Exemplo n.º 1
0
    public static string ChangePassword(string username, string password)
    {
        // EnCryptPassword
        string salt       = System.Configuration.ConfigurationManager.AppSettings["salt"];
        string strEnCrypt = SHA256.EcryptPassword(password, salt);

        SqlCommand sqlCmd = new SqlCommand();

        sqlCmd.CommandText = "update  dbo.Users set Password = '******' where username =LOWER('" + username + "')";

        string res = ClassMain.strExecuteComand(sqlCmd);

        return(res);
    }
Exemplo n.º 2
0
    protected void btnSignin_Click(object sender, EventArgs e)
    {
        // EnCryptPassword
        string salt       = System.Configuration.ConfigurationManager.AppSettings["salt"];
        string strEnCrypt = SHA256.EcryptPassword(inputPassword.Text, salt);

        SqlCommand sql = new SqlCommand();

        sql.CommandText = "select ID from dbo.Users where Username =LOWER('" + inputUsername.Text + "') and Password = '******'";

        DataTable dt     = new DataTable();
        int       userId = 0;

        try
        {
            userId = ClassMain.intExecuteComand(sql);
            dt     = ClassMain.ExecuteComandTable(sql);
            switch (userId)
            {
            case 0:
                //Login1.FailureText = "Username and/or password is incorrect.";
                lblResult.Visible = true;
                lblResult.Text    = "Username and/or password is incorrect.";
                break;

            case -1:
                //Login1.FailureText = "Username and/or password is incorrect.";
                lblResult.Visible = true;
                lblResult.Text    = "Username and/or password is incorrect.";
                break;

            case -2:
                //Login1.FailureText = "Account has not been activated.";
                lblResult.Visible = true;
                lblResult.Text    = "Account has not been activated.";
                break;

            default:
                FormsAuthentication.RedirectFromLoginPage(inputUsername.Text, true);
                Session["userlogin"] = inputUsername.Text;
                Response.Redirect("~/Default.aspx");
                break;
            }
        }
        catch (Exception)
        {
            throw;
        }
    }
Exemplo n.º 3
0
    public static ResultEN CreateUser(string username, string password, int role_id, int branch_id)
    {
        ResultEN res = new ResultEN();

        username = username.Trim().ToLower();
        SqlCommand sqlCmd = new SqlCommand();

        sqlCmd.CommandText = "select username from Users where username ='******'";

        // check duplicate username
        int count = ClassMain.intExecuteComand(sqlCmd);

        if (count > 0)
        {
            res.result      = false;
            res.returnValue = "Duplicate Username";
            return(res);
        }


        string strEnCrypt = SHA256.EcryptPassword(password, salt);

        StringBuilder Sql = new StringBuilder();

        Sql.AppendLine("INSERT INTO [dbo].[Users]");
        Sql.AppendLine("           ([Username]");
        Sql.AppendLine("           ,[Password]");
        Sql.AppendLine("           ,[Role_id]");
        Sql.AppendLine("           ,[CreatedDate]");
        Sql.AppendLine("           ,[CreatedBy]");

        Sql.AppendLine(")");
        Sql.AppendLine("     VALUES");
        Sql.AppendLine("           ('" + username + "'");
        Sql.AppendLine("           ,'" + strEnCrypt + "'");
        Sql.AppendLine("           ," + role_id);
        Sql.AppendLine("           ,getdate()");
        Sql.AppendLine("           ,'" + HttpContext.Current.User.Identity.Name + "')");

        sqlCmd             = new SqlCommand();
        sqlCmd.CommandText = Sql.ToString();
        res.result         = ClassMain.ExecuteComand(sqlCmd);
        if (res.result)
        {
            res.returnValue = "Create Username Success.";
        }

        return(res);
    }
Exemplo n.º 4
0
        protected void btnReset_Click(object sender, EventArgs e)
        {
            // EnCryptPassword
            string salt       = System.Configuration.ConfigurationManager.AppSettings["salt"];
            string strEnCrypt = SHA256.EcryptPassword(inputPassword.Text, salt);

