Ejemplo n.º 1
0
        public ActionResult DelSysInfo(int SCodeByDel = 0)
        {
            /*參數透過AntiXss編碼*/
            SCodeByDel = Convert.ToInt16(AntiXssEncoder.HtmlEncode(SCodeByDel.ToString(), true));

            /*初始化宣告*/
            App_Code.clsUtility objUtil = null;
            string SqlCmd = "";

            try
            {
                objUtil = new App_Code.clsUtility();
                using (var SqlConn = new SqlConnection(objUtil.ConnStrDecrypt(ConfigurationManager.ConnectionStrings["TGWLogs"].ConnectionString)))
                {
                    SqlCmd = "DELETE SYSTEM_LIST WHERE intSYS_CODE = @SysCode";
                    var SqlParams = new { @SysCode = SCodeByDel };
                    SqlConn.Execute(SqlCmd, SqlParams);
                    return(RedirectToAction("SysList", "TGW", new { PageIdx = 1 }));
                }
            }
            catch (Exception ex)
            {
                return(RedirectToAction("Exception", "TGW", new { @MsgCont = ex.Message }));
            }
        }
Ejemplo n.º 2
0
        private void OWASP_Verify(string ParamValue)
        {
            App_Code.clsUtility objUtil = null;
            try
            {
                if (ParamValue != null)
                {
                    objUtil = new App_Code.clsUtility();

                    /*XSS檢查*/
                    if (objUtil.VerifyOfXss(ParamValue) == false)
                    {
                        RedirectToAction("Exception", "TGW", new { @MsgCont = "參數含有XSS內容" });
                    }

                    /*SqlInjection檢查*/
                    if (objUtil.VerifyOfSqlInject(ParamValue) == false)
                    {
                        RedirectToAction("Exception", "TGW", new { @MsgCont = "參數含有SqlInjection內容" });
                    }
                }
            }
            catch (Exception ex)
            {
                throw new Exception(ex.Message);
            }
            finally
            {
                objUtil = null;
            }
        }
Ejemplo n.º 3
0
        private IEnumerable <Models.CosesTlog> getTlogSendState(string TxStartDate = "", string TxEndDate = "", string CardNo = "")
        {
            IEnumerable <Models.CosesTlog> QryRst = null;

            App_Code.clsUtility objUtil = null;
            string SqlCmd = "";

            try
            {
                objUtil = new App_Code.clsUtility();
                using (var SqlConn = new SqlConnection(objUtil.ConnStrDecrypt(ConfigurationManager.ConnectionStrings["TGWLogs"].ConnectionString)))
                {
                    SqlCmd = "EXEC SP_TLOG_SENDSTATE @TxDateST,@TxDateED,500,'','',@CardNo";
                    var SqlParams = new { @TxDateST = TxStartDate, @TxDateED = TxEndDate, @CardNo = CardNo };
                    QryRst = SqlConn.Query <Models.CosesTlog>(SqlCmd, SqlParams);
                    return(QryRst);
                }
            }
            catch (Exception)
            {
                return(QryRst);
            }
            finally
            {
                QryRst = null;
            }
        }
Ejemplo n.º 4
0
        private IEnumerable <Models.ISOTextOfTX300> getTX300SendStat(string DateST = "", string DateED = "", string CardNo = "")
        {
            IEnumerable <Models.ISOTextOfTX300> QryRst = null;

            App_Code.clsUtility objUtil = null;
            string SqlCmd = "";

            try
            {
                objUtil = new App_Code.clsUtility();
                using (var Sqlconn = new SqlConnection(objUtil.ConnStrDecrypt(ConfigurationManager.ConnectionStrings["TGWLogs"].ConnectionString)))
                {
                    SqlCmd = "EXEC SP_TX300_SENDSTATE @StartDate,@EndDate,1,500,@CardNo";
                    var SqlParams = new { @StartDate = DateST, @EndDate = DateED, @CardNo = CardNo };
                    QryRst = Sqlconn.Query <Models.ISOTextOfTX300>(SqlCmd, SqlParams);
                    return(QryRst);
                }
            }
            catch (Exception)
            {
                return(QryRst);
            }
            finally
            {
                QryRst = null;
            }
        }
Ejemplo n.º 5
0
        public ActionResult UpdSysInfo(Models.TaskOfUpdate FormCols)
        {
            /*欄位Validation*/
            if (ModelState.IsValid == false)
            {
                return(View(FormCols));
            }

            /*初始化宣告*/
            App_Code.clsUtility objUtil = null;
            string SqlCmd = "";

            try
            {
                /*OWASP檢查*/
                OWASP_Verify(FormCols.SysName);
                OWASP_Verify(FormCols.GrpName);

