public UserInfoDatabase() { Id = 0; UserName = string.Empty; Password = string.Empty; PasswordFormat = EPasswordFormatUtils.GetValue(EPasswordFormat.Encrypted); PasswordSalt = string.Empty; CreateDate = DateTime.Now; LastResetPasswordDate = DateTime.Now; LastActivityDate = DateTime.Now; CountOfLogin = 0; CountOfFailedLogin = 0; CountOfWriting = 0; IsChecked = true.ToString(); IsLockedOut = false.ToString(); DisplayName = string.Empty; Email = string.Empty; Mobile = string.Empty; AvatarUrl = string.Empty; Organization = string.Empty; Department = string.Empty; Position = string.Empty; Gender = string.Empty; Birthday = string.Empty; Education = string.Empty; Graduation = string.Empty; Address = string.Empty; WeiXin = string.Empty; Qq = string.Empty; WeiBo = string.Empty; Interests = string.Empty; Signature = string.Empty; }
private void Insert(AdministratorInfo info) { IDataParameter[] insertParms = { GetParameter(ParmUsername, DataType.VarChar, 255, info.UserName), GetParameter(ParmPassword, DataType.VarChar, 255, info.Password), GetParameter(ParmPasswordFormat, DataType.VarChar, 50, EPasswordFormatUtils.GetValue(info.PasswordFormat)), GetParameter(ParmPasswordSalt, DataType.VarChar, 128, info.PasswordSalt), GetParameter(ParmCreationDate, DataType.DateTime, info.CreationDate), GetParameter(ParmLastActivityDate, DataType.DateTime, info.LastActivityDate), GetParameter(ParmCountOfLogin, DataType.Integer, info.CountOfLogin), GetParameter(ParmCountOfFailedLogin, DataType.Integer, info.CountOfFailedLogin), GetParameter(ParmCreatorUsername, DataType.VarChar, 255, info.CreatorUserName), GetParameter(ParmIsLockedOut, DataType.VarChar, 18, info.IsLockedOut.ToString()), GetParameter(ParmSiteIdCollection, DataType.VarChar, 50, info.SiteIdCollection), GetParameter(ParmSiteId, DataType.Integer, info.SiteId), GetParameter(ParmDepartmentId, DataType.Integer, info.DepartmentId), GetParameter(ParmAreaId, DataType.Integer, info.AreaId), GetParameter(ParmDisplayname, DataType.VarChar, 255, info.DisplayName), GetParameter(ParmEmail, DataType.VarChar, 255, info.Email), GetParameter(ParmMobile, DataType.VarChar, 20, info.Mobile) }; ExecuteNonQuery(SqlInsertUser, insertParms); DataProvider.DepartmentDao.UpdateCountOfAdmin(); DataProvider.AreaDao.UpdateCountOfAdmin(); }
private bool ChangePassword(string userName, EPasswordFormat passwordFormat, string passwordSalt, string password) { var isSuccess = false; IDataParameter[] updateParms = { GetParameter(ParmPassword, DataType.VarChar, 255, password), GetParameter(ParmPasswordFormat, DataType.VarChar, 50, EPasswordFormatUtils.GetValue(passwordFormat)), GetParameter(ParmPasswordSalt, DataType.VarChar, 128, passwordSalt), GetParameter(ParmUsername, DataType.VarChar, 255, userName) }; try { ExecuteNonQuery(SqlUpdatePassword, updateParms); AdminManager.RemoveCache(userName); isSuccess = true; } catch { // ignored } return(isSuccess); }
