public Respone Login(LoginRequest request) { var res = DBServer.Instance.GetPassword(request.Account); if (res.IsSuccess) { var oldPass = res.Data.Rows[0]["password"].ToString(); var salt = Convert.FromBase64String(res.Data.Rows[0]["salt"].ToString()); var saltpass = Encoding.UTF8.GetBytes(request.Password).Concat(salt).ToArray(); MD5Cng md5 = new MD5Cng(); var crpPass = Convert.ToBase64String(md5.ComputeHash(saltpass)); if (oldPass == crpPass) { Context.Login(request.Account); return(StandResult(StandRespone.SuccessResult("登录成功"))); } else { return(StandResult(StandRespone.FailResult("登录失败,密码错误"))); } } else { return(StandResult(res)); } }
/// <summary> /// 查询密码 /// </summary> /// <param name="userAccount"></param> /// <param name="password"></param> public StandRespone GetPassword(string userAccount) { if (!userAccount.IsDBSafe()) { return(StandRespone.UnSafeResult()); } var executer = DBExecuterFactory.CreateDBExecuter(); try { var cmd = $"select a.salt,a.password from user_password a " + $"inner join userinfo b on a.user_id=b.user_id " + $"where b.account='{userAccount}'"; var data = executer.ExecuteToTable(cmd); if (data.Rows.Count > 0) { return new StandRespone(true, "查询成功") { Data = data } } ; else { return(new StandRespone(false, "该账号不存在")); } } catch (Exception e) { executer.Close(); return(StandRespone.FailResult("发生异常:" + e.Message)); } finally { executer.Close(); } }
/// <summary> /// 用户注册 /// </summary> /// <param name="userAccount">用户账号</param> /// <param name="password">密码</param> /// <param name="salt">盐</param> /// <example> /// <code lang="C#"> /// //加密密码 /// byte[] salt = new byte[20]; /// new Random().NextBytes(salt); /// MD5Cng md5 = new MD5Cng(); /// var saltpass = Encoding.UTF8.GetBytes(password).Concat(salt).ToArray(); /// var crpPass = md5.ComputeHash(saltpass); /// </code> /// </example> public StandRespone Regeister(string userAccount, string password, string salt) { if (!userAccount.IsDBSafe() || !password.IsDBSafe()) { return(StandRespone.UnSafeResult()); } var executer = DBExecuterFactory.CreateDBExecuter(); try { var queryExitUser = $"select* from userinfo where account = '{userAccount}'"; if (executer.ExecuteNonQuery(queryExitUser) > 0) { return(new StandRespone(false, "用户已存在!")); } var trans = executer.Connection.BeginTransaction(); var insertUser = $"insert into userinfo (account,create_date,status) " + $"values('{userAccount}',now(),'{UserStatus.Normal}');" + $"insert into user_password(user_id,password,salt) " + $"values(@@identity,'{password}','{salt}')"; executer.ExecuteNonQuery(insertUser); trans.Commit(); return(StandRespone.SuccessResult("注册成功")); } catch (Exception e) { executer.Close(); return(StandRespone.FailResult("发生异常:" + e.Message)); } finally { executer.Close(); } }
public override object GetUnauthorizedResult(ExecuteContext executeContext) { return(new StandResponeResult(StandRespone.FailResult("请求未授权")).GetRespone()); }
public StandResponeResult(StandRespone respone) => standRespone = respone;