387 lines
14 KiB
C#
387 lines
14 KiB
C#
using System;
|
||
using System.Collections;
|
||
using System.Collections.Generic;
|
||
using System.Data;
|
||
using System.Data.OleDb;
|
||
using System.Web;
|
||
using System.Web.UI;
|
||
using System.Web.UI.WebControls;
|
||
using System.Configuration;
|
||
using System.Drawing.Imaging;
|
||
|
||
public partial class admin_user_reg : MyWeb.config
|
||
{
|
||
public GoogleAuth gauth;
|
||
protected void Page_Load(object sender, EventArgs e)
|
||
{
|
||
if (!IsPostBack) {
|
||
MyWeb.security security = new MyWeb.security();
|
||
psdRule.ValidationExpression = security.PasswordValidator();
|
||
psdRule.ErrorMessage = security.PasswordNotice();
|
||
if (isStrNull(psdRule.ValidationExpression))
|
||
psdRule.Visible = false;
|
||
|
||
psdRule2.ValidationExpression = security.PasswordValidator();
|
||
psdRule2.ErrorMessage = security.PasswordNotice();
|
||
if (isStrNull(psdRule2.ValidationExpression))
|
||
psdRule2.Visible = false;
|
||
|
||
if (!isStrNull(Request["num"]))
|
||
{
|
||
MyWeb.sql sql = new MyWeb.sql();
|
||
OleDbConnection sqlConn = sql.conn(db, p_name);
|
||
try
|
||
{
|
||
sqlConn.Open();
|
||
OleDbCommand sqlCmd = new OleDbCommand("", sqlConn);
|
||
sqlCmd.CommandText = "SELECT * FROM admin Where num=?";
|
||
sqlCmd.Parameters.Add(new OleDbParameter("num", Request["num"]));
|
||
DataTable dt = sql.dataTable(sqlCmd);
|
||
if (dt.Rows.Count > 0)
|
||
{
|
||
UserName.Text = dt.Rows[0]["u_id"].ToString();
|
||
UserName.ReadOnly = true;
|
||
//UserName.BorderStyle = BorderStyle.None;
|
||
//UserName.BackColor = System.Drawing.Color.Transparent;
|
||
PlaceHolder3.Visible = false;
|
||
PlaceHolder2.Visible = true;
|
||
user_name.Text = dt.Rows[0]["u_name"].ToString();
|
||
sex.SelectedValue = dt.Rows[0]["sex"].ToString();
|
||
if (dt.Rows[0]["birthday"] != DBNull.Value)
|
||
{
|
||
birthday.Text = ValDate(dt.Rows[0]["birthday"]).ToString("yyyy-MM-dd");
|
||
}
|
||
|
||
phone1.Text = dt.Rows[0]["phone1"].ToString();
|
||
phone2.Text = dt.Rows[0]["phone2"].ToString();
|
||
email.Text = dt.Rows[0]["email"].ToString();
|
||
demo.Text = dt.Rows[0]["demo"].ToString();
|
||
|
||
edit.Visible = true;
|
||
goback.Visible = true;
|
||
add.Visible = false;
|
||
|
||
online.Checked = ((bool)dt.Rows[0]["online"] ? true : false);
|
||
chkGauthEnabled.Checked = false;
|
||
if(dt.Rows[0]["gauth_enabled"]!=DBNull.Value)
|
||
{
|
||
chkGauthEnabled.Checked=(bool)dt.Rows[0]["gauth_enabled"];
|
||
}
|
||
|
||
|
||
add_group(dt.Rows[0]["power"].ToString());
|
||
}
|
||
}
|
||
catch (Exception ex)
|
||
{
|
||
Response.Write(ex.Message);
|
||
}
|
||
finally
|
||
{
|
||
sqlConn.Close(); sqlConn.Dispose();
|
||
}
|
||
}
|
||
else {
|
||
|
||
online.Checked = true;
|
||
edit.Visible = false;
|
||
|
||
add_group("");
|
||
}
|
||
}
|
||
}
|
||
|
||
protected void goback_Click(object sender, EventArgs e)
|
||
{
|
||
Response.Redirect("index.aspx?page=" + Convert.ToString(Request["page"]));
|
||
}
|
||
|
||
#region 抓權限群組
|
||
|
||
public void add_group(string power)
|
||
{
|
||
|
||
group.Items.Add( new ListItem("請選擇", ""));
