Esempio n. 1
0
    protected void btnLogin_Click(object sender, EventArgs e)
    {
        txtCheckCode.Text = "";

        if (!IsValid)
        {
            return;
        }

        txtAccount.Text  = txtAccount.Text.Trim();
        txtPassword.Text = txtPassword.Text.Trim();

        //登入驗證
        EmployeeToLogin empVerify = empAuth.GetEmployeeDataToLogin(txtAccount.Text);

        if (empVerify == null && empAuth.GetDbErrMsg() != "")
        {
            //異常錯誤
            ShowErrorMsg(string.Format("{0}: {1}", Resources.Lang.ErrMsg_Exception, empAuth.GetDbErrMsg()));
            //新增後端操作記錄
            empAuth.InsertBackEndLogData(new BackEndLogData()
            {
                EmpAccount  = "",
                Description = string.Format(".帳號登入驗證時發生異常錯誤,帳號[{0}] .An exception error occurred during login verification! Account[{0}]", txtAccount.Text),
                IP          = c.GetClientIP()
            });
            //檢查登入失敗次數,是否顯示驗證圖
            CheckLoginFailedCountToShowCaptcha(true);
            return;
        }

        //判斷是否有資料
        if (empVerify == null)
        {
            //沒資料
            ShowErrorMsg(ACCOUNT_FAILED_ERRMSG);
            //新增後端操作記錄
            empAuth.InsertBackEndLogData(new BackEndLogData()
            {
                EmpAccount  = "",
                Description = string.Format(".帳號不存在,輸入帳號[{0}] .Account doesn't exist! Account[{0}]", txtAccount.Text),
                IP          = c.GetClientIP()
            });
            //檢查登入失敗次數,是否顯示驗證圖
            CheckLoginFailedCountToShowCaptcha(true);
            return;
        }

        //有資料

        //檢查密碼
        string passwordHash      = HashUtility.GetPasswordHash(txtPassword.Text);
        string empPassword       = empVerify.EmpPassword;
        bool   isPasswordCorrect = false;

        if (empVerify.PasswordHashed)
        {
            isPasswordCorrect = (passwordHash == empPassword);
        }
        else
        {
            isPasswordCorrect = (txtPassword.Text == empPassword);
        }

        if (!isPasswordCorrect)
        {
            ShowErrorMsg(ACCOUNT_FAILED_ERRMSG);
            //新增後端操作記錄
            empAuth.InsertBackEndLogData(new BackEndLogData()
            {
                EmpAccount  = "",
                Description = string.Format(".密碼錯誤,帳號[{0}] .Password is incorrect! Account[{0}]", txtAccount.Text),
                IP          = c.GetClientIP()
            });
            //檢查登入失敗次數,是否顯示驗證圖
            CheckLoginFailedCountToShowCaptcha(true);
            return;
        }

        //檢查是否停權
        if (empVerify.IsAccessDenied)
        {
            ShowErrorMsg(Resources.Lang.ErrMsg_AccountUnavailable);
            //新增後端操作記錄
            empAuth.InsertBackEndLogData(new BackEndLogData()
            {
                EmpAccount  = "",
                Description = string.Format(".帳號停用,帳號[{0}] .Account is denied! Account[{0}]", txtAccount.Text),
                IP          = c.GetClientIP()
            });
            //檢查登入失敗次數,是否顯示驗證圖
            CheckLoginFailedCountToShowCaptcha(true);
            return;
        }

        //檢查上架日期
        if (string.Compare(txtAccount.Text, "admin", true) != 0)    // 不檢查帳號 admin
        {
            DateTime startDate = empVerify.StartDate.Value.Date;
            DateTime endDate   = empVerify.EndDate.Value.Date;
            DateTime today     = DateTime.Today;

            if (today < startDate || endDate < today)
            {
                ShowErrorMsg(Resources.Lang.ErrMsg_AccountUnavailable);
                //新增後端操作記錄
                empAuth.InsertBackEndLogData(new BackEndLogData()
                {
                    EmpAccount  = "",
                    Description = string.Format(".帳號超出有效範圍,帳號[{0}] .Account validation date is out of range! Account[{0}]", txtAccount.Text),
                    IP          = c.GetClientIP()
                });
                //檢查登入失敗次數,是否顯示驗證圖
                CheckLoginFailedCountToShowCaptcha(true);
                return;
            }
        }

