using System; using System.Collections; using System.Collections.Generic; using System.Data; using System.Data.OleDb; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; using System.Configuration; using System.Drawing.Imaging; public partial class admin_user_reg : MyWeb.config { public GoogleAuth gauth; protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { MyWeb.security security = new MyWeb.security(); psdRule.ValidationExpression = security.PasswordValidator(); psdRule.ErrorMessage = security.PasswordNotice(); if (isStrNull(psdRule.ValidationExpression)) psdRule.Visible = false; psdRule2.ValidationExpression = security.PasswordValidator(); psdRule2.ErrorMessage = security.PasswordNotice(); if (isStrNull(psdRule2.ValidationExpression)) psdRule2.Visible = false; if (!isStrNull(Request["num"])) { MyWeb.sql sql = new MyWeb.sql(); OleDbConnection sqlConn = sql.conn(db, p_name); try { sqlConn.Open(); OleDbCommand sqlCmd = new OleDbCommand("", sqlConn); sqlCmd.CommandText = "SELECT * FROM admin Where num=?"; sqlCmd.Parameters.Add(new OleDbParameter("num", Request["num"])); DataTable dt = sql.dataTable(sqlCmd); if (dt.Rows.Count > 0) { UserName.Text = dt.Rows[0]["u_id"].ToString(); UserName.ReadOnly = true; //UserName.BorderStyle = BorderStyle.None; //UserName.BackColor = System.Drawing.Color.Transparent; PlaceHolder3.Visible = false; PlaceHolder2.Visible = true; user_name.Text = dt.Rows[0]["u_name"].ToString(); sex.SelectedValue = dt.Rows[0]["sex"].ToString(); if (dt.Rows[0]["birthday"] != DBNull.Value) { birthday.Text = ValDate(dt.Rows[0]["birthday"]).ToString("yyyy-MM-dd"); } phone1.Text = dt.Rows[0]["phone1"].ToString(); phone2.Text = dt.Rows[0]["phone2"].ToString(); email.Text = dt.Rows[0]["email"].ToString(); demo.Text = dt.Rows[0]["demo"].ToString(); edit.Visible = true; goback.Visible = true; add.Visible = false; online.Checked = ((bool)dt.Rows[0]["online"] ? true : false); chkGauthEnabled.Checked = false; if(dt.Rows[0]["gauth_enabled"]!=DBNull.Value) { chkGauthEnabled.Checked=(bool)dt.Rows[0]["gauth_enabled"]; } add_group(dt.Rows[0]["power"].ToString()); } } catch (Exception ex) { Response.Write(ex.Message); } finally { sqlConn.Close(); sqlConn.Dispose(); } } else { online.Checked = true; edit.Visible = false; add_group(""); } } } protected void goback_Click(object sender, EventArgs e) { Response.Redirect("index.aspx?page=" + Convert.ToString(Request["page"])); } #region 抓權限群組 public void add_group(string power) { group.Items.Add( new ListItem("請選擇", "")); MyWeb.sql sql = new MyWeb.sql(); OleDbConnection sqlConn = sql.conn(db, p_name); try { sqlConn.Open(); OleDbCommand sqlCmd = new OleDbCommand("", sqlConn); sqlCmd.CommandText = "SELECT g_name,demo FROM admin_group"; DataTable dt = sql.dataTable(sqlCmd); if (dt.Rows.Count > 0) { int j = 0; for (int i = 0; i < dt.Rows.Count; i++) { if (dt.Rows[i]["g_name"].ToString() != "EZ") { ListItem list; list = new ListItem(dt.Rows[i]["g_name"].ToString() + "." + dt.Rows[i]["demo"].ToString(), dt.Rows[i]["g_name"].ToString()); if (power == dt.Rows[i]["g_name"].ToString()) { list.Selected = true; } if (dt.Rows[i]["g_name"].ToString() == "A") { if (admin.info.group == "EZ") { group.Items.Add(list); } } else { group.Items.Add(list); } } else { j++; } } } } catch (Exception ex) { Response.Write(ex.Message); } finally { sqlConn.Close(); sqlConn.Dispose(); } } #endregion #region 資料修改 