|
||
|
||
MyWeb.sql sql = new MyWeb.sql();
|
||
OleDbConnection sqlConn = sql.conn(db, p_name);
|
||
try
|
||
{
|
||
sqlConn.Open();
|
||
OleDbCommand sqlCmd = new OleDbCommand("", sqlConn);
|
||
sqlCmd.CommandText = "SELECT g_name,demo FROM admin_group";
|
||
DataTable dt = sql.dataTable(sqlCmd);
|
||
if (dt.Rows.Count > 0)
|
||
{
|
||
int j = 0;
|
||
for (int i = 0; i < dt.Rows.Count; i++) {
|
||
if (dt.Rows[i]["g_name"].ToString() != "EZ")
|
||
{
|
||
ListItem list;
|
||
list = new ListItem(dt.Rows[i]["g_name"].ToString() + "." + dt.Rows[i]["demo"].ToString(), dt.Rows[i]["g_name"].ToString());
|
||
if (power == dt.Rows[i]["g_name"].ToString())
|
||
{
|
||
list.Selected = true;
|
||
}
|
||
if (dt.Rows[i]["g_name"].ToString() == "A")
|
||
{
|
||
if (admin.info.group == "EZ")
|
||
{
|
||
group.Items.Add(list);
|
||
}
|
||
}
|
||
else {
|
||
group.Items.Add(list);
|
||
}
|
||
}
|
||
else {
|
||
j++;
|
||
}
|
||
}
|
||
}
|
||
}
|
||
catch (Exception ex)
|
||
{
|
||
Response.Write(ex.Message);
|
||
}
|
||
finally
|
||
{
|
||
sqlConn.Close(); sqlConn.Dispose();
|
||
}
|
||
|
||
}
|
||
|
||
#endregion
|
||
|
||
#region 資料修改
|
||
|
||
protected void edit_Click(object sender, EventArgs e)
|
||
{
|
||
|
||
MyWeb.sql sql = new MyWeb.sql();
|
||
OleDbConnection sqlConn = sql.conn(db, p_name);
|
||
try
|
||
{
|
||
sqlConn.Open();
|
||
OleDbCommand sqlCmd = new OleDbCommand("", sqlConn);
|
||
sqlCmd.CommandText = "UPDATE admin SET u_name=?, sex=?, birthday=?, phone1=?, phone2=?, "+
|
||
" email=?, demo=?, power=?, online=?, gauth_enabled=? WHERE num=?";
|
||
sqlCmd.Parameters.Add(new OleDbParameter("u_name", user_name.Text));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("sex", sex.SelectedValue));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("birthday", selectDate(birthday)));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("phone1", phone1.Text));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("phone2", phone2.Text));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("email", email.Text));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("demo", demo.Text));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("power", group.SelectedValue));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("online", (online.Checked ? 1 : 0)));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("gauth_enabled", (chkGauthEnabled.Checked ? 1 : 0)));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("num", Request["num"]));
|
||
sqlCmd.ExecuteNonQuery();
|
||
|
||
sqlConn.Close(); sqlConn.Dispose();
|
||
|
||
Model.admin_log admin_log = new Model.admin_log();
|
||
admin_log.writeLog(admin.info.u_id, (int)Model.admin_log.Systems.Power, (int)Model.admin_log.Status.Update,"使用者:"+ UserName.Text);
|
||
|
||
Response.Redirect("index.aspx?page=" + Convert.ToString(Request["page"]));
|
||
|
||
}
|
||
catch (Exception ex)
|
||
{
|
||
Response.Write(ex.Message);
|
||
}
|
||
finally
|
||
{
|
||
sqlConn.Close(); sqlConn.Dispose();
|
||
}
|
||
|
||
}
|
||
|
||
#endregion
|
||
|
||
#region 資料新增
|
||
|
||
