protected void Page_Load(object sender, EventArgs e)
{
string UserName = "";
if (Session["UserName2"] != null && Session["UserID"] != null)
{
UserName = Session["UserName2"].ToString();
//正常退出时应该改写活跃用户记录
string sql = "delete from activeuser where username='******'";
DbHelperSQL.ExecuteSql(sql);
string userid = Session["UserID"].ToString();
LoginRecordBLL bll = new LoginRecordBLL();
List <LoginRecord> list = bll.GetList(" userid=" + userid + " order by id desc");
string sql2 = "update loginrecord set BY1='" + System.DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss") + "' where id=" + list[0].ID;
DbHelperSQL.ExecuteSql(sql2);
}
Session["UserID"] = 0;
Session["UserName"] = "";
Session["UserName2"] = null;
Session.Abandon();
FormsAuthentication.SignOut();
Response.Redirect("Index.aspx");
}
protected void Button1_Click(object sender, EventArgs e)
{
if ("".Equals(tbUserName.Value.Trim()))
{
this.ClientScript.RegisterStartupScript(this.GetType(), "noUser", "alert('用户名不能为空!');", true);
return;
}
#region 查看当前用户是否已经被锁定(根据系统设定的最大密码错误次数和启用该功能的开关)
string PassWordErrorRecord = StringEncodeAndDecode.Decode(ConfigurationManager.AppSettings["PassWordErrorRecord"].ToString()).ToUpper();
if (PassWordErrorRecord.Equals("QIYONG") && !CheckErrorRecord())
{
this.ClientScript.RegisterStartupScript(this.GetType(), "noUser", "alert('您今天的密码错误次数已经达到上限,系统拒绝您今天登陆!');", true);
return;
}
#endregion
FormsAuthentication.Initialize();
UserBll userBll = new UserBll();
thesis.model.User spcUser = userBll.GetModel(tbUserName.Value.Trim().ToLower());
if (spcUser != null && spcUser.MM.Equals(StringEncodeAndDecode.Encode(tbPassword.Value.Trim())))
{
//写入日志
OperationLogBll olBll = new OperationLogBll();
OperationLog oLog = new OperationLog();
oLog.SPECIES12_ID = spcUser.ID;
string ipaddress = ClientIPAddress.getIPAddress();
oLog.RQSJ = DateTime.Now;
oLog.NR = spcUser.NAME + "成功登录本系统【" + ipaddress + "】!";
oLog.ENR = spcUser.NAME + "load successfully[" + ipaddress + "]!";
olBll.Add(oLog);
//修改用户的登录信息,添加用户登陆日志
/*修改用户的最新登陆日期和访问量*/
string logindate = System.DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
spcUser.HOLD1 = logindate;
spcUser.HOLD2 = spcUser.HOLD2.Trim().Equals("") ? "1" : (int.Parse(spcUser.HOLD2) + 1).ToString();
userBll.Update(spcUser);
/*写入登陆日志*/
LoginRecordBLL loginbll = new LoginRecordBLL();
LoginRecord record = new LoginRecord();
record.USERID = spcUser.ID;
record.IPADDRESS = ipaddress;
record.LOGINDATE = logindate;
record.BY2 = "";
record.BY1 = "";
loginbll.Add(record);
// 为了实现认证,创建一个新的票据
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // 票据版本号
tbUserName.Value.Trim(), // 票据持有者
DateTime.Now, //分配票据的时间
DateTime.Now.AddMinutes(30), // 失效时间
true, // 需要用户的 cookie
"spcuser", // 用户数据,可以作为用户的角色
FormsAuthentication.FormsCookiePath); //cookie有效路径
//使用机器码machine key加密cookie,为了安全传送
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // 认证cookie的名称
hash); //加密之后的cookie
//将cookie的失效时间设置为和票据tikets的失效时间一致
if (ticket.IsPersistent)
{
cookie.Expires = ticket.Expiration;
}
//添加cookie到页面请求响应中
Response.Cookies.Add(cookie);
// 将用户转向到之前请求的页面,
// 如果之前没有请求任何页面,就转向到首页
string returnUrl = Request.QueryString["ReturnUrl"];
if (returnUrl == null)
{
returnUrl = "Default.aspx";
}
// 不要调用 FormsAuthentication.RedirectFromLoginPage 方法,
// 因为它会把刚才添加的票据(cookie)替换掉
#region 清除密码错误记录
if (PassWordErrorRecord.Equals("QIYONG"))
{
string del = "delete from ERRORPASSWORDRECORD where username='******' and ERRORDATE='" + System.DateTime.Now.ToString("yyyy-MM-dd") + "'";
DbHelperSQL.ExecuteSql(del);
}
#endregion
#region 清除超时用户,同时清除自己以前的登录记录(目的是防止因为Session过期而导致的重新登陆拒绝问题)
string LimitOnline = StringEncodeAndDecode.Decode(ConfigurationManager.AppSettings["LimitOnline"]);
if (!LimitOnline.ToUpper().Equals("XJTUCIMSSPC"))
{
if (DelTimeOut(this.tbUserName.Value.ToString()))
{
WriteActiveUser(this.tbUserName.Value.ToString());
Session["userwrx"] = spcUser;
Session["UserName2"] = tbUserName.Value.ToString();
Session["UserID"] = spcUser.ID;
Response.Redirect(returnUrl);
}
else
{
this.ClientScript.RegisterStartupScript(this.GetType(), "noUser", "alert('当前用户已经登录,不能重复登录!');", true);
}
}
else
{
Session["userwrx"] = spcUser;
Session["UserName2"] = tbUserName.Value.ToString();
Session["UserID"] = spcUser.ID;
Response.Redirect(returnUrl);
}
#endregion
}
else
{
if (PassWordErrorRecord.Equals("QIYONG"))
{
string sql_sel = "select * from ERRORPASSWORDRECORD where username='******' and ERRORDATE='" + System.DateTime.Now.ToString("yyyy-MM-dd") + "'";
DataSet ds = DbHelperSQL.Query(sql_sel);
int max_error = 5;
int remain_error = 4;
if (!StringEncodeAndDecode.Decode(ConfigurationManager.AppSettings["ErrorRecordNum"].ToString()).Equals(""))
{
max_error = int.Parse(StringEncodeAndDecode.Decode(ConfigurationManager.AppSettings["ErrorRecordNum"].ToString()));
}
if (ds.Tables[0].Rows.Count == 0)//还没有错误过
{
string sql_ins = "insert into ERRORPASSWORDRECORD(username,IPADDRESS,ERRORNUM,ERRORDATE)values('" + this.tbUserName.Value + "','" + ClientIPAddress.getIPAddress() + "',1,'" + System.DateTime.Now.ToString("yyyy-MM-dd") + "')";
DbHelperSQL.ExecuteSql(sql_ins);
}
else
{
string sql_update = "update ERRORPASSWORDRECORD set ERRORNUM=ERRORNUM+1 where username='******' and ERRORDATE='" + System.DateTime.Now.ToString("yyyy-MM-dd") + "'";
DbHelperSQL.ExecuteSql(sql_update);
remain_error = max_error - int.Parse(ds.Tables[0].Rows[0]["ERRORNUM"].ToString()) - 1;
}
this.ClientScript.RegisterStartupScript(this.GetType(), "noUser", "alert('错误的用户名/密码,您还有【" + remain_error + "】次尝试机会!');", true);
}
else
{
this.ClientScript.RegisterStartupScript(this.GetType(), "noUser", "alert('错误的用户名/密码!');", true);
}
}
}
