protected void Button1_Click(object sender, EventArgs e) { if (TB_UserPw.Text.Equals("")) ShowMessage("請輸入用戶密碼!", MessagePanel, TB_UserPw); else { String ShopPW = String.Empty; String ShopBU = String.Empty; Boolean ShopFirst = true; String sql = "select shop_pw, shop_first, shop_bu from rps_shopinfo where shop_id = '" + TB_UserID.Text.Trim() + "'"; try { Database db = new Database("rpsdb", sql, Database.WebConfig); SqlDataReader reader = db.GetReader(); while (reader.Read()) { ShopPW = reader["shop_pw"].ToString(); ShopFirst = reader["shop_first"].ToString().Equals("T"); ShopBU = reader["shop_bu"].ToString(); } if (!reader.HasRows || !TB_UserPw.Text.Trim().Equals(ShopPW.Trim())) { TB_UserPw.Text = String.Empty; ShowMessage("登入失敗!", MessagePanel, TB_UserPw); db.Close(); } else { Session[HF_UserToken.Value] = true; Session["User"] = new User(TB_UserID.Text, TB_UserPw.Text, Request.UserHostAddress, HF_UserToken.Value, ShopBU); db.Close(); String location = ""; if (ShopFirst) location = "location.replace('/FirstLogin.aspx');"; else location = "location.replace('/Main.aspx');"; ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "ClientScript", location, true); } } catch (SqlException) { TB_UserPw.Text = String.Empty; MessagePanel.Text = "資料庫連接失敗!"; } } }
protected void Button1_Click(object sender, EventArgs e) { String UserPW = ""; if (TB_NewPW.Text.Length < 6) ShowMessage("密碼最少六個位!", MessagePanel, TB_NewPW); else if (TB_ConfirmPW.Text.Length < 6) ShowMessage("密碼最少六個位!", MessagePanel, TB_ConfirmPW); else if (TB_NewPW.Text.Equals("")) ShowMessage("請輸入新密碼!", MessagePanel, TB_NewPW); else if (TB_ConfirmPW.Text.Equals("")) ShowMessage("請輸入確認密碼!", MessagePanel, TB_ConfirmPW); else if (!TB_NewPW.Text.Equals(TB_ConfirmPW.Text)) { ShowMessage("新密碼及確認密碼不相符!", MessagePanel, TB_NewPW); } else { String sql = "select shop_pw from rps_shopinfo where shop_id = '" + this.user.ID + "'"; Database db = new Database("rpsdb", sql, Database.WebConfig); SqlDataReader reader = db.GetReader(); while (reader.Read()) UserPW = reader["shop_pw"].ToString(); db.Close(); if (UserPW.Equals(Cryptography.MD5(TB_NewPW.Text))) { ShowMessage("不能使用舊密碼!請更改!", MessagePanel, TB_NewPW); TB_NewPW.Text = String.Empty; TB_ConfirmPW.Text = String.Empty; } else { String HashPW = Cryptography.MD5(TB_NewPW.Text); String ShopID = user.ID; sql = "update rps_shopinfo set shop_first = 'F', shop_pw = '" + HashPW + "' " + "where shop_id = '" + ShopID + "'"; db = new Database("rpsdb", sql, Database.WebConfig); db.ExecuteSql(sql); db.Close(); String script = "alert('密碼成功更新!'); location.replace('/Main.aspx');"; ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "ClientScript", script, true); } } }