protected void add_Click(object sender, EventArgs e)
|
||
{
|
||
L_msg.Text = "";
|
||
MyWeb.sql sql = new MyWeb.sql();
|
||
OleDbConnection sqlConn = sql.conn(db, p_name);
|
||
try
|
||
{
|
||
sqlConn.Open();
|
||
OleDbCommand sqlCmd = new OleDbCommand("", sqlConn);
|
||
sqlCmd.CommandText = "SELECT * FROM admin Where u_id=?";
|
||
sqlCmd.Parameters.Add(new OleDbParameter("u_id", UserName.Text));
|
||
DataTable dt = sql.dataTable(sqlCmd);
|
||
if (dt.Rows.Count > 0)
|
||
{
|
||
L_msg.Type = alert_type.warning;
|
||
L_msg.Text = "您所輸入的帳號重覆";
|
||
}
|
||
else {
|
||
|
||
MyWeb.encrypt encrypt = new MyWeb.encrypt();
|
||
string cu = "u_id,u_password,u_name,sex,birthday,phone1,phone2,email,power,demo,kind,online";
|
||
|
||
sqlCmd = new OleDbCommand("", sqlConn);
|
||
sqlCmd.CommandText = "INSERT INTO admin (" + cu + ")";
|
||
sqlCmd.CommandText += " VALUES (" + sql.mark(cu) + ")";
|
||
sqlCmd.Parameters.Add(new OleDbParameter("u_id", UserName.Text));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("u_password", encrypt.EncryptAutoKey(Password.Text)));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("u_name", user_name.Text));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("sex", sex.SelectedValue));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("birthday", selectDate(birthday)));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("phone1", phone1.Text));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("phone2", phone2.Text));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("email", email.Text));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("power", group.SelectedValue));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("demo", demo.Text));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("kind", "管理者"));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("online", (online.Checked ? 1 : 0)));
|
||
sqlCmd.ExecuteNonQuery();
|
||
|
||
sqlConn.Close(); sqlConn.Dispose();
|
||
|
||
Model.admin_log admin_log = new Model.admin_log();
|
||
admin_log.writeLog(admin.info.u_id, (int)Model.admin_log.Systems.Power, (int)Model.admin_log.Status.Insert, "使用者:" + UserName.Text);
|
||
|
||
Response.Redirect("index.aspx");
|
||
|
||
}
|
||
}
|
||
catch (Exception ex)
|
||
{
|
||
L_msg.Text = ex.Message;
|
||
L_msg.Type = alert_type.danger;
|
||
}
|
||
finally
|
||
{
|
||
sqlConn.Close(); sqlConn.Dispose();
|
||
}
|
||
|
||
|
||
}
|
||
|
||
#endregion
|
||
|
||
#region 變更密碼
|
||
|
||
protected void chpws_bt_Click(object sender, EventArgs e)
|
||
{
|
||
L_msg.Text = "";
|
||
MyWeb.encrypt encrypt = new MyWeb.encrypt();
|
||
MyWeb.sql sql = new MyWeb.sql();
|
||
OleDbConnection sqlConn = sql.conn(db, p_name);
|
||
try
|
||
{
|
||
sqlConn.Open();
|
||
OleDbCommand sqlCmd = new OleDbCommand("", sqlConn);
|
||
sqlCmd.CommandText = "UPDATE admin SET u_password=? where num=?";
|
||
sqlCmd.Parameters.Add(new OleDbParameter("u_password", encrypt.EncryptAutoKey(u_password.Text)));
|
||
sqlCmd.Parameters.Add(new OleDbParameter("num", Request["num"]));
|
||
sqlCmd.ExecuteNonQuery();
|
||
|
||
