/// <summary>
/// 用户登录 返回空""成功,否则返回失败信息
/// </summary>
/// <param name="userName"></param>
/// <param name="userPassword"></param>
/// <returns></returns>
public static string Login(string userName, string userPassword)
{
try {
var res = string.Empty;
const string sqlUserName = "******";
var paramsStr = new StringBuilder();
paramsStr.Append("@Adn_UserName nvarchar(50)");
Database db = DatabaseFactory.CreateDatabase();
var command = SQLServerUtiles.Get_SP_ExecuteSQL(db, sqlUserName, paramsStr.ToString());
db.AddInParameter(command, "Adn_UserName", DbType.AnsiString, userName);
var name = db.ExecuteScalar(command);
if (name == null || name == DBNull.Value) {
const string sqlFacName = "SELECT * FROM FactroyInfo WHERE ConCell = @Adn_UserName";
var paramsStrFac = new StringBuilder();
paramsStrFac.Append("@Adn_UserName nvarchar(50)");
Database dbFac = DatabaseFactory.CreateDatabase();
var commandFac = SQLServerUtiles.Get_SP_ExecuteSQL(dbFac, sqlFacName, paramsStrFac.ToString());
dbFac.AddInParameter(commandFac, "Adn_UserName", DbType.AnsiString, userName);
var nameFac = dbFac.ExecuteScalar(commandFac);
if (nameFac == null || nameFac == DBNull.Value) {
res = "用户名有误或不存在!";
}
else {
const string sqlFac = "SELECT * FROM FactroyInfo WHERE ConCell = @Adn_UserName and PassWord=@Adn_Password";
paramsStrFac.Append(",@Adn_Password nvarchar(50)");
Database dbFacInfo = DatabaseFactory.CreateDatabase();
var commandFacInfo = SQLServerUtiles.Get_SP_ExecuteSQL(dbFacInfo, sqlFac, paramsStrFac.ToString());
dbFacInfo.AddInParameter(commandFacInfo, "Adn_UserName", DbType.AnsiString, userName);
dbFacInfo.AddInParameter(commandFacInfo, "Adn_Password", DbType.AnsiString, userPassword);
var dataReader = dbFacInfo.ExecuteReader(commandFacInfo);
if (dataReader.Read()) {
HttpContext.Current.Session["CurrentFacUser"] = new FactroyInfo().ReaderBind(dataReader);
}
else {
res = "密码输入错误!";
}
}
}
else {
const string sqlUser = "******";
paramsStr.Append(",@Adn_Password nvarchar(50)");
Database dbUser = DatabaseFactory.CreateDatabase();
var commandUser = SQLServerUtiles.Get_SP_ExecuteSQL(dbUser, sqlUser, paramsStr.ToString());
dbUser.AddInParameter(commandUser, "Adn_UserName", DbType.AnsiString, userName);
dbUser.AddInParameter(commandUser, "Adn_Password", DbType.AnsiString, userPassword);
var dataReader = dbUser.ExecuteReader(commandUser);
if (dataReader.Read()) {
var orgUsersDal = new OrgUsers();
var empDal = new OrgEmployees();
var user = orgUsersDal.ReaderBind(dataReader);
user.LastLoginTime = DateTime.Now;
orgUsersDal.Update(user);
var emp = empDal.GetModel(Convert.ToInt32(user.EmplId));
HttpContext.Current.Session["CurrentUser"] = user;
HttpContext.Current.Session["CurrentEmp"] = emp;
EnterpriseList _enterpriseList = new EnterpriseList();
var ent = _enterpriseList.GetModel(" EnterpriseID='" + emp.OrgId + "' ",
new List<SqlParameter>());
if (null != ent) {
HttpContext.Current.Session["CurrentEnt"] = ent;
}
}
else {
res = "用户名或密码输入错误!";
}
}
return res;
}
catch (Exception) {
return "登录失败";
}
}
