/// <summary>
/// 更新一条数据
/// </summary>
public bool Update(XHD.Model.Sys_online model, string where)
{
StringBuilder strSql = new StringBuilder();
strSql.Append("update Sys_online set ");
strSql.Append("UserID=@UserID,");
strSql.Append("UserName=@UserName,");
strSql.Append("LastLogTime=@LastLogTime");
strSql.Append(" where " + where);
MySqlParameter[] parameters =
{
new MySqlParameter("@UserID", MySqlDbType.Int32, 4),
new MySqlParameter("@UserName", MySqlDbType.VarChar, 50),
new MySqlParameter("@LastLogTime", MySqlDbType.DateTime)
};
parameters[0].Value = model.UserID;
parameters[1].Value = model.UserName;
parameters[2].Value = model.LastLogTime;
int rows = DbHelperMySQL.ExecuteSql(strSql.ToString(), parameters);
if (rows > 0)
{
return(true);
}
else
{
return(false);
}
}
/// <summary>
/// 增加一条数据
/// </summary>
public void Add(XHD.Model.Sys_online model)
{
StringBuilder strSql = new StringBuilder();
strSql.Append("insert into Sys_online(");
strSql.Append("UserID,UserName,LastLogTime)");
strSql.Append(" values (");
strSql.Append("@UserID,@UserName,@LastLogTime)");
SqlParameter[] parameters =
{
new SqlParameter("@UserID", SqlDbType.Int, 4),
new SqlParameter("@UserName", SqlDbType.VarChar, 50),
new SqlParameter("@LastLogTime", SqlDbType.DateTime)
};
parameters[0].Value = model.UserID;
parameters[1].Value = model.UserName;
parameters[2].Value = model.LastLogTime;
DbHelperSQL.ExecuteSql(strSql.ToString(), parameters);
}
/// <summary>
/// 增加一条数据
/// </summary>
public void Add(XHD.Model.Sys_online model)
{
//StringBuilder strSql=new StringBuilder();
//strSql.Append("insert into Sys_online(");
//strSql.Append("UserID,UserName,LastLogTime)");
//strSql.Append(" values (");
//strSql.Append("@UserID,@UserName,@LastLogTime)");
//MySqlParameter[] parameters = {
// new MySqlParameter("@UserID", MySqlDbType.Int32,4),
// new MySqlParameter("@UserName", MySqlDbType.VarChar,50),
// new MySqlParameter("@LastLogTime", MySqlDbType.DateTime)};
//parameters[0].Value = model.UserID;
//parameters[1].Value = model.UserName;
//parameters[2].Value = model.LastLogTime;
//DbHelperMySQL.ExecuteSql(strSql.ToString(),parameters);
//Robert 2015-11-23
string strSql = string.Format(@"insert into Sys_online(UserID,UserName,LastLogTime) values ('{0}','{1}','{2}')",
model.UserID, model.UserName, model.LastLogTime);
DbHelperMySQL.ExecuteSql(strSql.ToString());
}
public void ProcessRequest(HttpContext context)
{
context.Response.ContentType = "text/plain";
HttpRequest request = context.Request;
XHD.BLL.ssn_art_menu menu = new XHD.BLL.ssn_art_menu();
XHD.BLL.sys_info info = new XHD.BLL.sys_info();
var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];
var ticket = FormsAuthentication.Decrypt(cookie.Value);
string CoockiesID = ticket.UserData;
XHD.BLL.hr_employee emp = new XHD.BLL.hr_employee();
int emp_id = int.Parse(CoockiesID);
DataSet dsemp = emp.GetList("id=" + emp_id);
XHD.Model.hr_employee employeeModel = emp.GetModel(emp_id); //当前员工
string empname = string.Empty;
string uid = string.Empty;
string depid = string.Empty;
string roletype = string.Empty;
string factory_Id = string.Empty;
if (employeeModel != null)
{
empname = employeeModel.name; //员工姓名
uid = employeeModel.uid; //员工Uid
depid = employeeModel.d_id.ToString(); //员工所在部门
factory_Id = employeeModel.factory_Id; //员工所属工厂
roletype = employeeModel.roletype.ToString();
}
#region GetSysApp
if (request["Action"] == "GetSysApp")
{
DataSet ds = null;
int appid = int.Parse(request["appid"]);
if (dsemp.Tables[0].Rows.Count > 0)
{
if (dsemp.Tables[0].Rows[0]["uid"].ToString() == "admin")
{
ds = menu.GetList(0, "App_id=" + appid, "Menu_order");