        //記錄登入時間與IP
        empAuth.UpdateEmployeeLoginInfo(txtAccount.Text, c.GetClientIP());

        //確認可登入後,取得員工資料
        EmployeeForBackend emp = empAuth.GetEmployeeData(txtAccount.Text);

        if (emp == null && empAuth.GetDbErrMsg() != "")
        {
            //異常錯誤
            ShowErrorMsg(string.Format("{0}: {1}", Resources.Lang.ErrMsg_Exception, empAuth.GetDbErrMsg()));
            //新增後端操作記錄
            empAuth.InsertBackEndLogData(new BackEndLogData()
            {
                EmpAccount  = "",
                Description = string.Format(".帳號登入取得使用者資料時發生異常錯誤,帳號[{0}] .An exception error occurred during obtaining user profile! Account[{0}]", txtAccount.Text),
                IP          = c.GetClientIP()
            });
            //檢查登入失敗次數,是否顯示驗證圖
            CheckLoginFailedCountToShowCaptcha(true);
            return;
        }

        //清除登入失敗次數
        c.seLoginFailedCount = 0;

        DateTime
            thisLoginTime = DateTime.MinValue,
            lastLoginTime = DateTime.MinValue;

        if (emp.ThisLoginTime.HasValue)
        {
            thisLoginTime = emp.ThisLoginTime.Value;
        }

        if (emp.LastLoginTime.HasValue)
        {
            lastLoginTime = emp.LastLoginTime.Value;
        }

        LoginEmployeeData loginEmpData = new LoginEmployeeData()
        {
            EmpId           = emp.EmpId,
            EmpName         = emp.EmpName,
            Email           = emp.Email,
            DeptId          = emp.DeptId,
            DeptName        = emp.DeptName,
            RoleId          = emp.RoleId,
            RoleName        = emp.RoleName,
            RoleDisplayName = emp.RoleDisplayName,
            StartDate       = emp.StartDate.Value,
            EndDate         = emp.EndDate.Value,
            EmpAccount      = emp.EmpAccount,
            ThisLoginTime   = thisLoginTime,
            ThisLoginIP     = emp.ThisLoginIP,
            LastLoginTime   = lastLoginTime,
            LastLoginIP     = emp.LastLoginIP
        };

        c.SaveLoginEmployeeDataIntoSession(loginEmpData);

        //新增後端操作記錄
        empAuth.InsertBackEndLogData(new BackEndLogData()
        {
            EmpAccount  = c.GetEmpAccount(),
            Description = ".登入系統! .Logged in!",
            IP          = c.GetClientIP()
        });

        //記錄指定語系
        c.seLangNoOfBackend = c.qsLangNo;

        //設定已登入
        FormsAuthentication.RedirectFromLoginPage(c.seLoginEmpData.EmpAccount, false);

        /* 需要帶入額外參數時使用
         * if (string.IsNullOrEmpty(Request.QueryString["ReturnUrl"]))
         * {
         *  FormsAuthentication.SetAuthCookie(c.seLoginEmpData.EmpAccount, false);
         *  Response.Redirect(FormsAuthentication.DefaultUrl + "?l=" + c.qsLangNo.ToString());
         * }
         */
    }
    private void DisplayAccountData()
    {
        bool isOwner   = false;
        int  curRoleId = 0;

        if (c.qsAct == ConfigFormAction.edit)
        {
            EmployeeForBackend account = empAuth.GetEmployeeData(c.qsEmpId);

            if (account != null)
            {
                string empAccount = account.EmpAccount;

