Esempio n. 1
0
 /// <summary>
 /// 修改密码
 /// </summary>
 /// <param name="username">用户名</param>
 /// <param name="oldPassword">旧密码</param>
 /// <param name="newPassword">新密码</param>
 /// <returns>是否修改成功</returns>
 public  bool ChangePassword(string username, string oldPassword, string newPassword)
 {
     if(new Regex(@UsernameRegularExpression).IsMatch(username.Trim())
         && new Regex(@PasswordStrengthRegularExpression).IsMatch(newPassword))
     {
          //初始化局部变量
         var factory = SqlClientFactory.Create();
         var client = factory.CreateSqlClient();
         var parameters = client.CreateParameters();
         StringBuilder sql = new StringBuilder();
         sql.AppendLine(@"SELECT FIRST 1 U.SYSID,M.MEMBERID,M.PASSWORD,M.PASSWORDSALT,M.PASSWORDFORMAT");
         sql.AppendLine(@"FROM WEB_LOGINUSERS U,WEB_MEMBERSHIP M");
         sql.AppendLine(@"WHERE U.SYSID=1 AND M.SYSID=U.SYSID AND M.USERID=U.USERID AND U.LOWEREDUSERNAME=@LOWEREDUSERNAME");
         parameters.Add(client.CreateParameter("@LOWEREDUSERNAME", username.ToLower().Trim()));
         var result = client.GetDynamicCollection(sql.ToString(), parameters.ToArray());
         if (result != null && result.Count() > 0)
         {
             var userinfo = result.First();
             var encryptor = new Sealong.Web.Security.Encryption.AesEncryptor();
             String encodePassword = String.Empty;
             var passwordFormat = Enum.Parse(typeof(System.Web.Security.MembershipPasswordFormat), userinfo.PasswordFormat);
            
             if (passwordFormat == System.Web.Security.MembershipPasswordFormat.Clear)
             {
                 encodePassword = oldPassword.Trim();
             }
             else if (passwordFormat == System.Web.Security.MembershipPasswordFormat.Encrypted)
             {
                 encodePassword = encryptor.Encrypt(oldPassword.Trim(), userinfo.PasswordSalt);
             }
             else
             {
                 encodePassword = oldPassword.Trim().GetHashCode().ToString();
             }
             String encodeNewPassword = String.Empty;
             if (userinfo.Password == encodePassword && passwordFormat == System.Web.Security.MembershipPasswordFormat.Clear)
             {
                 encodeNewPassword = newPassword.Trim();
             }
             else if (userinfo.Password == encodePassword && passwordFormat == System.Web.Security.MembershipPasswordFormat.Encrypted)
             {
                 encodeNewPassword = encryptor.Encrypt(newPassword.Trim(), userinfo.PasswordSalt);
             }
             else
             {
                 encodeNewPassword = newPassword.Trim().GetHashCode().ToString();
             }
             StringBuilder updateClause = new StringBuilder();
             updateClause.AppendLine("UPDATE WEB_MEMBERSHIP SET (PASSWORD=@PASSWORD)");
             updateClause.AppendLine("WHERE SYSID=@SYSID AND MEMBERID=@MEMBERID");
             var updateParameters = client.CreateParameters();
             updateParameters.Add(client.CreateParameter("@PASSWORD", encodeNewPassword));
             updateParameters.Add(client.CreateParameter("@SYSID", userinfo.SysID));
             updateParameters.Add(client.CreateParameter("@MEMBERID", userinfo.MemberID));
             return client.ExecuteNonQuery(updateClause.ToString(), updateParameters.ToArray()) > 0;
         }
         else
         {
             return false;
         }
     }
     else
     {
         return false;
     }
 }
Esempio n. 2
0
 /// <summary>
 /// 校验用户信息
 /// </summary>
 /// <param name="username">用户名或电子邮箱或手机号码</param>
 /// <param name="password">密码</param>
 /// <returns></returns>
 public  bool ValidateUser(string username, string password)
 {
     var client = Sealong.Data.SqlClientFactory.CreateInstance().CreateSqlClient();
     var parameters = client.CreateParameters();
     parameters.Add(client.CreateParameter("@LOWEREDUSERNAME", username.ToLower().Trim()));
     StringBuilder sql = new StringBuilder();
     sql.AppendLine("SELECT U.USERID,M.PASSWORD,M.PASSWORDFORMAT,M.PASSWORDSALT");
     sql.AppendLine("FROM WEB_LOGINUSERS U,WEB_MEMBERSHIP M");
     sql.AppendLine("WHERE U.SYSID=1 AND M.SYSID=U.SYSID AND U.LOWEREDUSERNAME=@LOWEREDUSERNAME");
