197 lines
7.3 KiB
Plaintext
197 lines
7.3 KiB
Plaintext
<%@ WebHandler Language="C#" Class="signin" %>
|
|
|
|
using System;
|
|
using System.Web;
|
|
using System.Runtime.Serialization.Json;
|
|
using Newtonsoft.Json;
|
|
using Newtonsoft.Json.Linq;
|
|
using System.Web.Services.Protocols;
|
|
using System.Security.Cryptography;
|
|
using System.Text;
|
|
using System.Web.SessionState;
|
|
using System.Data;
|
|
|
|
public class signin : IHttpHandler, IReadOnlySessionState {
|
|
|
|
public void ProcessRequest (HttpContext context) {
|
|
result objRet = new result();
|
|
DataContractJsonSerializer json = new DataContractJsonSerializer(objRet.GetType());
|
|
context.Response.ContentType = "application/json;charset=utf-8";
|
|
|
|
string id = (context.Request["id"] == null) ? "" : context.Request["id"].ToString();
|
|
string pwd = (context.Request["pwd"] == null) ? "" : context.Request["pwd"].ToString();
|
|
string remember = (context.Request["rem"] == null) ? "N" : context.Request["rem"].ToString();
|
|
|
|
string user_sql = string.Format("select * from users where user_id = '{0}'", id);
|
|
autoBindDataTable objUser = new autoBindDataTable(user_sql);
|
|
|
|
if (objUser.dataRows.Count == 0)
|
|
{
|
|
objRet.ret = "no";
|
|
objRet.err_code = "0001";
|
|
objRet.message = "無此帳號密碼!";
|
|
json.WriteObject(context.Response.OutputStream, objRet);
|
|
return;
|
|
|
|
string elab_sql = string.Format("select * from new_userdata where userid = '{0}'", id);
|
|
autoBindElab objElabUser = new autoBindElab(elab_sql);
|
|
|
|
if (objElabUser.dataRows.Count == 0)
|
|
{
|
|
objRet.ret = "no";
|
|
objRet.err_code = "0001";
|
|
objRet.message = "無此帳號密碼!";
|
|
json.WriteObject(context.Response.OutputStream, objRet);
|
|
return;
|
|
}
|
|
else
|
|
{
|
|
objRet.ret = "no";
|
|
objRet.err_code = "0002";
|
|
objRet.message = "此帳號尚未擁有權限,請專案管理者加入權限!";
|
|
json.WriteObject(context.Response.OutputStream, objRet);
|
|
return;
|
|
}
|
|
}
|
|
else {
|
|
|
|
|
|
//系統內建帳號
|
|
if (objUser.dataRows[0]["user_type"].ToString() == "Y") {
|
|
if (objUser.dataRows[0]["user_onjob"].ToString() == "N") {
|
|
objRet.ret = "no";
|
|
objRet.err_code = "0003";
|
|
objRet.message = "此帳號已經離職!";
|
|
json.WriteObject(context.Response.OutputStream, objRet);
|
|
return;
|
|
}
|
|
|
|
if (pwd != SHA256_Encode(objUser.dataRows[0]["user_pwd"].ToString())) {
|
|
string test = SHA256_Encode(objUser.dataRows[0]["user_pwd"].ToString());
|
|
objRet.ret = "no";
|
|
objRet.err_code = "0004";
|
|
objRet.message = "密碼有誤!";
|
|
json.WriteObject(context.Response.OutputStream, objRet);
|
|
return;
|
|
}
|
|
}
|
|
|
|
//E白板帳號
|
|
if (objUser.dataRows[0]["user_type"].ToString() == "N") {
|
|
string elab_sql = string.Format("select * from new_userdata where userid = '{0}'", id);
|
|
autoBindElab objElabUser = new autoBindElab(elab_sql);
|
|
|
|
if (objElabUser.dataRows.Count == 0)
|
|
{
|
|
objRet.ret = "no";
|
|
objRet.err_code = "0001";
|
|
objRet.message = "無此帳號密碼!";
|
|
json.WriteObject(context.Response.OutputStream, objRet);
|
|
return;
|
|
}
|
|
else
|
|
{
|
|