}
else
{
DataSSN.SSN_GetAuthorityByUid getauth = new DataSSN.SSN_GetAuthorityByUid();
string menus = getauth.GetAuthority(emp_id.ToString(), "Menus");
//ds = menu.GetList(0, "App_id=" + appid + " and Menu_id in " + menus + " and menu_type='aft'", "Menu_order");
ds = menu.GetList(0, "App_id=" + appid + " and Id in " + menus + " ", "Menu_order");
}
}
string strRe = string.Empty;
//==============整理返回==============================================
strRe = "[" + GetTasksString(emp_id.ToString(), empname, factory_Id, 0, ds.Tables[0]) + "]";
context.Response.Write(strRe);
}
#endregion
#region getUserTree
else if (request["Action"] == "getUserTree")
{
XHD.BLL.Sys_online sol = new XHD.BLL.Sys_online();
XHD.Model.Sys_online model = new XHD.Model.Sys_online();
model.UserName = PageValidate.InputText(empname, 250);
model.UserID = emp_id;
model.LastLogTime = DateTime.Now;
DataSet ds1 = sol.GetList(" UserID=" + emp_id);
//添加当前用户信息
if (ds1.Tables[0].Rows.Count > 0)
{
sol.Update(model, " UserID=" + emp_id);
}
else
{
sol.Add(model);
}
//删除超时用户
//2分钟用户失效,删除 --Robert 2015-11-24
sol.Delete(" LastLogTime<date_sub(now(), interval 2 minute)");
XHD.BLL.hr_department dep = new XHD.BLL.hr_department();
XHD.BLL.hr_post hp = new XHD.BLL.hr_post();
DataSet ds = dep.GetList(0, "factory_Id='" + factory_Id + "'", "d_order");
StringBuilder str = new StringBuilder();
str.Append("[");
str.Append(GetTreeString(0, ds.Tables[0], 1, "1=1"));
str.Replace(",", "", str.Length - 1, 1);
str.Append("]");
context.Response.Write(str);
}
#endregion
#region GetUserInfo
else if (request["Action"] == "GetUserInfo")
{
string dt = XHD.Common.DataToJson.DataToJSON(dsemp);
context.Response.Write(dt);
}
#endregion
#region GetOnline
else if (request["Action"] == "GetOnline")
{
XHD.BLL.Sys_online sol = new XHD.BLL.Sys_online();
XHD.Model.Sys_online model = new XHD.Model.Sys_online();
model.UserName = empname;
model.UserID = emp_id;
model.LastLogTime = DateTime.Now;
DataSet ds1 = sol.GetList(" UserID=" + emp_id);
//添加当前用户信息
if (ds1.Tables[0].Rows.Count > 0)
{
sol.Update(model, " UserID=" + emp_id);
}
else
{
sol.Add(model);
}
//}
//删除超时用户
//2分钟用户失效,删除 --Robert 2015-11-24
sol.Delete(" LastLogTime<date_sub(now(), interval 2 minute)");
context.Response.Write(XHD.Common.GetGridJSON.DataTableToJSON(sol.GetAllList().Tables[0]));
}
#endregion
#region getinfo
else if (request["Action"] == "getinfo")
{
DataSet ds = info.GetList(" id=2 or id=3");
context.Response.Write(XHD.Common.GetGridJSON.DataTableToJSON(ds.Tables[0]));
}
#endregion
#region changepwd
else if (request["Action"] == "changepwd")
{
DataSet ds = emp.GetPWD(emp_id);
XHD.Model.hr_employee model = new XHD.Model.hr_employee();
string oldpwd = FormsAuthentication.HashPasswordForStoringInConfigFile(request["T_oldpwd"], "MD5");
string newpwd = FormsAuthentication.HashPasswordForStoringInConfigFile(request["T_newpwd"], "MD5");
if (ds.Tables[0].Rows[0]["pwd"].ToString() == oldpwd)
{
model.pwd = newpwd;
model.ID = (emp_id);
emp.changepwd(model);
context.Response.Write("true");
}
else
{
context.Response.Write("false");
}
}
#endregion
#region form
else if (request["Action"] == "form")
{
string eid = PageValidate.InputText(request["id"], 50);
if (eid == "epu")
{
eid = emp_id.ToString();
}
DataSet ds = emp.GetList("id=" + int.Parse(eid));
string dt = XHD.Common.DataToJson.DataToJSON(ds);
context.Response.Write(dt);
}
#endregion
#region PersonalUpdate保存修改信息
else if (request["Action"] == "PersonalUpdate")
{
XHD.Model.hr_employee model = new XHD.Model.hr_employee();
model.email = PageValidate.InputText(request["T_email"], 255);
