public void ProcessRequest(HttpContext context)
        {
            context.Response.ContentType = "text/plain";
            HttpRequest request = context.Request;

            XHD.BLL.ssn_art_menu menu = new XHD.BLL.ssn_art_menu();

            XHD.BLL.sys_info info = new XHD.BLL.sys_info();

            var    cookie     = context.Request.Cookies[FormsAuthentication.FormsCookieName];
            var    ticket     = FormsAuthentication.Decrypt(cookie.Value);
            string CoockiesID = ticket.UserData;

            XHD.BLL.hr_employee emp = new XHD.BLL.hr_employee();
            int emp_id = int.Parse(CoockiesID);

            DataSet dsemp = emp.GetList("id=" + emp_id);

            XHD.Model.hr_employee employeeModel = emp.GetModel(emp_id); //当前员工

            string empname    = string.Empty;
            string uid        = string.Empty;
            string depid      = string.Empty;
            string roletype   = string.Empty;
            string factory_Id = string.Empty;

            if (employeeModel != null)
            {
                empname    = employeeModel.name;            //员工姓名
                uid        = employeeModel.uid;             //员工Uid
                depid      = employeeModel.d_id.ToString(); //员工所在部门
                factory_Id = employeeModel.factory_Id;      //员工所属工厂
                roletype   = employeeModel.roletype.ToString();
            }

            #region GetSysApp
            if (request["Action"] == "GetSysApp")
            {
                DataSet ds = null;

                int appid = int.Parse(request["appid"]);

                if (dsemp.Tables[0].Rows.Count > 0)
                {
                    if (dsemp.Tables[0].Rows[0]["uid"].ToString() == "admin")
                    {
                        ds = menu.GetList(0, "App_id=" + appid, "Menu_order");
                    }
                    else
                    {
                        DataSSN.SSN_GetAuthorityByUid getauth = new DataSSN.SSN_GetAuthorityByUid();
                        string menus = getauth.GetAuthority(emp_id.ToString(), "Menus");
                        //ds = menu.GetList(0, "App_id=" + appid + " and Menu_id in " + menus + " and menu_type='aft'", "Menu_order");
                        ds = menu.GetList(0, "App_id=" + appid + " and Id in " + menus + " ", "Menu_order");
                    }
                }

                string strRe = string.Empty;

                //==============整理返回==============================================
                strRe = "[" + GetTasksString(emp_id.ToString(), empname, factory_Id, 0, ds.Tables[0]) + "]";


                context.Response.Write(strRe);
            }
            #endregion

            #region getUserTree
            else if (request["Action"] == "getUserTree")
            {
                XHD.BLL.Sys_online   sol   = new XHD.BLL.Sys_online();
                XHD.Model.Sys_online model = new XHD.Model.Sys_online();

                model.UserName    = PageValidate.InputText(empname, 250);
                model.UserID      = emp_id;
                model.LastLogTime = DateTime.Now;

                DataSet ds1 = sol.GetList(" UserID=" + emp_id);

                //添加当前用户信息
                if (ds1.Tables[0].Rows.Count > 0)
                {
                    sol.Update(model, " UserID=" + emp_id);
                }
                else
                {
                    sol.Add(model);
                }

                //删除超时用户
                //2分钟用户失效,删除 --Robert 2015-11-24
                sol.Delete(" LastLogTime<date_sub(now(), interval 2 minute)");

                XHD.BLL.hr_department dep = new XHD.BLL.hr_department();
                XHD.BLL.hr_post       hp  = new XHD.BLL.hr_post();

                DataSet       ds  = dep.GetList(0, "factory_Id='" + factory_Id + "'", "d_order");
                StringBuilder str = new StringBuilder();
                str.Append("[");
                str.Append(GetTreeString(0, ds.Tables[0], 1, "1=1"));
                str.Replace(",", "", str.Length - 1, 1);
                str.Append("]");
                context.Response.Write(str);
            }
            #endregion

