public static void CheckLogin()
{
if (SessionS.GetSessionValue("LoginUser") == null)
{
HttpContext.Current.Response.Redirect("~/Login.aspx");
}
}
public static UserVM GetLoginUser()
{
UserVM user = SessionS.GetSessionValue("LoginUser") as UserVM;
if (user == null)
{
HttpContext.Current.Response.Redirect("~/Login.aspx");
}
return(user);
}
/// <summary>
/// 驗證是否登錄,如會話過期會跳轉到登錄頁面
/// </summary>
public static void CheckLogin()
{
if (SessionS.GetSessionValue("LoginUser") == null)
{
HttpContext.Current.Response.Redirect("~/Login.aspx");
//不要用Server導向,因為怕對方猜到未導向的網址
//HttpContext.Current.Server.Transfer("~/Login.aspx");
}
}
protected void Page_Load(object sender, EventArgs e)
{
AllowHttpMethod("GET", "POST");
NameValueCollection NVC = Request.QueryString;
if (NVC != null && NVC.Count > 0)
{
//throw new HttpException(404, "Not found");
Response.Redirect("/");
}
if (WebConfigurationManager.AppSettings["SystemPowerCateID"] != null)
{
SystemPowerCateID = Convert.ToInt32(WebConfigurationManager.AppSettings["SystemPowerCateID"]);
}
if (this.IsPostBack == true)
{
UserVM user = SessionS.GetSessionValue("LoginUser") as UserVM;
if (user != null)
{
int Chk = 0;
using (SqlConnection sc = new SqlConnection(WebConfigurationManager.ConnectionStrings["ConnUser"].ToString()))
{
using (SqlCommand cmd = new SqlCommand("dbo.usp_SystemM_xUpdateLogoutDate", sc))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@UserID", user.ID);
cmd.Parameters.AddWithValue("@LoginDate", user.LoginDate);
cmd.Parameters.AddWithValue("@SystemPowerCateID", SystemPowerCateID);
SqlParameter sp = cmd.Parameters.AddWithValue("@Chk", Chk);
sp.Direction = ParameterDirection.Output;
sc.Open();
cmd.ExecuteNonQuery();
Chk = (int)sp.Value;
}
}
Session.Clear();
}
}
}
public ActionResult AddSessionS(SessionS session)
{
//查询电影时长
var str = HttpClientHelper.SendRequest("api/Lmq/ShowMovie", "get");
var list = JsonConvert.DeserializeObject <List <Movie> >(str);
var mid = list.Where(l => l.MId == session.MovieId).FirstOrDefault().M_Time;//电影时长
session.S_EndTime = session.S_BeginTime.AddMinutes(mid);
string str1 = JsonConvert.SerializeObject(session);
string i = HttpClientHelper.SendRequest("api/Lmq/AddSessionS", "post", str1);
if (i == "1")
{
return(Content("<script>alert('添加成功');location.href='/LmqMVC/AddSessionS';</script>"));
}
else
{
return(Content("<script>alert('添加失败');location.href='/LmqMVC/AddSessionS';</script>"));
}
}
protected void btnLogin_Click(object sender, EventArgs e)
{
string txtUser = tbUser.Text.Trim();
string txtPassword = tbPassword.Text.Trim();
string txtCode = tbCode.Text.ToLower().Trim();
int UserCount = 0;
DataTable dt = new DataTable();
//if (SessionS.GetSessionValue("CheckCode") == null || SessionS.GetSessionValue("CheckCode").ToString().Equals(txtCode) == false)
//{
// Panel1.Visible = true;
// lblError.Text = "驗證碼錯誤";
// return;
//}
EncryptT enc = new EncryptT();
using (SqlConnection sc = new SqlConnection(WebConfigurationManager.ConnectionStrings["ConnUser"].ToString()))
{
using (SqlCommand cmd = new SqlCommand("dbo.usp_SystemM_xCheckLogin", sc))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@LoginName", txtUser);
cmd.Parameters.AddWithValue("@LoginPassword", enc.ToSHA256(txtPassword));
cmd.Parameters.AddWithValue("@FunctionIndex", 1);
SqlParameter sp = cmd.Parameters.AddWithValue("@UserCount", UserCount);
sp.Direction = ParameterDirection.Output;
sc.Open();
cmd.ExecuteNonQuery();
UserCount = (int)sp.Value;
}
}
if (UserCount > 0)
{
using (SqlConnection sc = new SqlConnection(WebConfigurationManager.ConnectionStrings["ConnUser"].ToString()))
{
using (SqlCommand cmd = new SqlCommand("dbo.usp_SystemM_xGetUserByLoginName", sc))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@LoginName", txtUser);
using (SqlDataAdapter da = new SqlDataAdapter(cmd))
{
sc.Open();
da.Fill(dt);
}
}
}
UserVM user = new UserVM();
EntityS.FillModel <UserVM>(user, dt);
user.LoginDate = DateTime.Now;
HttpContext.Current.Session["LoginUser"] = user;
string tempUrl = SessionS.GetSessionValue("tempUrl") as string;
