/// <summary>
/// 用户身份认证
/// </summary>
/// <param name="strUserValue">用户数据值</param>
/// <param name="eunmValueType">用户数据值类型</param>
/// <param name="strPwdTypeGuid">用户所使用的密码类型</param>
/// <param name="strUserPwd">用户所使用的登录口令(明码,待转换)</param>
private void InitLogOnUserInfo(string strUserValue, LogonType eunmValueType, string strPwdTypeGuid, string strUserPwd)
{
ExceptionHelper.TrueThrow(string.IsNullOrEmpty(strUserValue.Trim()), "对不起,没有确定的用户登录信息!");
_StrUserLogOnName = strUserValue;
try
{
string strPwd = SecurityCalculate.PwdCalculate(strPwdTypeGuid, strUserPwd);
string strOriginal = @"
SELECT OU_USERS.PARENT_GUID, OU_USERS.USER_GUID, OU_USERS.DISPLAY_NAME, OU_USERS.OBJ_NAME,
OU_USERS.ALL_PATH_NAME, OU_USERS.INNER_SORT, OU_USERS.GLOBAL_SORT, OU_USERS.ORIGINAL_SORT, OU_USERS.SIDELINE,
OU_USERS.START_TIME, OU_USERS.END_TIME, USERS.LOGON_NAME, OU_USERS.DESCRIPTION,
USERS.RANK_CODE, RANK_DEFINE.SORT_ID, RANK_DEFINE.NAME, RANK_DEFINE.VISIBLE
FROM OU_USERS, USERS LEFT JOIN RANK_DEFINE ON USERS.RANK_CODE = RANK_DEFINE.CODE_NAME
WHERE OU_USERS.USER_GUID = USERS.GUID
AND USERS." + TSqlBuilder.Instance.CheckQuotationMark(eunmValueType.ToString(), false) + @" = {0}
{1}
{2}
AND OU_USERS.STATUS = 1
AND DATEDIFF(DAY, OU_USERS.START_TIME, GETDATE()) >= 0
AND DATEDIFF(DAY, GETDATE(), OU_USERS.END_TIME) >= 0 " ;
string strSql = string.Format(strOriginal,
TSqlBuilder.Instance.CheckQuotationMark(strUserValue, true),
" AND USERS.USER_PWD = " + TSqlBuilder.Instance.CheckQuotationMark(strPwd, true),
strPwdTypeGuid == string.Empty ? string.Empty : " AND USERS.PWD_TYPE_GUID = "
+ TSqlBuilder.Instance.CheckQuotationMark(strPwdTypeGuid, true));
using (DbContext context = DbContext.GetContext(CommonResource.AccreditConnAlias))
{
Database database = DatabaseFactory.Create(context);
DataSet ds = database.ExecuteDataSet(CommandType.Text, strSql + " AND USERS.POSTURAL <> 1 ");
if (ds.Tables[0].Rows.Count > 0)
{
SetImpersonateUser();
if (_StrUserLogOnName != strUserValue)
{
strSql = string.Format(strOriginal, TSqlBuilder.Instance.CheckQuotationMark(_StrUserLogOnName, true),
string.Empty, string.Empty);
ds = database.ExecuteDataSet(CommandType.Text, strSql);
}
}
else
{
DataSet posDS = database.ExecuteDataSet(CommandType.Text, strSql);
ExceptionHelper.TrueThrow(posDS.Tables[0].Rows.Count > 0,
"对不起,您的帐号[" + strUserValue + "]目前被禁用了!\n\n请联系管理员!");
}
InitData(ds);
}
}
catch (System.Exception ex)
{
//ExceptionManager.Publish(ex);
throw ex;
}
}
/// <summary>
/// 用户修改口令接口
/// </summary>
/// <param name="strUserValue">要求被修改口令的用户</param>
/// <param name="socu">strUserValue对应的数据类型</param>
/// <param name="strOldPwd">用户的旧口令</param>
/// <param name="strNewPwd">使用的新口令</param>
/// <param name="strConfirmPwd">新口令的确认</param>
/// <returns>本次修改是否成功</returns>
public bool UpdateUserPwd(string strUserValue, SearchObjectColumn socu, string strOldPwd, string strNewPwd, string strConfirmPwd)
{
ExceptionHelper.TrueThrow(string.IsNullOrEmpty(strNewPwd.Trim()), "对不起,用户的登录口令不能为空!");
ExceptionHelper.FalseThrow(strNewPwd == strConfirmPwd, "对不起,用户的“新口令”必须与“确认口令”一致!");
using (TransactionScope scope = TransactionScopeFactory.Create())
{
using (DbContext context = DbContext.GetContext(CommonResource.AccreditConnAlias))
{
Database database = DatabaseFactory.Create(context);
string strUserColName = OGUCommonDefine.GetSearchObjectColumn(socu);
string strSql = @"SELECT USERS.GUID
FROM USERS, OU_USERS
WHERE USERS.GUID = OU_USERS.USER_GUID
AND " + DatabaseSchema.Instence.GetTableColumns(strUserColName, "USERS")
+ " = " + TSqlBuilder.Instance.CheckQuotationMark(strUserValue, true) + @";
SELECT TOP 1 GUID FROM PWD_ARITHMETIC WHERE VISIBLE = 1 ORDER BY SORT_ID;" ;
DataSet ds = database.ExecuteDataSet(CommandType.Text, strSql);
ExceptionHelper.TrueThrow(ds.Tables[0].Rows.Count == 0, "对不起,系统中没有找到您指定的用户!");
ExceptionHelper.TrueThrow(ds.Tables[0].Rows.Count > 1, "对不起,您指定的用户在系统中不唯一!");
ExceptionHelper.TrueThrow(ds.Tables[1].Rows.Count < 1, "对不起,系统中找的不到数据表PWD_ARITHMETIC的数据!");
string secNewPwd = SecurityCalculate.PwdCalculate(ds.Tables[1].Rows[0][0].ToString(), strNewPwd);
string secOldPwd = SecurityCalculate.PwdCalculate(ds.Tables[1].Rows[0][0].ToString(), strOldPwd);
strSql = "UPDATE USERS SET USER_PWD = "
+ TSqlBuilder.Instance.CheckQuotationMark(secNewPwd, true) + @"
WHERE USERS.GUID = " + TSqlBuilder.Instance.CheckQuotationMark((string)ds.Tables[0].Rows[0]["GUID"], true) + @"
AND USERS.USER_PWD = "
+ TSqlBuilder.Instance.CheckQuotationMark(secOldPwd, true);
ExceptionHelper.FalseThrow(database.ExecuteNonQuery(CommandType.Text, strSql) == 1, "对不起,用户的旧口令不正确!");
}
scope.Complete();
}
return(true);
}