protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
strNEWDate = Request.Form["NEWDate"];
strTimeOLD = Request.Form["TimeOLD"];
strPrizeNEW = Request.Form["PrizeNEW"];
strOLDBall = Request.Form["OLDBall"];
if (strNEWDate == null || strTimeOLD == null || strPrizeNEW == null || strOLDBall == null)
{
Message.Show(this.Page, "身分驗證錯誤,請確認操作!!", "Default.aspx");
return;
}
else
{
if (CheckSourceWebsite())
{
strIDNo = CheckIdNo(strNEWDate, strTimeOLD);
if (strIDNo != "")
{
getTime = CheckTimeNo(strPrizeNEW, strOLDBall);
if (getTime != "")
{
// Response.Write("getTime=" + getTime + "<BR>");
string CryptID = DataCrypt.Encrypt(strIDNo.ToUpper(), true);
if (CheckInsertGameLog(CryptID, getTime))
{
Session["Event_IDNo"] = CryptID;
Response.Redirect("Default.aspx");
}
else
{
Session["Event_IDNo"] = CryptID;
Response.Redirect("Default.aspx");
//Response.Write("資料傳輸失敗!!<br />");
//Message.Show(this.Page, "資料傳輸失敗!!", "Default.aspx");
//return;
}
}
else
{
//Response.Write("抽獎次數驗證錯誤,請確認操作!!<br />");
ErrorLog.Add(strIDNo, HttpContext.Current.Request.ServerVariables["PATH_INFO"].ToString(), "Date : " + strNEWDate + ", Time=" + strTimeOLD + ", Sport=" + strPrizeNEW + ", Ball=" + strOLDBall, "抽籤次數驗證錯誤");
Message.Show(this.Page, "抽籤次數驗證錯誤,請確認操作!!", "Default.aspx");
return;
}
}
else
{
//Response.Write("身分ID驗證錯誤,請確認操作!!<br />");
ErrorLog.Add(strIDNo, HttpContext.Current.Request.ServerVariables["PATH_INFO"].ToString(), "Date : " + strNEWDate + ", Time=" + strTimeOLD + ", Sport=" + strPrizeNEW + ", Ball=" + strOLDBall, "身分ID驗證錯誤");
Message.Show(this.Page, "身分ID驗證錯誤,請確認操作!!", "Default.aspx");
return;
}
}
else
{
ErrorLog.Add("", HttpContext.Current.Request.ServerVariables["PATH_INFO"].ToString(), "Date : " + strNEWDate + ", Time=" + strTimeOLD + ", Sport=" + strPrizeNEW + ", Ball=" + strOLDBall, "POST 入侵-非來自台灣銀行網站-" + Request.ServerVariables["HTTP_REFERER"].ToString());
Message.Show(this.Page, "您並非來自臺灣銀行網站,若有問題請與活動小組聯絡!!", "Default.aspx");
return;
}
}
}
}
protected void ibtSearch_Click(object sender, ImageClickEventArgs e)
{
if (this.txtID.Text.Length == 10)
{
ConnectionStringSettings connSettings = ConfigurationManager.ConnectionStrings["ConnString"];
SqlConnection conn = new SqlConnection(connSettings.ConnectionString);
conn.Open();
SqlCommand cmd = new SqlCommand("usp_SelectIDGameLog", conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("@Id", SqlDbType.VarChar, 50).Value = DataCrypt.Encrypt(this.txtID.Text.ToUpper(), true);
SqlDataReader myReader = cmd.ExecuteReader(CommandBehavior.CloseConnection);
// Response.Write(myReader.HasRows);
if (myReader.HasRows)
{
this.lbId.Text = this.txtID.Text.Substring(0, 7);
this.plSearch.Visible = false;
this.plResult.Visible = true;
}
else
{
this.plSearch.Visible = true;
this.plResult.Visible = false;
Message.Show(this.Page, "沒有此筆身分證統一編號!!", "");
}
while (myReader.Read())
{
this.lbPrize1.Text = myReader["Prize1"].ToString();
this.lbPrize2.Text = myReader["Prize2"].ToString();
this.lbPrize3.Text = myReader["Prize3"].ToString();
this.lbPrize4.Text = myReader["Prize4"].ToString();
this.lbPrize5.Text = myReader["Prize5"].ToString();
this.lbPrize6.Text = myReader["Prize6"].ToString();
this.lbNotUsed.Text = myReader["NotUsed"].ToString();
if (int.Parse(this.lbNotUsed.Text) == 0)
{
this.ibtPrize.Visible = false;
this.hlDefault.Visible = true;
this.lbDefault.Visible = true;
}
else
{
this.ibtPrize.Visible = true;
this.hlDefault.Visible = false;
this.lbDefault.Visible = false;
}
}
myReader.Close();
myReader.Dispose();
cmd.Dispose();
conn.Close();
conn.Dispose();
CheckCount();
}
else
{
Message.Show(this.Page, "請輸入正確的身分證統一編號!", "");
}
}
protected void btn_submit_Click(object sender, EventArgs e)
{
// validate fields
if (!Validate_Fields())
{
return;
}
string email = tb_email.Text.Trim();
string password = tb_password.Text.Trim();
string input_fName = tb_fName.Text.Trim();
string input_lName = tb_lName.Text.Trim();
string input_ccCVV = tb_ccCVV.Text.Trim();
string newPassword = tb_newPassword.Text.Trim();
string confirmNewPassword = tb_confirmNewPassword.Text.Trim();
if (!UserUtils.Exist(email))
{
showFeedback("Invalid email address.");
return;
}
if (!UserUtils.Authenticate(email, password))
{
showFeedback("Sorry, with the information you've provided. We still can't verify that you're the account owner.");
return;
}
string userId = null;
string firstName = null, lastName = null;
string cipherText = null;
string iv = null;
string key = null;
string existPassSalt = null;
string existPassHash = null;
using (SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["MYDBConnection"].ConnectionString))
{
using (SqlCommand cmd = new SqlCommand("SELECT * FROM [dbo].[Users] WHERE Email = @Email", con))
{
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("@Email", email);
if (con.State == ConnectionState.Closed || con.State == ConnectionState.Broken)
{
con.Open();
}
SqlDataReader sdr = cmd.ExecuteReader();
if (sdr.Read())
{
userId = sdr["Id"].ToString();
firstName = sdr["FirstName"].ToString();
lastName = sdr["LastName"].ToString();
existPassSalt = sdr["PasswordSalt"].ToString();
existPassHash = sdr["PasswordHash"].ToString();
cipherText = sdr["CCCVV"].ToString();
iv = sdr["IV"].ToString();
key = sdr["Key"].ToString();
}
}
}
string plainText = DataCrypt.Decrypt(cipherText, iv, key);
if (!(plainText.Equals(input_ccCVV) && firstName.Equals(input_fName) && lastName.Equals(input_lName)))
{
showFeedback("Invalid details provided.");
return;
}
if (Password.ComparePasswordHash(Password.GetPasswordHash(newPassword, existPassSalt), existPassHash))
{
showFeedback("Your new password cannot be a password you've used before.");
return;
}
Password.UpdatePassword(userId, Convert.ToBase64String(Password.GetPasswordHash(tb_newPassword.Text.Trim(), existPassSalt)));
UserUtils.UnlockAccount(email);
lbl_feedback.ForeColor = Color.Green;
showFeedback("Password has been updated.");
}