     var result = client.GetDynamicCollection(sql.ToString(),parameters);
     if (result != null && result.Count() > 0)
     {
         var entity = result.First();
         String encodePassword = "";
         var encryptor = new Sealong.Web.Security.Encryption.AesEncryptor();
         if (Enum.Parse(typeof(MembershipPasswordFormat),entity.PasswordFormat) == MembershipPasswordFormat.Encrypted)
         {
             encodePassword = encryptor.Encrypt(password.Trim(), entity.PasswordSalt);
         }
         else if (Enum.Parse(typeof(MembershipPasswordFormat), entity.PasswordFormat) == MembershipPasswordFormat.Hashed)
         {
             encodePassword = password.Trim().GetHashCode().ToString();
         }
         else
         {
             encodePassword = password.Trim();
         }
         if (encodePassword == entity.Password)
         {
             StringBuilder updateClause = new StringBuilder();
             updateClause.AppendLine("UPDATE WEB_MEMBERSHIP SET LASTLOGINDATE=@LASTLOGINDATE WHERE USERID=@USERID");
             parameters.Add(client.CreateParameter("@USERID", entity.UserID));
             parameters.Add(client.CreateParameter("@LASTLOGINDATE", DateTime.Now.ToUniversalTime()));
             client.ExecuteNonQuery(updateClause.ToString(), parameters);
             return true;
         }
         else return false;
     }
     else return false;
 }
Esempio n. 3
0
 public String GetUserNo(int userID)
 {
     var encryptor = new Sealong.Web.Security.Encryption.AesEncryptor();
     var userno = encryptor.Encrypt(userID.ToString(),"sEAloNg321seAloNg456seaLOng789SL");
     return userno;
 }
Esempio n. 4
0
 public int GetUserID(String userNo)
 {
     var encryptor = new Sealong.Web.Security.Encryption.AesEncryptor();
     String idstr = encryptor.Decrypt(userNo, "sEAloNg321seAloNg456seaLOng789SL");
     var userID = Convert.ToInt32(idstr);
     return userID;
 }
Esempio n. 5
0
        /// <summary>
        /// 创建用户
        /// </summary> A123456 123456
        /// <param name="username">用户名</param>
        /// <param name="password">密码</param>
        /// <param name="email">电子邮箱</param>
        /// <param name="passwordQuestion">空值即可</param>
        /// <param name="passwordAnswer">空值即可</param>
        /// <param name="isApproved">否是开通</param>
        /// <param name="providerUserKey">用户主键</param>
        /// <param name="status">创建用户的返回状态</param>
        /// <returns>用户信息</returns>
        public  MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out System.Web.Security.MembershipCreateStatus status)
        {
            if(!new Regex(@UsernameRegularExpression).IsMatch(username.Trim()))
            {
                status = System.Web.Security.MembershipCreateStatus.InvalidUserName;
                return null;
            }
            else if (email!=null && !new Regex(@EMailRegularExpression).IsMatch(email.Trim()))
            {
                status = System.Web.Security.MembershipCreateStatus.InvalidEmail;
                return null;
            }
            else if (!new Regex(@PasswordStrengthRegularExpression).IsMatch(password.Trim()))
            {
                status = System.Web.Security.MembershipCreateStatus.InvalidPassword;
                return null;
            }
            else if (!new Regex(@TelRegularExpression).IsMatch(passwordQuestion.Trim()))
            {
                status = System.Web.Security.MembershipCreateStatus.InvalidQuestion;//密码保护问题现在表示手机号了,密码保护问题机制整体移除
                return null;
            }
            else
            {
                var factory = SqlClientFactory.Create();
                var client = factory.CreateSqlClient();
                var parameters = client.CreateParameters();
                var sqlCollection = new SqlCollection();
                StringBuilder sql = new StringBuilder();
                sql.AppendLine("SELECT COUNT(U.SYSID) TCOUNT");
                sql.AppendLine("FROM WEB_LOGINUSERS U");
                sql.AppendLine("WHERE U.SYSID=1 AND U.LOWEREDUSERNAME=@LOWEREDUSERNAME");
                parameters.Add(client.CreateParameter("@LOWEREDUSERNAME", username.Trim().ToLower()));
                sqlCollection.Add("USERNAMECOUNT", sql.ToString());
                if (RequiresUniqueEmail)
                {
                    sql = new StringBuilder();
                    sql.AppendLine("SELECT COUNT(U.SYSID) TCOUNT");
                    sql.AppendLine("FROM WEB_LOGINUSERS U");
                    sql.AppendLine("WHERE U.SYSID=1 AND U.LOWEREDEMAIL=@LOWEREDEMAIL");
                    parameters.Add(client.CreateParameter("@LOWEREDEMAIL", email.Trim().ToLower()));
                    sqlCollection.Add("EMAILCOUNT", sql.ToString());
                }
                var result = client.RunSql(sqlCollection, parameters.ToArray());
                if(result.Tables["USERNAMECOUNT"]!=null 
                    && result.Tables["USERNAMECOUNT"].Rows[0]["TCOUNT"]!=null
                    && ((int)result.Tables["USERNAMECOUNT"].Rows[0]["TCOUNT"]) > 0)
                {
                    status = System.Web.Security.MembershipCreateStatus.DuplicateUserName;
                    return null;
                }
                else if (email != null && RequiresUniqueEmail 
                        && result.Tables["EMAILCOUNT"]!=null 
                        && result.Tables["EMAILCOUNT"].Rows[0]["TCOUNT"]!=null
                        && ((int)result.Tables["EMAILCOUNT"].Rows[0]["TCOUNT"]) > 0)
                {
                    status = System.Web.Security.MembershipCreateStatus.DuplicateEmail;
                    return null;
                }
                else
                {
                    var encryptor = new Sealong.Web.Security.Encryption.AesEncryptor();
                    var salt = encryptor.GeneralEncryptKey();
                    var encodePassword = encryptor.Encrypt(password.Trim(), salt.ToString());
                    var passwordFormat = System.Web.Security.MembershipPasswordFormat.Encrypted.ToString();
                    sqlCollection = new SqlCollection();

                    var createUserParameters = client.CreateParameters();
                    createUserParameters.Add(client.CreateParameter("@SYSID", 1));
                    StringBuilder maxUserIdClause = new StringBuilder();
                    maxUserIdClause.AppendLine("SELECT COALESCE(MAX(U.USERID),0) MAXUSERID");
                    maxUserIdClause.AppendLine("FROM WEB_LOGINUSERS U");
                    maxUserIdClause.AppendLine("WHERE U.SYSID=1");
                    StringBuilder maxMemberIdClause = new StringBuilder();
                    maxMemberIdClause.AppendLine("SELECT COALESCE(MAX(M.MEMBERID),0) MAXMEMBERID");
                    maxMemberIdClause.AppendLine("FROM WEB_MEMBERSHIP M");
                    maxMemberIdClause.AppendLine("WHERE U.SYSID=1");
                    StringBuilder insertUserClause = new StringBuilder();
                    insertUserClause.Append("INSERT INTO WEB_LOGINUSERS (SYSID, USERID, USERNO, USERNAME, LOWEREDUSERNAME, TEL, EMAIL, LOWEREDEMAIL, LASTACTIVITYDATE)");
                    insertUserClause.Append(" VALUES (");
                    insertUserClause.Append("@SYSID, @USERID, @USERNO, @USERNAME, @LOWEREDUSERNAME, @TEL, @EMAIL, @LOWEREDEMAIL, @LASTACTIVITYDATE)");                   
                    createUserParameters.Add(client.CreateParameter("@USERNAME", username.Trim()));
                    createUserParameters.Add(client.CreateParameter("@LOWEREDUSERNAME", username.Trim().ToLower()));
                    createUserParameters.Add(client.CreateParameter("@TEL", passwordQuestion.Trim()));
                    createUserParameters.Add(client.CreateParameter("@EMAIL",email==null ? null : email.Trim()));
                    createUserParameters.Add(client.CreateParameter("@LOWEREDEMAIL", email == null ? null : email.Trim().ToLower()));
                    createUserParameters.Add(client.CreateParameter("@LASTACTIVITYDATE", DateTime.MinValue));
                    StringBuilder insertMembershipClause = new StringBuilder();
                    insertMembershipClause.Append("INSERT INTO WEB_MEMBERSHIP (SYSID, MEMBERID, USERID, PASSWORD, PASSWORDFORMAT, PASSWORDSALT, IFAPPROVED, IFLOCKED, CREATEDATE, LASTLOCKDATE, LASTLOGINDATE, LASTPASSWORDCHANGEDDATE, FAILEDPWDSTART, FAILEDPWDCOUNT, REMARKS)");
                    insertMembershipClause.Append(" VALUES ( ");
                    insertMembershipClause.Append("@SYSID, @MEMBERID, @USERID, @PASSWORD, @PASSWORDFORMAT, @PASSWORDSALT, @IFAPPROVED, @IFLOCKED, @CREATEDATE, @LASTLOCKDATE, @LASTLOGINDATE, @LASTPASSWORDCHANGEDDATE, @FAILEDPWDSTART, @FAILEDPWDCOUNT, @REMARKS)");