protected void edit_Click(object sender, EventArgs e) { MyWeb.sql sql = new MyWeb.sql(); OleDbConnection sqlConn = sql.conn(db, p_name); try { sqlConn.Open(); OleDbCommand sqlCmd = new OleDbCommand("", sqlConn); sqlCmd.CommandText = "UPDATE admin SET u_name=?, sex=?, birthday=?, phone1=?, phone2=?, "+ " email=?, demo=?, power=?, online=?, gauth_enabled=? WHERE num=?"; sqlCmd.Parameters.Add(new OleDbParameter("u_name", user_name.Text)); sqlCmd.Parameters.Add(new OleDbParameter("sex", sex.SelectedValue)); sqlCmd.Parameters.Add(new OleDbParameter("birthday", selectDate(birthday))); sqlCmd.Parameters.Add(new OleDbParameter("phone1", phone1.Text)); sqlCmd.Parameters.Add(new OleDbParameter("phone2", phone2.Text)); sqlCmd.Parameters.Add(new OleDbParameter("email", email.Text)); sqlCmd.Parameters.Add(new OleDbParameter("demo", demo.Text)); sqlCmd.Parameters.Add(new OleDbParameter("power", group.SelectedValue)); sqlCmd.Parameters.Add(new OleDbParameter("online", (online.Checked ? 1 : 0))); sqlCmd.Parameters.Add(new OleDbParameter("gauth_enabled", (chkGauthEnabled.Checked ? 1 : 0))); sqlCmd.Parameters.Add(new OleDbParameter("num", Request["num"])); sqlCmd.ExecuteNonQuery(); sqlConn.Close(); sqlConn.Dispose(); Model.admin_log admin_log = new Model.admin_log(); admin_log.writeLog(admin.info.u_id, (int)Model.admin_log.Systems.Power, (int)Model.admin_log.Status.Update,"使用者:"+ UserName.Text); Response.Redirect("index.aspx?page=" + Convert.ToString(Request["page"])); } catch (Exception ex) { Response.Write(ex.Message); } finally { sqlConn.Close(); sqlConn.Dispose(); } } #endregion #region 資料新增 protected void add_Click(object sender, EventArgs e) { L_msg.Text = ""; MyWeb.sql sql = new MyWeb.sql(); OleDbConnection sqlConn = sql.conn(db, p_name); try { sqlConn.Open(); OleDbCommand sqlCmd = new OleDbCommand("", sqlConn); sqlCmd.CommandText = "SELECT * FROM admin Where u_id=?"; sqlCmd.Parameters.Add(new OleDbParameter("u_id", UserName.Text)); DataTable dt = sql.dataTable(sqlCmd); if (dt.Rows.Count > 0) { L_msg.Type = alert_type.warning; L_msg.Text = "您所輸入的帳號重覆"; } else { MyWeb.encrypt encrypt = new MyWeb.encrypt(); string cu = "u_id,u_password,u_name,sex,birthday,phone1,phone2,email,power,demo,kind,online"; sqlCmd = new OleDbCommand("", sqlConn); sqlCmd.CommandText = "INSERT INTO admin (" + cu + ")"; sqlCmd.CommandText += " VALUES (" + sql.mark(cu) + ")"; sqlCmd.Parameters.Add(new OleDbParameter("u_id", UserName.Text)); sqlCmd.Parameters.Add(new OleDbParameter("u_password", encrypt.EncryptAutoKey(Password.Text))); sqlCmd.Parameters.Add(new OleDbParameter("u_name", user_name.Text)); sqlCmd.Parameters.Add(new OleDbParameter("sex", sex.SelectedValue)); sqlCmd.Parameters.Add(new OleDbParameter("birthday", selectDate(birthday))); sqlCmd.Parameters.Add(new OleDbParameter("phone1", phone1.Text)); sqlCmd.Parameters.Add(new OleDbParameter("phone2", phone2.Text)); sqlCmd.Parameters.Add(new OleDbParameter("email", email.Text)); sqlCmd.Parameters.Add(new OleDbParameter("power", group.SelectedValue)); sqlCmd.Parameters.Add(new OleDbParameter("demo", demo.Text)); sqlCmd.Parameters.Add(new OleDbParameter("kind", "管理者")); sqlCmd.Parameters.Add(new OleDbParameter("online", (online.Checked ? 