//管理员密码修改
public int AdminPasswdChange(sql_admin admin, string newpasswd)
{
SqlParameter[] parms =
{
data.MakeInParam("@AdminName", SqlDbType.VarChar, 50, admin.admin_name),
data.MakeInParam("@OldPassWord", SqlDbType.VarChar, 50, admin.admin_password),
data.MakeInParam("@NewPassWord", SqlDbType.VarChar, 50, newpasswd),
};
return(data.RunProc("update admin set adminPasswd=@NewPassWord where adminName=@AdminName and adminPasswd=@OldPassWord", parms));
}
//线下认证会员后由管理员更改用户的认证状态 status
public int AuthenticateUserStatus(sql_admin admin, string username)
{
SqlParameter[] parms =
{
data.MakeInParam("@UserName", SqlDbType.VarChar, 50, username),
// data.MakeInParam("@OldPassWord",SqlDbType.VarChar,50,admin.admin_password),
//data.MakeInParam("@NewPassWord",SqlDbType.VarChar,50,newpasswd),
};
return(data.RunProc("update users set status=1 where username=@UserName", parms));
}
//管理员登陆
public DataSet AdminLoginByAccount(sql_admin admin)
{
SqlParameter[] parms =
{
data.MakeInParam("@AdminName", SqlDbType.VarChar, 50, admin.admin_name),
data.MakeInParam("@PassWord", SqlDbType.VarChar, 50, admin.admin_password),
};
//返回结果集的方式,使用data.Tables[0].Rows.Count取得行数判断是否登录成功
return(data.RunProcReturn("select * from admin where adminName=@AdminName and adminPasswd=@PassWord", parms, "admin"));
}
protected void Button1_Click(object sender, EventArgs e)
{
string validatecode = validate_code.Text;
//Request.Cookies["CheckCode"]为空时会导致异常故需先检测
//验证码模块有点bug,先留着
//if (Request.Cookies["CheckCode"]!=null && Request.Cookies["CheckCode"].Value == validatecode)
if (true)
{
string pass = FormsAuthentication.HashPasswordForStoringInConfigFile(password.Text, "MD5");
sql_admin myadmin = new sql_admin();
myadmin.AdminName = username.Text;
myadmin.AdminPassword = pass;
//创建数据库连接
/*SqlContion con = new SqlConnection("server=.;database=MarriageAndLove;uid=sa;pwd=conan;");
* //打开数据库连接
* con.Open();
* //使用MD5加密将用户输入的密码加密
*
* //创建SQL语句,该语句用来查询用户输入的用户名和密码是否正确
* string sqlSel = "select count(*) from admin where adminName=@name and adminPasswd=@pass";
* //创建SqlCommand对象
* SqlCommand com = new SqlCommand(sqlSel, con);
* //使用Parameters的add方法添加参数类型
* com.Parameters.Add(new SqlParameter("name", SqlDbType.VarChar, 20));
* //设置Parameters的参数值
* com.Parameters["name"].Value = username.Text;
* com.Parameters.Add(new SqlParameter("pass", SqlDbType.VarChar, 32));
* com.Parameters["pass"].Value = pass;
*/
//判断ExecuteScalar方法返回的参数是否大于0大于表示登录成功并给出提示
//if (Convert.ToInt32(com.ExecuteScalar()) > 0)
if (myadmin.AdminLoginByAccount(myadmin).Tables[0].Rows.Count > 0)
{
//设置session
Session["username"] = username.Text;
WebMessageBox.Show("登录成功", "admin_manage.aspx");
// RegisterStartupScript("", "<script>alert('登录成功!')</script>");
//清空文本框
// txtCode.Text = txtUserName.Text = "";
//服务器端重定向
// Server.Transfer();
}
else
{
WebMessageBox.Show("用户名或密码错误", "login.aspx");
}
}
else
{
WebMessageBox.Show("验证码输入错误", "login.aspx");
}
}
protected void Button1_Click(object sender, EventArgs e)
{
//使用MD5加密将用户输入的密码加密
string pass = FormsAuthentication.HashPasswordForStoringInConfigFile(old_password.Text, "MD5");
sql_admin myadmin = new sql_admin();
myadmin.AdminName = username.Text;
myadmin.AdminPassword = pass;
//创建数据库连接
/*SqlConnection con = new SqlConnection("server=.;database=MarriageAndLove;uid=sa;pwd=conan;");
* //打开数据库连接
* con.Open();
*
* //创建SQL语句,该语句用来查询用户输入的用户名和密码是否正确
* string sqlSel = "select count(*) from admin where adminName=@name and adminPasswd=@pass";
* //创建SqlCommand对象
* SqlCommand com = new SqlCommand(sqlSel, con);
* //使用Parameters的add方法添加参数类型
* com.Parameters.Add(new SqlParameter("name", SqlDbType.VarChar, 20));
* //设置Parameters的参数值
* com.Parameters["name"].Value = username.Text;
* com.Parameters.Add(new SqlParameter("pass", SqlDbType.VarChar, 32));
* com.Parameters["pass"].Value = pass;
* if (Convert.ToInt32(com.ExecuteScalar()) > 0)*/
if (myadmin.AdminLoginByAccount(myadmin).Tables[0].Rows.Count > 0)
{
string newpass = FormsAuthentication.HashPasswordForStoringInConfigFile(new_password.Text, "MD5");
//myadmin.AdminNewPassword = newpass;
/*string sqlChangePasswd = "update admin set adminPasswd=@pass where adminName=@name";
* SqlCommand comChangePasswd = new SqlCommand(sqlChangePasswd,con);
* comChangePasswd.Parameters.Add(new SqlParameter("pass", SqlDbType.VarChar, 32));
* comChangePasswd.Parameters["pass"].Value = newpass;
* comChangePasswd.Parameters.Add(new SqlParameter("name", SqlDbType.VarChar, 32));
* comChangePasswd.Parameters["name"].Value = username.Text;
*/
//if (comChangePasswd.ExecuteNonQuery() != null)
if (myadmin.AdminPasswdChange(myadmin, newpass) == 0)
{
WebMessageBox.Show("修改成功", "check_userinfo.aspx");
}
else
{
WebMessageBox.Show("修改失败", "passwd_change.aspx");
}
}
else
{
WebMessageBox.Show("旧密码错误", "passwd_change.aspx");
}
}
