public static string ChangePassword(string username, string password)
{
// EnCryptPassword
string salt = System.Configuration.ConfigurationManager.AppSettings["salt"];
string strEnCrypt = SHA256.EcryptPassword(password, salt);
SqlCommand sqlCmd = new SqlCommand();
sqlCmd.CommandText = "update dbo.Users set Password = '******' where username =LOWER('" + username + "')";
string res = ClassMain.strExecuteComand(sqlCmd);
return(res);
}
protected void btnSignin_Click(object sender, EventArgs e)
{
// EnCryptPassword
string salt = System.Configuration.ConfigurationManager.AppSettings["salt"];
string strEnCrypt = SHA256.EcryptPassword(inputPassword.Text, salt);
SqlCommand sql = new SqlCommand();
sql.CommandText = "select ID from dbo.Users where Username =LOWER('" + inputUsername.Text + "') and Password = '******'";
DataTable dt = new DataTable();
int userId = 0;
try
{
userId = ClassMain.intExecuteComand(sql);
dt = ClassMain.ExecuteComandTable(sql);
switch (userId)
{
case 0:
//Login1.FailureText = "Username and/or password is incorrect.";
lblResult.Visible = true;
lblResult.Text = "Username and/or password is incorrect.";
break;
case -1:
//Login1.FailureText = "Username and/or password is incorrect.";
lblResult.Visible = true;
lblResult.Text = "Username and/or password is incorrect.";
break;
case -2:
//Login1.FailureText = "Account has not been activated.";
lblResult.Visible = true;
lblResult.Text = "Account has not been activated.";
break;
default:
FormsAuthentication.RedirectFromLoginPage(inputUsername.Text, true);
Session["userlogin"] = inputUsername.Text;
Response.Redirect("~/Default.aspx");
break;
}
}
catch (Exception)
{
throw;
}
}
public static ResultEN CreateUser(string username, string password, int role_id, int branch_id)
{
ResultEN res = new ResultEN();
username = username.Trim().ToLower();
SqlCommand sqlCmd = new SqlCommand();
sqlCmd.CommandText = "select username from Users where username ='******'";
// check duplicate username
int count = ClassMain.intExecuteComand(sqlCmd);
if (count > 0)
{
res.result = false;
res.returnValue = "Duplicate Username";
return(res);
}
string strEnCrypt = SHA256.EcryptPassword(password, salt);
StringBuilder Sql = new StringBuilder();
Sql.AppendLine("INSERT INTO [dbo].[Users]");
Sql.AppendLine(" ([Username]");
Sql.AppendLine(" ,[Password]");
Sql.AppendLine(" ,[Role_id]");
Sql.AppendLine(" ,[CreatedDate]");
Sql.AppendLine(" ,[CreatedBy]");
Sql.AppendLine(")");
Sql.AppendLine(" VALUES");
Sql.AppendLine(" ('" + username + "'");
Sql.AppendLine(" ,'" + strEnCrypt + "'");
Sql.AppendLine(" ," + role_id);
Sql.AppendLine(" ,getdate()");
Sql.AppendLine(" ,'" + HttpContext.Current.User.Identity.Name + "')");
sqlCmd = new SqlCommand();
sqlCmd.CommandText = Sql.ToString();
res.result = ClassMain.ExecuteComand(sqlCmd);
if (res.result)
{
res.returnValue = "Create Username Success.";
}
return(res);
}
protected void btnReset_Click(object sender, EventArgs e)
{
// EnCryptPassword
string salt = System.Configuration.ConfigurationManager.AppSettings["salt"];
string strEnCrypt = SHA256.EcryptPassword(inputPassword.Text, salt);
SqlCommand sqlCmd = new SqlCommand();
sqlCmd.CommandText = "update dbo.Users set Password = '******' where Username ='******'";
string res = ClassMain.strExecuteComand(sqlCmd);
if (res != "")
{
lblResult.Text = res;
}
else
{
lblResult.Text = "Update success.";
lblResult.Visible = true;
}
}
public static ResultEN ChangeUsername(int id, string username_old, string username_new, string password)
{
ResultEN res = new ResultEN();
SqlCommand sqlCmd = new SqlCommand();
username_old = username_old.Trim().ToLower();
username_new = username_new.Trim().ToLower();
sqlCmd.CommandText = "select username from Users where username ='******' and username <> '" + username_old + "'";
// check duplicate username not self
int count = ClassMain.intExecuteComand(sqlCmd);
if (count > 0)
{
res.result = false;
res.returnValue = "Duplicate Username";
return(res);
}
string strEnCrypt = SHA256.EcryptPassword(password, salt);
sqlCmd = new SqlCommand();
StringBuilder Sql = new StringBuilder();
Sql.AppendLine("UPDATE [dbo].[Users]");
Sql.AppendLine(" SET [Username] = '" + username_new + "'");
Sql.AppendLine(" ,[Password] = '" + strEnCrypt + "'");
Sql.AppendLine(" ,[UpdDate] = getdate()");
Sql.AppendLine(" ,[UpdTime] = getdate()");
Sql.AppendLine(" ,[UpdBy] = '" + HttpContext.Current.User.Identity.Name + "'");
Sql.AppendLine(" WHERE id = " + id);
sqlCmd.CommandText = sqlCmd.ToString();
res.result = ClassMain.ExecuteComand(sqlCmd);
return(res);
}
protected void btnSignin_Click(object sender, EventArgs e)
{
// EnCryptPassword
string salt = System.Configuration.ConfigurationManager.AppSettings["salt"];
string strEnCrypt = SHA256.EcryptPassword(inputPassword.Text, salt);
SqlCommand sql = new SqlCommand();
sql.CommandText = "select ID from dbo.Users where Username =LOWER('" + inputUsername.Text + "') and Password = '******'";
DataTable dt = new DataTable();
int userId = 0;
try
{
userId = ClassMain.intExecuteComand(sql);
dt = ClassMain.ExecuteComandTable(sql);
switch (userId)
{
case 0:
//Login1.FailureText = "Username and/or password is incorrect.";
lblResult.Visible = true;
lblResult.Text = "Username and/or password is incorrect.";
break;
case -1:
//Login1.FailureText = "Username and/or password is incorrect.";
lblResult.Visible = true;
lblResult.Text = "Username and/or password is incorrect.";
break;
case -2:
//Login1.FailureText = "Account has not been activated.";
lblResult.Visible = true;
lblResult.Text = "Account has not been activated.";
break;
default:
FormsAuthentication.RedirectFromLoginPage(inputUsername.Text, true);
Session["userlogin"] = inputUsername.Text;
bool isAuthenticated = true;
if (isAuthenticated == true)
{
// generate authentication ticket
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, // version
inputUsername.Text, // username
DateTime.Now, // creation
DateTime.Now.AddMinutes(60), // Expiration
false, // Persistent
"" //No additional data supplied
);
// Encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket to the cookie
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
Response.Cookies.Add(authCookie);
// Redirect the user to the originally requested page
Response.Redirect(FormsAuthentication.GetRedirectUrl(inputUsername.Text, false));
}
break;
}
}
catch (Exception)
{
throw;
}
//// TEST
//Session["test"] = "1";
//Response.Redirect("~/Default.aspx");
}