model.name = PageValidate.InputText(request["T_name"], 255);
model.birthday = PageValidate.InputText(request["T_birthday"], 255);
model.sex = PageValidate.InputText(request["T_sex"], 255);
model.idcard = PageValidate.InputText(request["T_idcard"], 255);
model.tel = PageValidate.InputText(request["T_tel"], 255);
model.address = PageValidate.InputText(request["T_Adress"], 255);
model.schools = PageValidate.InputText(request["T_school"], 255);
model.education = PageValidate.InputText(request["T_edu"], 255);
model.professional = PageValidate.InputText(request["T_professional"], 255);
model.remarks = PageValidate.InputText(request["T_remarks"], 255);
model.title = PageValidate.InputText(request["headurl"], 255);
DataRow dr = dsemp.Tables[0].Rows[0];
model.ID = emp_id;
bool isup = emp.PersonalUpdate(model);
if (isup)
{
context.Response.Write("true");
}
else
{
context.Response.Write("false");
}
C_Sys_log log = new C_Sys_log();
int UserID = emp_id;
string UserName = empname;
string IPStreet = request.UserHostAddress;
string EventTitle = model.name;
string EventType = "个人信息修改";
int EventID = emp_id;
if (dr["email"].ToString() != request["T_email"])
{
log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "邮箱", dr["email"].ToString(), request["T_email"], factory_Id);
}
if (dr["name"].ToString() != request["T_name"])
{
log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "员工姓名", dr["name"].ToString(), request["T_name"], factory_Id);
}
if (dr["birthday"].ToString() != request["T_birthday"])
{
log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "员工生日", dr["birthday"].ToString(), request["T_birthday"], factory_Id);
}
if (dr["sex"].ToString() != request["T_sex"])
{
log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "员工性别", dr["sex"].ToString(), request["T_sex"], factory_Id);
}
if (dr["idcard"].ToString() != request["T_idcard"])
{
log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "身份证", dr["idcard"].ToString(), request["T_idcard"], factory_Id);
}
if (dr["tel"].ToString() != request["T_tel"])
{
log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "手机", dr["tel"].ToString(), request["T_tel"], factory_Id);
}
if (dr["address"].ToString() != request["T_Adress"])
{
log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "地址", dr["address"].ToString(), request["T_Adress"], factory_Id);
}
if (dr["schools"].ToString() != request["T_school"])
{
log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "毕业学校", dr["schools"].ToString(), request["T_school"], factory_Id);
}
if (dr["education"].ToString() != request["T_edu"])
{
log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "学历", dr["education"].ToString(), request["T_edu"], factory_Id);
}
if (dr["professional"].ToString() != request["T_professional"])
{
log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "专业", dr["professional"].ToString(), request["T_professional"], factory_Id);
}
}
#endregion
#region tree
else if (request["Action"] == "tree")
{
string serchtxt = " 1=1 and factory_Id = '" + factory_Id + "'";
//string authtxt = PageValidate.InputText(request["auth"], 50);
//if (!string.IsNullOrEmpty(authtxt))
//{
// Data.GetDataAuth dataauth = new Data.GetDataAuth();
// string txt = dataauth.GetDataAuthByid(authtxt, "Sys_add", emp_id.ToString(), factory_Id);
// string[] arr = txt.Split(':');
// switch (arr[0])
// {
// case "my":
// case "dep":
// string did = dsemp.Tables[0].Rows[0]["d_id"].ToString();
// if (string.IsNullOrEmpty(did))
// did = "0";
// authtxt = did;
// break;
// case "all":
// authtxt = "0";
// break;
// case "depall":
// DataSet dsdep = dep.GetList("factory_Id='" + factory_Id + "'");