            SqlCommand sqlCmd = new SqlCommand();

            sqlCmd.CommandText = "update  dbo.Users set Password = '******' where Username ='******'";

            string res = ClassMain.strExecuteComand(sqlCmd);

            if (res != "")
            {
                lblResult.Text = res;
            }
            else
            {
                lblResult.Text    = "Update success.";
                lblResult.Visible = true;
            }
        }
Exemplo n.º 5
0
    public static ResultEN ChangeUsername(int id, string username_old, string username_new, string password)
    {
        ResultEN   res    = new ResultEN();
        SqlCommand sqlCmd = new SqlCommand();

        username_old       = username_old.Trim().ToLower();
        username_new       = username_new.Trim().ToLower();
        sqlCmd.CommandText = "select username from Users where username ='******' and username <> '" + username_old + "'";

        // check duplicate username not self
        int count = ClassMain.intExecuteComand(sqlCmd);

        if (count > 0)
        {
            res.result      = false;
            res.returnValue = "Duplicate Username";
            return(res);
        }

        string strEnCrypt = SHA256.EcryptPassword(password, salt);

        sqlCmd = new SqlCommand();
        StringBuilder Sql = new StringBuilder();

        Sql.AppendLine("UPDATE [dbo].[Users]");
        Sql.AppendLine("   SET [Username] = '" + username_new + "'");
        Sql.AppendLine("      ,[Password] = '" + strEnCrypt + "'");
        Sql.AppendLine("      ,[UpdDate] = getdate()");
        Sql.AppendLine("      ,[UpdTime] = getdate()");
        Sql.AppendLine("      ,[UpdBy] = '" + HttpContext.Current.User.Identity.Name + "'");
        Sql.AppendLine(" WHERE id = " + id);
        sqlCmd.CommandText = sqlCmd.ToString();

        res.result = ClassMain.ExecuteComand(sqlCmd);
        return(res);
    }
Exemplo n.º 6
0
        protected void btnSignin_Click(object sender, EventArgs e)
        {
            // EnCryptPassword
            string salt       = System.Configuration.ConfigurationManager.AppSettings["salt"];
            string strEnCrypt = SHA256.EcryptPassword(inputPassword.Text, salt);


            SqlCommand sql = new SqlCommand();

            sql.CommandText = "select ID from dbo.Users where Username =LOWER('" + inputUsername.Text + "') and Password = '******'";

            DataTable dt     = new DataTable();
            int       userId = 0;

            try
            {
                userId = ClassMain.intExecuteComand(sql);
                dt     = ClassMain.ExecuteComandTable(sql);
                switch (userId)
                {
                case 0:
                    //Login1.FailureText = "Username and/or password is incorrect.";
                    lblResult.Visible = true;
                    lblResult.Text    = "Username and/or password is incorrect.";
                    break;

                case -1:
                    //Login1.FailureText = "Username and/or password is incorrect.";
                    lblResult.Visible = true;
                    lblResult.Text    = "Username and/or password is incorrect.";
                    break;

                case -2:
                    //Login1.FailureText = "Account has not been activated.";
                    lblResult.Visible = true;
                    lblResult.Text    = "Account has not been activated.";
                    break;

                default:
                    FormsAuthentication.RedirectFromLoginPage(inputUsername.Text, true);

                    Session["userlogin"] = inputUsername.Text;



                    bool isAuthenticated = true;
                    if (isAuthenticated == true)
                    {
                        // generate authentication ticket
                        FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,                           // version
                                                                                             inputUsername.Text,          // username
                                                                                             DateTime.Now,                // creation
                                                                                             DateTime.Now.AddMinutes(60), // Expiration
                                                                                             false,                       // Persistent
                                                                                             ""                           //No additional data supplied
                                                                                             );
                        // Encrypt the ticket.
                        string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
                        // Create a cookie and add the encrypted ticket to the cookie
                        HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
                                                               encryptedTicket);
                        Response.Cookies.Add(authCookie);
                        // Redirect the user to the originally requested page
                        Response.Redirect(FormsAuthentication.GetRedirectUrl(inputUsername.Text, false));
                    }
                    break;
                }
            }
            catch (Exception)
            {
                throw;
            }


            //// TEST
            //Session["test"] = "1";
            //Response.Redirect("~/Default.aspx");
        }