                    createUserParameters.Add(client.CreateParameter("@PASSWORD", encodePassword));
                    createUserParameters.Add(client.CreateParameter("@PASSWORDFORMAT", passwordFormat));
                    createUserParameters.Add(client.CreateParameter("@PASSWORDSALT", salt));
                    createUserParameters.Add(client.CreateParameter("@IFAPPROVED", isApproved?"T":"F"));
                    createUserParameters.Add(client.CreateParameter("@IFLOCKED", "F"));
                    createUserParameters.Add(client.CreateParameter("@CREATEDATE", DateTime.Now ));
                    createUserParameters.Add(client.CreateParameter("@LASTLOCKDATE", DateTime.MinValue));
                    createUserParameters.Add(client.CreateParameter("@LASTLOGINDATE", DateTime.MinValue));
                    createUserParameters.Add(client.CreateParameter("@LASTPASSWORDCHANGEDDATE", DateTime.MinValue));
                    createUserParameters.Add(client.CreateParameter("@FAILEDPWDSTART", DateTime.MinValue));
                    createUserParameters.Add(client.CreateParameter("@FAILEDPWDCOUNT", 0));
                    createUserParameters.Add(client.CreateParameter("@REMARKS", String.Empty));
                    var createUserStatus = System.Web.Security.MembershipCreateStatus.UserRejected;
                    sqlCollection.Add("MAXUSERID", maxUserIdClause.ToString(), new Action<System.Data.DataSet, List<System.Data.IDbDataParameter>>((source, @params) =>
                    {
                        if (!source.IsNullOrEmpty() && source.Tables[0].Rows[0]["TCOUNT"]!=null)
                        {
                            var userid = (int)source.Tables[0].Rows[0]["TCOUNT"];
                            @params.Add(client.CreateParameter("@USERID", userid + 1));
                            @params.Add(client.CreateParameter("@USERNO", GetUserNo(userid+1)));
                        }
                        else
                        {
                            createUserStatus = System.Web.Security.MembershipCreateStatus.ProviderError;
                            return;
                        }
                    }));
                    sqlCollection.Add("MAXMEMBERID", maxMemberIdClause.ToString(), new Action<System.Data.DataSet, List<System.Data.IDbDataParameter>>((source, @params) =>
                    {
                        if (!source.IsNullOrEmpty() && source.Tables[0].Rows[0]["TCOUNT"] != null)
                        {
                            var memberid = (int)source.Tables[0].Rows[0]["TCOUNT"];
                            @params.Add(client.CreateParameter("@MEMBERID", memberid + 1));
                        }
                        else
                        {
                            createUserStatus = System.Web.Security.MembershipCreateStatus.ProviderError;
                            return;
                        }
                    }));
                    sqlCollection.Add("InsertLoginUsers", insertUserClause.ToString(), true);
                    sqlCollection.Add("InsertMembership", insertMembershipClause.ToString(), true);
                    try
                    {
                       client.RunSql(sqlCollection, createUserParameters);
                       if (createUserStatus == System.Web.Security.MembershipCreateStatus.ProviderError)
                       {
                           status = createUserStatus;
                           return null;
                       }
                       else
                       {
                           status = System.Web.Security.MembershipCreateStatus.Success;
                           return new MembershipUser("", username, providerUserKey, email, passwordQuestion, passwordAnswer, isApproved, false, DateTime.Now, DateTime.MinValue, DateTime.MinValue, DateTime.MinValue, DateTime.MinValue);
                       }
                    }
                    catch
                    {
                        createUserStatus = MembershipCreateStatus.ProviderError;
                        status = createUserStatus;
                        return null;
                    }
                }
            }
        }