1 : 0))); sqlCmd.ExecuteNonQuery(); sqlConn.Close(); sqlConn.Dispose(); Model.admin_log admin_log = new Model.admin_log(); admin_log.writeLog(admin.info.u_id, (int)Model.admin_log.Systems.Power, (int)Model.admin_log.Status.Insert, "使用者:" + UserName.Text); Response.Redirect("index.aspx"); } } catch (Exception ex) { L_msg.Text = ex.Message; L_msg.Type = alert_type.danger; } finally { sqlConn.Close(); sqlConn.Dispose(); } } #endregion #region 變更密碼 protected void chpws_bt_Click(object sender, EventArgs e) { L_msg.Text = ""; MyWeb.encrypt encrypt = new MyWeb.encrypt(); MyWeb.sql sql = new MyWeb.sql(); OleDbConnection sqlConn = sql.conn(db, p_name); try { sqlConn.Open(); OleDbCommand sqlCmd = new OleDbCommand("", sqlConn); sqlCmd.CommandText = "UPDATE admin SET u_password=? where num=?"; sqlCmd.Parameters.Add(new OleDbParameter("u_password", encrypt.EncryptAutoKey(u_password.Text))); sqlCmd.Parameters.Add(new OleDbParameter("num", Request["num"])); sqlCmd.ExecuteNonQuery(); Model.admin_log admin_log = new Model.admin_log(); admin_log.writeLog(admin.info.u_id, (int)Model.admin_log.Systems.Power, (int)Model.admin_log.Status.Update, "變更密碼:" + UserName.Text); L_msg.Type = alert_type.success; L_msg.Text = "密碼變更成功"; } catch (Exception ex) { L_msg.Type = alert_type.danger; L_msg.Text = "密碼變更失敗"; } finally { sqlConn.Close(); sqlConn.Dispose(); } } #endregion protected void btn_bindgen_Click(object sender, EventArgs e) { gauth = new GoogleAuth(); //gauth.User = "user"; //gauth.Password = "pass"; if (!isStrNull(Request["num"])) { MyWeb.sql sql = new MyWeb.sql(); OleDbConnection sqlConn = sql.conn(db, p_name); sqlConn.Open(); OleDbCommand sqlCmd = new OleDbCommand("", sqlConn); sqlCmd.CommandText = "SELECT * FROM admin Where num=?"; sqlCmd.Parameters.Add(new OleDbParameter("num", Request["num"])); DataTable dt = sql.dataTable(sqlCmd); if (dt.Rows.Count > 0) { var r = dt.Rows[0]; gauth.SecretKey = "SecKey"; gauth.User = r["u_id"].ToString(); gauth.Password = r["u_password"].ToString(); gauth.SecretKey = randKey(20); System.Drawing.Image img = gauth.CreateSecretKeyAndQrCode(); string base64 = gauth.ImageToBase64(img); qrcode.ImageUrl = base64; txtUser.Text = gauth.User; txtPassword.Text = gauth.Password; txtWebKey.Text = gauth.WebKey; txtSecretKey.Text = gauth.SecretKey; txtSetupCode.Text = gauth.setupCode.ManualEntryKey; //update: gauth_key , gauth_enabled OleDbCommand updCmd = new OleDbCommand("", sqlConn); updCmd.CommandText = "update admin set gauth_key=? , gauth_enabled=1 Where num=?"; updCmd.Parameters.Add(new OleDbParameter("gauth_key", gauth.SecretKey)); updCmd.Parameters.Add(new OleDbParameter("num", Request["num"])); int updr = updCmd.ExecuteNonQuery(); chkGauthEnabled.Checked = true; } } } protected void btnValid_Click(object sender, EventArgs e) { // Get User Info MyWeb.sql sql = new MyWeb.sql(); OleDbConnection sqlConn = sql.conn(db, p_name); try { sqlConn.Open(); OleDbCommand sqlCmd = new OleDbCommand("", sqlConn); sqlCmd.CommandText = "SELECT * FROM admin Where num=?"; sqlCmd.Parameters.Add(new OleDbParameter("num", Request["num"])); DataTable dt = sql.dataTable(sqlCmd); if (dt.Rows.Count > 0) { var userr=dt.Rows[0]; // GAuth gauth = new GoogleAuth(); gauth.User = userr["u_id"].ToString(); gauth.Password = userr["u_password"].ToString(); gauth.SecretKey = userr["gauth_key"].ToString(); //gauth.setupCode.ManualEntryKey = txtSetupCode.Text; string ValidateCode = txtValid.Text; bool r = gauth.ValidateGoogleAuthCode(ValidateCode); valid_result.Text = r ? "(Y)通過驗證" : "(X)未通過驗證"; } } catch (Exception ex) { } } }