/// <summary>
/// 权限扩展数据列表
/// </summary>
/// <param name="id">数据表单</param>
/// <returns>执行结果</returns>
public ActionResult Search(FormCollection form)
{
string strWhere = null;
var pgParam = "Nothing,Nothing";
//扩展编码
var txtCode = form["txtCode"] as string;
if (!string.IsNullOrEmpty(txtCode) && ValidHelper.EngIsEngAndNum(txtCode))
{
pgParam += string.Format(",txtCode,{0}", txtCode);
if (strWhere == null)
{
strWhere = string.Format("charindex('{0}',exte_code)>0", txtCode);
}
else
{
strWhere += string.Format(" and charindex('{0}',exte_code)>0", txtCode);
}
}
//扩展标识
var txtMark = form["txtMark"] as string;
if (!string.IsNullOrEmpty(txtMark) && ValidHelper.EngIsEngAndNum(txtMark))
{
pgParam += string.Format(",txtMark,{0}", txtMark);
if (strWhere == null)
{
strWhere = string.Format("charindex('{0}',exte_mark)>0", txtMark);
}
else
{
strWhere += string.Format(" and charindex('{0}',exte_mark)>0", txtMark);
}
}
var dataPager = new PagerHelperCHS();
dataPager.PageSize = GeneralHandler.PageSize;
if (form.Count > 1)
{
dataPager.PageCurrent = TypeHelper.TypeToInt32(form["pager"], 1);
}
else
{
dataPager.PageCurrent = TypeHelper.TypeToInt32(form["id"], 1);
}
int pageCount, recordCount;
var dataList = DawnAuthExtentBLL.SelectPSPisAllPurposeRowNumber(dataPager.PageSize, dataPager.PageCurrent, "exte_time desc,exte_code", strWhere, out pageCount, out recordCount);
dataPager.PageCount = pageCount;
dataPager.RecordCount = recordCount;
dataPager.PageRecordCount = dataList.Count;
ViewBag.Pager = dataPager;
ViewBag.PagerParam = pgParam;
return(View("List", dataList));
}
/// <summary>
/// 权限扩展添加数据检测
/// </summary>
/// <param name="form">数据表单</param>
/// <param name="stateInfo">状态消息</param>
/// <returns>执行结果</returns>
private bool AddedByCheck(FormCollection form, out string stateInfo)
{
stateInfo = GeneralHandler.StateSuccess;
string txtCode = form["txtCode"] as string;
if ((txtCode.Length > 0 && !ValidHelper.EngIsEngAndNum(txtCode)) || txtCode.Length > 100)
{
stateInfo = "您输入的编码不正确!(只能由字母和数字组成,且不大于100个字)";
return(false);
}
string txtCodeName = form["txtCodeName"] as string;
if (string.IsNullOrEmpty(txtCodeName) || txtCodeName.Length < 2 || txtCodeName.Length > 200)
{
stateInfo = "编码名称不能为空或小于2个或大于200个字符!";
return(false);
}
if (!ValidHelper.ChsIsChineseOrEngOrNum(txtCodeName))
{
stateInfo = "您输入的编码名称不正确!(只能由汉字、字母、数字组成)";
return(false);
}
string txtMark = form["txtMark"] as string;
if ((txtMark.Length > 0 && !ValidHelper.EngIsEngAndNum(txtMark)) || txtMark.Length > 100)
{
stateInfo = "您输入的标识不正确!(只能由字母和数字组成,且不大于100个字)";
return(false);
}
string txtMarkName = form["txtMarkName"] as string;
if (string.IsNullOrEmpty(txtMarkName) || txtMarkName.Length < 2 || txtMarkName.Length > 200)
{
stateInfo = "标识名称不能为空或小于2个或大于200个字符!";
return(false);
}
if (!ValidHelper.ChsIsChineseOrEngOrNum(txtMarkName))
{
