/// <summary> /// 权限扩展数据列表 /// </summary> /// <param name="id">数据表单</param> /// <returns>执行结果</returns> public ActionResult Search(FormCollection form) { string strWhere = null; var pgParam = "Nothing,Nothing"; //扩展编码 var txtCode = form["txtCode"] as string; if (!string.IsNullOrEmpty(txtCode) && ValidHelper.EngIsEngAndNum(txtCode)) { pgParam += string.Format(",txtCode,{0}", txtCode); if (strWhere == null) { strWhere = string.Format("charindex('{0}',exte_code)>0", txtCode); } else { strWhere += string.Format(" and charindex('{0}',exte_code)>0", txtCode); } } //扩展标识 var txtMark = form["txtMark"] as string; if (!string.IsNullOrEmpty(txtMark) && ValidHelper.EngIsEngAndNum(txtMark)) { pgParam += string.Format(",txtMark,{0}", txtMark); if (strWhere == null) { strWhere = string.Format("charindex('{0}',exte_mark)>0", txtMark); } else { strWhere += string.Format(" and charindex('{0}',exte_mark)>0", txtMark); } } var dataPager = new PagerHelperCHS(); dataPager.PageSize = GeneralHandler.PageSize; if (form.Count > 1) { dataPager.PageCurrent = TypeHelper.TypeToInt32(form["pager"], 1); } else { dataPager.PageCurrent = TypeHelper.TypeToInt32(form["id"], 1); } int pageCount, recordCount; var dataList = DawnAuthExtentBLL.SelectPSPisAllPurposeRowNumber(dataPager.PageSize, dataPager.PageCurrent, "exte_time desc,exte_code", strWhere, out pageCount, out recordCount); dataPager.PageCount = pageCount; dataPager.RecordCount = recordCount; dataPager.PageRecordCount = dataList.Count; ViewBag.Pager = dataPager; ViewBag.PagerParam = pgParam; return(View("List", dataList)); }
/// <summary> /// 权限扩展添加数据检测 /// </summary> /// <param name="form">数据表单</param> /// <param name="stateInfo">状态消息</param> /// <returns>执行结果</returns> private bool AddedByCheck(FormCollection form, out string stateInfo) { stateInfo = GeneralHandler.StateSuccess; string txtCode = form["txtCode"] as string; if ((txtCode.Length > 0 && !ValidHelper.EngIsEngAndNum(txtCode)) || txtCode.Length > 100) { stateInfo = "您输入的编码不正确!(只能由字母和数字组成,且不大于100个字)"; return(false); } string txtCodeName = form["txtCodeName"] as string; if (string.IsNullOrEmpty(txtCodeName) || txtCodeName.Length < 2 || txtCodeName.Length > 200) { stateInfo = "编码名称不能为空或小于2个或大于200个字符!"; return(false); } if (!ValidHelper.ChsIsChineseOrEngOrNum(txtCodeName)) { stateInfo = "您输入的编码名称不正确!(只能由汉字、字母、数字组成)"; return(false); } string txtMark = form["txtMark"] as string; if ((txtMark.Length > 0 && !ValidHelper.EngIsEngAndNum(txtMark)) || txtMark.Length > 100) { stateInfo = "您输入的标识不正确!(只能由字母和数字组成,且不大于100个字)"; return(false); } string txtMarkName = form["txtMarkName"] as string; if (string.IsNullOrEmpty(txtMarkName) || txtMarkName.Length < 2 || txtMarkName.Length > 200) { stateInfo = "标识名称不能为空或小于2个或大于200个字符!"; return(false); } if (!ValidHelper.ChsIsChineseOrEngOrNum(txtMarkName)) { stateInfo = "您输入的标识名称不正确!(只能由汉字、字母、数字组成)"; return(false); } string txtMemo = form["txtMemo"] as string; if ((txtMemo.Length > 0 && !ValidHelper.ChsIsMemos(txtMemo)) || txtMemo.Length > 500) { stateInfo = "您输入的扩展备注不正确!(只能由汉字、字母、数字组成,且不大于500个字)"; return(false); } return(true); }
