public string GetStaffID(string _userID, string _password) { DataTable dt = new DataTable(); _userID = _userID.Replace("1=1", "BADSTRING!@").Trim(); _userID = _userID.Replace("--", "BADSTRING!@").Trim(); _password = _password.Replace("1=1", "BADSTRING!@").Trim(); _password = _password.Replace("--", "BADSTRING!@").Trim(); /* var utf8 = Encoding.UTF8; byte[] utfBytes = utf8.GetBytes(_password); _password = utf8.GetString(utfBytes, 0, utfBytes.Length); */ Users user = new Users(); string encrypPassword = user.GetEncryptPassword(_password); string staffID = ""; //string encrypPassword = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(_password, "SHA1").ToLower(); try { dt = this.SelectQuery("SELECT TOP 1 * FROM View_Authority WHERE User_ID = '" + _userID + "' AND Status = 'True'").Tables[0]; } catch { dt = null; } foreach (DataRow dr in dt.Rows) { if (dr["User_Password"].ToString().Equals(encrypPassword)) { staffID = dr["User_ID"].ToString(); } } return staffID; }
/// <summary> /// 更新登入者密碼 /// </summary> /// <returns>true:更新成功;false:更新失敗</returns> public bool Updateuserpwd(string userid, string pwd) { bool success = false; if (userid == null || userid.Length == 0 || pwd == null || pwd.Length == 0) { success=false; } else { Users user = new Users(); string encrypPassword = user.GetEncryptPassword(pwd); string sql = "UPDATE Users SET User_Password='******' ,Update_Time = getdate() WHERE User_ID='" + userid + "'"; success=this.ExecuteStatement(sql); } return success; }
protected void cmd_Save_Click(object sender, EventArgs e) { if (!CheckExistText(txt_UserName)) { ShowPageMsg("請輸入使用者姓名"); return; } if (!CheckExistText(txt_User_ID)) { ShowPageMsg("請輸入使用者代號"); return; } if (_operator == null) { _operator = new UserRole(); } Security sec = new Security(); Users user = new Users(); bool suc = true; try { user.User_ID = this.txt_User_ID.Text.Trim(); user.User_Name = this.txt_UserName.Text; if (txt_Password.Text.Length > 0) user.User_Password = user.GetEncryptPassword(this.txt_Password.Text.Trim()); user.Create_Time = DateTime.Now; //if (ddl_department.SelectedValue != "-1") //{ // user.DepartmentID = Convert.ToInt32(ddl_department.SelectedValue); //} user.Phone = txt_tel.Text; user.Email = txt_email.Text; user.Status = chk_Status.Checked; user.Expire_Time = DateTime.Now; user.Update_Time = DateTime.Now; if (this.hidden_Action.Value.Equals("add")) { //新增User if (user.Add()) { sec.SaveLog(this.txt_User_ID.Text.Trim(), "add user", "AuthManage", "success", Session["LoginStaffID"].ToString()); } else { suc = false; sec.SaveLog(this.txt_User_ID.Text.Trim(), "add user", "AuthManage", "fault", Session["LoginStaffID"].ToString()); } //新增User Role string role = ""; for (int i = 0; i < this.gv.Rows.Count; i++) { CheckBox chk = (CheckBox)this.gv.Rows[i].Cells[0].Controls[1]; if (chk.Checked) { _operator.User_ID = this.txt_User_ID.Text.Trim(); _operator.Role_ID = this.gv.Rows[i].Cells[1].Text.Trim(); suc &= _operator.AddUserRole(); role += _operator.Role_ID + ","; } } sec.SaveLog(this.txt_User_ID.Text.Trim(), "add userrole", "AuthManage", "role[" + role.TrimEnd(',') + "]", Session["LoginStaffID"].ToString()); } else { //儲存User Role _operator.DeleteUserRole(this.hidden_ID.Value); string role = ""; for (int i = 0; i < this.gv.Rows.Count; i++) { CheckBox chk = (CheckBox)this.gv.Rows[i].Cells[0].Controls[1]; if (chk.Checked) { _operator.User_ID = this.hidden_ID.Value; _operator.Role_ID = this.gv.Rows[i].Cells[1].Text.Trim(); suc &= _operator.AddUserRole(); role += _operator.Role_ID + ","; } } sec.SaveLog(this.hidden_ID.Value, "save userrole", "AuthManage", "role[" + role.TrimEnd(',') + "]", Session["LoginStaffID"].ToString()); //儲存狀態 switch (this.chk_Status.Checked) { case true: user.SaveStatus(this.hidden_ID.Value, "1"); break; case false: user.SaveStatus(this.hidden_ID.Value, "0"); break; default: break; } suc = user.EditUser(user); sec.SaveLog(this.hidden_ID.Value, "save status", "AuthManage", "status[" + this.chk_Status.Checked + "]", Session["LoginStaffID"].ToString()); } if (suc) { ShowMsgAndRedirect(UpdatePanel1, "修改成功", "AuthList.aspx"); //ShowPageMsg("儲存成功"); } else { ShowMsgAndRedirect(UpdatePanel1, "儲存失敗", "AuthList.aspx"); //ShowPageMsg("儲存失敗"); } } catch (Exception ex) { ShowMsgAndRedirect(UpdatePanel1, "儲存失敗", "AuthList.aspx"); } }