private bool chkPwdDate(string id)
{
using (SqlConnection sCon = BioBank_Conn.Class_biobank_conn.DB_SEC_conn())
{
string sSQL = "";
string tmpDate = "";
string tmpY = "";
string tmpM = "";
string tmpD = "";
DateTime cDate = new DateTime();
sCon.Open();
sSQL = "select chUserID, chLastModPwdDT from BioCommonLoginTbl where chUserID = '" + id + "' Union select chUserID, chLastModPwdDT from BioAdministratorKeyTbl where chUserID = '" + id + "'";
SqlCommand sCmd = new SqlCommand(sSQL, sCon);
SqlDataReader sRead = sCmd.ExecuteReader();
if (sRead.HasRows)
{
while (sRead.Read())
{
tmpY = (Convert.ToInt32(ClsShareFunc.gfunCheck(sRead["chLastModPwdDT"]).Substring(0, 3)) + 1911).ToString();
tmpM = ClsShareFunc.gfunCheck(sRead["chLastModPwdDT"]).Substring(3, 2);
tmpD = ClsShareFunc.gfunCheck(sRead["chLastModPwdDT"]).Substring(5, 2);
tmpDate = tmpY + "/" + tmpM + "/" + tmpD;
cDate = Convert.ToDateTime(tmpDate);
if (cDate.AddMonths(6) >= DateTime.Now)
{
ClsShareFunc.insEvenLogt("1-13", id, "", "", "密碼已更改--");
return(true);
}
else
{
return(false);
}
}
return(false);
}
else
{
return(false);
}
}
}
//登入前認證
private void checkLoginBefore()
{
string sID;
string sName;
string sPWD;
string sSQL;
string sCorrectPwd;
string sType = "";
sID = ""; sPWD = ""; sSQL = ""; sName = ""; sCorrectPwd = "";
//insert Event Log: 1.Try Login
ClsShareFunc.insEvenLogt("1", sName, "", "", "Try Login--" + txtID.Text);
try
{
sID = txtID.Text;
sPWD = txtPWD.Text;
/*1.check Administrator 中是否有帳號*/
//using (SqlConnection sCon = new SqlConnection(ClsShareFunc.DB_SECConnection()))
using (SqlConnection sCon = BioBank_Conn.Class_biobank_conn.DB_SEC_conn())
{
sCon.Open();
sSQL = " select * from BioAdministratorKeyTbl (nolock) where chUserID = '" + sID + "' ";
SqlCommand sCmd = new SqlCommand(sSQL, sCon);
SqlDataReader sRead = sCmd.ExecuteReader();
if (sRead.HasRows == true)
{
while (sRead.Read())
{
sCorrectPwd = ClsShareFunc.gfunCheck(sRead["chAdministratorKey"]);
sName = ClsShareFunc.gfunCheck(sRead["chUserName"]);
sType = ClsShareFunc.gfunCheck(sRead["chBioEmpFlag"]);
}
sRead.Close();
if (sCorrectPwd == GetMD5(sPWD))
{
if (chkPwdDate(sID))
{
//insert Event Log: 1-11. --Login successful (administrator)--
ClsShareFunc.insEvenLogt("1-11", sName, "", "", "Login successful (administrator)--" + txtID.Text);
LoginSuccess("Administrator (" + sType + ")", sID, sName);
MessageBox.Show("歡迎" +
"\n使用者 : " + sName +
"\n部門 : " + (ClsShareFunc.sLoginDepartment == "M" ? "資訊室" : (ClsShareFunc.sLoginDepartment == "M" ? "生物資料庫" : "???")) +
"\n身分 : " + (ClsShareFunc.sLoginIdentity == "Administrator" ? "主管" : (ClsShareFunc.sLoginIdentity == "Common" ? "一般職員" : "???")));
}
else
{
MessageBox.Show("密碼已到期(半年),請更新您的密碼!");
lnklblModPwd_LinkClicked(this.lnklblModPwd, null);
