Esempio n. 1
0
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            Decoder dcode = new Decoder();
            string mErr = "";

            // 檢查使用者權限但不存入登入紀錄
            //Check_Power("3002", false);

            if (Request["fl_url"] != null)
            {
                lb_fl_url.Text = dcode.DeCode(Request["fl_url"].Trim());

                if (lb_fl_url.Text == Album.Root)
                    mErr = "根目錄不可刪除\\n";
                else
                {
                    lb_path.Text = Server.MapPath(lb_fl_url.Text);

                    #region 取得目前目錄的名稱
                    lb_al_name.Text = lb_fl_url.Text.Replace(Album.Root,"").Replace("//","");

                    if (!Directory.Exists(lb_path.Text))
                        mErr = "找不到指定的路徑\\n";
                    #endregion
                }
            }
            else
                mErr = "參數傳送錯誤!\\n";

            if (mErr != "")
                lt_show.Text = "<script language=\"javascript\">alert(\"" + mErr + "\");parent.close_all();parent.clean_win();</script>";
        }
    }
Esempio n. 2
0
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            Decoder dcode = new Decoder();
            string mErr = "", fl_name = "", fl_url = "", fpath = "";

            // 檢查使用者權限,但不存登入紀錄
            //Check_Power("3002", false);

            if (Request["fl_name"] == null || Request["fl_url"] == null)
                mErr = "參數傳送錯誤!\\n";
            else
            {
                fl_name = Request["fl_name"].Trim().ToLower();
                fl_url = dcode.DeCode(Request["fl_url"].Trim());

                if (fl_name == "" || fl_url == "")
                    mErr = "參數傳送錯誤!\\n";
            }

            #region 取得相片資訊
            if (mErr == "") {
                fpath = Server.MapPath(fl_url);

                if (fpath.Substring(fpath.Length - 1, 1) != "\\")
                    fpath += "\\";

                string[] mFiles = Directory.GetFiles(fpath, fl_name);
                if (mFiles.Length > 0)
                {
                    FileInfo fi_obj = new FileInfo(mFiles[0].ToString());

                    lb_ac_name.Text = fl_name;
                    lb_ac_size.Text = fi_obj.Length.ToString("N0");
                    lb_init_time.Text = fi_obj.LastWriteTime.ToString("yyyy/MM/dd HH:mm:ss");
                    lb_ac_type.Text = fi_obj.Extension.ToLower();

                    #region 讀取圖檔資料
                    using (System.Drawing.Image img_obj = System.Drawing.Image.FromFile(fpath + fl_name))
                    {
                        lb_ac_wh.Text = img_obj.Width.ToString() + " × " + img_obj.Height.ToString();
                    }
                    #endregion
                }
                else
                    mErr = "找不到指定的相片!\\n";

                mFiles = null;
            }
            #endregion

            if (mErr != "")
                lt_show.Text = "<script language=javascript>alert(\"" + mErr + "\");parent.close_all();parent.clean_win();</script>";
        }
    }
Esempio n. 3
0
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            Decoder dcode = new Decoder();
            string mErr = "";

            // 檢查使用者權限但不存入登入紀錄
            //Check_Power("3002", false);

            if (Request["fl_url"] != null)
            {
                lb_fl_url.Text = dcode.DeCode(Request["fl_url"].Trim());
            }
            else
                mErr = "參數傳送錯誤!\\n";

            if (mErr != "")
                lt_show.Text = "<script language=\"javascript\">alert(\"" + mErr + "\");parent.close_all();parent.clean_win();</script>";
        }
    }
Esempio n. 4
0
    protected void Page_Load(object sender, EventArgs e)
    {
        Decoder dcode = new Decoder();

        if (!IsPostBack)
        {
            // 檢查使用者權限並存入登入紀錄
            //Check_Power("3002", true);

            if (Request["fl_url"] != null)
            {
                lb_fl_url.Text =  dcode.DeCode(Request["fl_url"].Trim());
                lb_fl_url_encode.Text = Server.UrlEncode(dcode.EnCode(lb_fl_url.Text));
                lb_path.Text = Server.MapPath(lb_fl_url.Text);

                if (lb_fl_url.Text == Album.Root)
                {
                    lb_show_path.Text = "根目錄";
                }
                else
                {
                    // 僅顯示 Album.Root 以後的目錄名稱
                    lb_show_path.Text = lb_fl_url.Text.Replace(Album.Root, "");