public AdministratorInfo GetByUserName(string userName) { AdministratorInfo info = null; IDataParameter[] parms = { GetParameter(ParmUsername, DataType.VarChar, 255, userName) }; using (var rdr = ExecuteReader(SqlSelectUser, parms)) { if (rdr.Read()) { var i = 0; info = new AdministratorInfo(GetInt(rdr, i++), GetString(rdr, i++), GetString(rdr, i++), EPasswordFormatUtils.GetEnumType(GetString(rdr, i++)), GetString(rdr, i++), GetDateTime(rdr, i++), GetDateTime(rdr, i++), GetInt(rdr, i++), GetInt(rdr, i++), GetString(rdr, i++), TranslateUtils.ToBool(GetString(rdr, i++)), GetString(rdr, i++), GetInt(rdr, i++), GetInt(rdr, i++), GetInt(rdr, i++), GetString(rdr, i++), GetString(rdr, i++), GetString(rdr, i)); } rdr.Close(); } return(info); }
private void ChangePassword(string userName, EPasswordFormat passwordFormat, string passwordSalt, string password) { var userInfo = UserManager.GetUserInfoByUserName(userName); if (userInfo == null) { return; } userInfo.PasswordFormat = EPasswordFormatUtils.GetValue(passwordFormat); userInfo.Password = password; userInfo.PasswordSalt = passwordSalt; userInfo.LastResetPasswordDate = DateTime.Now; var sqlString = $"UPDATE {TableName} SET Password = @Password, PasswordFormat = @PasswordFormat, PasswordSalt = @PasswordSalt, LastResetPasswordDate = @LastResetPasswordDate WHERE UserName = @UserName"; var updateParms = new IDataParameter[] { GetParameter(ParmPassword, DataType.VarChar, 255, userInfo.Password), GetParameter(ParmPasswordFormat, DataType.VarChar, 50, userInfo.PasswordFormat), GetParameter(ParmPasswordSalt, DataType.VarChar, 128, userInfo.PasswordSalt), GetParameter(ParmLastResetPasswordDate, DataType.DateTime, userInfo.LastResetPasswordDate), GetParameter(ParmUserName, DataType.VarChar, 255, userName) }; ExecuteNonQuery(sqlString, updateParms); LogUtils.AddUserLog(userName, "修改密码", string.Empty); UserManager.UpdateCache(userInfo); }
public bool Insert(AdministratorInfo adminInfo, out string errorMessage) { if (!InsertValidate(adminInfo.UserName, adminInfo.Password, adminInfo.Email, adminInfo.Mobile, out errorMessage)) { return(false); } try { adminInfo.LastActivityDate = DateUtils.SqlMinValue; adminInfo.CreationDate = DateTime.Now; adminInfo.PasswordFormat = EPasswordFormatUtils.GetValue(EPasswordFormat.Encrypted); adminInfo.Password = EncodePassword(adminInfo.Password, EPasswordFormatUtils.GetEnumType(adminInfo.PasswordFormat), out var passwordSalt); adminInfo.PasswordSalt = passwordSalt; adminInfo.DisplayName = AttackUtils.FilterXss(adminInfo.DisplayName); adminInfo.Email = AttackUtils.FilterXss(adminInfo.Email); adminInfo.Mobile = AttackUtils.FilterXss(adminInfo.Mobile); IDataParameter[] parameters = { GetParameter(ParmUsername, DataType.VarChar, 255, adminInfo.UserName), GetParameter(ParmPassword, DataType.VarChar, 255, adminInfo.Password), GetParameter(ParmPasswordFormat, DataType.VarChar, 50, adminInfo.PasswordFormat), GetParameter(ParmPasswordSalt, DataType.VarChar, 128, adminInfo.PasswordSalt), GetParameter(ParmCreationDate, DataType.DateTime, adminInfo.CreationDate), GetParameter(ParmLastActivityDate, DataType.DateTime, adminInfo.LastActivityDate), GetParameter(ParmCountOfLogin, DataType.Integer, adminInfo.CountOfLogin), GetParameter(ParmCountOfFailedLogin, DataType.Integer, adminInfo.CountOfFailedLogin), GetParameter(ParmCreatorUsername, DataType.VarChar, 255, adminInfo.CreatorUserName), GetParameter(ParmIsLockedOut, DataType.VarChar, 18, adminInfo.IsLockedOut.ToString()), GetParameter(ParmSiteIdCollection, DataType.VarChar, 