return;
}
}
else
{
//insert Event Log: 1-2. --Login fail--
ClsShareFunc.insEvenLogt("1-2", sName, "", "", "Login fail--" + txtID.Text);
MessageBox.Show("密碼錯誤!");
return;
}
}
else /*2.Administrator中沒有就去Common中查*/
{
string sSQL2 = "";
string sEnable = "";
//using (SqlConnection sCon2 = new SqlConnection(ClsShareFunc.DB_SECConnection()))
using (SqlConnection sCon2 = BioBank_Conn.Class_biobank_conn.DB_SEC_conn())
{
sCon2.Open();
sSQL2 = " select * from BioCommonLoginTbl (nolock) where chUserID = '" + sID + "' ";
SqlCommand sCmd2 = new SqlCommand(sSQL2, sCon2);
SqlDataReader sRead2 = sCmd2.ExecuteReader();
if (sRead2.HasRows == true)
{
while (sRead2.Read())
{
sCorrectPwd = ClsShareFunc.gfunCheck(sRead2["chPassword"]);
sName = ClsShareFunc.gfunCheck(sRead2["chUserName"]);
sEnable = ClsShareFunc.gfunCheck(sRead2["chEnableFlag"]);
sType = ClsShareFunc.gfunCheck(sRead2["chBioEmpFlag"]);
}
sRead2.Close();
/*enable = 'Y' -> 可使用 enable = 'N' -> 不可使用*/
if (sEnable == "Y")
{
if (sCorrectPwd == GetMD5(sPWD))
{
if (chkPwdDate(sID))
{
//insert Event Log: 1-12.--Login successful (common)--
ClsShareFunc.insEvenLogt("1-12", sName, "", "", "Login successful (common)--" + txtID.Text);
LoginSuccess("Common (" + sType + ")", sID, sName);
}
else
{
MessageBox.Show("密碼已到期(半年),請更新您的密碼!");
lnklblModPwd_LinkClicked(this.lnklblModPwd, null);
return;
}
}
else
{
//insert Event Log: 1-2. --Login fail--
ClsShareFunc.insEvenLogt("1-2", sName, "", "", "Login fail--" + txtID.Text);
MessageBox.Show("密碼錯誤!");
return;
}
}
else
{
{
//insert Event Log: 1-2. --Login fail--
ClsShareFunc.insEvenLogt("1-2", sName, "", "", "Login fail--" + txtID.Text);
MessageBox.Show("此帳號尚未Enable, 請洽生物醫學主管!");
return;//exit function
}
}
}
else/*Administrator和Common中皆無此帳號*/
{
{
//insert Event Log: 1-2. --Login fail--
ClsShareFunc.insEvenLogt("1-2", sName, "", "", "Login fail--" + txtID.Text);
MessageBox.Show("查無此帳號!");
return;
}
}
}
}
}
}
catch (Exception ex)
{
MessageBox.Show("登入(buttonLogIn_Click) : " + ex.Message.ToString());
return;
}
}
private void buttonLogIn_Click(object sender, EventArgs e)
{
string sID;
string sName;
string sPWD;
string sSQL;
string sCorrectPwd;
string sType = "";
sID = ""; sPWD = ""; sSQL = ""; sName = ""; sCorrectPwd = "";
try
{
sID = txtID.Text;
sPWD = txtPWD.Text;
/*1.check Administrator 中是否有帳號*/
//using (SqlConnection sCon = new SqlConnection(ClsShareFunc.DB_SECConnection()))
using (SqlConnection sCon = BioBank_Conn.Class_biobank_conn.DB_SEC_conn())
{
sCon.Open();
sSQL = " select * from BioAdministratorKeyTbl (nolock) where chUserID = '" + sID + "' ";
SqlCommand sCmd = new SqlCommand(sSQL, sCon);
SqlDataReader sRead = sCmd.ExecuteReader();
if (sRead.HasRows == true)
{
while (sRead.Read())
{
sCorrectPwd = ClsShareFunc.gfunCheck(sRead["chAdministratorKey"]);
