📄 security.cs
字号:
SqlCommand myCommand = new SqlCommand("Portal_DeleteUser", myConnection);
// Mark the Command as a SPROC
myCommand.CommandType = CommandType.StoredProcedure;
SqlParameter parameterUserId = new SqlParameter("@UserID", SqlDbType.Int);
parameterUserId.Value = userId;
myCommand.Parameters.Add(parameterUserId);
// Open the database connection and execute the command
myConnection.Open();
myCommand.ExecuteNonQuery();
myConnection.Close();
}
#endregion
#region 更新用户信息
//*********************************************************************
//
// UsersDB.UpdateUser() Method <a name="DeleteUser"></a>
//
// The UpdateUser method deleted a user record from the "Users" database table.
//
// Other relevant sources:
// + <a href="UpdateUser.htm" style="color:green">UpdateUser Stored Procedure</a>
//
//*********************************************************************
public void UpdateUser(int userId, String email, String password)
{
// Create Instance of Connection and Command Object
SqlConnection myConnection = new SqlConnection(ConfigurationSettings.AppSettings["connectionString"]);
SqlCommand myCommand = new SqlCommand("Portal_UpdateUser", myConnection);
// Mark the Command as a SPROC
myCommand.CommandType = CommandType.StoredProcedure;
SqlParameter parameterUserId = new SqlParameter("@UserID", SqlDbType.Int);
parameterUserId.Value = userId;
myCommand.Parameters.Add(parameterUserId);
SqlParameter parameterEmail = new SqlParameter("@Email", SqlDbType.NVarChar, 100);
parameterEmail.Value = email;
myCommand.Parameters.Add(parameterEmail);
SqlParameter parameterPassword = new SqlParameter("@Password", SqlDbType.NVarChar, 50);
parameterPassword.Value = password;
myCommand.Parameters.Add(parameterPassword);
// Open the database connection and execute the command
myConnection.Open();
myCommand.ExecuteNonQuery();
myConnection.Close();
}
#endregion
#region 以SqlDataReader形式返回用户角色信息
//*********************************************************************
//
// UsersDB.GetRolesByUser() Method <a name="GetRolesByUser"></a>
//
// The DeleteUser method deleted a user record from the "Users" database table.
//
// Other relevant sources:
// + <a href="GetRolesByUser.htm" style="color:green">GetRolesByUser Stored Procedure</a>
//
//*********************************************************************
public SqlDataReader GetRolesByUser(String email)
{
// Create Instance of Connection and Command Object
SqlConnection myConnection = new SqlConnection(ConfigurationSettings.AppSettings["connectionString"]);
SqlCommand myCommand = new SqlCommand("Portal_GetRolesByUser", myConnection);
// Mark the Command as a SPROC
myCommand.CommandType = CommandType.StoredProcedure;
SqlParameter parameterEmail = new SqlParameter("@Email", SqlDbType.NVarChar, 100);
parameterEmail.Value = email;
myCommand.Parameters.Add(parameterEmail);
// Open the database connection and execute the command
myConnection.Open();
SqlDataReader dr = myCommand.ExecuteReader(CommandBehavior.CloseConnection);
// Return the datareader
return dr;
}
#endregion
#region 根据email获取单个用户信息
//*********************************************************************
//
// GetSingleUser Method
//
// The GetSingleUser method returns a SqlDataReader containing details
// about a specific user from the Users database table.
//
//*********************************************************************
public SqlDataReader GetSingleUser(String email)
{
// Create Instance of Connection and Command Object
SqlConnection myConnection = new SqlConnection(ConfigurationSettings.AppSettings["connectionString"]);
SqlCommand myCommand = new SqlCommand("Portal_GetSingleUser", myConnection);
// Mark the Command as a SPROC
myCommand.CommandType = CommandType.StoredProcedure;
// Add Parameters to SPROC
SqlParameter parameterEmail = new SqlParameter("@Email", SqlDbType.NVarChar, 100);
parameterEmail.Value = email;
myCommand.Parameters.Add(parameterEmail);
// Open the database connection and execute the command
myConnection.Open();
SqlDataReader dr = myCommand.ExecuteReader(CommandBehavior.CloseConnection);
// Return the datareader
return dr;
}
#endregion
#region 根据用户的Email获取用户的角色(以String[]的形式返回,一项表示一个角色,一个用户可有多个角色)
//*********************************************************************
//
// GetRoles() Method <a name="GetRoles"></a>
//
// The GetRoles method returns a list of role names for the user.
