protected void btnLogin_Click(object sender, EventArgs e)
{
txtCheckCode.Text = "";
if (!IsValid)
{
return;
}
txtAccount.Text = txtAccount.Text.Trim();
txtPassword.Text = txtPassword.Text.Trim();
//登入驗證
EmployeeToLogin empVerify = empAuth.GetEmployeeDataToLogin(txtAccount.Text);
if (empVerify == null && empAuth.GetDbErrMsg() != "")
{
//異常錯誤
ShowErrorMsg(string.Format("{0}: {1}", Resources.Lang.ErrMsg_Exception, empAuth.GetDbErrMsg()));
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = "",
Description = string.Format(".帳號登入驗證時發生異常錯誤,帳號[{0}] .An exception error occurred during login verification! Account[{0}]", txtAccount.Text),
IP = c.GetClientIP()
});
//檢查登入失敗次數,是否顯示驗證圖
CheckLoginFailedCountToShowCaptcha(true);
return;
}
//判斷是否有資料
if (empVerify == null)
{
//沒資料
ShowErrorMsg(ACCOUNT_FAILED_ERRMSG);
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = "",
Description = string.Format(".帳號不存在,輸入帳號[{0}] .Account doesn't exist! Account[{0}]", txtAccount.Text),
IP = c.GetClientIP()
});
//檢查登入失敗次數,是否顯示驗證圖
CheckLoginFailedCountToShowCaptcha(true);
return;
}
//有資料
//檢查密碼
string passwordHash = HashUtility.GetPasswordHash(txtPassword.Text);
string empPassword = empVerify.EmpPassword;
bool isPasswordCorrect = false;
if (empVerify.PasswordHashed)
{
isPasswordCorrect = (passwordHash == empPassword);
}
else
{
isPasswordCorrect = (txtPassword.Text == empPassword);
}
if (!isPasswordCorrect)
{
ShowErrorMsg(ACCOUNT_FAILED_ERRMSG);
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = "",
Description = string.Format(".密碼錯誤,帳號[{0}] .Password is incorrect! Account[{0}]", txtAccount.Text),
IP = c.GetClientIP()
});
//檢查登入失敗次數,是否顯示驗證圖
CheckLoginFailedCountToShowCaptcha(true);
return;
}
//檢查是否停權
if (empVerify.IsAccessDenied)
{
ShowErrorMsg(Resources.Lang.ErrMsg_AccountUnavailable);
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = "",
Description = string.Format(".帳號停用,帳號[{0}] .Account is denied! Account[{0}]", txtAccount.Text),
IP = c.GetClientIP()
});
//檢查登入失敗次數,是否顯示驗證圖
CheckLoginFailedCountToShowCaptcha(true);
return;
}
//檢查上架日期
if (string.Compare(txtAccount.Text, "admin", true) != 0) // 不檢查帳號 admin
{
DateTime startDate = empVerify.StartDate.Value.Date;
DateTime endDate = empVerify.EndDate.Value.Date;
DateTime today = DateTime.Today;
if (today < startDate || endDate < today)
{
ShowErrorMsg(Resources.Lang.ErrMsg_AccountUnavailable);
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = "",
Description = string.Format(".帳號超出有效範圍,帳號[{0}] .Account validation date is out of range! Account[{0}]", txtAccount.Text),
IP = c.GetClientIP()
});
//檢查登入失敗次數,是否顯示驗證圖
CheckLoginFailedCountToShowCaptcha(true);
return;
}
}
//記錄登入時間與IP
empAuth.UpdateEmployeeLoginInfo(txtAccount.Text, c.GetClientIP());
//確認可登入後,取得員工資料
EmployeeForBackend emp = empAuth.GetEmployeeData(txtAccount.Text);
if (emp == null && empAuth.GetDbErrMsg() != "")
{
//異常錯誤
ShowErrorMsg(string.Format("{0}: {1}", Resources.Lang.ErrMsg_Exception, empAuth.GetDbErrMsg()));
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = "",
Description = string.Format(".帳號登入取得使用者資料時發生異常錯誤,帳號[{0}] .An exception error occurred during obtaining user profile! Account[{0}]", txtAccount.Text),
IP = c.GetClientIP()
});
//檢查登入失敗次數,是否顯示驗證圖
CheckLoginFailedCountToShowCaptcha(true);
return;
}
//清除登入失敗次數
c.seLoginFailedCount = 0;
DateTime
thisLoginTime = DateTime.MinValue,
lastLoginTime = DateTime.MinValue;
if (emp.ThisLoginTime.HasValue)
{
thisLoginTime = emp.ThisLoginTime.Value;
}
if (emp.LastLoginTime.HasValue)
{
lastLoginTime = emp.LastLoginTime.Value;
}
LoginEmployeeData loginEmpData = new LoginEmployeeData()
{
EmpId = emp.EmpId,
EmpName = emp.EmpName,
Email = emp.Email,
DeptId = emp.DeptId,
DeptName = emp.DeptName,
RoleId = emp.RoleId,
RoleName = emp.RoleName,
