security.cs

一个功能完善的论坛系统,有数据库备分,希望对你有所帮助

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Web;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;

namespace bbs.Components
{

	
	#region 用户数据库访问类UsersDB Class

	
	/// <summary>
	/// 用户数据库访问类
	/// </summary>
	public class UsersDB 
	{
		#region 验证登陆
		/// <summary>
		/// 验证登陆
		/// </summary>
		/// <param name="LoginName"></param>
		/// <param name="LoginPwd"></param>
		/// <returns></returns>
	public int Login( string LoginName, string LoginPwd) 
		{
			SqlConnection conMyData;
			SqlCommand cmdSelect;
			SqlParameter parmReturnValue;
			int intResult;

			conMyData = new SqlConnection(ConfigurationSettings.AppSettings["forum"]);
			cmdSelect = new SqlCommand( "DBAuthenticate", conMyData);
			cmdSelect.CommandType = CommandType.StoredProcedure;
			parmReturnValue = cmdSelect.Parameters.Add( "RETURN_VALUE", SqlDbType.Int);
			parmReturnValue.Direction = ParameterDirection.ReturnValue;
			cmdSelect.Parameters.Add( "@LoginName", LoginName);
			cmdSelect.Parameters.Add( "@LoginPwd", LoginPwd);
			conMyData.Open();
			cmdSelect.ExecuteNonQuery();
			intResult = Convert.ToInt32(cmdSelect.Parameters[ "RETURN_VALUE" ].Value);
			conMyData.Close();
			//验证未通过
			
			return intResult;
		}

		#endregion

		#region 获取UserID
		//获取UserID
		public int GetUserID(String LoginName) 
		{
			string connstr=ConfigurationSettings.AppSettings["forum"];
			SqlConnection myConnection = new SqlConnection(connstr);
			string sqltxt="select * from Operator where LoginName=@LoginName";
			
			SqlCommand myCommand = new SqlCommand(sqltxt, myConnection);

			SqlParameter parameterLoginName= new SqlParameter("@LoginName", SqlDbType.VarChar);
			parameterLoginName.Value = LoginName;
			myCommand.Parameters.Add(parameterLoginName);
			myConnection.Open();
			SqlDataReader result = myCommand.ExecuteReader();
			result.Read();
			int userid=Convert.ToInt32(result["userid"].ToString());
			result.Close();
			return userid;
		}
		#endregion

		#region 添加一个新用户（返回值大于-1表示添加成功）

		

		/// <summary>
		/// 添加一个新用户
		/// </summary>
		public void AddUser(String LoginName,String Sex,String email, String password,String Icon) 
		{
			
			string conn=ConfigurationSettings.AppSettings["forum"];
			SqlConnection myConnection = new SqlConnection(conn);
			SqlCommand myCommand = new SqlCommand("Operator_AddUser", myConnection);

			//存储过程
			myCommand.CommandType = CommandType.StoredProcedure;

			//添加参数 用户名称,性别,email,密码,注册时间,头像
			SqlParameter parameterLoginName = new SqlParameter("@LoginName", SqlDbType.NVarChar, 50);
			parameterLoginName.Value = LoginName;
			myCommand.Parameters.Add(parameterLoginName);

			SqlParameter parameterSex= new SqlParameter("@Sex", SqlDbType.Int);
			parameterSex.Value = Sex;
			myCommand.Parameters.Add(parameterSex);

			SqlParameter parameterEmail = new SqlParameter("@Email", SqlDbType.NVarChar, 100);
			parameterEmail.Value = email;
			myCommand.Parameters.Add(parameterEmail);

			SqlParameter parameterPassword = new SqlParameter("@LoginPwd", SqlDbType.NVarChar, 50);
			parameterPassword.Value = password;
			myCommand.Parameters.Add(parameterPassword);

			SqlParameter parameterCreateDate = new SqlParameter("@CreateDate", SqlDbType.SmallDateTime,4);
			parameterCreateDate.Value =DateTime.Now.ToString("d");
			myCommand.Parameters.Add(parameterCreateDate);

			SqlParameter parameterIcon = new SqlParameter("@Icon", SqlDbType.NVarChar,50);
			parameterIcon.Value =Icon;
			myCommand.Parameters.Add(parameterIcon);

	
			myConnection.Open();
			myCommand.ExecuteNonQuery();
			myConnection.Close();
	}
	#endregion

		#region 获取用户列表
		/// <summary>
		/// 获取用户列表
		/// </summary>
		/// <returns></returns>
		public DataSet GetOperatorList()
		{
			string conn=ConfigurationSettings.AppSettings["forum"];
			SqlConnection myConnection = new SqlConnection(conn);
			DataSet ds = new DataSet();
			string sql="select OP.*,(case OP.IsAdmin when 1 then '是' else '否' end) as IsAdmin,"+
				"(case OP.IsPower when 1 then '是' else '否' end) as IsPower, "+
				"(case OP.IsUsed when 1 then '是' else '否' end) as IsUsed "+
				"  from Operator OP";
			SqlDataAdapter adp=new SqlDataAdapter(sql,conn);
			adp.Fill(ds);
				return ds;
			
		}

		#endregion

		#region 验证用户是否重复
		//验证用户是否重复
		public bool Usevalidate(string LoginName)
		{
			string connstr=ConfigurationSettings.AppSettings["forum"];
			SqlConnection myConnection = new SqlConnection(connstr);
			DataSet ds=new DataSet();
			string strtxt = "select LoginName from Operator where LoginName=@LoginName";

			SqlCommand myCommand = new SqlCommand(strtxt, myConnection);

			SqlParameter parameterLoginName= new SqlParameter("@LoginName", SqlDbType.VarChar,50);
			parameterLoginName.Value = LoginName;
			myCommand.Parameters.Add(parameterLoginName);
			myConnection.Open();
			SqlDataReader dr=myCommand.ExecuteReader();
			if(dr.Read())
			{
				return false;
			} 
			else 
			{
				return true;
			}
			
		}
		#endregion
		
	}

	#endregion
}