreateParameter("@SYSID", userinfo.SysID));
updateParameters.Add(client.CreateParameter("@MEMBERID", userinfo.MemberID));
return client.ExecuteNonQuery(updateClause.ToString(), updateParameters.ToArray()) > 0;
}
else
{
return false;
}
}
else
{
return false;
}
}
/// <summary>
/// 校验用户信息
/// </summary>
/// <param name="username">用户名或电子邮箱或手机号码</param>
/// <param name="password">密码</param>
/// <returns></returns>
public bool ValidateUser(string username, string password)
{
var client = Sealong.Data.SqlClientFactory.CreateInstance().CreateSqlClient();
var parameters = client.CreateParameters();
parameters.Add(client.CreateParameter("@LOWEREDUSERNAME", username.ToLower().Trim()));
StringBuilder sql = new StringBuilder();
sql.AppendLine("SELECT U.USERID,M.PASSWORD,M.PASSWORDFORMAT,M.PASSWORDSALT");
sql.AppendLine("FROM WEB_LOGINUSERS U,WEB_MEMBERSHIP M");
sql.AppendLine("WHERE U.SYSID=1 AND M.SYSID=U.SYSID AND U.LOWEREDUSERNAME=@LOWEREDUSERNAME");
var result = client.GetDynamicCollection(sql.ToString(),parameters);
if (result != null && result.Count() > 0)
{
var entity = result.First();
String encodePassword = "";
var encryptor = new Sealong.Web.Security.Encryption.AesEncryptor();
if (Enum.Parse(typeof(MembershipPasswordFormat),entity.PasswordFormat) == MembershipPasswordFormat.Encrypted)
{
encodePassword = encryptor.Encrypt(password.Trim(), entity.PasswordSalt);
}
else if (Enum.Parse(typeof(MembershipPasswordFormat), entity.PasswordFormat) == MembershipPasswordFormat.Hashed)
{
encodePassword = password.Trim().GetHashCode().ToString();
}
else
{
encodePassword = password.Trim();
}
if (encodePassword == entity.Password)
{
StringBuilder updateClause = new StringBuilder();
updateClause.AppendLine("UPDATE WEB_MEMBERSHIP SET LASTLOGINDATE=@LASTLOGINDATE WHERE USERID=@USERID");
parameters.Add(client.CreateParameter("@USERID", entity.UserID));
parameters.Add(client.CreateParameter("@LASTLOGINDATE", DateTime.Now.ToUniversalTime()));
client.ExecuteNonQuery(updateClause.ToString(), parameters);
return true;
}
else return false;
}
else return false;
}
public String GetUserNo(int userID)
{
var encryptor = new Sealong.Web.Security.Encryption.AesEncryptor();
var userno = encryptor.Encrypt(userID.ToString(),"sEAloNg321seAloNg456seaLOng789SL");
return userno;
}
public int GetUserID(String userNo)
{
var encryptor = new Sealong.Web.Security.Encryption.AesEncryptor();
String idstr = encryptor.Decrypt(userNo, "sEAloNg321seAloNg456seaLOng789SL");
var userID = Convert.ToInt32(idstr);
return userID;
}
/// <summary>
/// 创建用户
/// </summary> A123456 123456
/// <param name="username">用户名</param>
/// <param name="password">密码</param>
/// <param name="email">电子邮箱</param>
/// <param name="passwordQuestion">空值即可</param>
/// <param name="passwordAnswer">空值即可</param>
/// <param name="isApproved">否是开通</param>
/// <param name="providerUserKey">用户主键</param>
/// <param name="status">创建用户的返回状态</param>
/// <returns>用户信息</returns>
public MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out System.Web.Security.MembershipCreateStatus status)
{
if(!new Regex(@UsernameRegularExpression).IsMatch(username.Trim()))
{
status = System.Web.Security.MembershipCreateStatus.InvalidUserName;
return null;
}
else if (email!=null && !new Regex(@EMailRegularExpression).IsMatch(email.Trim()))
{
status = System.Web.Security.MembershipCreateStatus.InvalidEmail;
return null;
}
else if (!new Regex(@PasswordStrengthRegularExpression).IsMatch(password.Trim()))
{