stateInfo = "您输入的标识名称不正确!(只能由汉字、字母、数字组成)";
return(false);
}
string txtMemo = form["txtMemo"] as string;
if ((txtMemo.Length > 0 && !ValidHelper.ChsIsMemos(txtMemo)) || txtMemo.Length > 500)
{
stateInfo = "您输入的扩展备注不正确!(只能由汉字、字母、数字组成,且不大于500个字)";
return(false);
}
return(true);
}
/// <summary>
/// 字符串验证
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void btnString_Click(object sender, EventArgs e)
{
string strValue = this.cboxString.SelectedItem as string;
bool checkFlag = false;
switch (strValue)
{
case "用户密码":
checkFlag = ValidHelper.EngIsPassword(this.txtString.Text);
break;
case "用户密码2":
checkFlag = ValidHelper.EngIsPasswords(this.txtString.Text);
break;
case "注册帐号":
checkFlag = ValidHelper.EngIsRegister(this.txtString.Text);
break;
case "26个字母":
checkFlag = ValidHelper.EngIsEnglish(this.txtString.Text);
break;
case "大写字母":
checkFlag = ValidHelper.EngIsUppercase(this.txtString.Text);
break;
case "小写字母":
checkFlag = ValidHelper.EngIsLowercase(this.txtString.Text);
break;
case "字母数字":
checkFlag = ValidHelper.EngIsEngAndNum(this.txtString.Text);
break;
case "英头数字":
checkFlag = ValidHelper.EngIsEngAndNums(this.txtString.Text);
break;
case "字数下线":
checkFlag = ValidHelper.EngIsEngAndNumOrUnderline(this.txtString.Text);
break;
default:
break;
}
this.lblResultString.Text = checkFlag.ToString();
}
/// <summary>
/// 权限扩展获取同步数据
/// <para>数据检测</para>
/// </summary>
/// <param name="form">数据表单</param>
/// <param name="stateInfo">状态消息</param>
/// <returns>执行结果</returns>
private bool GetSyncDataByCheck(FormCollection form, out string stateInfo)
{
stateInfo = GeneralHandler.StateSuccess;
//扩展设定:扩展编码
string txtSetCode = form["txtSetCode"] as string;
if ((txtSetCode.Length > 0 && !ValidHelper.EngIsEngAndNum(txtSetCode)) || txtSetCode.Length > 100)
{
stateInfo = "您输入的[扩展设定:扩展编码]不正确!(只能由字母和数字组成,且不大于100个字)";
return(false);
}
if (ValidHelper.IsSqlFilter(txtSetCode))
{
stateInfo = "您输入的[扩展设定:扩展编码]存在安全问题,请检查后重试!";
return(false);
}
//扩展设定:编码名称
string txtSetName = form["txtSetName"] as string;
if (string.IsNullOrEmpty(txtSetName) || txtSetName.Length < 2 || txtSetName.Length > 200)
{
stateInfo = "[扩展设定:编码名称]不能为空或小于2个或大于200个字符!";
return(false);
}
if (!ValidHelper.ChsIsChineseOrEngOrNum(txtSetName))
{
stateInfo = "您输入的[扩展设定:编码名称]不正确!(只能由汉字、字母、数字组成)";
return(false);
}
if (ValidHelper.IsSqlFilter(txtSetName))
{
stateInfo = "您输入的[扩展设定:编码名称]存在安全问题,请检查后重试!";
return(false);
}
//字段名称:数据表名
string txtFieldTable = form["txtFieldTable"] as string;
if (string.IsNullOrWhiteSpace(txtFieldTable))
{
stateInfo = "[字段名称:数据表名]不能为空!";
return(false);
}
if (ValidHelper.IsSqlFilter(txtFieldTable))
{
stateInfo = "您输入的[字段名称:数据表名]存在安全问题,请检查后重试!";
return(false);
}
//字段名称:扩展标识
string txtFieldMark = form["txtFieldMark"] as string;
if (string.IsNullOrWhiteSpace(txtFieldMark))
{
stateInfo = "[字段名称:扩展标识]不能为空!";
return(false);
}
if (ValidHelper.IsSqlFilter(txtFieldMark))
