protected void Page_Load(object sender, EventArgs e)
{
sql = "select u.user_id, u.user_name, d.user_deptname " +
"from rps_userinfo u, rps_deptinfo d " +
"where u.user_dept = d.user_dept " +
"order by u.user_id";
this.db = new Database("rpsdb", this.sql, Database.WebConfig);
}
public User(String ID, String PW, String IPAddress, String Token)
{
this.ID = ID;
this.PW = PW;
this.IPAddress = IPAddress;
this.Token = Token;
this.ss = HttpContext.Current.Session.SessionID;
this.sql = "insert into rps_session values('" + this.ID + "','" + this.Token +
"','" + this.ss + "', GETDATE(), '" + this.IPAddress + "')";
this.db = new Database("rpsdb", this.sql, Database.WebConfig);
this.db.ExecuteSql(this.sql);
this.db.Close();
ResetReportParameter();
}
protected void Button1_Click(object sender, EventArgs e)
{
if (TB_OldPassword.Text.Equals(""))
ShowMessage("請輸入舊密碼!", MessagePanel, TB_OldPassword);
else if (TB_NewPassword.Text.Equals(""))
ShowMessage("請輸入新密碼!", MessagePanel, TB_NewPassword);
else if (TB_ConfirmPassword.Text.Equals(""))
ShowMessage("請輸入確認密碼!", MessagePanel, TB_ConfirmPassword);
else if (!TB_ConfirmPassword.Text.Equals(TB_NewPassword.Text))
{
ShowMessage("新密碼與確認密碼不吻合!", MessagePanel, TB_NewPassword);
TB_NewPassword.Text = "";
TB_ConfirmPassword.Text = "";
}
else if (!this.user.ValidatePassword(TB_OldPassword.Text))
{
ShowMessage("舊密碼不正確!", MessagePanel, TB_OldPassword);
}
else
{
MessagePanel.Text = " ";
try
{
String HashPW = Cryptography.MD5(TB_NewPassword.Text);
String sql = "update rps_userinfo set user_pw = '" + HashPW + "' where user_id = '" + user.ID + "'";
Database db = new Database("rpsdb", sql, Database.WebConfig);
db.ExecuteSql(sql);
MessagePanel.Text = " ";
TB_OldPassword.Text = "";
TB_NewPassword.Text = "";
TB_ConfirmPassword.Text = "";
String script = "alert('密碼成功更新!'); location.replace('/Main.aspx');";
ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "ClientScript", script, true);
}
catch (Exception)
{
String script = "alert('密碼更新失敗!'); location.replace('/Main.aspx');";
ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "ClientScript", script, true);
}
}
}
protected void Button1_Click(object sender, EventArgs e)
{
if (TB_UserID.Text.Equals(""))
ShowMessage("請輸入用戶名稱!", MessagePanel, TB_UserID);
else if (TB_UserPw.Text.Equals(""))
ShowMessage("請輸入用戶密碼!", MessagePanel, TB_UserPw);
else
{
String UserPW = "";
String sql = "select user_pw from rps_userinfo where user_id = '" + TB_UserID.Text.Trim() + "'";
try
{
Database db = new Database("rpsdb", sql, Database.WebConfig);
SqlDataReader reader = db.GetReader();
while (reader.Read())
UserPW = reader["user_pw"].ToString();
if (!reader.HasRows || !TB_UserPw.Text.Trim().Equals(UserPW.Trim()))
{
TB_UserPw.Text = "";
ShowMessage("登入失敗!", MessagePanel, TB_UserPw);
db.Close();
}
else
{
Session[HF_UserToken.Value] = true;
Session["User"] = new User(TB_UserID.Text, TB_UserPw.Text, Request.UserHostAddress, HF_UserToken.Value);
db.Close();
ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "ClientScript", "location.replace('/Main.aspx');", true);
}
}
catch (SqlException)
{
TB_UserPw.Text = "";
TB_UserPw.Text = "";
MessagePanel.Text = "資料庫連接失敗!";
//MessagePanel.Text = ex.Message;
}
}
}
protected void Btn_AddUser_Click(object sender, EventArgs e)
{
if (TB_UserID.Text.Equals(""))
ShowMessage("請輸入用戶ID!", MessagePanel, TB_UserID);
else if (TB_UserPw.Text.Equals(""))
ShowMessage("請輸入用戶密碼!", MessagePanel, TB_UserPw);
else if (TB_UserName.Text.Equals(""))
ShowMessage("請輸入用戶名稱!", MessagePanel, TB_UserName);
else
{
String UserID = TB_UserID.Text.Trim();
String UserName = TB_UserName.Text.Trim();
String UserPW = Cryptography.MD5(TB_UserPw.Text);
String UserDept = DDL_Dept.SelectedValue;
String sql = "select * from rps_userinfo where user_id = '" + UserID + "'";
Database db = new Database("rpsdb", sql, Database.WebConfig);
SqlDataReader reader = db.GetReader();
if (reader.HasRows)
ShowMessage("用戶ID己存在!", MessagePanel, TB_UserID);
else
{
reader.Close();
sql = "insert into rps_userinfo values (" +
"'" + UserID + "', '" + UserPW + "', '" + UserName + "', '" + UserDept + "', '1900-01-01 00:00:00.000', 'T')";
db.ExecuteSql(sql);
sql = "insert into rps_usermenu values ('" + UserID + "','R00')";
db.ExecuteSql(sql);
sql = "insert into rps_usermenu values ('" + UserID + "','R0002')";
db.ExecuteSql(sql);
String ClientScript = "alert('用戶新增成功!'); location.replace('R0101_UserMaintenance.aspx'); ";
ScriptManager.RegisterClientScriptBlock(UpdatePanel1, GetType(), "Alert", ClientScript, true);
}
}
}