status = System.Web.Security.MembershipCreateStatus.InvalidPassword;
return null;
}
else if (!new Regex(@TelRegularExpression).IsMatch(passwordQuestion.Trim()))
{
status = System.Web.Security.MembershipCreateStatus.InvalidQuestion;//密码保护问题现在表示手机号了,密码保护问题机制整体移除
return null;
}
else
{
var factory = SqlClientFactory.Create();
var client = factory.CreateSqlClient();
var parameters = client.CreateParameters();
var sqlCollection = new SqlCollection();
StringBuilder sql = new StringBuilder();
sql.AppendLine("SELECT COUNT(U.SYSID) TCOUNT");
sql.AppendLine("FROM WEB_LOGINUSERS U");
sql.AppendLine("WHERE U.SYSID=1 AND U.LOWEREDUSERNAME=@LOWEREDUSERNAME");
parameters.Add(client.CreateParameter("@LOWEREDUSERNAME", username.Trim().ToLower()));
sqlCollection.Add("USERNAMECOUNT", sql.ToString());
if (RequiresUniqueEmail)
{
sql = new StringBuilder();
sql.AppendLine("SELECT COUNT(U.SYSID) TCOUNT");
sql.AppendLine("FROM WEB_LOGINUSERS U");
sql.AppendLine("WHERE U.SYSID=1 AND U.LOWEREDEMAIL=@LOWEREDEMAIL");
parameters.Add(client.CreateParameter("@LOWEREDEMAIL", email.Trim().ToLower()));
sqlCollection.Add("EMAILCOUNT", sql.ToString());
}
var result = client.RunSql(sqlCollection, parameters.ToArray());
if(result.Tables["USERNAMECOUNT"]!=null
&& result.Tables["USERNAMECOUNT"].Rows[0]["TCOUNT"]!=null
&& ((int)result.Tables["USERNAMECOUNT"].Rows[0]["TCOUNT"]) > 0)
{
status = System.Web.Security.MembershipCreateStatus.DuplicateUserName;
return null;
}
else if (email != null && RequiresUniqueEmail
&& result.Tables["EMAILCOUNT"]!=null
&& result.Tables["EMAILCOUNT"].Rows[0]["TCOUNT"]!=null
&& ((int)result.Tables["EMAILCOUNT"].Rows[0]["TCOUNT"]) > 0)
{
status = System.Web.Security.MembershipCreateStatus.DuplicateEmail;
return null;
}
else
{
var encryptor = new Sealong.Web.Security.Encryption.AesEncryptor();
var salt = encryptor.GeneralEncryptKey();
var encodePassword = encryptor.Encrypt(password.Trim(), salt.ToString());
var passwordFormat = System.Web.Security.MembershipPasswordFormat.Encrypted.ToString();
sqlCollection = new SqlCollection();
var createUserParameters = client.CreateParameters();
createUserParameters.Add(client.CreateParameter("@SYSID", 1));
StringBuilder maxUserIdClause = new StringBuilder();
maxUserIdClause.AppendLine("SELECT COALESCE(MAX(U.USERID),0) MAXUSERID");
maxUserIdClause.AppendLine("FROM WEB_LOGINUSERS U");
maxUserIdClause.AppendLine("WHERE U.SYSID=1");
StringBuilder maxMemberIdClause = new StringBuilder();
maxMemberIdClause.AppendLine("SELECT COALESCE(MAX(M.MEMBERID),0) MAXMEMBERID");
maxMemberIdClause.AppendLine("FROM WEB_MEMBERSHIP M");
maxMemberIdClause.AppendLine("WHERE U.SYSID=1");
StringBuilder insertUserClause = new StringBuilder();
insertUserClause.Append("INSERT INTO WEB_LOGINUSERS (SYSID, USERID, USERNO, USERNAME, LOWEREDUSERNAME, TEL, EMAIL, LOWEREDEMAIL, LASTACTIVITYDATE)");
insertUserClause.Append(" VALUES (");
insertUserClause.Append("@SYSID, @USERID, @USERNO, @USERNAME, @LOWEREDUSERNAME, @TEL, @EMAIL, @LOWEREDEMAIL, @LASTACTIVITYDATE)");
createUserParameters.Add(client.CreateParameter("@USERNAME", username.Trim()));
createUserParameters.Add(client.CreateParameter("@LOWEREDUSERNAME", username.Trim().ToLower()));
createUserParameters.Add(client.CreateParameter("@TEL", passwordQuestion.Trim()));
createUserParameters.Add(client.CreateParameter("@EMAIL",email==null ? null : email.Trim()));
createUserParameters.Add(client.CreateParameter("@LOWEREDEMAIL", email == null ? null : email.Trim().ToLower()));