50, adminInfo.SiteIdCollection), GetParameter(ParmSiteId, DataType.Integer, adminInfo.SiteId), GetParameter(ParmDepartmentId, DataType.Integer, adminInfo.DepartmentId), GetParameter(ParmAreaId, DataType.Integer, adminInfo.AreaId), GetParameter(ParmDisplayname, DataType.VarChar, 255, adminInfo.DisplayName), GetParameter(ParmMobile, DataType.VarChar, 20, adminInfo.Mobile), GetParameter(ParmEmail, DataType.VarChar, 255, adminInfo.Email), GetParameter(ParmAvatarUrl, DataType.VarChar, 200, adminInfo.AvatarUrl) }; ExecuteNonQuery(SqlInsertUser, parameters); DataProvider.DepartmentDao.UpdateCountOfAdmin(); DataProvider.AreaDao.UpdateCountOfAdmin(); var roles = new[] { EPredefinedRoleUtils.GetValue(EPredefinedRole.Administrator) }; DataProvider.AdministratorsInRolesDao.AddUserToRoles(adminInfo.UserName, roles); return(true); } catch (Exception ex) { errorMessage = ex.Message; return(false); } }
private int InsertWithoutValidation(UserInfo userInfo, string password, EPasswordFormat passwordFormat, string passwordSalt) { var sqlString = $"INSERT INTO {TableName} (UserName, Password, PasswordFormat, PasswordSalt, CreateDate, LastResetPasswordDate, LastActivityDate, CountOfLogin, CountOfFailedLogin, GroupId, IsChecked, IsLockedOut, DisplayName, Email, Mobile, AvatarUrl, Gender, Birthday, WeiXin, QQ, WeiBo, Bio, SettingsXml) VALUES (@UserName, @Password, @PasswordFormat, @PasswordSalt, @CreateDate, @LastResetPasswordDate, @LastActivityDate, @CountOfLogin, @CountOfFailedLogin, @GroupId, @IsChecked, @IsLockedOut, @DisplayName, @Email, @Mobile, @AvatarUrl, @Gender, @Birthday, @WeiXin, @QQ, @WeiBo, @Bio, @SettingsXml)"; userInfo.CreateDate = DateTime.Now; userInfo.LastActivityDate = DateTime.Now; userInfo.LastResetPasswordDate = DateTime.Now; userInfo.DisplayName = AttackUtils.FilterXss(userInfo.DisplayName); userInfo.Email = AttackUtils.FilterXss(userInfo.Email); userInfo.Mobile = AttackUtils.FilterXss(userInfo.Mobile); userInfo.AvatarUrl = AttackUtils.FilterXss(userInfo.AvatarUrl); userInfo.Gender = AttackUtils.FilterXss(userInfo.Gender); userInfo.Birthday = AttackUtils.FilterXss(userInfo.Birthday); userInfo.WeiXin = AttackUtils.FilterXss(userInfo.WeiXin); userInfo.Qq = AttackUtils.FilterXss(userInfo.Qq); userInfo.WeiBo = AttackUtils.FilterXss(userInfo.WeiBo); userInfo.Bio = AttackUtils.FilterXss(userInfo.Bio); var settingsXml = userInfo.ToString(UserAttribute.AllAttributes.Value); var parameters = new IDataParameter[] { GetParameter(ParmUserName, DataType.VarChar, 255, userInfo.UserName), GetParameter(ParmPassword, DataType.VarChar, 255, password), GetParameter(ParmPasswordFormat, DataType.VarChar, 50, EPasswordFormatUtils.GetValue(passwordFormat)), GetParameter(ParmPasswordSalt, DataType.VarChar, 128, passwordSalt), GetParameter(ParmCreateDate, DataType.DateTime, userInfo.CreateDate), GetParameter(ParmLastResetPasswordDate, DataType.DateTime, userInfo.LastResetPasswordDate), GetParameter(ParmLastActivityDate, DataType.DateTime, userInfo.LastActivityDate), GetParameter(ParmCountOfLogin, DataType.Integer, userInfo.CountOfLogin), GetParameter(ParmCountOfFailedLogin, DataType.Integer, userInfo.CountOfFailedLogin), GetParameter(ParmGroupId, DataType.Integer, userInfo.GroupId), GetParameter(ParmIsChecked, DataType.VarChar, 