            #region GetUserInfo
            else if (request["Action"] == "GetUserInfo")
            {
                string dt = XHD.Common.DataToJson.DataToJSON(dsemp);

                context.Response.Write(dt);
            }
            #endregion

            #region GetOnline
            else if (request["Action"] == "GetOnline")
            {
                XHD.BLL.Sys_online   sol   = new XHD.BLL.Sys_online();
                XHD.Model.Sys_online model = new XHD.Model.Sys_online();

                model.UserName    = empname;
                model.UserID      = emp_id;
                model.LastLogTime = DateTime.Now;

                DataSet ds1 = sol.GetList(" UserID=" + emp_id);

                //添加当前用户信息
                if (ds1.Tables[0].Rows.Count > 0)
                {
                    sol.Update(model, " UserID=" + emp_id);
                }
                else
                {
                    sol.Add(model);
                }
                //}

                //删除超时用户
                //2分钟用户失效,删除 --Robert 2015-11-24
                sol.Delete(" LastLogTime<date_sub(now(), interval 2 minute)");

                context.Response.Write(XHD.Common.GetGridJSON.DataTableToJSON(sol.GetAllList().Tables[0]));
            }
            #endregion

            #region getinfo
            else if (request["Action"] == "getinfo")
            {
                DataSet ds = info.GetList(" id=2 or id=3");
                context.Response.Write(XHD.Common.GetGridJSON.DataTableToJSON(ds.Tables[0]));
            }
            #endregion

            #region changepwd
            else if (request["Action"] == "changepwd")
            {
                DataSet ds = emp.GetPWD(emp_id);
                XHD.Model.hr_employee model = new XHD.Model.hr_employee();
                string oldpwd = FormsAuthentication.HashPasswordForStoringInConfigFile(request["T_oldpwd"], "MD5");
                string newpwd = FormsAuthentication.HashPasswordForStoringInConfigFile(request["T_newpwd"], "MD5");

                if (ds.Tables[0].Rows[0]["pwd"].ToString() == oldpwd)
                {
                    model.pwd = newpwd;
                    model.ID  = (emp_id);
                    emp.changepwd(model);
                    context.Response.Write("true");
                }
                else
                {
                    context.Response.Write("false");
                }
            }
            #endregion

            #region form
            else if (request["Action"] == "form")
            {
                string eid = PageValidate.InputText(request["id"], 50);

                if (eid == "epu")
                {
                    eid = emp_id.ToString();
                }

                DataSet ds = emp.GetList("id=" + int.Parse(eid));

                string dt = XHD.Common.DataToJson.DataToJSON(ds);

                context.Response.Write(dt);
            }
            #endregion

            #region PersonalUpdate保存修改信息
            else if (request["Action"] == "PersonalUpdate")
            {
                XHD.Model.hr_employee model = new XHD.Model.hr_employee();
                model.email    = PageValidate.InputText(request["T_email"], 255);
                model.name     = PageValidate.InputText(request["T_name"], 255);
                model.birthday = PageValidate.InputText(request["T_birthday"], 255);
                model.sex      = PageValidate.InputText(request["T_sex"], 255);
                model.idcard   = PageValidate.InputText(request["T_idcard"], 255);
                model.tel      = PageValidate.InputText(request["T_tel"], 255);


                model.address      = PageValidate.InputText(request["T_Adress"], 255);
                model.schools      = PageValidate.InputText(request["T_school"], 255);
                model.education    = PageValidate.InputText(request["T_edu"], 255);
                model.professional = PageValidate.InputText(request["T_professional"], 255);
                model.remarks      = PageValidate.InputText(request["T_remarks"], 255);
                model.title        = PageValidate.InputText(request["headurl"], 255);

                DataRow dr = dsemp.Tables[0].Rows[0];
                model.ID = emp_id;

                bool isup = emp.PersonalUpdate(model);

                if (isup)
                {
                    context.Response.Write("true");
                }
                else
                {
                    context.Response.Write("false");
                }