createUserParameters.Add(client.CreateParameter("@LASTACTIVITYDATE", DateTime.MinValue));
StringBuilder insertMembershipClause = new StringBuilder();
insertMembershipClause.Append("INSERT INTO WEB_MEMBERSHIP (SYSID, MEMBERID, USERID, PASSWORD, PASSWORDFORMAT, PASSWORDSALT, IFAPPROVED, IFLOCKED, CREATEDATE, LASTLOCKDATE, LASTLOGINDATE, LASTPASSWORDCHANGEDDATE, FAILEDPWDSTART, FAILEDPWDCOUNT, REMARKS)");
insertMembershipClause.Append(" VALUES ( ");
insertMembershipClause.Append("@SYSID, @MEMBERID, @USERID, @PASSWORD, @PASSWORDFORMAT, @PASSWORDSALT, @IFAPPROVED, @IFLOCKED, @CREATEDATE, @LASTLOCKDATE, @LASTLOGINDATE, @LASTPASSWORDCHANGEDDATE, @FAILEDPWDSTART, @FAILEDPWDCOUNT, @REMARKS)");
createUserParameters.Add(client.CreateParameter("@PASSWORD", encodePassword));
createUserParameters.Add(client.CreateParameter("@PASSWORDFORMAT", passwordFormat));
createUserParameters.Add(client.CreateParameter("@PASSWORDSALT", salt));
createUserParameters.Add(client.CreateParameter("@IFAPPROVED", isApproved?"T":"F"));
createUserParameters.Add(client.CreateParameter("@IFLOCKED", "F"));
createUserParameters.Add(client.CreateParameter("@CREATEDATE", DateTime.Now ));
createUserParameters.Add(client.CreateParameter("@LASTLOCKDATE", DateTime.MinValue));
createUserParameters.Add(client.CreateParameter("@LASTLOGINDATE", DateTime.MinValue));
createUserParameters.Add(client.CreateParameter("@LASTPASSWORDCHANGEDDATE", DateTime.MinValue));
createUserParameters.Add(client.CreateParameter("@FAILEDPWDSTART", DateTime.MinValue));
createUserParameters.Add(client.CreateParameter("@FAILEDPWDCOUNT", 0));
createUserParameters.Add(client.CreateParameter("@REMARKS", String.Empty));
var createUserStatus = System.Web.Security.MembershipCreateStatus.UserRejected;
sqlCollection.Add("MAXUSERID", maxUserIdClause.ToString(), new Action<System.Data.DataSet, List<System.Data.IDbDataParameter>>((source, @params) =>
{
if (!source.IsNullOrEmpty() && source.Tables[0].Rows[0]["TCOUNT"]!=null)
{
var userid = (int)source.Tables[0].Rows[0]["TCOUNT"];
@params.Add(client.CreateParameter("@USERID", userid + 1));
@params.Add(client.CreateParameter("@USERNO", GetUserNo(userid+1)));
}
else
{
createUserStatus = System.Web.Security.MembershipCreateStatus.ProviderError;
return;
}
}));
sqlCollection.Add("MAXMEMBERID", maxMemberIdClause.ToString(), new Action<System.Data.DataSet, List<System.Data.IDbDataParameter>>((source, @params) =>
{
if (!source.IsNullOrEmpty() && source.Tables[0].Rows[0]["TCOUNT"] != null)
{
var memberid = (int)source.Tables[0].Rows[0]["TCOUNT"];
@params.Add(client.CreateParameter("@MEMBERID", memberid + 1));
}
else
{
createUserStatus = System.Web.Security.MembershipCreateStatus.ProviderError;
return;
}
}));
sqlCollection.Add("InsertLoginUsers", insertUserClause.ToString(), true);
sqlCollection.Add("InsertMembership", insertMembershipClause.ToString(), true);
try
{
client.RunSql(sqlCollection, createUserParameters);
if (createUserStatus == System.Web.Security.MembershipCreateStatus.ProviderError)
{
status = createUserStatus;
return null;
}
else
{
status = System.Web.Security.MembershipCreateStatus.Success;
return new MembershipUser("", username, providerUserKey, email, passwordQuestion, passwordAnswer, isApproved, false, DateTime.Now, DateTime.MinValue, DateTime.MinValue, DateTime.MinValue, DateTime.MinValue);
}
}
catch
{
createUserStatus = MembershipCreateStatus.ProviderError;
status = createUserStatus;
return null;
}
}
}
}