if (objElabUser.dataRows[0]["onjob"].ToString() == "1") {
|
|
objUser.dataRows[0]["user_onjob"] = "N";
|
|
objUser.updateDataTable();
|
|
|
|
objRet.ret = "no";
|
|
objRet.err_code = "0003";
|
|
objRet.message = "此帳號已經離職!";
|
|
json.WriteObject(context.Response.OutputStream, objRet);
|
|
return;
|
|
}
|
|
|
|
if (pwd != SHA256_Encode(objElabUser.dataRows[0]["userpw"].ToString())) {
|
|
objRet.ret = "no";
|
|
objRet.err_code = "0004";
|
|
objRet.message = "密碼有誤!";
|
|
json.WriteObject(context.Response.OutputStream, objRet);
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
string token_key = CreateRandomCode(36);
|
|
string user_uid = objUser.dataRows[0]["user_uid"].ToString();
|
|
|
|
autoBindDataTable dataToken = new autoBindDataTable("select * from token where token_sn = -1");
|
|
DataRow rowToken = dataToken.newRow;
|
|
dataToken.dataRows.Add(rowToken);
|
|
rowToken["token_key"] = token_key;
|
|
rowToken["user_uid"] = user_uid;
|
|
rowToken["token_isremember"] = remember;
|
|
rowToken["token_expireddate"] = DateTime.Now.AddMinutes(60);
|
|
|
|
|
|
HttpCookie tokenCookie = new HttpCookie("token");
|
|
HttpCookie idCookie = new HttpCookie("id");
|
|
tokenCookie["token"] = HttpUtility.UrlEncode(token_key);
|
|
tokenCookie["uid"] = HttpUtility.UrlEncode(user_uid);
|
|
tokenCookie["name"] = HttpUtility.UrlEncode(objUser.dataRows[0]["user_name"].ToString());
|
|
idCookie["id"] = HttpUtility.UrlEncode(id);
|
|
|
|
idCookie.Expires = DateTime.Now.AddDays(31);
|
|
|
|
if (remember == "Y") {
|
|
tokenCookie.Expires = DateTime.Now.AddDays(10);
|
|
rowToken["token_expireddate"] = DateTime.Now.AddDays(10);
|
|
}
|
|
|
|
dataToken.updateDataTable();
|
|
context.Response.Cookies.Add(tokenCookie);
|
|
context.Response.Cookies.Add(idCookie);
|
|
|
|
objRet.ret = "yes";
|
|
json.WriteObject(context.Response.OutputStream, objRet);
|
|
}
|
|
}
|
|
|
|
public class result {
|
|
public string ret = "no";
|
|
public string err_code = "0000";
|
|
public string message = "";
|
|
}
|
|
|
|
string SHA256_Encode(string value) {
|
|
byte[] bytValue = System.Text.Encoding.UTF8.GetBytes(value);
|
|
try
|
|
{
|
|
SHA256 sha256 = new SHA256CryptoServiceProvider();
|
|
byte[] retVal = sha256.ComputeHash(bytValue);
|
|
StringBuilder sb = new StringBuilder();
|
|
for (int i = 0; i < retVal.Length; i++)
|
|
{
|
|
sb.Append(retVal[i].ToString("x2"));
|
|
}
|
|
return sb.ToString();
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
throw new Exception("GetSHA256HashFromString() fail,error:" + ex.Message);
|
|
}
|
|
|
|
}
|
|
|
|
public string CreateRandomCode(int Number)
|
|
{
|
|
string allChar = "0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z";
|
|
string[] allCharArray = allChar.Split(',');
|
|
string randomCode = "";
|
|
|
|
Random rand = new Random(Guid.NewGuid().GetHashCode());
|
|
for (int i = 0; i <= Number - 1; i++)
|
|
{
|
|
int t = rand.Next(allCharArray.Length);
|
|
randomCode += allCharArray[t];
|
|
}
|
|
return randomCode;
|
|
}
|
|
|
|
public bool IsReusable {
|
|
get {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
} |