{
stateInfo = "您输入的[字段名称:扩展标识]存在安全问题,请检查后重试!";
return(false);
}
//字段名称:标识名称
string txtFieldName = form["txtFieldName"] as string;
if (string.IsNullOrWhiteSpace(txtFieldName))
{
stateInfo = "[字段名称:标识名称]不能为空!";
return(false);
}
if (ValidHelper.IsSqlFilter(txtFieldName))
{
stateInfo = "您输入的[字段名称:标识名称]存在安全问题,请检查后重试!";
return(false);
}
//字段名称:扩展备注
string txtFieldMemo = form["txtFieldMemo"] as string;
if (string.IsNullOrWhiteSpace(txtFieldMemo))
{
stateInfo = "[字段名称:扩展备注]不能为空!";
return(false);
}
if (ValidHelper.IsSqlFilter(txtFieldMemo))
{
stateInfo = "您输入的[字段名称:扩展备注]存在安全问题,请检查后重试!";
return(false);
}
//字段名称:查询条件
string txtFieldWhere = form["txtFieldWhere"] as string;
if (string.IsNullOrWhiteSpace(txtFieldWhere))
{
stateInfo = "[字段名称:查询条件]不能为空!";
return(false);
}
if (ValidHelper.IsSqlInjectionOfString(txtFieldWhere) || ValidHelper.IsSqlInjectionOfType(txtFieldWhere))
{
stateInfo = "您输入的[字段名称:查询条件]存在安全问题,请检查后重试!";
return(false);
}
//连接属性:数据源
string txtConnSource = form["txtConnSource"] as string;
if (string.IsNullOrWhiteSpace(txtConnSource))
{
stateInfo = "[连接属性:数据源]不能为空!";
return(false);
}
if (txtConnSource != "(local)" && ValidHelper.IsSqlFilter(txtConnSource))
{
stateInfo = "您输入的[连接属性:数据源]存在安全问题,请检查后重试!";
return(false);
}
//连接属性:数据库名
string txtConnData = form["txtConnData"] as string;
if (string.IsNullOrWhiteSpace(txtConnData))
{
stateInfo = "[连接属性:数据库名]不能为空!";
return(false);
}
if (ValidHelper.IsSqlFilter(txtConnData))
{
stateInfo = "您输入的[连接属性:数据库名]存在安全问题,请检查后重试!";
return(false);
}
//连接属性:用户名称
string txtConnUser = form["txtConnUser"] as string;
if (string.IsNullOrWhiteSpace(txtConnUser))
{
stateInfo = "[连接属性:用户名称]不能为空!";
return(false);
}
if (ValidHelper.IsSqlFilter(txtConnUser))
{
stateInfo = "您输入的[连接属性:用户名称]存在安全问题,请检查后重试!";
return(false);
}
//连接属性:用户密码
string txtConnPwd = form["txtConnPwd"] as string;
if (string.IsNullOrWhiteSpace(txtConnPwd))
{
stateInfo = "[连接属性:用户密码]不能为空!";
return(false);
}
if (ValidHelper.IsSqlFilter(txtConnPwd))
{
stateInfo = "您输入的[连接属性:用户密码]存在安全问题,请检查后重试!";
return(false);
}
return(true);
}
/// <summary>
/// 用户登录验证
/// <para>返回的哈希表包含键值:</para>
/// <para>Msg 消息正文,值为[refresh]时需要刷新整个页面</para>
/// <para>Url 跳转的URL链接</para>
/// <para>IsCode 刷新验证码</para>
/// </summary>
/// <param name="userName">帐号名称</param>
/// <param name="userPwd">帐号密码</param>
/// <param name="checkCode">验证码</param>
/// <param name="returnUrl">登录跳转页面</param>
/// <param name="outEx">异常信息对象</param>
/// <returns>验证结果</returns>
public static Hashtable VerifyLogin(string userName, string userPwd, string checkCode, string returnUrl, out Exception outEx)
{
outEx = null;
Hashtable ht = new Hashtable();
ht.Add("Msg", GeneralHandler.FBaseInfo);
ht.Add("Url", GeneralHandler.SiteLoginUrl);
ht.Add("IsCode", false);
try
{
if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(userPwd) || string.IsNullOrEmpty(checkCode))
