verify.aspx

小型企业档案管理系统V1.1 改进版的

<%@ Page Language="C#" Description="Epass 1000 Demo ---ASP.NET" %>
<%@ Import Namespace="System"%>
<%@ Import Namespace="System.IO"%>
<%@ Import Namespace="System.Security"%>
<%@ Import Namespace="System.Security.Cryptography"%>
<%@ Import Namespace="System.Text"%>

<script language="c#" runat=server>
   //by Yangsheng Zhu 
   //Date: 2003/6/3
   //MD5 Function 

   string fun_MD5(string str)
   {
     byte[] b = System.Text.Encoding.GetEncoding(1252).GetBytes(str);
     b=new System.Security.Cryptography.MD5CryptoServiceProvider().ComputeHash(b);
     string ret="";
     for(int i=0;i<b.Length;i++)
      ret+=b[i].ToString("x").PadLeft(2,'0');
     return ret;
   }

   Byte[] hexstr2array(string HexStr)
   {
 	string HEX = "0123456789ABCDEF";
	string str = HexStr.ToUpper();
	int len = str.Length;
	byte[] RetByte = new byte[len/2];
	for(int i=0; i<len/2; i++)
	{
		int NumHigh = HEX.IndexOf(str[i*2]);
		int NumLow  = HEX.IndexOf(str[i*2+1]);
		
		RetByte[i] = Convert.ToByte(NumHigh*16+NumLow);
	}
	return RetByte;
   }
</script>

<%

 string clientrandom = Session["Message"].ToString();
 string username =	Request.Form["SN_SERAL"];
 string clientdigest = Request.Form["Digest"];
 string filename = this.MapPath("user.txt");

//Read from file and Get the user pwd
 string userpwd="";
 StreamReader srReadLine = new StreamReader((System.IO.Stream)File.OpenRead(filename),
         System.Text.Encoding.ASCII);
         
srReadLine.BaseStream.Seek(0, SeekOrigin.Begin);
bool b_break = true;
while (srReadLine.Peek() > -1 && b_break)
{
     if (Object.Equals(srReadLine.ReadLine(),username))
     {
        userpwd = srReadLine.ReadLine();
	b_break = false;
     }
}
 srReadLine.Close();

//these for MD5_HMAC
 string ipad="";
 string opad="";

 {
	 for(int i=0; i<64; i++)
	 {
		ipad += "6";
		opad += "\\";
	 }
 }
 
 string Password= userpwd;

 int  KLen = Password.Length;
 string iResult = "";
 {
	for(int i = 0; i < 64; i++)
	{
		if(i < KLen)
			iResult += Convert.ToChar(ipad[i] ^ Password[i]);
		else
			iResult += Convert.ToChar(ipad[i]);
	}
 }
 iResult += clientrandom;
 iResult = fun_MD5(iResult);
 
byte[] Test = hexstr2array(iResult);

iResult = "";

char[] b = System.Text.Encoding.GetEncoding(1252).GetChars(Test);

for(int i=0;i<b.Length;i++)
{
	iResult += b[i];
}

 string oResult = "";
 {
	 for (int i=0; i<64; i++)
	 {
		if (i < KLen)
			oResult += Convert.ToChar(opad[i] ^ Password[i]);
		else
			oResult += Convert.ToChar(opad[i]);
	 }
 }

 oResult += iResult;

 string Result = fun_MD5(oResult).ToUpper();
 if (Object.Equals(Result, clientdigest))
     Message.Text += "<br> ��ϲ��! ::: " + username;
 else
 {
     Session["key"] = "key";
     Response.Redirect("main.html");
 }
%>
<html>

<body>
 <asp:label id="Message" forecolor="red" font-bold="true" runat=server/><br>
</body>
</html>