private void GetUserQuestionAnswer() { System.Threading.Thread.Sleep(500); if (key == "" || key.Length <= 32) { Shove._Web.JavaScript.Alert(this.Page, "链接地址不合法,请核实.", "AccountDetail.aspx"); return; } string sign = key.Substring(0, 16) + key.Substring(key.Length - 16, 16); key = key.Substring(16, key.Length - 32); try { if (sign != BitConverter.ToString(new MD5CryptoServiceProvider().ComputeHash(Encoding.UTF8.GetBytes(key))).Replace("-", "")) { Shove._Web.JavaScript.Alert(this.Page, "链接地址不合法,请核实", "AccountDetail.aspx"); return; } key = Shove._Security.Encrypt.UnEncryptString(PF.GetCallCert(), key); long userID = -1; DateTime time = DateTime.Now.AddYears(-1); string question = ""; string answer = ""; string userName = ""; int validedvount = 1; try { userID = Shove._Convert.StrToLong(key.Split(',')[0], 0); time = Convert.ToDateTime(key.Split(',')[1]); question = key.Split(',')[2]; answer = key.Split(',')[3]; userName = key.Split(',')[4]; validedvount = Shove._Convert.StrToInt(key.Split(',')[5], 1); } catch { } if (userID != _User.ID || userName != _User.Name) { Shove._Web.JavaScript.Alert(this.Page, "登陆账号与所申请的账号不一致,请核实.", "../../UserLogin.aspx"); return; } if (validedvount != 0) { Shove._Web.JavaScript.Alert(this.Page, "该地址已过期.", "AccountDetail.aspx"); return; } DataTable dt = new DAL.Tables.T_UserEditQuestionAnswer().Open("QuestionAnswerState","UserID = " + _User.ID,""); if (dt.Rows.Count == 0) { Shove._Web.JavaScript.Alert(this.Page, "该地址已过期.", "AccountDetail.aspx"); return; } else { if (dt.Rows[0][0].ToString() != "0") { Shove._Web.JavaScript.Alert(this.Page, "该地址已过期.", "AccountDetail.aspx"); return; } } if (time.AddDays(1).CompareTo(DateTime.Now) < 0) { Shove._Web.JavaScript.Alert(this.Page, "该地址已过期.", "AccountDetail.aspx"); return; } if (userID <= 0) { Shove._Web.JavaScript.Alert(this.Page, "非法访问", "../../UserLogin.aspx"); return; } ShowEditQF2(); } catch { Shove._Web.JavaScript.Alert(this.Page, "非法访问。", "../../UserLogin.aspx"); } }
protected void btnGoEmail_Click(object sender, EventArgs e) { string passWord = Shove._Web.Utility.FilteSqlInfusion(tbPassWord.Text.ToString()); string Email = _User.Email; string RealityName = Shove._Web.Utility.FilteSqlInfusion(tbRealityName.Text.ToString()); string Question = _User.SecurityQuestion; string Answer = _User.SecurityAnswer; string userName = _User.Name; int ValidedCount = 0; if (RealityName == "") { Shove._Web.JavaScript.Alert(this.Page, "请输入真实姓名。"); return; } if (RealityName != _User.RealityName) { Shove._Web.JavaScript.Alert(this.Page, "真实姓名输入有误,请核实。"); return; } if (passWord == "") { Shove._Web.JavaScript.Alert(this.Page, "请输入密码。"); return; } if (PF.EncryptPassword(passWord) != _User.Password) { Shove._Web.JavaScript.Alert(this.Page, "您输入的密码有误,请核实。"); return; } if (Question == "" || Answer == "") { Shove._Web.JavaScript.Alert(this.Page, "您还未设置安全问题,无需重置。"); return; } DataTable dt = new DAL.Tables.T_UserEditQuestionAnswer().Open("", "UserID=" + _User.ID, ""); //实例化T_UserEditQuestionAnswer表 DAL.Tables.T_UserEditQuestionAnswer T_QF = new DAL.Tables.T_UserEditQuestionAnswer(); long Result = -1; string ReturnDescription = ""; if (dt.Rows.Count > 0) { if (Shove._Convert.StrToDateTime(dt.Rows[0]["DateTime"].ToString(), "0000-00-00").ToString("yyyyMMdd") == DateTime.Now.ToString("yyyyMMdd")) { if (dt.Rows[0]["ValidedCount"].ToString() == "2") { Shove._Web.JavaScript.Alert(this.Page, "您今天已重置两次安全问题了,请明天再来吧", "AccountDetail.aspx"); return; } else { ValidedCount = Shove._Convert.StrToInt(dt.Rows[0]["ValidedCount"].ToString(), 1) + 1; } } else { ValidedCount = 1; } T_QF.ValidedCount.Value = ValidedCount; T_QF.QuestionAnswerState.Value = 0; Result = T_QF.Update("UserID=" + _User.ID); if (Result < 0) { PF.GoError(-1, ReturnDescription, this.GetType().FullName); return; } } else { T_QF.UserID.Value = _User.ID; T_QF.QuestionAnswerState.Value = 0; T_QF.ValidedCount.Value = 1; Result = T_QF.Insert(); if (Result < 0) { PF.GoError(-1, ReturnDescription, this.GetType().FullName); return; } } string key = Shove._Security.Encrypt.EncryptString(PF.GetCallCert(), _User.ID.ToString() + "," + DateTime.Now.ToString() + "," + Question + "," + Answer + "," + userName + "," + T_QF.QuestionAnswerState.Value); MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider(); string sign = BitConverter.ToString(md5.ComputeHash(Encoding.UTF8.GetBytes(key))).Replace("-", ""); key = sign.Substring(0, 16) + key + sign.Substring(16, 16); string url = Shove._Web.Utility.GetUrl() + "/Home/Room/SafeSet.aspx?Qkey="+key; StringBuilder sb = new StringBuilder(); sb.Append("<div style='font-weight:bold;'>尊敬的"+_Site.Name+"客户(").Append(_User.Name).Append("):</div>") .Append("<div>您好!</div>") .Append("<div>系统已收到您的安全问题重置,请点击链接<a href='").Append(url).Append("' target='_top'>").Append(url).Append("</a>校验您的身份。</div>") .Append("<div>为了您的安全,该邮件通知地址将在 24 小时后失效,谢谢合作。</div>") .Append("<div>此邮件由系统发出,请勿直接回复!</div>") .Append("<div>").Append(Shove._Web.Utility.GetUrlWithoutHttp()).Append(" 版权所有(C) 2008-2009</div>"); if (PF.SendEmail(_Site, Email, "安全问题找回", sb.ToString()) == 0) { tbPassWord.Enabled = false; tbRealityName.Enabled = false; btnGoEmail.Enabled = false; lblTips.Text = " 您好,系统已经发送一封验证邮件您的邮箱,请到您的信箱确认。"; } else { new Log("System").Write(this.GetType().FullName + "发送邮件失败"); } }
protected void btnOK_Click(object sender, EventArgs e) { string Question = ddlQuestion.SelectedValue; if (trOldQue.Visible == true) { if (tbOAnswer.Text.Trim() != _User.SecurityAnswer) { Shove._Web.JavaScript.Alert(this.Page, "原安全问题回答错误"); return; } } if (Question == "自定义问题") { Question = Shove._Web.Utility.FilteSqlInfusion(tbMyQuestion.Text.Trim()); if (Question == "") { Shove._Web.JavaScript.Alert(this.Page, "请输入安全问题"); return; } Question = "自定义问题|" + Question; } else { Question = ddlQuestion.SelectedValue; } string Answer = Shove._Web.Utility.FilteSqlInfusion(tbAnswer.Text.Trim()); if (Answer == "") { Shove._Web.JavaScript.Alert(this.Page, "请输入答案"); return; } DAL.Tables.T_Users user = new DAL.Tables.T_Users(); user.SecurityQuestion.Value = Question; user.SecurityAnswer.Value = Answer; long Result = user.Update("ID=" + _User.ID.ToString()); if (Result < 0) { Shove._Web.JavaScript.Alert(this.Page, "设置安全问题失败"); return; } //修改验证状态 DAL.Tables.T_UserEditQuestionAnswer T_QF = new DAL.Tables.T_UserEditQuestionAnswer(); string ReturnDescription = ""; T_QF.QuestionAnswerState.Value = 1; Result = T_QF.Update("UserID=" + _User.ID); if (Result < 0) { PF.GoError(-1, ReturnDescription, this.GetType().FullName); return; } Response.Write("<script type='text/javascript'>alert('设置安全问题成功。请注意安全保护问题是最重要的安全凭证,为了您的安全,请牢牢记住您的安全保护问题。');window.location='" + this.hdFromUrl.Value + "'</script>"); Response.End(); }
protected void btnGoEmail_Click(object sender, EventArgs e) { string input = Utility.FilteSqlInfusion(this.tbPassWord.Text.ToString()); string email = base._User.Email; string str3 = Utility.FilteSqlInfusion(this.tbRealityName.Text.ToString()); string securityQuestion = base._User.SecurityQuestion; string securityAnswer = base._User.SecurityAnswer; string name = base._User.Name; int num = 0; if (str3 == "") { JavaScript.Alert(this.Page, "请输入真实姓名。"); } else if (str3 != base._User.RealityName) { JavaScript.Alert(this.Page, "真实姓名输入有误,请核实。"); } else if (input == "") { JavaScript.Alert(this.Page, "请输入密码。"); } else if (PF.EncryptPassword(input) != base._User.Password) { JavaScript.Alert(this.Page, "您输入的密码有误,请核实。"); } else if ((securityQuestion == "") || (securityAnswer == "")) { JavaScript.Alert(this.Page, "您还未设置安全问题,无需重置。"); } else { DataTable table = new Tables.T_UserEditQuestionAnswer().Open("", "UserID=" + base._User.ID, ""); Tables.T_UserEditQuestionAnswer answer = new Tables.T_UserEditQuestionAnswer(); string tip = ""; if (table.Rows.Count > 0) { if (_Convert.StrToDateTime(table.Rows[0]["DateTime"].ToString(), "0000-00-00").ToString("yyyyMMdd") == DateTime.Now.ToString("yyyyMMdd")) { if (table.Rows[0]["ValidedCount"].ToString() == "2") { JavaScript.Alert(this.Page, "您今天已重置两次安全问题了,请明天再来吧", "AccountDetail.aspx"); return; } num = _Convert.StrToInt(table.Rows[0]["ValidedCount"].ToString(), 1) + 1; } else { num = 1; } answer.ValidedCount.Value = num; answer.QuestionAnswerState.Value = 0; if (answer.Update("UserID=" + base._User.ID) < 0L) { PF.GoError(-1, tip, base.GetType().FullName); return; } } else { answer.UserID.Value = base._User.ID; answer.QuestionAnswerState.Value = 0; answer.ValidedCount.Value = 1; if (answer.Insert() < 0L) { PF.GoError(-1, tip, base.GetType().FullName); return; } } string s = Encrypt.EncryptString(PF.GetCallCert(), string.Concat(new object[] { base._User.ID.ToString(), ",", DateTime.Now.ToString(), ",", securityQuestion, ",", securityAnswer, ",", name, ",", answer.QuestionAnswerState.Value })); MD5CryptoServiceProvider provider = new MD5CryptoServiceProvider(); string str9 = BitConverter.ToString(provider.ComputeHash(Encoding.UTF8.GetBytes(s))).Replace("-", ""); s = str9.Substring(0, 0x10) + s + str9.Substring(0x10, 0x10); string str10 = Utility.GetUrl() + "/Home/Room/SafeSet.aspx?Qkey=" + s; StringBuilder builder = new StringBuilder(); builder.Append("<div style='font-weight:bold;'>尊敬的" + base._Site.Name + "客户(").Append(base._User.Name).Append("):</div>").Append("<div>您好!</div>").Append("<div>系统已收到您的安全问题重置,请点击链接<a href='").Append(str10).Append("' target='_top'>").Append(str10).Append("</a>校验您的身份。</div>").Append("<div>为了您的安全,该邮件通知地址将在 24 小时后失效,谢谢合作。</div>").Append("<div>此邮件由系统发出,请勿直接回复!</div>").Append("<div>上海福彩投诉电话:021-64175077</div>").Append("<div>意见收集与提交:[email protected]</div>").Append("<div>").Append(Utility.GetUrlWithoutHttp()).Append(" 版权所有(C) 2008-2009</div>"); if (PF.SendEmail(base._Site, email, "安全问题找回", builder.ToString()) == 0) { this.tbPassWord.Enabled = false; this.tbRealityName.Enabled = false; this.btnGoEmail.Enabled = false; this.lblTips.Text = " 您好,系统已经发送一封验证邮件您的邮箱,请到您的信箱确认。"; } else { new Log("System").Write(base.GetType().FullName + "发送邮件失败"); } } }
private void GetUserQuestionAnswer() { Thread.Sleep(500); if ((this.key == "") || (this.key.Length <= 0x20)) { JavaScript.Alert(this.Page, "链接地址不合法,请核实.", "AccountDetail.aspx"); } else { string str = this.key.Substring(0, 0x10) + this.key.Substring(this.key.Length - 0x10, 0x10); this.key = this.key.Substring(0x10, this.key.Length - 0x20); try { if (str != BitConverter.ToString(new MD5CryptoServiceProvider().ComputeHash(Encoding.UTF8.GetBytes(this.key))).Replace("-", "")) { JavaScript.Alert(this.Page, "链接地址不合法,请核实", "AccountDetail.aspx"); } else { this.key = Encrypt.UnEncryptString(PF.GetCallCert(), this.key); long num = -1L; DateTime time2 = DateTime.Now.AddYears(-1); string str2 = ""; int num2 = 1; try { num = _Convert.StrToLong(this.key.Split(new char[] { ',' })[0], 0L); time2 = Convert.ToDateTime(this.key.Split(new char[] { ',' })[1]); string text1 = this.key.Split(new char[] { ',' })[2]; string text2 = this.key.Split(new char[] { ',' })[3]; str2 = this.key.Split(new char[] { ',' })[4]; num2 = _Convert.StrToInt(this.key.Split(new char[] { ',' })[5], 1); } catch { } if ((num != base._User.ID) || (str2 != base._User.Name)) { JavaScript.Alert(this.Page, "登陆账号与所申请的账号不一致,请核实.", "../../UserLogin.aspx"); } else if (num2 != 0) { JavaScript.Alert(this.Page, "该地址已过期.", "AccountDetail.aspx"); } else { DataTable table = new Tables.T_UserEditQuestionAnswer().Open("QuestionAnswerState", "UserID = " + base._User.ID, ""); if (table.Rows.Count == 0) { JavaScript.Alert(this.Page, "该地址已过期.", "AccountDetail.aspx"); } else if (table.Rows[0][0].ToString() != "0") { JavaScript.Alert(this.Page, "该地址已过期.", "AccountDetail.aspx"); } else if (time2.AddDays(1.0).CompareTo(DateTime.Now) < 0) { JavaScript.Alert(this.Page, "该地址已过期.", "AccountDetail.aspx"); } else if (num <= 0L) { JavaScript.Alert(this.Page, "非法访问", "../../UserLogin.aspx"); } else { this.ShowEditQF2(); } } } } catch { JavaScript.Alert(this.Page, "非法访问。", "../../UserLogin.aspx"); } } }
protected void btnOK_Click(object sender, EventArgs e) { string selectedValue = this.ddlQuestion.SelectedValue; if (this.trOldQue.Visible && (this.tbOAnswer.Text.Trim() != base._User.SecurityAnswer)) { JavaScript.Alert(this.Page, "原安全问题回答错误"); } else { if (selectedValue == "自定义问题") { selectedValue = Utility.FilteSqlInfusion(this.tbMyQuestion.Text.Trim()); if (selectedValue == "") { JavaScript.Alert(this.Page, "请输入安全问题"); return; } selectedValue = "自定义问题|" + selectedValue; } else { selectedValue = this.ddlQuestion.SelectedValue; } string str2 = Utility.FilteSqlInfusion(this.tbAnswer.Text.Trim()); if (str2 == "") { JavaScript.Alert(this.Page, "请输入答案"); } else if (new Tables.T_Users { SecurityQuestion = { Value = selectedValue }, SecurityAnswer = { Value = str2 } }.Update("ID=" + base._User.ID.ToString()) < 0L) { JavaScript.Alert(this.Page, "设置安全问题失败"); } else { Tables.T_UserEditQuestionAnswer answer = new Tables.T_UserEditQuestionAnswer(); string tip = ""; answer.QuestionAnswerState.Value = 1; if (answer.Update("UserID=" + base._User.ID) < 0L) { PF.GoError(-1, tip, base.GetType().FullName); } else { base.Response.Write("<script type='text/javascript'>alert('设置安全问题成功。请注意安全保护问题是最重要的安全凭证,为了您的安全,请牢牢记住您的安全保护问题。');window.location='" + this.hdFromUrl.Value + "'</script>"); base.Response.End(); } } } }