public static string ChangePass(newPass pass)
{
List <newPass> newPass = new List <newPass>();
byte up = 0;
string config = Convert.ToString(ConfigurationManager.ConnectionStrings["dbcon"]);
SqlConnection con = new SqlConnection(config);
con.Open();
String str = "select pass_word from adminusers where Emp_ID = @Emp_id";
using (SqlCommand cmd = new SqlCommand(str, con))
{
cmd.Parameters.Add("@Emp_ID", SqlDbType.Int).Value = pass.Emp_ID;
SqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
if (pass.oldPass == reader["pass_word"].ToString())
{
up = 1;
}
}
reader.Close();
con.Close();
if (up == 1)
{
con.Open();
str = "update adminusers set pass_word=@pass_word where Emp_ID = @Emp_id";
using (SqlCommand cmd1 = new SqlCommand(str, con))
{
cmd1.Parameters.Add("@Emp_ID", SqlDbType.Int).Value = pass.Emp_ID;
cmd1.Parameters.Add("@pass_word", SqlDbType.VarChar).Value = pass.pass_word;
cmd1.ExecuteNonQuery();
}
con.Close();
return(JsonConvert.SerializeObject(newPass));
}
else
{
return("error");
}
}
}
public ActionResult SettPersDannie(newPass mod)
{
if (User.Identity.IsAuthenticated)
{
if (ModelState.IsValid)
{
//Хеширование старого пароля
string psh = Shifrovanie.Hash(mod.password.ToString());
//Хеширование нового пароля
string pshnew = Shifrovanie.Hash(mod.password1.ToString());
SqlCommand command = new SqlCommand("", Program.SqlConnection);
//сравнение паролей
command.CommandText = "SELECT count(*) FROM dbo.Accounts where [dbo].[Accounts].[Login] = '" + User.Identity.Name + "' and [dbo].[Accounts].[Password_Shifr] = '" + psh + "'";
Program.SqlConnection.Open();
int co = Convert.ToInt32(command.ExecuteScalar());
Program.SqlConnection.Close();
if (co > 0)
{
if (mod.password1 == mod.password2 && mod.password1 != "" && mod.password2 != "")
{
//Смена пароля
ViewBag.New = "";
ViewBag.NewPass = "";
ViewBag.OldPass = "";
command.CommandText = "update Accounts " +
"set " +
"Password = '******', " +
"Password_Shifr = '" + pshnew + "' " +
"where Login = '******'";
Program.SqlConnection.Open();
command.ExecuteScalar();
Program.SqlConnection.Close();
ViewBag.SucMes = "Пароль изменен!";
ViewBag.Suc = true;
return(View(mod));
}
else
{
//Если новые пароли не совпадают
ModelState.AddModelError("password1", "Новые пароли не совпадают");
ModelState.AddModelError("password2", "Новые пароли не совпадают");
return(View(mod));
}
}
else
{
//Если пароль старый указан неверно
ModelState.AddModelError("password", "Старый пароль указан неверно");
return(View(mod));
}
}
else
{
//Если поля пустые
ModelState.AddModelError("password", "Поля не заполнены");
ModelState.AddModelError("password1", "Поля не заполнены");
ModelState.AddModelError("password2", "Поля не заполнены");
return(View(mod));
}
}
else
{
return(Redirect("/Error/NotAuth"));
}
}