Model.admin_log admin_log = new Model.admin_log();
|
||
admin_log.writeLog(admin.info.u_id, (int)Model.admin_log.Systems.Power, (int)Model.admin_log.Status.Update, "變更密碼:" + UserName.Text);
|
||
|
||
L_msg.Type = alert_type.success;
|
||
L_msg.Text = "密碼變更成功";
|
||
}
|
||
catch (Exception ex)
|
||
{
|
||
L_msg.Type = alert_type.danger;
|
||
L_msg.Text = "密碼變更失敗";
|
||
}
|
||
finally
|
||
{
|
||
sqlConn.Close(); sqlConn.Dispose();
|
||
}
|
||
|
||
}
|
||
|
||
#endregion
|
||
|
||
|
||
|
||
protected void btn_bindgen_Click(object sender, EventArgs e)
|
||
{
|
||
gauth = new GoogleAuth();
|
||
|
||
//gauth.User = "user";
|
||
//gauth.Password = "pass";
|
||
if (!isStrNull(Request["num"]))
|
||
{
|
||
MyWeb.sql sql = new MyWeb.sql();
|
||
OleDbConnection sqlConn = sql.conn(db, p_name);
|
||
sqlConn.Open();
|
||
OleDbCommand sqlCmd = new OleDbCommand("", sqlConn);
|
||
sqlCmd.CommandText = "SELECT * FROM admin Where num=?";
|
||
sqlCmd.Parameters.Add(new OleDbParameter("num", Request["num"]));
|
||
DataTable dt = sql.dataTable(sqlCmd);
|
||
if (dt.Rows.Count > 0)
|
||
{
|
||
var r = dt.Rows[0];
|
||
gauth.SecretKey = "SecKey";
|
||
gauth.User = r["u_id"].ToString();
|
||
gauth.Password = r["u_password"].ToString();
|
||
gauth.SecretKey = randKey(20);
|
||
|
||
System.Drawing.Image img = gauth.CreateSecretKeyAndQrCode();
|
||
string base64 = gauth.ImageToBase64(img);
|
||
qrcode.ImageUrl = base64;
|
||
|
||
txtUser.Text = gauth.User;
|
||
txtPassword.Text = gauth.Password;
|
||
txtWebKey.Text = gauth.WebKey;
|
||
txtSecretKey.Text = gauth.SecretKey;
|
||
txtSetupCode.Text = gauth.setupCode.ManualEntryKey;
|
||
|
||
//update: gauth_key , gauth_enabled
|
||
OleDbCommand updCmd = new OleDbCommand("", sqlConn);
|
||
updCmd.CommandText = "update admin set gauth_key=? , gauth_enabled=1 Where num=?";
|
||
updCmd.Parameters.Add(new OleDbParameter("gauth_key", gauth.SecretKey));
|
||
updCmd.Parameters.Add(new OleDbParameter("num", Request["num"]));
|
||
int updr = updCmd.ExecuteNonQuery();
|
||
chkGauthEnabled.Checked = true;
|
||
}
|
||
}
|
||
|
||
}
|
||
|
||
protected void btnValid_Click(object sender, EventArgs e)
|
||
{
|
||
// Get User Info
|
||
MyWeb.sql sql = new MyWeb.sql();
|
||
OleDbConnection sqlConn = sql.conn(db, p_name);
|
||
try
|
||
{
|
||
sqlConn.Open();
|
||
OleDbCommand sqlCmd = new OleDbCommand("", sqlConn);
|
||
sqlCmd.CommandText = "SELECT * FROM admin Where num=?";
|
||
sqlCmd.Parameters.Add(new OleDbParameter("num", Request["num"]));
|
||
DataTable dt = sql.dataTable(sqlCmd);
|
||
if (dt.Rows.Count > 0)
|
||
{
|
||
var userr=dt.Rows[0];
|
||
|
||
// GAuth
|
||
gauth = new GoogleAuth();
|
||
gauth.User = userr["u_id"].ToString();
|
||
gauth.Password = userr["u_password"].ToString();
|
||
gauth.SecretKey = userr["gauth_key"].ToString();
|
||
//gauth.setupCode.ManualEntryKey = txtSetupCode.Text;
|
||
|
||
string ValidateCode = txtValid.Text;
|
||
bool r = gauth.ValidateGoogleAuthCode(ValidateCode);
|
||
valid_result.Text = r ? "(Y)通過驗證" : "(X)未通過驗證";
|
||
|
||
}
|
||
}
|
||
catch (Exception ex)
|
||
{
|
||
|
||
}
|
||
|
||
}
|
||
} |