public ActionResult Registered([Bind(Include = "UserID,UserName, Password")] UsersTable _usersTable)
{
using (SqlConnection Conn = new SqlConnection(WebConfigurationManager.ConnectionStrings["CGH"].ConnectionString))
{
Conn.Open();
if ((_usersTable != null) && (ModelState.IsValid))
// ModelState.IsValid,通過表單驗證(Server-side validation)需搭配 Model底下類別檔的 [驗證]
{
string hash = GetSHA1.GetSHA1Hash(_usersTable.Password);
_usersTable.Password = hash;
string sqlstr = "INSERT INTO [UsersTable] ( [UserID],[UserName],[Password])";
sqlstr += " VALUES (@UserID,@UserName,@Password)";
int affectedRows = Conn.Execute(sqlstr, new
{
UserID = _usersTable.UserID,
UserName = _usersTable.UserName,
Password = _usersTable.Password
});
return(RedirectToAction("Index"));
}
else
{ // 搭配 ModelState.IsValid,如果驗證沒過,就出現錯誤訊息。
ModelState.AddModelError("Value1", " 自訂錯誤訊息(1) "); // 第一個輸入值是 key,第二個是錯誤訊息(字串)
ModelState.AddModelError("Value2", " 自訂錯誤訊息(2) ");
return(View()); // 將錯誤訊息,返回並呈現在「新增」的檢視畫面上
}
}
}
public string EditUser(string EditID, string DepNo, string DepName, string UserID, string UserName, string Admin, string PassWord)
{
string Str = "修改成功";
var EditUser = _db.MXIC_UserManagements.Where(x => x.EditID.ToString() == EditID).FirstOrDefault();
try
{
if (!string.IsNullOrWhiteSpace(PassWord))
{
string hash = GetSHA1.GetSHA1Hash(PassWord);
EditUser.PassWord = hash;
}
EditUser.DepNo = DepNo;
EditUser.DepName = DepName;
EditUser.UserID = UserID;
EditUser.UserName = UserName;
EditUser.Admin = Admin;
_db.SaveChanges();
}
catch (Exception e)
{
Str = e.ToString();
}
return(Str);
}
public ActionResult Login(string Account, string Password)
{
string Hash = GetSHA1.GetSHA1Hash(Password);
UserManagement UserData = _db.MXIC_UserManagements.Where(x => x.UserID.ToLower() == Account.ToLower() && x.PassWord == Hash).FirstOrDefault();
if (UserData == null)
{
// 找不到這一筆記錄(帳號與密碼有錯,沒有這個會員)
//return HttpNotFound();
ViewData["ErrorMessage"] = "帳號或密碼有錯";
return(View());
}
else
{ //*************************************************************(start)
// https://dotblogs.com.tw/mickey/2017/01/01/154812
// https://dotblogs.com.tw/mis2000lab/2014/08/01/authentication-mode-forms_web-config
// https://blog.miniasp.com/post/2008/06/11/How-to-define-Roles-but-not-implementing-Role-Provider-in-ASPNET.aspx
// http://kevintsengtw.blogspot.com/2013/11/aspnet-mvc.html
DateTime DTnow = DateTime.Now;
// 以下需要搭配 System.Web.Security 命名空間。
var authTicket = new FormsAuthenticationTicket( // 登入成功,取得門票 (票證)。請自行填寫以下資訊。
version: 1, //版本號(Ver.)
name: UserData.UserListID.ToString(), // ***自行放入資料(如:使用者帳號、真實名稱)
issueDate: DTnow, // 登入成功後,核發此票證的本機日期和時間(資料格式 DateTime)
expiration: DTnow.AddDays(1), // "一天"內都有效(票證到期的本機日期和時間。)
isPersistent: true, // 記住我? true or false(畫面上通常會用 CheckBox表示)
userData: UserData.Admin, // ***自行放入資料(如:會員權限、等級、群組)
// 與票證一起存放的使用者特定資料。
// 需搭配 Global.asax設定檔 - Application_AuthenticateRequest事件。
cookiePath: FormsAuthentication.FormsCookiePath
);
// *** 把上面的 ticket資訊 "加密" ******
var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket))
{ // 重點!!避免 Cookie遭受攻擊、盜用或不當存取。請查詢關鍵字「」。
HttpOnly = true // 必須上網透過http才可以存取Cookie。不允許用戶端(寫前端程式)存取
//HttpOnly = true, // 必須上網透過http才可以存取Cookie。不允許用戶端(寫前端程式)存取
//Secure = true; // 需要搭配https(SSL)才行。
};
if (authTicket.IsPersistent)
{
authCookie.Expires = authTicket.Expiration; // Cookie過期日(票證到期的本機日期和時間。)
}
Response.Cookies.Add(authCookie); // 完成 Cookie,寫入使用者的瀏覽器與設備中
//*************************************************************(end)
return(RedirectToAction("Index", "Home"));
// 完成這個範例以後,您可以參考這篇文章 - OWIN Forms authentication(作法很類似)
// https://blogs.msdn.microsoft.com/webdev/2013/07/03/understanding-owin-forms-authentication-in-mvc-5/
}
}
public string AddUser(string DepNo, string DepName, string UserID, string UserName, string Admin, string PassWord)
{
string Str = "新增成功";
if (!string.IsNullOrWhiteSpace(DepNo) && !string.IsNullOrWhiteSpace(DepName) && !string.IsNullOrWhiteSpace(UserID) && !string.IsNullOrWhiteSpace(UserName) && !string.IsNullOrWhiteSpace(PassWord))
{
var OriginalUser = _db.MXIC_UserManagements.Where(x => x.UserID == UserID);
if (OriginalUser.Any())
{
Str = "此人員編號已存在";
}
else
{
//SHA1加密
string Hash = GetSHA1.GetSHA1Hash(PassWord);
var AddUser = new Models.UserManagement()
{
UserListID = Guid.NewGuid(),
DepNo = DepNo,
DepName = DepName,
UserID = UserID,
UserName = UserName,
Admin = Admin,
PassWord = Hash,
UserDisable = true,
EditID = Guid.NewGuid(),
DeleteID = Guid.NewGuid()
};
_db.MXIC_UserManagements.Add(AddUser);
_db.SaveChanges();
}
}
else
{
Str = "新增失敗,請輸入所有資料。";
}
return(Str);
}
public string EditPassword(string UserID, string Password)
{
string Str = "欄位未填";
if (!string.IsNullOrWhiteSpace(Password))
{
try {
UserManagement EditPassword = _db.MXIC_UserManagements.Where(x => x.UserListID.ToString() == UserID).FirstOrDefault();
string hash = GetSHA1.GetSHA1Hash(Password);
EditPassword.PassWord = hash;
_db.SaveChanges();
Str = "修改成功";
}
catch (Exception e)
{
Str = e.ToString();
}
}
return(Str);
}