RoleDisplayName = emp.RoleDisplayName,
StartDate = emp.StartDate.Value,
EndDate = emp.EndDate.Value,
EmpAccount = emp.EmpAccount,
ThisLoginTime = thisLoginTime,
ThisLoginIP = emp.ThisLoginIP,
LastLoginTime = lastLoginTime,
LastLoginIP = emp.LastLoginIP
};
c.SaveLoginEmployeeDataIntoSession(loginEmpData);
//新增後端操作記錄
empAuth.InsertBackEndLogData(new BackEndLogData()
{
EmpAccount = c.GetEmpAccount(),
Description = ".登入系統! .Logged in!",
IP = c.GetClientIP()
});
//記錄指定語系
c.seLangNoOfBackend = c.qsLangNo;
//設定已登入
FormsAuthentication.RedirectFromLoginPage(c.seLoginEmpData.EmpAccount, false);
/* 需要帶入額外參數時使用
* if (string.IsNullOrEmpty(Request.QueryString["ReturnUrl"]))
* {
* FormsAuthentication.SetAuthCookie(c.seLoginEmpData.EmpAccount, false);
* Response.Redirect(FormsAuthentication.DefaultUrl + "?l=" + c.qsLangNo.ToString());
* }
*/
}
private void DisplayAccountData()
{
bool isOwner = false;
int curRoleId = 0;
if (c.qsAct == ConfigFormAction.edit)
{
EmployeeForBackend account = empAuth.GetEmployeeData(c.qsEmpId);
if (account != null)
{
string empAccount = account.EmpAccount;
//account
txtEmpAccount.Text = account.EmpAccount;
txtEmpAccount.Enabled = false;
//name
txtEmpName.Text = account.EmpName;
//password
rfvPsw.Enabled = false;
hidEmpPasswordOri.Text = account.EmpPassword;
hidPasswordHashed.Text = account.PasswordHashed.ToString();
hidDefaultRandomPassword.Text = account.DefaultRandomPassword;
//email
txtEmail.Text = account.Email;
//remarks
txtRemarks.Text = account.Remarks;
// is access denied
chkIsAccessDenied.Checked = account.IsAccessDenied;
ltrIsAccessDenied.Text = chkIsAccessDenied.Checked ? Resources.Lang.Account_IsAccessDenied_Checked : Resources.Lang.Account_IsAccessDenied_Unchecked;
//valid date
txtStartDate.Text = string.Format("{0:yyyy-MM-dd}", account.StartDate.Value);
txtEndDate.Text = string.Format("{0:yyyy-MM-dd}", account.EndDate.Value);
ltrDateRange.Text = txtStartDate.Text + " ~ " + txtEndDate.Text;
if (empAccount == "admin")
{
DateRangeArea.Visible = false;
}
//department
ddlDept.SelectedValue = account.DeptId.ToString();
if (ddlDept.SelectedItem != null)
{
ltrDept.Text = ddlDept.SelectedItem.Text;
}
//role
curRoleId = account.RoleId;
ddlRoles.SelectedValue = curRoleId.ToString();
ltrRoles.Text = account.RoleDisplayText;
//owner
txtOwnerAccount.Text = account.OwnerAccount;
ltrOwnerAccount.Text = txtOwnerAccount.Text;
isOwner = empAuth.CanEditThisPage(false, account.OwnerAccount, account.OwnerDeptId);
//modification info
ltrPostAccount.Text = account.PostAccount;
ltrPostDate.Text = string.Format("{0:yyyy-MM-dd HH:mm:ss}", account.PostDate);
if (account.MdfDate.HasValue)
{
ltrMdfAccount.Text = account.MdfAccount;
ltrMdfDate.Text = string.Format("{0:yyyy-MM-dd HH:mm:ss}", account.MdfDate.Value);
}
btnSave.Visible = true;
}
}
else
{
//add
txtStartDate.Text = string.Format("{0:yyyy-MM-dd}", DateTime.Today);
DateTime endDate = DateTime.Today.AddYears(10);
txtEndDate.Text = string.Format("{0:yyyy-MM-dd}", endDate);
txtOwnerAccount.Text = c.GetEmpAccount();
ltrOwnerAccount.Text = txtOwnerAccount.Text;
isOwner = true;
btnSave.Visible = true;
}
// owner privilege
if (isOwner)
{
chkIsAccessDenied.Visible = true;
ltrIsAccessDenied.Visible = false;
DateRangeEditCtrl.Visible = true;
ltrDateRange.Visible = false;
ddlDept.Visible = true;
ltrDept.Visible = false;
ddlRoles.Visible = true;
ltrRoles.Visible = false;
}
// role-admin privilege
if (c.IsInRole("admin"))
{
//owner
txtOwnerAccount.Visible = true;
ltrOwnerAccount.Visible = false;
}
else
{
// only role-admin can assigns role-admin to another (但是,保留已經是role-admin的選項)
if (curRoleId != 1)
{
ListItem liAdmin = ddlRoles.Items.FindByValue("1");
if (liAdmin != null)
{
ddlRoles.Items.Remove(liAdmin);
}
}
}
}