{
return(ht);
}
userPwd = CryptoHelper.MD5(userPwd, true);
checkCode = checkCode.ToLower();
string verifyCode = HttpContext.Current.Session["CheckCode"] as string;
verifyCode = verifyCode.ToLower();
if (checkCode.Length != 4 || !ValidHelper.EngIsEngAndNum(checkCode) || checkCode != verifyCode)
{
ht["Msg"] = "您输入的验证码不正确[4个字符]。";
ht["IsCode"] = true;
}
else if (userName.Length < 4 || userName.Length > 16 || !ValidHelper.EngIsRegisters(userName))
{
ht["Msg"] = "您输入的用户名不正确[4-16个字符]。";
}
else if (ValidHelper.IsSqlFilter(userName))
{
ht["Msg"] = "您输入的用户名不正确[4-16个字符]。IsSqlFilter";
}
else if (!DawnAuthUserBLL.ExistsOfName(userName))
{
ht["Msg"] = "您输入的用户名不存在!";
}
else
{
var userIList = DawnAuthUserBLL.ISelect(string.Format("[user_name]='{0}' and [user_pwd]='{1}'", userName, userPwd));
if (userIList.Count == 0)
{
ht["Msg"] = "您输入的用户名与密码不匹配!";
}
else if (userIList.Count > 1)
{
ht["Msg"] = "您的账号存在异常,请联系管理员!";
}
else
{
var userInfo = userIList.First();
if (userInfo.UserStatus == 0)
{
ht["Msg"] = "您的账号存已禁用,请联系管理员!";
}
else if (userInfo.UserGrade < 1)
{
ht["Msg"] = "对不起,您的管理级别不符合!";
}
else
{
userIList.Clear();
HttpContext.Current.Session["LoginName"] = userName;
HttpContext.Current.Session[userName] = CryptoHelper.Encrypt(JsonConvert.SerializeObject(userInfo), GeneralHandler.TokenKey);
var userAuth = DawnAuthUserBLL.GetUserAuthority(userInfo.UserId);
HttpContext.Current.Session["LoginAuthority"] = CryptoHelper.Encrypt(JsonConvert.SerializeObject(userAuth), GeneralHandler.TokenKey);
var userStat = DawnAuthUserBLL.GetUserStatus(userInfo.UserId);
HttpContext.Current.Session["LoginStatus"] = CryptoHelper.Encrypt(JsonConvert.SerializeObject(userStat), GeneralHandler.TokenKey);
var userExtent = DawnAuthUserExtentBLL.ISelect(string.Format("user_id='{0}'", userInfo.UserId));
HttpContext.Current.Session["LoginExtent"] = CryptoHelper.Encrypt(JsonConvert.SerializeObject(userExtent), GeneralHandler.TokenKey);
FormsAuthentication.SetAuthCookie(CryptoHelper.Encrypt(userName, GeneralHandler.TokenKey), false);
#region 登录日志
DawnAuthUserLoginMDL dataInfo = new DawnAuthUserLoginMDL();
dataInfo.UserId = userInfo.UserId;
dataInfo.LogTime = DateTime.Now;
dataInfo.LogIp = RequestHelper.GetIPAddress();
dataInfo.LogMac = DawnXZ.PHYUtility.ManagementHelper.Instance().MacAddress.ToUpper();
dataInfo.LogComputer = "Unknown";
dataInfo.LogAttach = null;
dataInfo.LogCount = 1;
DawnAuthUserLoginBLL.Insert(dataInfo);
#endregion
ht["Msg"] = GeneralHandler.StateSuccess;
ht["Url"] = string.IsNullOrEmpty(returnUrl) ? GeneralHandler.SiteLoginedUrl : returnUrl;
}
}
}
}
catch (Exception ex)
{
outEx = ex;
ht["Msg"] = GeneralHandler.StateRefresh;
}
return(ht);
}
public JsonResult Logined(FormCollection form)
{
Hashtable ht = new Hashtable();
ht.Add("Msg", GeneralHandler.FBaseInfo);
ht.Add("Url", GeneralHandler.SiteLoginUrl);
