public static string ChangePass(newPass pass) { List <newPass> newPass = new List <newPass>(); byte up = 0; string config = Convert.ToString(ConfigurationManager.ConnectionStrings["dbcon"]); SqlConnection con = new SqlConnection(config); con.Open(); String str = "select pass_word from adminusers where Emp_ID = @Emp_id"; using (SqlCommand cmd = new SqlCommand(str, con)) { cmd.Parameters.Add("@Emp_ID", SqlDbType.Int).Value = pass.Emp_ID; SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) { if (pass.oldPass == reader["pass_word"].ToString()) { up = 1; } } reader.Close(); con.Close(); if (up == 1) { con.Open(); str = "update adminusers set pass_word=@pass_word where Emp_ID = @Emp_id"; using (SqlCommand cmd1 = new SqlCommand(str, con)) { cmd1.Parameters.Add("@Emp_ID", SqlDbType.Int).Value = pass.Emp_ID; cmd1.Parameters.Add("@pass_word", SqlDbType.VarChar).Value = pass.pass_word; cmd1.ExecuteNonQuery(); } con.Close(); return(JsonConvert.SerializeObject(newPass)); } else { return("error"); } } }
public ActionResult SettPersDannie(newPass mod) { if (User.Identity.IsAuthenticated) { if (ModelState.IsValid) { //Хеширование старого пароля string psh = Shifrovanie.Hash(mod.password.ToString()); //Хеширование нового пароля string pshnew = Shifrovanie.Hash(mod.password1.ToString()); SqlCommand command = new SqlCommand("", Program.SqlConnection); //сравнение паролей command.CommandText = "SELECT count(*) FROM dbo.Accounts where [dbo].[Accounts].[Login] = '" + User.Identity.Name + "' and [dbo].[Accounts].[Password_Shifr] = '" + psh + "'"; Program.SqlConnection.Open(); int co = Convert.ToInt32(command.ExecuteScalar()); Program.SqlConnection.Close(); if (co > 0) { if (mod.password1 == mod.password2 && mod.password1 != "" && mod.password2 != "") { //Смена пароля ViewBag.New = ""; ViewBag.NewPass = ""; ViewBag.OldPass = ""; command.CommandText = "update Accounts " + "set " + "Password = '******', " + "Password_Shifr = '" + pshnew + "' " + "where Login = '******'"; Program.SqlConnection.Open(); command.ExecuteScalar(); Program.SqlConnection.Close(); ViewBag.SucMes = "Пароль изменен!"; ViewBag.Suc = true; return(View(mod)); } else { //Если новые пароли не совпадают ModelState.AddModelError("password1", "Новые пароли не совпадают"); ModelState.AddModelError("password2", "Новые пароли не совпадают"); return(View(mod)); } } else { //Если пароль старый указан неверно ModelState.AddModelError("password", "Старый пароль указан неверно"); return(View(mod)); } } else { //Если поля пустые ModelState.AddModelError("password", "Поля не заполнены"); ModelState.AddModelError("password1", "Поля не заполнены"); ModelState.AddModelError("password2", "Поля не заполнены"); return(View(mod)); } } else { return(Redirect("/Error/NotAuth")); } }