                /*參數透過AntiXss編碼*/
                FormCols.SysCode = Convert.ToInt16(AntiXssEncoder.HtmlEncode(FormCols.SysCode.ToString(), true));
                FormCols.SysName = AntiXssEncoder.HtmlEncode(FormCols.SysName, true);
                FormCols.GrpName = AntiXssEncoder.HtmlEncode(FormCols.GrpName, true);

                objUtil = new App_Code.clsUtility();

                using (var SqlConn = new SqlConnection(objUtil.ConnStrDecrypt(ConfigurationManager.ConnectionStrings["TGWLogs"].ConnectionString)))
                {
                    SqlCmd = "UPDATE SYSTEM_LIST SET " +
                             "varSYS_DESC = @SysName," +
                             "varOWN_GRP = @GrpName," +
                             "dtMODIFY_DATE = GETDATE() " +
                             "WHERE intSYS_CODE = @SysCode";
                    var SqlParams = new { @SysCode = FormCols.SysCode, @SysName = Server.HtmlDecode(FormCols.SysName), @GrpName = Server.HtmlDecode(FormCols.GrpName) };
                    SqlConn.Execute(SqlCmd, SqlParams);
                }
                TempData["ExeRst"] = "【" + Server.HtmlDecode(FormCols.SysName) + "】更新成功";
                return(RedirectToAction("SysList", "TGW", new { PageIdx = 1, SystemName = FormCols.SysName }));
            }
            catch (Exception ex)
            {
                return(RedirectToAction("Exception", "TGW", new { @MsgCont = ex.Message }));
            }
            finally
            {
                objUtil = null;
            }
        }
Ejemplo n.º 6
0
        public ActionResult InsSysInfo(Models.TaskOfCreate FormCols)
        {
            /*欄位Validation*/
            if (ModelState.IsValid == false)
            {
                return(View(FormCols));
            }

            /*初始化宣告*/
            App_Code.clsUtility objUtil = null;
            string SqlCmd = "";

            try
            {
                /*OWASP檢查*/
                OWASP_Verify(FormCols.SysName);
                OWASP_Verify(FormCols.GrpName);

                /*參數透過AntiXss編碼*/
                FormCols.SysName = AntiXssEncoder.HtmlEncode(FormCols.SysName, true);
                FormCols.GrpName = AntiXssEncoder.HtmlEncode(FormCols.GrpName, true);

                objUtil = new App_Code.clsUtility();
                using (var SqlConn = new SqlConnection(objUtil.ConnStrDecrypt(ConfigurationManager.ConnectionStrings["TGWLogs"].ConnectionString)))
                {
                    SqlCmd = "INSERT INTO SYSTEM_LIST (intSYS_CODE,varSYS_DESC,varOWN_GRP,dtMODIFY_DATE) " +
                             "VALUES " +
                             "((SELECT MAX(intSYS_CODE) + 1 FROM SYSTEM_LIST),@SysName,@GrpName,GETDATE())";
                    var SqlParams = new { @SysName = Server.HtmlDecode(FormCols.SysName), @GrpName = Server.HtmlDecode(FormCols.GrpName) };
                    SqlConn.Execute(SqlCmd, SqlParams);
                    TempData["ExeRst"] = "【" + Server.HtmlDecode(FormCols.SysName) + "】新增成功";
                    return(RedirectToAction("SysList", "TGW"));
                }
            }
            catch (Exception ex)
            {
                return(RedirectToAction("Exception", "TGW", new { @MsgCont = ex.Message }));
            }
            finally
            {
                objUtil = null;
            }
        }
Ejemplo n.º 7
0
        private IEnumerable <Models.FullSysInfo> getSysInfo(string SystemName = "", string GroupName = "")
        {
            IEnumerable <Models.FullSysInfo> QryRst = null;

            App_Code.clsUtility objUtil = null;
            string SqlCmd = "";

            try
            {
                objUtil = new App_Code.clsUtility();
                using (var SqlConn = new SqlConnection(objUtil.ConnStrDecrypt(ConfigurationManager.ConnectionStrings["TGWLogs"].ConnectionString)))
                {
                    SqlCmd = "SELECT intSYS_CODE AS SysCode,varSYS_DESC AS SysName," +
                             "varOWN_GRP AS GrpName,dtMODIFY_DATE AS ModDate " +
                             "FROM SYSTEM_LIST";
                    QryRst = SqlConn.Query <Models.FullSysInfo>(SqlCmd);
                    if (SystemName != null)
                    {
                        QryRst = QryRst.Where(s => s.SysName.Contains(SystemName));
                    }
                    if (GroupName != null)
                    {
                        QryRst = QryRst.Where(s => s.GrpName.Contains(GroupName));
                    }
                    return(QryRst);
                }
            }
            catch (Exception)
            {
                return(QryRst);
            }
            finally
            {
                QryRst = null;
            }
        }