ht.Add("IsCode", false);
try
{
string txtUname = form["txtUname"] as string;
string txtUpwd = form["txtUpwd"] as string;
txtUpwd = CryptoHelper.MD5(txtUpwd, true);
string txtCheckCode = form["txtCheckCode"] as string;
txtCheckCode = txtCheckCode.ToLower();
string strCheckCode = Session["CheckCode"] as string;
strCheckCode = strCheckCode.ToLower();
if (txtCheckCode.Length != 4 || !ValidHelper.EngIsEngAndNum(txtCheckCode) || txtCheckCode != strCheckCode)
{
ht["Msg"] = "您输入的验证码不正确[4个字符]。";
ht["IsCode"] = true;
}
else if (txtUname.Length < 4 || txtUname.Length > 16 || !ValidHelper.EngIsRegisters(txtUname))
{
ht["Msg"] = "您输入的用户名不正确[4-16个字符]。";
}
else if (ValidHelper.IsSqlFilter(txtUname))
{
ht["Msg"] = "您输入的用户名不正确[4-16个字符]。IsSqlFilter";
}
else if (!DawnAuthUserBLL.ExistsOfName(txtUname))
{
ht["Msg"] = "您输入的用户名不存在!";
}
else
{
var userIList = DawnAuthUserBLL.ISelect(string.Format("[user_name]='{0}' and [user_pwd]='{1}'", txtUname, txtUpwd));
if (userIList.Count == 0)
{
ht["Msg"] = "您输入的用户名与密码不匹配!";
}
else if (userIList.Count > 1)
{
ht["Msg"] = "您的账号存在异常,请联系管理员!";
}
else
{
var userInfo = userIList.First();
if (userInfo.UserStatus == 0)
{
ht["Msg"] = "您的账号存已禁用,请联系管理员!";
}
else if (userInfo.UserGrade < 2)
{
ht["Msg"] = "对不起,您的管理级别不符合!";
}
else
{
userIList.Clear();
Session["LoginName"] = txtUname;
Session[txtUname] = CryptoHelper.Encrypt(JsonConvert.SerializeObject(userInfo), GeneralHandler.TokenKey);
var userAuth = DawnAuthUserBLL.GetUserAuthority(userInfo.UserId);
Session["LoginAuthority"] = CryptoHelper.Encrypt(JsonConvert.SerializeObject(userAuth), GeneralHandler.TokenKey);
var userStat = DawnAuthUserBLL.GetUserStatus(userInfo.UserId);
Session["LoginStatus"] = CryptoHelper.Encrypt(JsonConvert.SerializeObject(userStat), GeneralHandler.TokenKey);
var userExtent = DawnAuthUserExtentBLL.ISelect(string.Format("user_id='{0}'", userInfo.UserId));
Session["LoginExtent"] = CryptoHelper.Encrypt(JsonConvert.SerializeObject(userExtent), GeneralHandler.TokenKey);
FormsAuthentication.SetAuthCookie(CryptoHelper.Encrypt(txtUname, GeneralHandler.TokenKey), false);
#region 登录日志
DawnAuthUserLoginMDL dataInfo = new DawnAuthUserLoginMDL();
dataInfo.UserId = userInfo.UserId;
dataInfo.LogTime = DateTime.Now;
dataInfo.LogIp = RequestHelper.GetIPAddress();
dataInfo.LogMac = "Unknown";
dataInfo.LogComputer = "Unknown";
dataInfo.LogAttach = null;
dataInfo.LogCount = 1;
DawnAuthUserLoginBLL.Insert(dataInfo);
#endregion
ht["Msg"] = GeneralHandler.StateSuccess;
ht["Url"] = GeneralHandler.SiteLoginedUrl;
//var hidReturnUrl = form["hidReturnUrl"] as string;
//ht["Url"] = string.IsNullOrEmpty(hidReturnUrl) ? GeneralHandler.SiteLoginedUrl : hidReturnUrl;
}
}
}
}
catch (Exception ex)
{
//ht["Msg"] = GeneralHandler.StateRefresh;
ht["Msg"] = "对不起!无法与数据库建立连接!请联系管理员!";
GeneralHandler.InsertByError(ex);
}
return(Json(ht));
}