// string deptask = GetDepTask(int.Parse(arr[1]), dsdep.Tables[0]);
// string intext = arr[1] + "," + deptask;
// authtxt = intext.TrimEnd(',');
// break;
// }
//}
//context.Response.Write(authtxt);
XHD.BLL.hr_department dep = new XHD.BLL.hr_department();
DataSet ds = dep.GetList(0, serchtxt, " d_order");
StringBuilder str = new StringBuilder();
str.Append("[");
str.Append(GetTreeString(0, ds.Tables[0], "0"));
str.Replace(",", "", str.Length - 1, 1);
str.Append("]");
context.Response.Write(str);
}
#endregion
}
public void ProcessRequest(HttpContext context)
{
context.Response.ContentType = "text/plain";
context.Response.Charset = "utf-8";
HttpRequest request = context.Request;
if (request["Action"] == "login")
{
XHD.BLL.hr_employee emp = new XHD.BLL.hr_employee();
XHD.BLL.Sys_FactoryInfo fty = new XHD.BLL.Sys_FactoryInfo();
string username = PageValidate.InputText(request["username"], 255);
//string password = FormsAuthentication.HashPasswordForStoringInConfigFile(request["password"], "MD5");
string password = PageValidate.InputText(request["password"], 255);
string validate = PageValidate.InputText(request["validate"], 255);
//SQL注入式攻击过滤===========================================================================================
string path = context.Server.MapPath(@"../file/SQLFile.txt");
if (CommonData.getSQLPercolation(username.ToUpper(), path))
{
context.Response.Write("999");//系统错误
return;
}
//============================================================================================================
if (!string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password))
{
//if (validate == context.Session["CheckCode"].ToString() || validate.ToLower() == context.Session["CheckCode"].ToString().ToLower())
//{
//DataSet ds = emp.GetList(" uid='" + username + "' and pwd='" + password + "'");
XHD.Model.hr_employee empModel = emp.LoginUser(username);
//IP 限制====================================================================================================
string vrip = GetClientIPv4Address();
List <string> lstIp = new List <string>();
lstIp.Add("219.146.197.91"); //电信IP地址
lstIp.Add("60.213.50.226"); //联通IP地址
lstIp.Add("172.178.1.118"); //本地(邢荣)
lstIp.Add("172.178.1.211"); //本地(陈伟)
lstIp.Add("172.178.1.100"); //本地(陈伟)
lstIp.Add("172.178.1.203"); //本地(robert)
lstIp.Add("172.178.1.201"); //本地(李明)
lstIp.Add("172.178.1.79"); //本地(王德胜)
lstIp.Add("172.178.1.117"); //本地(王立全)
lstIp.Add("172.178.1.243"); //本地(王虎)
lstIp.Add("172.178.1.56"); //本地(马萧)
lstIp.Add("172.178.1.29"); //本地(张杰)
lstIp.Add("172.178.1.45"); //本地(张顾严)
lstIp.Add("172.178.1.133"); //本地(吴瑞曾)
//if (!lstIp.Contains(vrip))
//{
// //修改:robert, 2016-06-04 过滤特殊人群,当前:王频频wpp6274========
// if (username.Trim() != "wpp6274" && username.Trim() != "gjc1010")
// {
// context.Response.Write("6");//ip受限制
// return;
// }
// //=======================================================================
//}
//============================================================================================================
if (empModel != null && empModel.pwd == password.ToUpper())
{
//存在该 uid的用户,并且 pwd-密码正确;执行以下内容
//if (ds.Tables[0].Rows.Count > 0)
//{
if (empModel.uid.Trim() == "admin")
{
#region
//string userid = empModel.ID.ToString();
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
empModel.uid,
DateTime.Now,
DateTime.Now.AddMinutes(20),
true,
empModel.ID.ToString(),
"/"
);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));
cookie.HttpOnly = true;
context.Response.Cookies.Add(cookie);
//FormsAuthentication.SetAuthCookie(userid, true);
//日志
XHD.BLL.Sys_log log = new XHD.BLL.Sys_log();