//
// Other relevant sources:
// + <a href="GetRolesByUser.htm" style="color:green">GetRolesByUser Stored Procedure</a>
//
//*********************************************************************
/// <summary>
/// 根据用户的Email获取用户的角色(以String[]的形式返回,一项表示一个角色,一个用户可有多个角色)
/// </summary>
/// <param name="email"></param>
/// <returns></returns>
public String[] GetRoles(String email)
{
// Create Instance of Connection and Command Object
SqlConnection myConnection = new SqlConnection(ConfigurationSettings.AppSettings["connectionString"]);
SqlCommand myCommand = new SqlCommand("Portal_GetRolesByUser", myConnection);
// Mark the Command as a SPROC
myCommand.CommandType = CommandType.StoredProcedure;
// Add Parameters to SPROC
SqlParameter parameterEmail = new SqlParameter("@Email", SqlDbType.NVarChar, 100);
parameterEmail.Value = email;
myCommand.Parameters.Add(parameterEmail);
// Open the database connection and execute the command
SqlDataReader dr;
myConnection.Open();
dr = myCommand.ExecuteReader(CommandBehavior.CloseConnection);
// create a String array from the data
ArrayList userRoles = new ArrayList();
while (dr.Read()) {
userRoles.Add(dr["RoleName"]);
}
dr.Close();
// Return the String array of roles
return (String[]) userRoles.ToArray(typeof(String));
}
#endregion
#region 根据email和password返回登录的用户姓名(用于判断用户是否登录成功)
//*********************************************************************
//
// UsersDB.Login() Method <a name="Login"></a>
//
// The Login method validates a email/password pair against credentials
// stored in the users database. If the email/password pair is valid,
// the method returns user's name.
//
// Other relevant sources:
// + <a href="UserLogin.htm" style="color:green">UserLogin Stored Procedure</a>
//
//*********************************************************************
/// <summary>
/// 根据email和password返回登录的用户姓名(用于判断用户是否登录成功)
/// </summary>
/// <param name="email"></param>
/// <param name="password"></param>
/// <returns></returns>
public String Login(String email, String password)
{
// Create Instance of Connection and Command Object
// 创建数据库连接实例和Command对象
SqlConnection myConnection = new SqlConnection(ConfigurationSettings.AppSettings["connectionString"]);
SqlCommand myCommand = new SqlCommand("Portal_UserLogin", myConnection);
// Mark the Command as a SPROC
// 设置为按存储过程方式执行
myCommand.CommandType = CommandType.StoredProcedure;
// Add Parameters to SPROC
// 添加存储过程参数
SqlParameter parameterEmail = new SqlParameter("@Email", SqlDbType.NVarChar, 100);
parameterEmail.Value = email;
myCommand.Parameters.Add(parameterEmail);
SqlParameter parameterPassword = new SqlParameter("@Password", SqlDbType.NVarChar, 50);
parameterPassword.Value = password;
myCommand.Parameters.Add(parameterPassword);
SqlParameter parameterUserName = new SqlParameter("@UserName", SqlDbType.NVarChar, 100);
parameterUserName.Direction = ParameterDirection.Output;
myCommand.Parameters.Add(parameterUserName);
// Open the database connection and execute the command
// 打开连接;执行命令;关闭连接
myConnection.Open();
myCommand.ExecuteNonQuery();
myConnection.Close();
// parameterUserName输出参数的值不为空时返回输出参数值,否则返回空值
if ((parameterUserName.Value != null) && (parameterUserName.Value != System.DBNull.Value))
{
return ((String)parameterUserName.Value).Trim();
}
else
{
return String.Empty;
}
}
#endregion
}
#endregion
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -