public string GetStaffID(string _userID, string _password)
{
DataTable dt = new DataTable();
_userID = _userID.Replace("1=1", "BADSTRING!@").Trim();
_userID = _userID.Replace("--", "BADSTRING!@").Trim();
_password = _password.Replace("1=1", "BADSTRING!@").Trim();
_password = _password.Replace("--", "BADSTRING!@").Trim();
/*
var utf8 = Encoding.UTF8;
byte[] utfBytes = utf8.GetBytes(_password);
_password = utf8.GetString(utfBytes, 0, utfBytes.Length);
*/
Users user = new Users();
string encrypPassword = user.GetEncryptPassword(_password);
string staffID = "";
//string encrypPassword = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(_password, "SHA1").ToLower();
try
{
dt = this.SelectQuery("SELECT TOP 1 * FROM View_Authority WHERE User_ID = '" + _userID + "' AND Status = 'True'").Tables[0];
}
catch
{
dt = null;
}
foreach (DataRow dr in dt.Rows)
{
if (dr["User_Password"].ToString().Equals(encrypPassword))
{
staffID = dr["User_ID"].ToString();
}
}
return staffID;
}
/// <summary>
/// 更新登入者密碼
/// </summary>
/// <returns>true:更新成功;false:更新失敗</returns>
public bool Updateuserpwd(string userid, string pwd)
{
bool success = false;
if (userid == null || userid.Length == 0 || pwd == null || pwd.Length == 0)
{
success=false;
}
else
{
Users user = new Users();
string encrypPassword = user.GetEncryptPassword(pwd);
string sql = "UPDATE Users SET User_Password='******' ,Update_Time = getdate() WHERE User_ID='" + userid + "'";
success=this.ExecuteStatement(sql);
}
return success;
}
protected void cmd_Save_Click(object sender, EventArgs e)
{
if (!CheckExistText(txt_UserName))
{
ShowPageMsg("請輸入使用者姓名");
return;
}
if (!CheckExistText(txt_User_ID))
{
ShowPageMsg("請輸入使用者代號");
return;
}
if (_operator == null)
{
_operator = new UserRole();
}
Security sec = new Security();
Users user = new Users();
bool suc = true;
try
{
user.User_ID = this.txt_User_ID.Text.Trim();
user.User_Name = this.txt_UserName.Text;
if (txt_Password.Text.Length > 0)
user.User_Password = user.GetEncryptPassword(this.txt_Password.Text.Trim());
user.Create_Time = DateTime.Now;
//if (ddl_department.SelectedValue != "-1")
//{
// user.DepartmentID = Convert.ToInt32(ddl_department.SelectedValue);
//}
user.Phone = txt_tel.Text;
user.Email = txt_email.Text;
user.Status = chk_Status.Checked;
user.Expire_Time = DateTime.Now;
user.Update_Time = DateTime.Now;
if (this.hidden_Action.Value.Equals("add"))
{
//新增User
if (user.Add())
{
sec.SaveLog(this.txt_User_ID.Text.Trim(), "add user", "AuthManage", "success", Session["LoginStaffID"].ToString());
}
else
{
suc = false;
sec.SaveLog(this.txt_User_ID.Text.Trim(), "add user", "AuthManage", "fault", Session["LoginStaffID"].ToString());
}
//新增User Role
string role = "";
for (int i = 0; i < this.gv.Rows.Count; i++)
{
CheckBox chk = (CheckBox)this.gv.Rows[i].Cells[0].Controls[1];
if (chk.Checked)
{
_operator.User_ID = this.txt_User_ID.Text.Trim();
_operator.Role_ID = this.gv.Rows[i].Cells[1].Text.Trim();
suc &= _operator.AddUserRole();
role += _operator.Role_ID + ",";
}
}
sec.SaveLog(this.txt_User_ID.Text.Trim(), "add userrole", "AuthManage", "role[" + role.TrimEnd(',') + "]", Session["LoginStaffID"].ToString());
}
else
{
//儲存User Role
_operator.DeleteUserRole(this.hidden_ID.Value);
string role = "";
for (int i = 0; i < this.gv.Rows.Count; i++)
{
CheckBox chk = (CheckBox)this.gv.Rows[i].Cells[0].Controls[1];
if (chk.Checked)
{
_operator.User_ID = this.hidden_ID.Value;
_operator.Role_ID = this.gv.Rows[i].Cells[1].Text.Trim();
suc &= _operator.AddUserRole();
role += _operator.Role_ID + ",";
}
}
sec.SaveLog(this.hidden_ID.Value, "save userrole", "AuthManage", "role[" + role.TrimEnd(',') + "]", Session["LoginStaffID"].ToString());
//儲存狀態
switch (this.chk_Status.Checked)
{
case true:
user.SaveStatus(this.hidden_ID.Value, "1");
break;
case false:
user.SaveStatus(this.hidden_ID.Value, "0");
break;
default:
break;
}
suc = user.EditUser(user);
sec.SaveLog(this.hidden_ID.Value, "save status", "AuthManage", "status[" + this.chk_Status.Checked + "]", Session["LoginStaffID"].ToString());
}
if (suc)
{
ShowMsgAndRedirect(UpdatePanel1, "修改成功", "AuthList.aspx");
//ShowPageMsg("儲存成功");
}
else
{
ShowMsgAndRedirect(UpdatePanel1, "儲存失敗", "AuthList.aspx");
//ShowPageMsg("儲存失敗");
}
}
catch (Exception ex)
{
ShowMsgAndRedirect(UpdatePanel1, "儲存失敗", "AuthList.aspx");
}
}
