wflogin.aspx.cs

某大型国企试用的网上订餐管理系统完整源代码

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;

using System.Security;
using System.Security.Cryptography;
using System.Text;

namespace WebApplication1
{
	/// <summary>
	/// WebForm1 的摘要说明。
	/// </summary>
	public class WFlogin : System.Web.UI.Page
	{
		protected System.Data.Odbc.OdbcConnection odbcConnection1;
		protected System.Data.Odbc.OdbcCommand odbcCommand1;
		protected System.Web.UI.WebControls.Label Label1;
		protected System.Web.UI.WebControls.TextBox TextBox2;
		protected System.Web.UI.WebControls.Label Label2;
		protected System.Web.UI.WebControls.TextBox TextBox1;
		protected System.Web.UI.WebControls.Button Button1;
		protected System.Web.UI.WebControls.Button Button2;
		protected System.Web.UI.WebControls.Label Label3;
		protected System.Web.UI.WebControls.Label Label4;
		protected System.Web.UI.WebControls.Image Image2;
		protected System.Data.Odbc.OdbcConnection connRemote;
		protected System.Web.UI.WebControls.Image Image1;
	
		private void Page_Load(object sender, System.EventArgs e)
		{
			// 在此处放置用户代码以初始化页面
		//	Form1.Size = new System.Drawing.Size(100, 100);

		}

		#region Web 窗体设计器生成的代码
		override protected void OnInit(EventArgs e)
		{
			//
			// CODEGEN: 该调用是 ASP.NET Web 窗体设计器所必需的。
			//
			InitializeComponent();
			base.OnInit(e);
		}
		
		/// <summary>
		/// 设计器支持所需的方法 - 不要使用代码编辑器修改
		/// 此方法的内容。
		/// </summary>
		private void InitializeComponent()
		{    
			this.odbcConnection1 = new System.Data.Odbc.OdbcConnection();
			this.odbcCommand1 = new System.Data.Odbc.OdbcCommand();
			this.connRemote = new System.Data.Odbc.OdbcConnection();
			this.TextBox2.TextChanged += new System.EventHandler(this.TextBox2_TextChanged);
			this.Button1.Click += new System.EventHandler(this.Button1_Click);
			this.Button2.Click += new System.EventHandler(this.Button2_Click);
			this.Load += new System.EventHandler(this.Page_Load);

		}
		#endregion

		private void connectionDB()
		{
			Global.OpenConnection(ref odbcConnection1);
		}	

		private void closeDB()
		{
			odbcConnection1.Close();	
		}

		private void Button1_Click(object sender, System.EventArgs e)
		{
			System.Data.Odbc.OdbcDataReader dtr;
			string strDBPsw = "";
			string strUser="", strUserName="", strDept="", strDeptName="", strRole="5";
			string passwd = TextBox1.Text.Trim() ;
			bool hasrow, hasremoterow;

			strUser = TextBox2.Text.Trim() ;
			strUser.Replace (@"""", "");
			strUser.Replace ("'", "");
			strUser.Replace ("--", "");
			strUser.Replace (" ", "");

			connectionDB();
			odbcCommand1.CommandText = "select passwd, `name`, `department_id`, `department`, `role_id` from t_manager where manager_id = '" + strUser + "' and effect = '1'";
			odbcCommand1.Connection =	odbcConnection1;
			dtr = odbcCommand1.ExecuteReader();
			hasrow = dtr.HasRows;
			if (dtr.HasRows)	//用户与密码在本地
			{
				strDBPsw = dtr.GetString(0);
				strUserName = dtr.GetString(1);
				strDept = dtr.GetString(2);
				strDeptName = dtr.GetString(3);
				strRole = dtr.GetString(4);
			}
			closeDB();
			if (hasrow &&
				  (strRole.CompareTo("0") == 0
				|| strRole.CompareTo("1") == 0
				|| strRole.CompareTo("2") == 0)
				)		//用户与密码在本地
			{
				if (strDBPsw != passwd)
				{
					Label3.Text = "登录失败，请重新操作！";
					Page.RegisterStartupScript("alert", @"<script language=""javascript"">window.alert(""登录失败，请重新操作！"")</script>");
				}
				else
				{
					//用户与密码在本地且有效
					Session["strUser"] = strUser;
					Session["strUserName"] = strUserName;
					Session["strDept"] = strDept;
					Session["strDeptName"] = strDeptName;
					Session["strRole"] = strRole;

					Response.Redirect ("main.htm", true);
				}
			}
			else
			{
				Global.OpenRemoteConnection(ref connRemote);
				odbcCommand1.CommandText = "select a.userpassword, a.displayname, a.usercontainercode, b.containername from ltpmiuser a, ltusercontainer b where a.userid = '" + strUser + "' and a.usercontainercode = b.code";
				odbcCommand1.Connection =	connRemote;
				dtr = odbcCommand1.ExecuteReader();
				hasremoterow = dtr.HasRows;
				if (dtr.HasRows)
				{
					strDBPsw = dtr.GetString(0);
					strUserName = dtr.GetString(1);
					strDept = dtr.GetString(2);
					strDeptName = dtr.GetString(3);
				}
				connRemote.Close();
				if (hasremoterow)
				{
					MD5CryptoServiceProvider md = new System.Security.Cryptography.MD5CryptoServiceProvider();
					byte[] bytePlain = (new UTF8Encoding()).GetBytes(passwd);

					byte[] byteCrypt = md.ComputeHash(bytePlain);
					passwd = BitConverter.ToString(byteCrypt).Replace("-", "").ToLower();
					
					if (strDBPsw != passwd)
					{
						Label3.Text = "登录失败，请重新操作！";
						Page.RegisterStartupScript("alert", @"<script language=""javascript"">window.alert(""登录失败，请重新操作！"")</script>");
					}
					else
					{
						//用户与密码在远处且有效
						Session["strUser"] = strUser;
						Session["strUserName"] = strUserName;
						Session["strDept"] = strDept;
						Session["strDeptName"] = strDeptName;
						Session["strRole"] = strRole;

						Response.Redirect ("main.htm", true);
					}
				}
				else
				{
					Label3.Text = "登录失败，请重新操作！";
					Page.RegisterStartupScript("alert", @"<script language=""javascript"">window.alert(""登录失败，请重新操作！"")</script>");
				}
			}
		}

		private void Button2_Click(object sender, System.EventArgs e)
		{
			TextBox2.Text="";
         TextBox1.Text="";
		}

		private void TextBox2_TextChanged(object sender, System.EventArgs e)
		{
		
		}
	}
}