protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { strNEWDate = Request.Form["NEWDate"]; strTimeOLD = Request.Form["TimeOLD"]; strPrizeNEW = Request.Form["PrizeNEW"]; strOLDBall = Request.Form["OLDBall"]; if (strNEWDate == null || strTimeOLD == null || strPrizeNEW == null || strOLDBall == null) { Message.Show(this.Page, "身分驗證錯誤,請確認操作!!", "Default.aspx"); return; } else { if (CheckSourceWebsite()) { strIDNo = CheckIdNo(strNEWDate, strTimeOLD); if (strIDNo != "") { getTime = CheckTimeNo(strPrizeNEW, strOLDBall); if (getTime != "") { // Response.Write("getTime=" + getTime + "<BR>"); string CryptID = DataCrypt.Encrypt(strIDNo.ToUpper(), true); if (CheckInsertGameLog(CryptID, getTime)) { Session["Event_IDNo"] = CryptID; Response.Redirect("Default.aspx"); } else { Session["Event_IDNo"] = CryptID; Response.Redirect("Default.aspx"); //Response.Write("資料傳輸失敗!!<br />"); //Message.Show(this.Page, "資料傳輸失敗!!", "Default.aspx"); //return; } } else { //Response.Write("抽獎次數驗證錯誤,請確認操作!!<br />"); ErrorLog.Add(strIDNo, HttpContext.Current.Request.ServerVariables["PATH_INFO"].ToString(), "Date : " + strNEWDate + ", Time=" + strTimeOLD + ", Sport=" + strPrizeNEW + ", Ball=" + strOLDBall, "抽籤次數驗證錯誤"); Message.Show(this.Page, "抽籤次數驗證錯誤,請確認操作!!", "Default.aspx"); return; } } else { //Response.Write("身分ID驗證錯誤,請確認操作!!<br />"); ErrorLog.Add(strIDNo, HttpContext.Current.Request.ServerVariables["PATH_INFO"].ToString(), "Date : " + strNEWDate + ", Time=" + strTimeOLD + ", Sport=" + strPrizeNEW + ", Ball=" + strOLDBall, "身分ID驗證錯誤"); Message.Show(this.Page, "身分ID驗證錯誤,請確認操作!!", "Default.aspx"); return; } } else { ErrorLog.Add("", HttpContext.Current.Request.ServerVariables["PATH_INFO"].ToString(), "Date : " + strNEWDate + ", Time=" + strTimeOLD + ", Sport=" + strPrizeNEW + ", Ball=" + strOLDBall, "POST 入侵-非來自台灣銀行網站-" + Request.ServerVariables["HTTP_REFERER"].ToString()); Message.Show(this.Page, "您並非來自臺灣銀行網站,若有問題請與活動小組聯絡!!", "Default.aspx"); return; } } } }
protected void ibtSearch_Click(object sender, ImageClickEventArgs e) { if (this.txtID.Text.Length == 10) { ConnectionStringSettings connSettings = ConfigurationManager.ConnectionStrings["ConnString"]; SqlConnection conn = new SqlConnection(connSettings.ConnectionString); conn.Open(); SqlCommand cmd = new SqlCommand("usp_SelectIDGameLog", conn); cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.Add("@Id", SqlDbType.VarChar, 50).Value = DataCrypt.Encrypt(this.txtID.Text.ToUpper(), true); SqlDataReader myReader = cmd.ExecuteReader(CommandBehavior.CloseConnection); // Response.Write(myReader.HasRows); if (myReader.HasRows) { this.lbId.Text = this.txtID.Text.Substring(0, 7); this.plSearch.Visible = false; this.plResult.Visible = true; } else { this.plSearch.Visible = true; this.plResult.Visible = false; Message.Show(this.Page, "沒有此筆身分證統一編號!!", ""); } while (myReader.Read()) { this.lbPrize1.Text = myReader["Prize1"].ToString(); this.lbPrize2.Text = myReader["Prize2"].ToString(); this.lbPrize3.Text = myReader["Prize3"].ToString(); this.lbPrize4.Text = myReader["Prize4"].ToString(); this.lbPrize5.Text = myReader["Prize5"].ToString(); this.lbPrize6.Text = myReader["Prize6"].ToString(); this.lbNotUsed.Text = myReader["NotUsed"].ToString(); if (int.Parse(this.lbNotUsed.Text) == 0) { this.ibtPrize.Visible = false; this.hlDefault.Visible = true; this.lbDefault.Visible = true; } else { this.ibtPrize.Visible = true; this.hlDefault.Visible = false; this.lbDefault.Visible = false; } } myReader.Close(); myReader.Dispose(); cmd.Dispose(); conn.Close(); conn.Dispose(); CheckCount(); } else { Message.Show(this.Page, "請輸入正確的身分證統一編號!", ""); } }
protected void btn_submit_Click(object sender, EventArgs e) { // validate fields if (!Validate_Fields()) { return; } string email = tb_email.Text.Trim(); string password = tb_password.Text.Trim(); string input_fName = tb_fName.Text.Trim(); string input_lName = tb_lName.Text.Trim(); string input_ccCVV = tb_ccCVV.Text.Trim(); string newPassword = tb_newPassword.Text.Trim(); string confirmNewPassword = tb_confirmNewPassword.Text.Trim(); if (!UserUtils.Exist(email)) { showFeedback("Invalid email address."); return; } if (!UserUtils.Authenticate(email, password)) { showFeedback("Sorry, with the information you've provided. We still can't verify that you're the account owner."); return; } string userId = null; string firstName = null, lastName = null; string cipherText = null; string iv = null; string key = null; string existPassSalt = null; string existPassHash = null; using (SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["MYDBConnection"].ConnectionString)) { using (SqlCommand cmd = new SqlCommand("SELECT * FROM [dbo].[Users] WHERE Email = @Email", con)) { cmd.CommandType = CommandType.Text; cmd.Parameters.AddWithValue("@Email", email); if (con.State == ConnectionState.Closed || con.State == ConnectionState.Broken) { con.Open(); } SqlDataReader sdr = cmd.ExecuteReader(); if (sdr.Read()) { userId = sdr["Id"].ToString(); firstName = sdr["FirstName"].ToString(); lastName = sdr["LastName"].ToString(); existPassSalt = sdr["PasswordSalt"].ToString(); existPassHash = sdr["PasswordHash"].ToString(); cipherText = sdr["CCCVV"].ToString(); iv = sdr["IV"].ToString(); key = sdr["Key"].ToString(); } } } string plainText = DataCrypt.Decrypt(cipherText, iv, key); if (!(plainText.Equals(input_ccCVV) && firstName.Equals(input_fName) && lastName.Equals(input_lName))) { showFeedback("Invalid details provided."); return; } if (Password.ComparePasswordHash(Password.GetPasswordHash(newPassword, existPassSalt), existPassHash)) { showFeedback("Your new password cannot be a password you've used before."); return; } Password.UpdatePassword(userId, Convert.ToBase64String(Password.GetPasswordHash(tb_newPassword.Text.Trim(), existPassSalt))); UserUtils.UnlockAccount(email); lbl_feedback.ForeColor = Color.Green; showFeedback("Password has been updated."); }