                C_Sys_log log = new C_Sys_log();

                int    UserID     = emp_id;
                string UserName   = empname;
                string IPStreet   = request.UserHostAddress;
                string EventTitle = model.name;
                string EventType  = "个人信息修改";
                int    EventID    = emp_id;

                if (dr["email"].ToString() != request["T_email"])
                {
                    log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "邮箱", dr["email"].ToString(), request["T_email"], factory_Id);
                }

                if (dr["name"].ToString() != request["T_name"])
                {
                    log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "员工姓名", dr["name"].ToString(), request["T_name"], factory_Id);
                }

                if (dr["birthday"].ToString() != request["T_birthday"])
                {
                    log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "员工生日", dr["birthday"].ToString(), request["T_birthday"], factory_Id);
                }

                if (dr["sex"].ToString() != request["T_sex"])
                {
                    log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "员工性别", dr["sex"].ToString(), request["T_sex"], factory_Id);
                }

                if (dr["idcard"].ToString() != request["T_idcard"])
                {
                    log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "身份证", dr["idcard"].ToString(), request["T_idcard"], factory_Id);
                }

                if (dr["tel"].ToString() != request["T_tel"])
                {
                    log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "手机", dr["tel"].ToString(), request["T_tel"], factory_Id);
                }

                if (dr["address"].ToString() != request["T_Adress"])
                {
                    log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "地址", dr["address"].ToString(), request["T_Adress"], factory_Id);
                }

                if (dr["schools"].ToString() != request["T_school"])
                {
                    log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "毕业学校", dr["schools"].ToString(), request["T_school"], factory_Id);
                }

                if (dr["education"].ToString() != request["T_edu"])
                {
                    log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "学历", dr["education"].ToString(), request["T_edu"], factory_Id);
                }

                if (dr["professional"].ToString() != request["T_professional"])
                {
                    log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "专业", dr["professional"].ToString(), request["T_professional"], factory_Id);
                }
            }
            #endregion

            #region tree
            else if (request["Action"] == "tree")
            {
                string serchtxt = " 1=1 and factory_Id = '" + factory_Id + "'";

                //string authtxt = PageValidate.InputText(request["auth"], 50);
                //if (!string.IsNullOrEmpty(authtxt))
                //{
                //    Data.GetDataAuth dataauth = new Data.GetDataAuth();
                //    string txt = dataauth.GetDataAuthByid(authtxt, "Sys_add", emp_id.ToString(), factory_Id);
                //    string[] arr = txt.Split(':');
                //    switch (arr[0])
                //    {
                //        case "my":
                //        case "dep":
                //            string did = dsemp.Tables[0].Rows[0]["d_id"].ToString();
                //            if (string.IsNullOrEmpty(did))
                //                did = "0";
                //            authtxt = did;
                //            break;
                //        case "all":
                //            authtxt = "0";
                //            break;
                //        case "depall":
                //            DataSet dsdep = dep.GetList("factory_Id='" + factory_Id + "'");
                //            string deptask = GetDepTask(int.Parse(arr[1]), dsdep.Tables[0]);
                //            string intext = arr[1] + "," + deptask;
                //            authtxt = intext.TrimEnd(',');
                //            break;
                //    }
                //}
                //context.Response.Write(authtxt);
                XHD.BLL.hr_department dep = new XHD.BLL.hr_department();
                DataSet       ds          = dep.GetList(0, serchtxt, " d_order");
                StringBuilder str         = new StringBuilder();
                str.Append("[");
                str.Append(GetTreeString(0, ds.Tables[0], "0"));
                str.Replace(",", "", str.Length - 1, 1);
                str.Append("]");
                context.Response.Write(str);
            }
            #endregion
        }
Exemple #2
0
        public void ProcessRequest(HttpContext context)
        {
            context.Response.ContentType = "text/plain";
            context.Response.Charset     = "utf-8";
            HttpRequest request = context.Request;

            if (request["Action"] == "login")
            {
                XHD.BLL.hr_employee     emp = new XHD.BLL.hr_employee();
                XHD.BLL.Sys_FactoryInfo fty = new XHD.BLL.Sys_FactoryInfo();

                string username = PageValidate.InputText(request["username"], 255);
                //string password = FormsAuthentication.HashPasswordForStoringInConfigFile(request["password"], "MD5");
                string password = PageValidate.InputText(request["password"], 255);
                string validate = PageValidate.InputText(request["validate"], 255);