sName = ClsShareFunc.gfunCheck(sRead["chUserName"]);
sType = ClsShareFunc.gfunCheck(sRead["chBioEmpFlag"]);
}
sRead.Close();
if (sCorrectPwd == GetMD5(sPWD))
{
LoginSuccess("Administrator (" + sType + ")", sID, sName);
}
}
else /*2.Administrator中沒有就去Common中查*/
{
string sSQL2 = "";
string sEnable = "";
//using (SqlConnection sCon2 = new SqlConnection(ClsShareFunc.DB_SECConnection()))
using (SqlConnection sCon2 = BioBank_Conn.Class_biobank_conn.DB_SEC_conn())
{
sCon2.Open();
sSQL2 = " select * from BioCommonLoginTbl (nolock) where chUserID = '" + sID + "' ";
SqlCommand sCmd2 = new SqlCommand(sSQL2, sCon2);
SqlDataReader sRead2 = sCmd2.ExecuteReader();
if (sRead2.HasRows == true)
{
while (sRead2.Read())
{
sCorrectPwd = ClsShareFunc.gfunCheck(sRead2["chPassword"]);
sName = ClsShareFunc.gfunCheck(sRead2["chUserName"]);
sEnable = ClsShareFunc.gfunCheck(sRead2["chEnableFlag"]);
sType = ClsShareFunc.gfunCheck(sRead2["chBioEmpFlag"]);
}
sRead2.Close();
/*enable = 'Y' -> 可使用 enable = 'N' -> 不可使用*/
if (sEnable == "Y")
{
if (sCorrectPwd == GetMD5(sPWD))
{
LoginSuccess("Common (" + sType + ")", sID, sName);
}
}
else
{
MessageBox.Show("此帳號無使用權限!");
return;//exit function
}
}
else/*Administrator和Common中皆無此帳號*/
{
MessageBox.Show("查無此帳號!");
return;
}
}
}
}
}
catch (Exception ex)
{
MessageBox.Show("登入(buttonLogIn_Click) : " + ex.Message.ToString());
return;
}
}
/*驗證txtPwd*/
private void txtPWD_Validating(object sender, CancelEventArgs e)
{
lblAlarmPwd.Visible = false;
txtNewPwd.Enabled = true;
txtNewPwdVer.Enabled = true;
btnSavePwd.Enabled = true;
string sPwd = "";
string sId = "";
sId = txtID.Text;
sPwd = txtPWD.Text;
if (ClsShareFunc.CheckInDb(ClsShareFunc.DbAdmin(), sId, "modify") == false)
{
if (ClsShareFunc.CheckInDb(ClsShareFunc.DbCom(), sId, "modify") == true)
{
//Common有
string sSQL = "";
//using (SqlConnection sCon = new SqlConnection(ClsShareFunc.DB_SECConnection()))
using (SqlConnection sCon = BioBank_Conn.Class_biobank_conn.DB_SEC_conn())
{
sCon.Open();
sSQL = "select * from BioCommonLoginTbl (nolock) where chUserId = '" + sId + "' ";
SqlCommand sCmd2 = new SqlCommand(sSQL, sCon);
SqlDataReader sRead2 = sCmd2.ExecuteReader();
if (sRead2.HasRows == true)
{
while (sRead2.Read())
{
sPwd = ClsShareFunc.gfunCheck(sRead2["chPassword"]).ToString().Trim();
}
}
sRead2.Close();
sCon.Dispose();
}
if (sPwd != GetMD5(txtPWD.Text))
{
//密碼錯誤
lblAlarmPwd.Visible = true;
txtNewPwd.Enabled = false;
txtNewPwdVer.Enabled = false;
btnSavePwd.Enabled = false;
}
}
}
else
{
//Administrator有
string sSQL2 = "";
//using (SqlConnection sCon = new SqlConnection(ClsShareFunc.DB_SECConnection()))
using (SqlConnection sCon = BioBank_Conn.Class_biobank_conn.DB_SEC_conn())
{
sCon.Open();