                //account
                txtEmpAccount.Text    = account.EmpAccount;
                txtEmpAccount.Enabled = false;

                //name
                txtEmpName.Text = account.EmpName;

                //password
                rfvPsw.Enabled                = false;
                hidEmpPasswordOri.Text        = account.EmpPassword;
                hidPasswordHashed.Text        = account.PasswordHashed.ToString();
                hidDefaultRandomPassword.Text = account.DefaultRandomPassword;

                //email
                txtEmail.Text = account.Email;

                //remarks
                txtRemarks.Text = account.Remarks;

                // is access denied
                chkIsAccessDenied.Checked = account.IsAccessDenied;
                ltrIsAccessDenied.Text    = chkIsAccessDenied.Checked ? Resources.Lang.Account_IsAccessDenied_Checked : Resources.Lang.Account_IsAccessDenied_Unchecked;

                //valid date
                txtStartDate.Text = string.Format("{0:yyyy-MM-dd}", account.StartDate.Value);
                txtEndDate.Text   = string.Format("{0:yyyy-MM-dd}", account.EndDate.Value);
                ltrDateRange.Text = txtStartDate.Text + " ~ " + txtEndDate.Text;

                if (empAccount == "admin")
                {
                    DateRangeArea.Visible = false;
                }

                //department
                ddlDept.SelectedValue = account.DeptId.ToString();
                if (ddlDept.SelectedItem != null)
                {
                    ltrDept.Text = ddlDept.SelectedItem.Text;
                }

                //role
                curRoleId = account.RoleId;
                ddlRoles.SelectedValue = curRoleId.ToString();
                ltrRoles.Text          = account.RoleDisplayText;

                //owner
                txtOwnerAccount.Text = account.OwnerAccount;
                ltrOwnerAccount.Text = txtOwnerAccount.Text;

                isOwner = empAuth.CanEditThisPage(false, account.OwnerAccount, account.OwnerDeptId);

                //modification info
                ltrPostAccount.Text = account.PostAccount;
                ltrPostDate.Text    = string.Format("{0:yyyy-MM-dd HH:mm:ss}", account.PostDate);

                if (account.MdfDate.HasValue)
                {
                    ltrMdfAccount.Text = account.MdfAccount;
                    ltrMdfDate.Text    = string.Format("{0:yyyy-MM-dd HH:mm:ss}", account.MdfDate.Value);
                }

                btnSave.Visible = true;
            }
        }
        else
        {
            //add

            txtStartDate.Text = string.Format("{0:yyyy-MM-dd}", DateTime.Today);
            DateTime endDate = DateTime.Today.AddYears(10);
            txtEndDate.Text = string.Format("{0:yyyy-MM-dd}", endDate);

            txtOwnerAccount.Text = c.GetEmpAccount();
            ltrOwnerAccount.Text = txtOwnerAccount.Text;

            isOwner = true;

            btnSave.Visible = true;
        }

        // owner privilege
        if (isOwner)
        {
            chkIsAccessDenied.Visible = true;
            ltrIsAccessDenied.Visible = false;

            DateRangeEditCtrl.Visible = true;
            ltrDateRange.Visible      = false;

            ddlDept.Visible = true;
            ltrDept.Visible = false;

            ddlRoles.Visible = true;
            ltrRoles.Visible = false;
        }

        // role-admin privilege
        if (c.IsInRole("admin"))
        {
            //owner
            txtOwnerAccount.Visible = true;
            ltrOwnerAccount.Visible = false;
        }
        else
        {
            // only role-admin can assigns role-admin to another (但是,保留已經是role-admin的選項)
            if (curRoleId != 1)
            {
                ListItem liAdmin = ddlRoles.Items.FindByValue("1");
                if (liAdmin != null)
                {
                    ddlRoles.Items.Remove(liAdmin);
                }
            }
        }
    }