emuser.cs

网上那个书店开发系统论文,需要的朋友可以下载参考哦

using System;
using System.Web.Security;
using System.Data.SqlClient;
using System.Data;
using System.Collections.Generic;
using System.Text;
using BookManage.Model;

namespace BookManage.DAL
{
    /// <summary>
    /// 用户帐户相关操作
    /// </summary>
    public class EMUser
    {
        /// <summary>
        /// 检验用户登陆并返回用户权限
        /// </summary>
        /// <param name="userName">用户名</param>
        /// <param name="password">密码</param>
        /// <returns>返回用户的权限,0为管理员,1为普通用户,如果用户登陆失败则设权限为-1</returns>
        public int Login(string userName, string password)
        {
            SqlParameter[] param = new SqlParameter[]{
                new SqlParameter("@userName", userName),
                new SqlParameter("@password", password),
                new SqlParameter("@userPower", SqlDbType.SmallInt)
            };
            param[2].Direction = ParameterDirection.Output;
            //运行存储过程
            SqlHelper.ExecuteNonQuery(SqlHelper.ConnectionStringLocalTransaction, CommandType.StoredProcedure, "upUserListVerify", param);
            int userPower = Convert.ToInt16(param[2].Value);
            return userPower;
        }

        /// <summary>
        /// 检查用户名是否存在
        /// </summary>
        /// <param name="userName">用户名</param>
        /// <returns></returns>
        public bool UserNameExiste(string userName)
        {
           
            SqlParameter param = new SqlParameter("@userName", userName);
            bool exist = SqlHelper.ExecuteReader(SqlHelper.ConnectionStringLocalTransaction, CommandType.StoredProcedure, "upUserListCheckUserName",param).HasRows;   
            return exist;
        }

        /// <summary>
        /// 添加用户
        /// </summary>
        /// <param name="userName">用户名</param>
        /// <param name="password">密码</param>
        public int AddUser(EMUserProfile profile)
        {
            SqlParameter[] param = new SqlParameter[]{
                new SqlParameter("@userName", profile.UserName),
                new SqlParameter("@password", profile.Password),
                new SqlParameter("@power", profile.UserPower)
            };
            int result = SqlHelper.ExecuteNonQuery(SqlHelper.ConnectionStringLocalTransaction,CommandType.StoredProcedure,"upUserListAddUser",param);
            //返回值
            return result;
        }

        /// <summary>
        /// 删除用户
        /// </summary>
        /// <param name="userID">用户名</param>
        public void DeleteUser(string userID)
        {
            SqlParameter param = new SqlParameter("@userID", userID);
            SqlHelper.ExecuteNonQuery(SqlHelper.ConnectionStringLocalTransaction, CommandType.StoredProcedure, "upUserListDeleteUser", param);
        }

        /// <summary>
        /// 更新用户权限
        /// </summary>
        /// <param name="userName">用户名</param>
        /// <param name="userPower">用户权限</param>
        public int UpdateUserProfile(EMUserProfile profile)
        {
            SqlParameter[] param = new SqlParameter[]{
                new SqlParameter("@userId",profile.UserID),
                new SqlParameter("@userName", profile.UserName),
                new SqlParameter("@userPower", profile.UserPower),
                new SqlParameter("@pwd", profile.Password)
            };
            int result = SqlHelper.ExecuteNonQuery(SqlHelper.ConnectionStringLocalTransaction, CommandType.StoredProcedure, "upUserListUpate", param);
            //返回值
            return result;
        }

        /// <summary>
        /// 修改用户密码
        /// </summary>
        /// <param name="userName">用户名</param>
        /// <param name="oldPwd">原密码</param>
        /// <param name="newPwd">新密码</param>
        /// <returns></returns>
        public int UpdatePassword(string userName, string oldPwd, string newPwd)
        {
            const string cmdText = "if exists(select userName from userList where userName=@userName and userpassword = @oldPwd) update userlist set userpassword=@newPwd where userName=@userName";
            SqlParameter[] param = new SqlParameter[]
            {
                new SqlParameter("@userName",userName),
                new SqlParameter("@oldPwd",oldPwd),
                new SqlParameter("@newPwd",newPwd)
            };
            int result=SqlHelper.ExecuteNonQuery(SqlHelper.ConnectionStringLocalTransaction,CommandType.Text,cmdText,param);
            return result;
        }

        /// <summary>
        /// 获取所有用户列表
        /// </summary>
        /// <returns>所有用户列表</returns>
        public IList<EMUserProfile> GetUserList()
        {
            StringBuilder sql = new StringBuilder("select userName,userPower,userID from userList order by userName");
            IList<EMUserProfile> userList = new List<EMUserProfile>();
            SqlDataReader dr = SqlHelper.ExecuteReader(SqlHelper.ConnectionStringLocalTransaction, CommandType.Text, sql.ToString(), null);
            while (dr.Read())
            {
                EMUserProfile profile = new EMUserProfile(dr[2].ToString(), dr.GetString(0), "", Convert.ToInt32(dr[1]));
                userList.Add(profile);
            }
            return userList;
        }

        /// <summary>
        /// 根据权限获取用户列表
        /// </summary>
        /// <param name="userPower">用户权限</param>
        /// <returns>用户列表</returns>
        public IList<EMUserProfile> GetUserListByPower(int userPower)
        {
            StringBuilder sql = new StringBuilder("select userName,userPower,userID from userList where userPower=@userPower order by userName");
            IList<EMUserProfile> userList = new List<EMUserProfile>();
            SqlParameter param = new SqlParameter("@userPower", userPower);
            SqlDataReader dr = SqlHelper.ExecuteReader(SqlHelper.ConnectionStringLocalTransaction, CommandType.Text, sql.ToString(), param);
            while (dr.Read())
            {
                EMUserProfile profile = new EMUserProfile(dr[2].ToString(), dr.GetString(0), "", Convert.ToInt32(dr[1]));
                userList.Add(profile);
            }
            return userList;
        }

        /// <summary>
        /// 根据用户名获取用户列表
        /// </summary>
        /// <param name="userName">用户名</param>
        /// <returns></returns>
        public IList<EMUserProfile> SearchUserListResult(string userName)
        {
            StringBuilder sql = new StringBuilder("select userName,userPower,userID from userList where userName like '%'+@userName+'%'");
            IList<EMUserProfile> userList = new List<EMUserProfile>();
            SqlParameter param = new SqlParameter("@userName", userName);
            SqlDataReader dr = SqlHelper.ExecuteReader(SqlHelper.ConnectionStringLocalTransaction, CommandType.Text, sql.ToString(), param);
            while (dr.Read())
            {
                EMUserProfile profile = new EMUserProfile(dr[2].ToString(), dr.GetString(0), string.Empty, Convert.ToInt32(dr[1]));
                userList.Add(profile);
            }
            return userList;
        }

        /// <summary>
        /// 根据用户ID获取用户资料
        /// </summary>
        /// <param name="userID">用户ID</param>
        /// <returns></returns>
        public EMUserProfile GetUserDetail(string userID)
        {
            StringBuilder sql = new StringBuilder("select userName,userPower,userID from userList where userID=@userID");

            SqlParameter param = new SqlParameter("@userID", userID);
            EMUserProfile profile = new EMUserProfile();
            SqlDataReader dr = SqlHelper.ExecuteReader(SqlHelper.ConnectionStringLocalTransaction, CommandType.Text, sql.ToString(), param);
            while (dr.Read())
            {
                profile.UserID = dr[2].ToString();
                profile.UserName = dr.GetString(0);
                profile.UserPower = Convert.ToInt32(dr[1]);
            }
            return profile;
        }


    }



}