18, userInfo.IsChecked.ToString()), GetParameter(ParmIsLockedOut, DataType.VarChar, 18, userInfo.IsLockedOut.ToString()), GetParameter(ParmDisplayname, DataType.VarChar, 255, userInfo.DisplayName), GetParameter(ParmEmail, DataType.VarChar, 255, userInfo.Email), GetParameter(ParmMobile, DataType.VarChar, 20, userInfo.Mobile), GetParameter(ParmAvatarUrl, DataType.VarChar, 200, userInfo.AvatarUrl), GetParameter(ParmGender, DataType.VarChar, 255, userInfo.Gender), GetParameter(ParmBirthday, DataType.VarChar, 50, userInfo.Birthday), GetParameter(ParmWeixin, DataType.VarChar, 255, userInfo.WeiXin), GetParameter(ParmQq, DataType.VarChar, 255, userInfo.Qq), GetParameter(ParmWeibo, DataType.VarChar, 255, userInfo.WeiBo), GetParameter(ParmBio, DataType.Text, userInfo.Bio), GetParameter(ParmSettingsXml, DataType.Text, settingsXml) }; return(ExecuteNonQueryAndReturnId(TableName, UserAttribute.Id, sqlString, parameters)); }
public AdministratorInfo GetByAccount(string account) { AdministratorInfo info = null; string sqlString; IDataParameter[] parms; if (StringUtils.IsMobile(account)) { sqlString = SqlSelectUserByMobile; parms = new IDataParameter[] { GetParameter(ParmMobile, DataType.VarChar, 50, account) }; } else if (StringUtils.IsEmail(account)) { sqlString = SqlSelectUserByEmail; parms = new IDataParameter[] { GetParameter(ParmEmail, DataType.VarChar, 50, account) }; } else { sqlString = SqlSelectUser; parms = new IDataParameter[] { GetParameter(ParmUsername, DataType.VarChar, 255, account) }; } using (var rdr = ExecuteReader(sqlString, parms)) { if (rdr.Read()) { var i = 0; info = new AdministratorInfo(GetInt(rdr, i++), GetString(rdr, i++), GetString(rdr, i++), EPasswordFormatUtils.GetEnumType(GetString(rdr, i++)), GetString(rdr, i++), GetDateTime(rdr, i++), GetDateTime(rdr, i++), GetInt(rdr, i++), GetInt(rdr, i++), GetString(rdr, i++), TranslateUtils.ToBool(GetString(rdr, i++)), GetString(rdr, i++), GetInt(rdr, i++), GetInt(rdr, i++), GetInt(rdr, i++), GetString(rdr, i++), GetString(rdr, i++), GetString(rdr, i)); } rdr.Close(); } return(info); }
public AdministratorInfoDatabase() { Id = 0; UserName = string.Empty; Password = string.Empty; PasswordFormat = EPasswordFormatUtils.GetValue(EPasswordFormat.Encrypted); PasswordSalt = string.Empty; CreationDate = DateUtils.SqlMinValue; LastActivityDate = DateUtils.SqlMinValue; CountOfLogin = 0; CountOfFailedLogin = 0; CreatorUserName = string.Empty; IsLockedOut = false.ToString(); SiteIdCollection = string.Empty; SiteId = 0; DepartmentId = 0; AreaId = 0; DisplayName = string.Empty; Email = string.Empty; Mobile = string.Empty; }
public AdministratorInfo() { Id = 0; UserName = string.Empty; Password = string.Empty; PasswordFormat = EPasswordFormatUtils.GetValue(EPasswordFormat.Encrypted); PasswordSalt = string.Empty; CreationDate = DateUtils.SqlMinValue; LastActivityDate = DateUtils.SqlMinValue; LastChangePasswordDate = DateUtils.SqlMinValue; CountOfLogin = 0; CountOfFailedLogin = 0; CreatorUserName = string.Empty; IsLockedOut = false; SiteIdCollection = string.Empty; SiteId = 0; _displayName = string.Empty; Mobile = string.Empty; Email = string.Empty; AvatarUrl = string.Empty; }