                    // 檢查目錄是否存在
                    if (! Directory.Exists(lb_path.Text))
                        lt_show.Text = "<script language=javascript>alert(\"找不到指定的路徑\\n\");location.replace(\"3002.aspx\");</script>";
                }
            }
            else
            {
                lb_fl_url.Text = Album.Root;
                lb_fl_url_encode.Text = Server.UrlEncode(dcode.EnCode(lb_fl_url.Text));
                lb_path.Text = Server.MapPath(lb_fl_url.Text);
                lb_show_path.Text = "根目錄";
            }
        }
    }
Esempio n. 5
0
    // Check_ID() 檢查帳號密碼,儲存紀錄,傳回權限
    // 傳入參數 mg_id	使用者帳號
    //            mg_pass	登入密碼
    //            ip_addr	使用者 IP
    // 傳回數值	*開頭	*錯誤訊息
    //            其它	管理者編號;管理者姓名;權限字串
    public string Check_ID(string mg_id, string mg_pass, string ip_addr)
    {
        string SqlString = "";
        string mCheck = "", mErr = "", mg_sid = "", mg_name = "";
        StringBuilder mg_power = new StringBuilder();
        Decoder dcode = new Decoder();

        // 取得使用者資料
        using (SqlConnection Sql_Conn = new SqlConnection(WebConfigurationManager.ConnectionStrings["AppSysConnectionString"].ConnectionString))
        {
            SqlString = "Select Top 1 mg_sid, mg_name, mg_id, mg_pass From Manager Where mg_id = @mg_id";
            Sql_Conn.Open();
            using (SqlCommand Sql_Command = new SqlCommand())
            {
                SqlDataReader Sql_Reader;

                Sql_Command.Connection = Sql_Conn;
                Sql_Command.CommandText = SqlString;

                Sql_Command.Parameters.AddWithValue("@mg_id", mg_id);

                Sql_Reader = Sql_Command.ExecuteReader();
                if (Sql_Reader.Read())
                {
                    // 再次確認帳號及密碼,以防有人使用 SQL 隱碼攻擊侵入
                    if (Sql_Reader["mg_id"].ToString().Trim() == mg_id)
                    {
                        // 密碼欄位需解密後再行核對
                        if (mg_pass == dcode.DeCode(Sql_Reader["mg_pass"].ToString().Trim()))
                        {
                            // 建立 Session
                            mg_sid = Sql_Reader["mg_sid"].ToString().Trim();
                            mg_name = Sql_Reader["mg_name"].ToString().Trim();
                            Sql_Command.Dispose();
                            Sql_Reader.Close();
                            Sql_Reader.Dispose();

                            // 取得執行權限,置入 mg_power
                            // 清除 SqlString 字串
                            SqlString.Remove(0, SqlString.Length);

                            if (mg_sid.ToString() == "0")
                            {
                                // 若為系統總管理者,擁有全部的功能執行權限
                                SqlString = "Select fi_no2 From Func_Item2 Where is_visible <> 0";
                            }
                            else
                            {
                                // 一般使用者,由人員系統權限 Func_Power 資料表取得可執行的權限,以及系統管理用的功能
                                SqlString = "Select fi_no2 From Func_Power Where mg_sid = @mg_sid And is_enable = 1";
                                SqlString = SqlString + " Union ";
                                SqlString = SqlString + "Select fi_no2 From Func_Item2 Where is_visible = 2";
                            }

