public ActionResult ShowUser(FormCollection form, UserProfileModel model) { // 更新用户密码。 // 验证操作权限。 if (!UserSession.IsAuthorized(Session) || string.Compare(UserSession.GetUsername(Session), Request.QueryString["username"], false) != 0) { return(Redirect("~/Error/AccessDenied")); } // 验证用户输入。 if (string.IsNullOrEmpty(form["old"])) { ViewBag.PasswordErrorMessage = "Old password is required."; return(View(model)); } if (string.IsNullOrEmpty(form["new"])) { ViewBag.PasswordErrorMessage = "New password is required."; return(View(model)); } if (form["new"].Length < 6) { ViewBag.PasswordErrorMessage = "New password is too short."; return(View(model)); } if (string.Compare(form["new"], form["confirm"], false) != 0) { ViewBag.PasswordErrorMessage = "Confirmed password is not the same as the new password."; return(View(model)); } // 验证旧密码。 if (!UserAuthorization.CheckAuthorization(Request.QueryString["username"], form["old"])) { ViewBag.PasswordErrorMessage = "Old password is incorrect."; return(View(model)); } // 更新用户密码。 UserAuthorization.UpdatePassword(Request.QueryString["username"], form["new"]); return(View(model)); }