sSQL2 = "select * from BioAdministratorKeyTbl (nolock) where chUserId = '" + sId + "' ";
SqlCommand sCmd = new SqlCommand(sSQL2, sCon);
SqlDataReader sRead = sCmd.ExecuteReader();
if (sRead.HasRows == true)
{
while (sRead.Read())
{
sPwd = ClsShareFunc.gfunCheck(sRead["chAdministratorKey"]).ToString().Trim();
}
}
sRead.Close();
}
if (sPwd != GetMD5(txtPWD.Text))
{
//密碼錯誤
lblAlarmPwd.Visible = true;
txtNewPwd.Enabled = false;
txtNewPwdVer.Enabled = false;
btnSavePwd.Enabled = false;
}
}
}
private void checkPwd()
{
string sSQL = "";
string sPwd = "";
string sID = "";
string sCorrectPwd = "";
PassVerPwd = false;
sPwd = txtPWD.Text;
sID = ClsShareFunc.sChkID;
if (sPwd == "")
{
MessageBox.Show("請輸入密碼!");
return;
}
//switch (ClsShareFunc.sLoginIdentity)
if (pEntrySource == "Function6" || pEntrySource == "Function7" || pEntrySource == "Function10")
{
if (ClsShareFunc.sLoginIdentity != "Administrator")
{
MessageBox.Show("非【生物、資訊主管-Administrator】權限,無法進入!", "Administrator Only!!!");
this.Close();
}
else
{
//using (SqlConnection sCon = new SqlConnection(ClsShareFunc.DB_SECConnection()))
using (SqlConnection sCon = BioBank_Conn.Class_biobank_conn.DB_SEC_conn())
{
sCon.Open();
sSQL = " select * from BioAdministratorKeyTbl (nolock) where chUserID = '" + sID + "' ";
SqlCommand sCmd = new SqlCommand(sSQL, sCon);
SqlDataReader sRead = sCmd.ExecuteReader();
if (sRead.HasRows == true)
{
while (sRead.Read())
{
sCorrectPwd = ClsShareFunc.gfunCheck(sRead["chAdministratorKey"]);
}
sRead.Close();
if (sCorrectPwd == ClsShareFunc.GetMD5(sPwd))
{
PassVerPwd = true;
this.Close();
}
else
{
PassVerPwd = false;
MessageBox.Show("密碼錯誤,請重新輸入!");
txtPWD.Text = "";
}
}
}
}
}
if (pEntrySource == "Function8")
{
if (ClsShareFunc.sLoginIdentity != "Common")
{
MessageBox.Show("需先以一般行政同仁權限進入【再輔以生物、資訊主管-Administrator 權限進入】!", "行政同仁 First!!!");
return;
}
else
{
if (txtID.Text.Trim() == "" || txtPWD.Text.Trim() == "")
{
MessageBox.Show("ID 及 PWD不可為空白!");
return;
}
//using (SqlConnection sCon = new SqlConnection(ClsShareFunc.DB_SECConnection()))
using (SqlConnection sCon = BioBank_Conn.Class_biobank_conn.DB_SEC_conn())
{
sCon.Open();
sSQL = " select * from BioAdministratorKeyTbl (nolock) where chUserID = '" + txtID.Text.Trim() + "' ";
SqlCommand sCmd = new SqlCommand(sSQL, sCon);
SqlDataReader sRead = sCmd.ExecuteReader();
if (sRead.HasRows == true)
{
while (sRead.Read())
{
sCorrectPwd = ClsShareFunc.gfunCheck(sRead["chAdministratorKey"]);
}
sRead.Close();
if (sCorrectPwd == ClsShareFunc.GetMD5(sPwd))
{
PassVerPwd = true;
BioBank.pFunction8_AdminID = txtID.Text.Trim();
this.Close();
}
else
{
PassVerPwd = false;
MessageBox.Show("密碼錯誤,請重新輸入!");
txtPWD.Text = "";
}
}
else
{
PassVerPwd = false;
MessageBox.Show("ID 或 密碼錯誤,請重新輸入!");
txtPWD.Text = "";
}
}
}
}
}