                            // 取得權限,並填入 mg_power
                            Sql_Command.Connection = Sql_Conn;
                            Sql_Command.CommandText = SqlString;
                            Sql_Command.Parameters.AddWithValue("@mg_sid", mg_sid);
                            Sql_Reader = Sql_Command.ExecuteReader();
                            while (Sql_Reader.Read())
                            {
                                mg_power.Append(Sql_Reader["fi_no2"].ToString() + ";");
                            }
                            Sql_Command.Dispose();
                            Sql_Reader.Close();

                            if (mg_power.ToString() == "")
                                mErr = "沒有任何的執行權限,請用其它帳號重新登入!\\n";
                            else
                            {	// 存入使用者登入紀錄,並更新最後更新紀錄
                                SqlString = "Insert Into Mg_Log (mg_sid, fi_no2, lg_time, lg_ip) Values";
                                SqlString += " (@mg_sid, '0001', getdate(), @lg_ip);";
                                SqlString += "Update Manager Set last_date = getdate() Where mg_sid = @mg_sid";

                                Sql_Command.Parameters.Clear();
                                Sql_Command.Connection = Sql_Conn;
                                Sql_Command.CommandText = SqlString;
                                Sql_Command.Parameters.AddWithValue("@mg_sid", mg_sid);
                                Sql_Command.Parameters.AddWithValue("@lg_ip", ip_addr);

                                Sql_Command.ExecuteNonQuery();

                                // 刪除一年前所有使用者的登入資料
                                SqlString = "Delete Mg_Log Where lg_time < DateAdd(yy, -1,getdate())";
                                Sql_Command.Parameters.Clear();
                                Sql_Command.Connection = Sql_Conn;
                                Sql_Command.CommandText = SqlString;
                                Sql_Command.Parameters.AddWithValue("@mg_sid", mg_sid);
                                Sql_Command.ExecuteNonQuery();
                            }
                        }
                        else
                            mErr = "帳號、密碼有誤!\\n";		// 不想讓使用者清楚知道是密碼錯誤,所以帳號、密碼兩者都寫
                    }
                    else
                        mErr = "請使用正確的方式登入!\\n";

                    Sql_Command.Dispose();
                    Sql_Reader.Close();
                    Sql_Reader.Dispose();
                }
                else
                    mErr = "帳號、密碼有誤!\\n";
            }
        }

        if (mErr == "")
        {
            // 以 \t\n 為間隔
            mCheck = mg_sid + "\t\n" + mg_name + "\t\n" + mg_power;
        }
        else
        {
            mCheck = "*" + mErr;
        }

        return mCheck;
    }
Esempio n. 6
0
 protected void bn_decode_Click(object sender, EventArgs e)
 {
     Decoder dcode = new Decoder();
     lb_source.Text = dcode.DeCode(tb_encrypt.Text);
 }
Esempio n. 7
0
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            Decoder dcode = new Decoder();
            string mErr = "", fl_url = "";

            // 檢查使用者權限並存入登入紀錄
            //Check_Power("2003", true);

            #region 取得所屬的實體位置
            using (SqlConnection Sql_conn = new SqlConnection(WebConfigurationManager.ConnectionStrings["AppSysConnectionString"].ConnectionString))
            {
                using (SqlCommand Sql_Command = new SqlCommand())
                {
                    string SqlString = "";
                    SqlString = "Select Top 1 fl_url From Fi_Location Where fl_no = 3";

                    Sql_Command.Connection = Sql_conn;
                    Sql_Command.CommandText = SqlString;

                    Sql_conn.Open();

                    using (SqlDataReader Sql_Reader = Sql_Command.ExecuteReader())
                    {
                        if (Sql_Reader.Read())
                        {
                            lb_fl_url.Text = Sql_Reader["fl_url"].ToString().Trim();
                            bn_go_root.ToolTip = "回到 " + lb_fl_url.Text + " ";
                        }
                        else
                            mErr = "找不到指定的路徑\\n";

                        Sql_Reader.Close();
                    }
                }
            #endregion
            }

            if (mErr == "")
            {
                #region 判斷是否有傳入值
                if (Request["fl_url"] == null)
                    lb_url.Text = lb_fl_url.Text;
                else if (Request["fl_url"].Trim() == "")
                    lb_url.Text = lb_fl_url.Text;
                else
                {
                    fl_url = dcode.DeCode(Request["fl_url"].Trim());

                    // 檢查是否有人使用入侵方式進入
                    if (fl_url.Length < lb_fl_url.Text.Length)
                        lb_url.Text = lb_fl_url.Text;
                    else if (fl_url.Substring(0, lb_fl_url.Text.Length) == lb_fl_url.Text)
                        lb_url.Text = fl_url;
                    else
                        lb_url.Text = lb_fl_url.Text;
                }

                lb_path.Text = Server.MapPath(lb_url.Text);

                // 加密編碼,傳送時以防入侵
                lb_url_encode.Text = Server.UrlEncode(dcode.EnCode(lb_url.Text));
                lb_fl_url_encode.Text = Server.UrlEncode(dcode.EnCode(lb_fl_url.Text));
                #endregion

                // 取得路徑內的子目錄及檔案清單
                Get_PathFile();
            }

            // 顯示錯誤訊息
            if (mErr != "")
                lt_show.Text = "<script language=javascript>alert(\"" + mErr + "\");</script>";
        }
    }
Esempio n. 8
0
    protected void Page_Load(object sender, EventArgs e)
    {
        Decoder dcode = new Decoder();
        string mErr = "", fpath = "", fext = "", fname = "";
        string file_ext = ".jpg.gif.png.bmp.wmf";		// 允許使用的檔案副檔名
        int ckint = -1, iCnt = 0, rCnt = 0;

        if (!IsPostBack)
        {
            // 檢查使用者權限,但不存登入紀錄
            //Check_Power("3002", false);

            // 上下一筆時處理用的指標
            if (Request["rownum"] != null)
            {
                if (int.TryParse(Request["rownum"], out ckint))
                    rownum = ckint;
                else
                    rownum = 1;
            }
            else
                rownum = 1;

            // 顯示效果
            if (Request["effect"] != null)
                if (int.TryParse(Request["effect"], out ckint))
                    show_effect = ckint;
                else
                    show_effect = 0;
            else
                show_effect = 0;

            if (Request["fl_url"] != null)
            {
                fl_url = dcode.DeCode(Request["fl_url"].Trim());
                if (fl_url.Substring(fl_url.Length - 1, 1) != "/")
                    fl_url += "/";

                fpath = Server.MapPath(fl_url);
                if (fpath.Substring(fpath.Length - 1, 1) != "\\")
                    fpath = fpath + "\\";

                if (Directory.Exists(fpath))
                    fl_url_encode = Server.UrlEncode(dcode.EnCode(fl_url));
                else
                    mErr = "找不到這個目錄!\\n";
            }
            else
                mErr = "參數傳送錯誤!\\n";

            if (mErr == "") {
                #region 處理圖形資料

                string[] mFiles = Directory.GetFiles(fpath, "*");

                if (mFiles.Length > 0)
                {
                    Array.Sort(mFiles);

                    maxrow = 0;
                    rCnt = 0;

                    for (iCnt = 0; iCnt < mFiles.Length; iCnt++)
                    {
                        fname = mFiles[iCnt].Replace(fpath, "").Replace("\\", "").ToLower();
                        fext = Path.GetExtension(fname).ToString().ToLower();

                        if (file_ext.Contains(fext))
                        {
                            maxrow++;

                            if (rownum == maxrow)
                            {
                                rCnt = maxrow;
                                ac_pic = fl_url + fname;
                                fl_name = fname;
                            }
                            else if (maxrow == 1)
                            {
                                ac_pic = fl_url + fname;
                                fl_name = fname;
                            }
                        }
                    }

                    if (maxrow == 0)
                        mErr = "這個目錄已經沒有相片檔案了!\\n";
                    else
                    {
                        #region 找不到指定順序的圖形
                        if (rCnt == 0)
                            rCnt = 1;
                        #endregion
                        rownum = rCnt;
                    }
                }
                else
                    mErr = "這個目錄已經沒有相片了!\\n";