private void ChangePassword(AdministratorInfo adminInfo, EPasswordFormat passwordFormat, string passwordSalt, string password) { adminInfo.Password = password; adminInfo.PasswordFormat = EPasswordFormatUtils.GetValue(passwordFormat); adminInfo.PasswordSalt = passwordSalt; var sqlString = $"UPDATE {TableName} SET Password = @Password, PasswordFormat = @PasswordFormat, PasswordSalt = @PasswordSalt WHERE Id = @Id"; IDataParameter[] updateParms = { GetParameter(ParmPassword, DataType.VarChar, 255, adminInfo.Password), GetParameter(ParmPasswordFormat, DataType.VarChar, 50, adminInfo.PasswordFormat), GetParameter(ParmPasswordSalt, DataType.VarChar, 128, adminInfo.PasswordSalt), GetParameter(ParmId, DataType.Integer, adminInfo.Id) }; ExecuteNonQuery(sqlString, updateParms); AdminManager.RemoveCache(adminInfo); }
public AdministratorInfo ApiInsert(AdministratorInfoCreateUpdate adminInfoToInsert, out string errorMessage) { errorMessage = string.Empty; try { var dbAdminInfo = new AdministratorInfoDatabase(); adminInfoToInsert.Load(dbAdminInfo); if (!InsertValidate(dbAdminInfo.UserName, dbAdminInfo.Password, dbAdminInfo.Email, dbAdminInfo.Mobile, out errorMessage)) { return(null); } dbAdminInfo.Password = EncodePassword(dbAdminInfo.Password, EPasswordFormatUtils.GetEnumType(dbAdminInfo.PasswordFormat), out var passwordSalt); dbAdminInfo.PasswordSalt = passwordSalt; dbAdminInfo.CreationDate = DateTime.Now; dbAdminInfo.LastActivityDate = DateTime.Now; using (var connection = GetConnection()) { var identity = connection.Insert(dbAdminInfo); if (identity > 0) { dbAdminInfo.Id = Convert.ToInt32(identity); } } return(dbAdminInfo.ToAdministratorInfo()); } catch (Exception ex) { errorMessage = ex.Message; return(null); } }
public static bool CreateAdministrator(AdministratorInfo administratorInfo, out string errorMessage) { try { administratorInfo.LastActivityDate = DateUtils.SqlMinValue; administratorInfo.CreationDate = DateTime.Now; administratorInfo.PasswordFormat = EPasswordFormatUtils.GetValue(EPasswordFormat.Encrypted); var isCreated = DataProvider.AdministratorDao.Insert(administratorInfo, out errorMessage); if (isCreated == false) { return(false); } var roles = new[] { EPredefinedRoleUtils.GetValue(EPredefinedRole.Administrator) }; DataProvider.AdministratorsInRolesDao.AddUserToRoles(administratorInfo.UserName, roles); return(true); } catch (Exception ex) { errorMessage = ex.Message; return(false); } }
public IHttpActionResult ResetPassword(int id) { try { var request = new AuthenticatedRequest(); var isAuth = request.IsApiAuthenticated && AccessTokenManager.IsScope(request.ApiToken, AccessTokenManager.ScopeUsers) || request.IsUserLoggin && request.UserId == id || request.IsAdminLoggin && request.AdminPermissions.HasSystemPermissions(ConfigManager.SettingsPermissions.User); if (!isAuth) { return(Unauthorized()); } var userInfo = UserManager.GetUserInfoByUserId(id); if (userInfo == null) { return(NotFound()); } var password = request.GetPostString("password"); var newPassword = request.GetPostString("newPassword"); if (!DataProvider.UserDao.CheckPassword(password, false, userInfo.Password, EPasswordFormatUtils.GetEnumType(userInfo.PasswordFormat), userInfo.PasswordSalt)) { return(BadRequest("原密码不正确,请重新输入")); } if (!DataProvider.UserDao.ChangePassword(userInfo.UserName, newPassword, out string errorMessage)) { return(BadRequest(errorMessage)); } return(Ok(new { Value = userInfo })); } catch (Exception ex) { LogUtils.AddErrorLog(ex); return(InternalServerError(ex)); } }
