protected void Button1_Click(object sender, EventArgs e)
{
if (TB_UserID.Text.Equals(""))
ShowMessage("請輸入用戶名稱!", MessagePanel, TB_UserID);
else if (TB_UserPw.Text.Equals(""))
ShowMessage("請輸入用戶密碼!", MessagePanel, TB_UserPw);
else
{
String UserPW = "";
String sql = "select user_pw from rps_userinfo where user_id = '" + TB_UserID.Text.Trim() + "'";
try
{
Database db = new Database("rpsdb", sql, Database.WebConfig);
SqlDataReader reader = db.GetReader();
while (reader.Read())
UserPW = reader["user_pw"].ToString();
if (!reader.HasRows || !TB_UserPw.Text.Trim().Equals(UserPW.Trim()))
{
TB_UserPw.Text = "";
ShowMessage("登入失敗!", MessagePanel, TB_UserPw);
db.Close();
}
else
{
Session[HF_UserToken.Value] = true;
Session["User"] = new User(TB_UserID.Text, TB_UserPw.Text, Request.UserHostAddress, HF_UserToken.Value);
db.Close();
ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "ClientScript", "location.replace('/Main.aspx');", true);
}
}
catch (SqlException)
{
TB_UserPw.Text = "";
TB_UserPw.Text = "";
MessagePanel.Text = "資料庫連接失敗!";
//MessagePanel.Text = ex.Message;
}
}
}
protected void Btn_AddUser_Click(object sender, EventArgs e)
{
if (TB_UserID.Text.Equals(""))
ShowMessage("請輸入用戶ID!", MessagePanel, TB_UserID);
else if (TB_UserPw.Text.Equals(""))
ShowMessage("請輸入用戶密碼!", MessagePanel, TB_UserPw);
else if (TB_UserName.Text.Equals(""))
ShowMessage("請輸入用戶名稱!", MessagePanel, TB_UserName);
else
{
String UserID = TB_UserID.Text.Trim();
String UserName = TB_UserName.Text.Trim();
String UserPW = Cryptography.MD5(TB_UserPw.Text);
String UserDept = DDL_Dept.SelectedValue;
String sql = "select * from rps_userinfo where user_id = '" + UserID + "'";
Database db = new Database("rpsdb", sql, Database.WebConfig);
SqlDataReader reader = db.GetReader();
if (reader.HasRows)
ShowMessage("用戶ID己存在!", MessagePanel, TB_UserID);
else
{
reader.Close();
sql = "insert into rps_userinfo values (" +
"'" + UserID + "', '" + UserPW + "', '" + UserName + "', '" + UserDept + "', '1900-01-01 00:00:00.000', 'T')";
db.ExecuteSql(sql);
sql = "insert into rps_usermenu values ('" + UserID + "','R00')";
db.ExecuteSql(sql);
sql = "insert into rps_usermenu values ('" + UserID + "','R0002')";
db.ExecuteSql(sql);
String ClientScript = "alert('用戶新增成功!'); location.replace('R0101_UserMaintenance.aspx'); ";
ScriptManager.RegisterClientScriptBlock(UpdatePanel1, GetType(), "Alert", ClientScript, true);
}
}
}