                //SQL注入式攻击过滤===========================================================================================
                string path = context.Server.MapPath(@"../file/SQLFile.txt");
                if (CommonData.getSQLPercolation(username.ToUpper(), path))
                {
                    context.Response.Write("999");//系统错误
                    return;
                }
                //============================================================================================================

                if (!string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password))
                {
                    //if (validate == context.Session["CheckCode"].ToString() || validate.ToLower() == context.Session["CheckCode"].ToString().ToLower())
                    //{
                    //DataSet ds = emp.GetList(" uid='" + username + "' and pwd='" + password + "'");
                    XHD.Model.hr_employee empModel = emp.LoginUser(username);
                    //IP 限制====================================================================================================
                    string vrip = GetClientIPv4Address();

                    List <string> lstIp = new List <string>();
                    lstIp.Add("219.146.197.91");   //电信IP地址
                    lstIp.Add("60.213.50.226");    //联通IP地址

                    lstIp.Add("172.178.1.118");    //本地(邢荣)
                    lstIp.Add("172.178.1.211");    //本地(陈伟)
                    lstIp.Add("172.178.1.100");    //本地(陈伟)
                    lstIp.Add("172.178.1.203");    //本地(robert)
                    lstIp.Add("172.178.1.201");    //本地(李明)
                    lstIp.Add("172.178.1.79");     //本地(王德胜)
                    lstIp.Add("172.178.1.117");    //本地(王立全)
                    lstIp.Add("172.178.1.243");    //本地(王虎)
                    lstIp.Add("172.178.1.56");     //本地(马萧)
                    lstIp.Add("172.178.1.29");     //本地(张杰)
                    lstIp.Add("172.178.1.45");     //本地(张顾严)
                    lstIp.Add("172.178.1.133");    //本地(吴瑞曾)

                    //if (!lstIp.Contains(vrip))
                    //{
                    //    //修改:robert, 2016-06-04     过滤特殊人群,当前:王频频wpp6274========
                    //    if (username.Trim() != "wpp6274" && username.Trim() != "gjc1010")
                    //    {
                    //        context.Response.Write("6");//ip受限制
                    //        return;
                    //    }
                    //    //=======================================================================
                    //}
                    //============================================================================================================

                    if (empModel != null && empModel.pwd == password.ToUpper())
                    {
                        //存在该 uid的用户,并且 pwd-密码正确;执行以下内容
                        //if (ds.Tables[0].Rows.Count > 0)
                        //{
                        if (empModel.uid.Trim() == "admin")
                        {
                            #region
                            //string userid = empModel.ID.ToString();
                            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
                                1,
                                empModel.uid,
                                DateTime.Now,
                                DateTime.Now.AddMinutes(20),
                                true,
                                empModel.ID.ToString(),
                                "/"
                                );
                            var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));
                            cookie.HttpOnly = true;
                            context.Response.Cookies.Add(cookie);

                            //FormsAuthentication.SetAuthCookie(userid, true);

                            //日志
                            XHD.BLL.Sys_log   log      = new XHD.BLL.Sys_log();
                            XHD.Model.Sys_log modellog = new XHD.Model.Sys_log();
                            modellog.EventType = "系统登录";

                            modellog.EventDate  = DateTime.Now;
                            modellog.UserID     = empModel.ID;
                            modellog.UserName   = empModel.name;
                            modellog.IPStreet   = request.UserHostAddress;
                            modellog.Factory_Id = empModel.factory_Id;

                            log.Add(modellog);

                            //online
                            XHD.BLL.Sys_online   sol   = new XHD.BLL.Sys_online();
                            XHD.Model.Sys_online model = new XHD.Model.Sys_online();

                            model.UserName    = empModel.name;
                            model.UserID      = empModel.ID;
                            model.LastLogTime = DateTime.Now;

                            DataSet ds1 = sol.GetList(" UserID=" + empModel.ID);

                            //添加当前用户信息
                            if (ds1.Tables[0].Rows.Count > 0)
                            {
                                sol.Update(model, " UserID=" + empModel.ID);
                            }
                            else
                            {
                                sol.Add(model);
                            }
                            //删除超时用户
                            //2分钟用户失效,删除 --Robert 2015-11-24
                            sol.Delete(" LastLogTime<date_sub(now(), interval 2 minute)");