if (tempUrl != null)
{
SessionS.RemoveSession("tempUrl");
Response.Redirect(tempUrl);
}
else
{
Response.Redirect("~/Home.aspx");
}
}
else
{
Panel1.Visible = true;
lblError.Text = "帳號密碼錯誤";
}
}
public static void SetLoginUser(UserVM user)
{
SessionS.AddSession("LoginUser", user);
}
protected void btnLogin_Click(object sender, EventArgs e)
{
string script = "";
string txtUser = tbUser.Text.Trim();
string txtPassword = tbPassword.Text.Trim();
string txtCode = tbCode.Text.ToLower().Trim();
int UserCount = 0;
DataTable dt = new DataTable();
if (SessionS.GetSessionValue("CheckCode") == null || SessionS.GetSessionValue("CheckCode").ToString().Equals(txtCode) == false)
{
tbCode.Text = "";
script = "<script>alert('驗證碼錯誤');</script>";
Page.ClientScript.RegisterClientScriptBlock(this.Page.GetType(), "alert", script, false);
return;
}
EncryptT enc = new EncryptT();
using (SqlConnection sc = new SqlConnection(WebConfigurationManager.ConnectionStrings["ConnUser"].ToString()))
{
using (SqlCommand cmd = new SqlCommand("dbo.usp_SystemM_xCheckLogin", sc))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@LoginName", txtUser);
cmd.Parameters.AddWithValue("@LoginPassword", enc.ToSHA256(txtPassword));
cmd.Parameters.AddWithValue("@FunctionIndex", Convert.ToInt32(WebConfigurationManager.AppSettings["SystemFunctionIndex"]));
SqlParameter sp = cmd.Parameters.AddWithValue("@UserCount", UserCount);
sp.Direction = ParameterDirection.Output;
sc.Open();
cmd.ExecuteNonQuery();
UserCount = (int)sp.Value;
}
}
if (UserCount > 0)
{
using (SqlConnection sc = new SqlConnection(WebConfigurationManager.ConnectionStrings["ConnUser"].ToString()))
{
using (SqlCommand cmd = new SqlCommand("dbo.usp_SystemM_xGetUserByLoginName", sc))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@LoginName", txtUser);
using (SqlDataAdapter da = new SqlDataAdapter(cmd))
{
sc.Open();
da.Fill(dt);
}
}
}
UserVM user = new UserVM();
EntityS.FillModel <UserVM>(user, dt);
//user.LoginDate = DateTime.Now;
var org = SystemOrg.GetVM(user.OrgID);
var clientIP = IpAddressS.GetIP();
IpT ipt = new IpT(clientIP);
NameValueCollection rRequest = Request.ServerVariables;
bool yesOrNo = false;
if (clientIP != null && org != null)
{
if (clientIP.Equals("::1") || clientIP.Equals("127.0.0.1") || string.IsNullOrEmpty(org.IpStart) || string.IsNullOrEmpty(org.IpEnd) || org.IpStart.Equals("0.0.0.0") && org.IpEnd.Equals("0.0.0.0"))
{
yesOrNo = true;
}
else
{
yesOrNo = ipt.CheckInNowWifi(string.Format("{0}-{1}", org.IpStart, org.IpEnd));
}
}
else if (user.OrgID == 1)
{
yesOrNo = true;
}
else if (org == null)
{
script = "<script>alert('無權限登入');</script>";
Page.ClientScript.RegisterClientScriptBlock(this.Page.GetType(), "alert", script, false);
return;
}
if (yesOrNo == false)
{
script = "<script>alert('非允許IP位置');</script>";
}
else
{
int Chk = 0;
using (SqlConnection sc = new SqlConnection(WebConfigurationManager.ConnectionStrings["ConnUser"].ToString()))
{
using (SqlCommand cmd = new SqlCommand("dbo.usp_SystemM_xUpdateLoginDate", sc))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@UserID", user.ID);
cmd.Parameters.AddWithValue("@LoginIP", IpAddressS.GetIP());
cmd.Parameters.AddWithValue("@SystemPowerCateID", SystemPowerCateID);
SqlParameter sp1 = cmd.Parameters.AddWithValue("@LoginDateOut", user.LoginDate);
sp1.Direction = ParameterDirection.Output;
SqlParameter sp2 = cmd.Parameters.AddWithValue("@Chk", Chk);
sp2.Direction = ParameterDirection.Output;
sc.Open();
cmd.ExecuteNonQuery();
user.LoginDate = (DateTime)sp1.Value;
Chk = (int)sp2.Value;
}
}
if (Chk > 0)
{
//Session.Abandon();
//Session.Clear();
HttpContext.Current.Session["LoginUser"] = user;
string tempUrl = SessionS.GetSessionValue("tempUrl") as string;
if (tempUrl != null)
{
SessionS.RemoveSession("tempUrl");
Response.Redirect(tempUrl);
}
else
{
Response.Redirect("~/Home.aspx");
}
}
else
{
script = "<script>alert('帳號密碼錯誤');</script>";
}
}
}
else
{
script = "<script>alert('帳號密碼錯誤');</script>";
}
Page.ClientScript.RegisterClientScriptBlock(this.Page.GetType(), "alert", script, false);
}