                #endregion
            }

            if (mErr != "")
                lt_show.Text = "<script language=javascript>alert(\"" + mErr + "\");window.close();</script>";
        }
    }
Esempio n. 9
0
    protected void bn_ok_Click(object sender, EventArgs e)
    {
        Common_Func cfc = new Common_Func();

        string mErr = "", mg_npass = "";

        mg_npass = tb_npass.Text.Trim();

        if (tb_spass.Text.Trim() == "")
            mErr = mErr + "請輸入「原登入密碼」!\\n";

        if (mg_npass == "")
            mErr = mErr + "請輸入「新登入密碼」!\\n";
        else if (cfc.CheckSQL(mg_npass))
            mErr = mErr + "「新登入密碼」請勿使用特殊符號!\\n";
        else if (mg_npass.Length > 12 || mg_npass.Length < 4)
            mErr = mErr + "「新登入密碼」長度為4~12個字!\\n";

        if (mg_npass != tb_rpass.Text.Trim())
            mErr = mErr + "「新登入密碼」與「新密碼確認」輸入的資料不同!\\n";
        else
        {
            if (tb_spass.Text.Trim() == tb_npass.Text.Trim())
                mErr = mErr + "「原登入密碼」與「新登入密碼」不可相同!\\n";
        }

        if (mErr == "")
        {
            string mg_pass = "", mg_id = "";
            string SqlString = "";
            SqlConnection Sql_conn;
            SqlCommand Sql_command;
            SqlDataReader Sql_reader;
            Decoder dcd = new Decoder();

            SqlString = "Select Top 1 mg_id, mg_pass From Manager Where mg_sid = @mg_sid";

            Sql_conn = new SqlConnection(WebConfigurationManager.ConnectionStrings["AppSysConnectionString"].ConnectionString);
            Sql_conn.Open();
            Sql_command = new SqlCommand(SqlString, Sql_conn);
            Sql_command.Parameters.AddWithValue("@mg_sid", Session["mg_sid"].ToString());
            Sql_reader = Sql_command.ExecuteReader();
            if (Sql_reader.Read())
            {
                mg_id = Sql_reader["mg_id"].ToString().Trim();

                // 取得登入者於 mg_pass 欄位中的密碼並加以解密。
                mg_pass = dcd.DeCode(Sql_reader["mg_pass"].ToString().Trim());
            }
            Sql_reader.Close();

            // 比對資料表中的帳號和密碼是否與使用者所輸入者相符。
            if (mg_id == tb_id.Text.Trim() && mg_pass == tb_spass.Text.Trim())
            {
                // 加密使用者所輸入的新密碼。
                mg_pass = dcd.EnCode(tb_npass.Text.Trim());

                // 更新密碼。
                SqlString = "Update Manager Set mg_pass = @mg_pass Where mg_sid = @mg_sid and mg_id = @mg_id";
                Sql_command.Parameters.Clear();

                Sql_command = new SqlCommand(SqlString, Sql_conn);
                Sql_command.Parameters.AddWithValue("@mg_sid", Session["mg_sid"].ToString());
                Sql_command.Parameters.AddWithValue("@mg_id", mg_id);
                Sql_command.Parameters.AddWithValue("@mg_pass", mg_pass);

                Sql_command.ExecuteNonQuery();

                mErr = "密碼已更新完成,會在下一次登入時生效!\\n";
            }
            else
            {
                // 為避免有駭客入侵,不可明確表示是那個欄位輸入錯誤的訊息。
                mErr = mErr + "「使用者帳號」或「原登入密碼」輸入錯誤!\\n";
            }

            Sql_command.Dispose();
            Sql_conn.Close();
        }

        Literal txtMsg = new Literal();

        // 傳送錯誤訊息
        txtMsg.Text = "<script language=javascript>alert('" + mErr + "');</script>";

        // 利用 javascript 傳送錯誤訊息或進入功能頁面
        Page.Controls.Add(txtMsg);
    }