XHD.Model.Sys_log modellog = new XHD.Model.Sys_log();
modellog.EventType = "系统登录";
modellog.EventDate = DateTime.Now;
modellog.UserID = empModel.ID;
modellog.UserName = empModel.name;
modellog.IPStreet = request.UserHostAddress;
modellog.Factory_Id = empModel.factory_Id;
log.Add(modellog);
//online
XHD.BLL.Sys_online sol = new XHD.BLL.Sys_online();
XHD.Model.Sys_online model = new XHD.Model.Sys_online();
model.UserName = empModel.name;
model.UserID = empModel.ID;
model.LastLogTime = DateTime.Now;
DataSet ds1 = sol.GetList(" UserID=" + empModel.ID);
//添加当前用户信息
if (ds1.Tables[0].Rows.Count > 0)
{
sol.Update(model, " UserID=" + empModel.ID);
}
else
{
sol.Add(model);
}
//删除超时用户
//2分钟用户失效,删除 --Robert 2015-11-24
sol.Delete(" LastLogTime<date_sub(now(), interval 2 minute)");
//验证完毕,允许登录
context.Response.Write("2");
#endregion
}
else
{
#region
DataSet dsfty = fty.GetList("Factory_Id='" + empModel.factory_Id + "'");
string isDelete = dsfty.Tables[0].Rows[0]["IsDelete"].ToString();
if (int.Parse(isDelete) == 0)
{
if (empModel.canlogin.ToString() == "1")
{
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
username,
DateTime.Now,
DateTime.Now.AddMinutes(20),
true,
empModel.ID.ToString(),
"/"
);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));
cookie.HttpOnly = true;
context.Response.Cookies.Add(cookie);
//FormsAuthentication.SetAuthCookie(userid, true);
//日志
XHD.BLL.Sys_log log = new XHD.BLL.Sys_log();
XHD.Model.Sys_log modellog = new XHD.Model.Sys_log();
modellog.EventType = "系统登录";
modellog.EventDate = DateTime.Now;
modellog.UserID = empModel.ID;
modellog.UserName = empModel.name;
modellog.IPStreet = request.UserHostAddress;
modellog.Factory_Id = empModel.factory_Id;
log.Add(modellog);
//online
XHD.BLL.Sys_online sol = new XHD.BLL.Sys_online();
XHD.Model.Sys_online model = new XHD.Model.Sys_online();
model.UserName = empModel.name;
model.UserID = empModel.ID;
model.LastLogTime = DateTime.Now;
DataSet ds1 = sol.GetList(" UserID=" + empModel.ID);
//添加当前用户信息
if (ds1.Tables[0].Rows.Count > 0)
{
sol.Update(model, " UserID=" + empModel.ID);
}
else
{
sol.Add(model);
}
//删除超时用户
//2分钟用户失效,删除 --Robert 2015-11-24
sol.Delete(" LastLogTime<date_sub(now(), interval 2 minute)");
//验证完毕,允许登录
context.Response.Write("2");
}
else
{
context.Response.Write("4");//不允许登录
}
}
else
{
context.Response.Write("5");//不允许登录
}
#endregion
}
}
else
{
context.Response.Write("1");//用户名或密码错误
}
//}
//else
//{
// context.Response.Write("0");//验证码错误
//}
}
else
{
context.Response.Write("999");//系统数据错误
}
}
else if (request["Action"] == "logout")
{
#region
var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];
if (null != cookie)
{
var ticket = FormsAuthentication.Decrypt(cookie.Value);
string CoockiesID = ticket.UserData;
FormsAuthentication.SignOut();
context.Response.Write("true");
//online
XHD.BLL.Sys_online sol = new XHD.BLL.Sys_online();
try
{
if (!string.IsNullOrEmpty(CoockiesID))
{
sol.Delete(" UserID=" + int.Parse(CoockiesID));
}
}
catch
{
}
}
#endregion
}
else if (request["Action"] == "checkpwd")
{
#region
var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];
var ticket = FormsAuthentication.Decrypt(cookie.Value);
string CoockiesID = ticket.UserData;
XHD.BLL.hr_employee emp = new XHD.BLL.hr_employee();
int emp_id = int.Parse(CoockiesID);
string password = FormsAuthentication.HashPasswordForStoringInConfigFile(request["password"], "MD5");
DataSet ds = emp.GetList(string.Format("ID={0} and pwd='{1}'", emp_id, password));
if (ds.Tables[0].Rows.Count > 0)
{
context.Response.Write("{sucess:sucess}");
}
else
{
context.Response.Write("{sucess:false}");
}
#endregion
}
}