/// <summary> /// 处理数据 /// </summary> private void HandleData() { try { var adminAccount = "admin"; //获取账号信息 var resultStr = SendGetHttpRequest(AccountInfoApi); //账号信息 var result = JsonConvert.DeserializeObject <ResultInfo <List <AccountInfo> > >(resultStr); if (!result.Result) { WriteLog($"账号信息获取失败:{result.Msg}"); return; } //账号 var accounts = result.Data; var nowTime = DateTime.Now; var addList = new List <AdministratorInfo>(); //需要新增的管理员信息 var updateList = new List <AdministratorInfo>(); //需要更新的管理员信息 //存接口获取的正常的用户id var ids = new List <string>(); //获取系统中的所有管理员账号 var allList = DataProvider.AdministratorDao.ApiGetAdministrators(0, int.MaxValue); //新增或更新用户信息 foreach (var account in accounts) { ids.Add(account.Id); //找到cms系统中对应的管理员 var admin = allList.Find(t => t.UserName.ToLower() == account.Id.ToLower()); //账号不存在的,需要新增账号 if (admin == null) { //是超管,要先关联(这里有点问题哎,管理员username更新不了!!!,我们直接不关联这里的管理员了,请在登录那块处理吧) if (account.Admin && account.Account == adminAccount) { //var cmsAdmin = allList.Find(t => t.UserName == adminAccount); //cmsAdmin.UserName = account.Id; //updateList.Add(cmsAdmin); continue; } addList.Add(new AdministratorInfo { UserName = account.Id.ToLower(), Password = "******", PasswordFormat = EPasswordFormatUtils.GetValue(EPasswordFormat.Encrypted), CreationDate = nowTime, LastActivityDate = DateUtils.SqlMinValue, CountOfLogin = 0, CountOfFailedLogin = 0, CreatorUserName = string.Empty, IsLockedOut = false, SiteIdCollection = string.Empty, SiteId = 0, DepartmentId = 0, AreaId = 0, DisplayName = account.Name, Mobile = string.Empty, Email = string.Empty, AvatarUrl = string.Empty }); } else { //超管就别更新了 if (admin.UserName == adminAccount) { continue; } if (!admin.IsLockedOut && admin.DisplayName == account.Name) { continue; } //更新用户的名称和锁定状态 admin.IsLockedOut = false; admin.DisplayName = account.Name; updateList.Add(admin); } } //获取到要锁定的用户 var lockList = allList.FindAll(t => !ids.Contains(t.UserName)); foreach (var item in lockList) { //超管就别锁了吧 if (item.UserName == adminAccount) { continue; } //不需要重复锁啦 if (item.IsLockedOut) { continue; } //锁定(数字校园没有权限的这边直接锁定,不删除) item.IsLockedOut = true; updateList.Add(item); } //这里是新增出现的错误,我们要记录下 var errors = new StringBuilder(); foreach (var item in addList) { DataProvider.AdministratorDao.Insert(item, out var msg); if (!string.IsNullOrWhiteSpace(msg)) { errors.Append($"id:{item.UserName};{msg}\r\n"); } } foreach (var item in updateList) { DataProvider.AdministratorDao.Update(item); } if (errors.Length > 0) { WriteLog("存在错误:" + errors); } } catch (Exception e) { WriteLog("处理失败:" + e.Message); } }
public UserInfo Validate(string account, string password, bool isPasswordMd5, out string userName, out string errorMessage) { userName = string.Empty; errorMessage = string.Empty; if (string.IsNullOrEmpty(account)) { errorMessage = "账号不能为空"; return(null); } if (string.IsNullOrEmpty(password)) { errorMessage = "密码不能为空"; return(null); } var userInfo = GetByAccount(account); if (string.IsNullOrEmpty(userInfo?.UserName)) { errorMessage = "帐号或密码错误"; return(null); } userName = userInfo.UserName; if (!userInfo.IsChecked) { errorMessage = "此账号未审核,无法登录"; return(null); } if (userInfo.IsLockedOut) { errorMessage = "此账号被锁定,无法登录"; return(null); } if (ConfigManager.SystemConfigInfo.IsUserLockLogin) { if (userInfo.CountOfFailedLogin > 0 && userInfo.CountOfFailedLogin >= ConfigManager.SystemConfigInfo.UserLockLoginCount) { var lockType = EUserLockTypeUtils.GetEnumType(ConfigManager.SystemConfigInfo.UserLockLoginType); if (lockType == EUserLockType.Forever) { errorMessage = "此账号错误登录次数过多,已被永久锁定"; return(null); } if (lockType == EUserLockType.Hours) { var ts = new TimeSpan(DateTime.Now.Ticks - userInfo.LastActivityDate.Ticks); var hours = Convert.ToInt32(ConfigManager.SystemConfigInfo.UserLockLoginHours - ts.TotalHours); if (hours > 0) { errorMessage = $"此账号错误登录次数过多,已被锁定,请等待{hours}小时后重试"; return(null); } } } } if (!CheckPassword(password, isPasswordMd5, userInfo.Password, EPasswordFormatUtils.GetEnumType(userInfo.PasswordFormat), userInfo.PasswordSalt)) { DataProvider.UserDao.UpdateLastActivityDateAndCountOfFailedLogin(userInfo); LogUtils.AddUserLog(userInfo.UserName, "用户登录失败", "帐号或密码错误"); errorMessage = "帐号或密码错误"; return(null); } return(userInfo); }
public override void Submit_OnClick(object sender, EventArgs e) { if (!Page.IsPostBack || !Page.IsValid) { return; } var adminInfo = DataProvider.AdministratorDao.GetByUserName(AuthRequest.AdminName); if (DataProvider.AdministratorDao.CheckPassword(TbCurrentPassword.Text, false, adminInfo.Password, EPasswordFormatUtils.GetEnumType(adminInfo.PasswordFormat), adminInfo.PasswordSalt)) { string errorMessage; if (DataProvider.AdministratorDao.ChangePassword(AuthRequest.AdminName, TbNewPassword.Text, out errorMessage)) { SuccessMessage("密码更改成功"); } else { FailMessage(errorMessage); } } else { FailMessage("当前帐号密码错误"); } }
public bool Validate(string account, string password, bool isPasswordMd5, out string userName, out string errorMessage) { userName = string.Empty; errorMessage = string.Empty; if (string.IsNullOrEmpty(account)) { errorMessage = "账号不能为空"; return(false); } if (string.IsNullOrEmpty(password)) { errorMessage = "密码不能为空"; return(false); } var adminInfo = GetByAccount(account); if (string.IsNullOrEmpty(adminInfo?.UserName)) { errorMessage = "帐号或密码错误"; return(false); } userName = adminInfo.UserName; if (adminInfo.IsLockedOut) { errorMessage = "此账号被锁定,无法登录"; return(false); } if (ConfigManager.SystemConfigInfo.IsAdminLockLogin) { if (adminInfo.CountOfFailedLogin > 0 && adminInfo.CountOfFailedLogin >= ConfigManager.SystemConfigInfo.AdminLockLoginCount) { var lockType = EUserLockTypeUtils.GetEnumType(ConfigManager.SystemConfigInfo.AdminLockLoginType); if (lockType == EUserLockType.Forever) { errorMessage = "此账号错误登录次数过多,已被永久锁定"; return(false); } if (lockType == EUserLockType.Hours) { var ts = new TimeSpan(DateTime.Now.Ticks - adminInfo.LastActivityDate.Ticks); var hours = Convert.ToInt32(ConfigManager.SystemConfigInfo.AdminLockLoginHours - ts.TotalHours); if (hours > 0) { errorMessage = $"此账号错误登录次数过多,已被锁定,请等待{hours}小时后重试"; return(false); } } } } if (CheckPassword(password, isPasswordMd5, adminInfo.Password, EPasswordFormatUtils.GetEnumType(adminInfo.PasswordFormat), adminInfo.PasswordSalt)) { return(true); } errorMessage = "账号或密码错误"; return(false); }