                            //验证完毕,允许登录
                            context.Response.Write("2");
                            #endregion
                        }
                        else
                        {
                            #region
                            DataSet dsfty    = fty.GetList("Factory_Id='" + empModel.factory_Id + "'");
                            string  isDelete = dsfty.Tables[0].Rows[0]["IsDelete"].ToString();
                            if (int.Parse(isDelete) == 0)
                            {
                                if (empModel.canlogin.ToString() == "1")
                                {
                                    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
                                        1,
                                        username,
                                        DateTime.Now,
                                        DateTime.Now.AddMinutes(20),
                                        true,
                                        empModel.ID.ToString(),
                                        "/"
                                        );
                                    var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));
                                    cookie.HttpOnly = true;
                                    context.Response.Cookies.Add(cookie);

                                    //FormsAuthentication.SetAuthCookie(userid, true);

                                    //日志
                                    XHD.BLL.Sys_log   log      = new XHD.BLL.Sys_log();
                                    XHD.Model.Sys_log modellog = new XHD.Model.Sys_log();
                                    modellog.EventType = "系统登录";

                                    modellog.EventDate  = DateTime.Now;
                                    modellog.UserID     = empModel.ID;
                                    modellog.UserName   = empModel.name;
                                    modellog.IPStreet   = request.UserHostAddress;
                                    modellog.Factory_Id = empModel.factory_Id;

                                    log.Add(modellog);

                                    //online
                                    XHD.BLL.Sys_online   sol   = new XHD.BLL.Sys_online();
                                    XHD.Model.Sys_online model = new XHD.Model.Sys_online();

                                    model.UserName    = empModel.name;
                                    model.UserID      = empModel.ID;
                                    model.LastLogTime = DateTime.Now;

                                    DataSet ds1 = sol.GetList(" UserID=" + empModel.ID);

                                    //添加当前用户信息
                                    if (ds1.Tables[0].Rows.Count > 0)
                                    {
                                        sol.Update(model, " UserID=" + empModel.ID);
                                    }
                                    else
                                    {
                                        sol.Add(model);
                                    }
                                    //删除超时用户
                                    //2分钟用户失效,删除 --Robert 2015-11-24
                                    sol.Delete(" LastLogTime<date_sub(now(), interval 2 minute)");


                                    //验证完毕,允许登录
                                    context.Response.Write("2");
                                }
                                else
                                {
                                    context.Response.Write("4");//不允许登录
                                }
                            }
                            else
                            {
                                context.Response.Write("5");//不允许登录
                            }
                            #endregion
                        }
                    }
                    else
                    {
                        context.Response.Write("1");//用户名或密码错误
                    }
                    //}
                    //else
                    //{
                    //    context.Response.Write("0");//验证码错误
                    //}
                }
                else
                {
                    context.Response.Write("999");//系统数据错误
                }
            }

            else if (request["Action"] == "logout")
            {
                #region
                var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];

                if (null != cookie)
                {
                    var    ticket     = FormsAuthentication.Decrypt(cookie.Value);
                    string CoockiesID = ticket.UserData;

                    FormsAuthentication.SignOut();
                    context.Response.Write("true");

                    //online
                    XHD.BLL.Sys_online sol = new XHD.BLL.Sys_online();
                    try
                    {
                        if (!string.IsNullOrEmpty(CoockiesID))
                        {
                            sol.Delete(" UserID=" + int.Parse(CoockiesID));
                        }
                    }
                    catch
                    {
                    }
                }
                #endregion
            }
            else if (request["Action"] == "checkpwd")
            {
                #region
                var    cookie     = context.Request.Cookies[FormsAuthentication.FormsCookieName];
                var    ticket     = FormsAuthentication.Decrypt(cookie.Value);
                string CoockiesID = ticket.UserData;

                XHD.BLL.hr_employee emp = new XHD.BLL.hr_employee();

                int    emp_id   = int.Parse(CoockiesID);
                string password = FormsAuthentication.HashPasswordForStoringInConfigFile(request["password"], "MD5");

                DataSet ds = emp.GetList(string.Format("ID={0} and pwd='{1}'", emp_id, password));

                if (ds.Tables[0].Rows.Count > 0)
                {
                    context.Response.Write("{sucess:sucess}");
                }
                else
                {
                    context.Response.Write("{sucess:false}");
                }
                #endregion
            }
        }