/// <summary> /// 字符串验证 /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void btnString_Click(object sender, EventArgs e) { string strValue = this.cboxString.SelectedItem as string; bool checkFlag = false; switch (strValue) { case "用户密码": checkFlag = ValidHelper.EngIsPassword(this.txtString.Text); break; case "用户密码2": checkFlag = ValidHelper.EngIsPasswords(this.txtString.Text); break; case "注册帐号": checkFlag = ValidHelper.EngIsRegister(this.txtString.Text); break; case "26个字母": checkFlag = ValidHelper.EngIsEnglish(this.txtString.Text); break; case "大写字母": checkFlag = ValidHelper.EngIsUppercase(this.txtString.Text); break; case "小写字母": checkFlag = ValidHelper.EngIsLowercase(this.txtString.Text); break; case "字母数字": checkFlag = ValidHelper.EngIsEngAndNum(this.txtString.Text); break; case "英头数字": checkFlag = ValidHelper.EngIsEngAndNums(this.txtString.Text); break; case "字数下线": checkFlag = ValidHelper.EngIsEngAndNumOrUnderline(this.txtString.Text); break; default: break; } this.lblResultString.Text = checkFlag.ToString(); }
/// <summary> /// 权限扩展获取同步数据 /// <para>数据检测</para> /// </summary> /// <param name="form">数据表单</param> /// <param name="stateInfo">状态消息</param> /// <returns>执行结果</returns> private bool GetSyncDataByCheck(FormCollection form, out string stateInfo) { stateInfo = GeneralHandler.StateSuccess; //扩展设定:扩展编码 string txtSetCode = form["txtSetCode"] as string; if ((txtSetCode.Length > 0 && !ValidHelper.EngIsEngAndNum(txtSetCode)) || txtSetCode.Length > 100) { stateInfo = "您输入的[扩展设定:扩展编码]不正确!(只能由字母和数字组成,且不大于100个字)"; return(false); } if (ValidHelper.IsSqlFilter(txtSetCode)) { stateInfo = "您输入的[扩展设定:扩展编码]存在安全问题,请检查后重试!"; return(false); } //扩展设定:编码名称 string txtSetName = form["txtSetName"] as string; if (string.IsNullOrEmpty(txtSetName) || txtSetName.Length < 2 || txtSetName.Length > 200) { stateInfo = "[扩展设定:编码名称]不能为空或小于2个或大于200个字符!"; return(false); } if (!ValidHelper.ChsIsChineseOrEngOrNum(txtSetName)) { stateInfo = "您输入的[扩展设定:编码名称]不正确!(只能由汉字、字母、数字组成)"; return(false); } if (ValidHelper.IsSqlFilter(txtSetName)) { stateInfo = "您输入的[扩展设定:编码名称]存在安全问题,请检查后重试!"; return(false); } //字段名称:数据表名 string txtFieldTable = form["txtFieldTable"] as string; if (string.IsNullOrWhiteSpace(txtFieldTable)) { stateInfo = "[字段名称:数据表名]不能为空!"; return(false); } if (ValidHelper.IsSqlFilter(txtFieldTable)) { stateInfo = "您输入的[字段名称:数据表名]存在安全问题,请检查后重试!"; return(false); } //字段名称:扩展标识 string txtFieldMark = form["txtFieldMark"] as string; if (string.IsNullOrWhiteSpace(txtFieldMark)) { stateInfo = "[字段名称:扩展标识]不能为空!"; return(false); } if (ValidHelper.IsSqlFilter(txtFieldMark)) { stateInfo = "您输入的[字段名称:扩展标识]存在安全问题,请检查后重试!"; return(false); } //字段名称:标识名称 string txtFieldName = form["txtFieldName"] as string; if (string.IsNullOrWhiteSpace(txtFieldName)) { stateInfo = "[字段名称:标识名称]不能为空!"; return(false); } if (ValidHelper.IsSqlFilter(txtFieldName)) { stateInfo = "您输入的[字段名称:标识名称]存在安全问题,请检查后重试!"; return(false); } //字段名称:扩展备注 string txtFieldMemo = form["txtFieldMemo"] as string; if (string.IsNullOrWhiteSpace(txtFieldMemo)) { stateInfo = "[字段名称:扩展备注]不能为空!"; return(false); } if (ValidHelper.IsSqlFilter(txtFieldMemo)) { stateInfo = "您输入的[字段名称:扩展备注]存在安全问题,请检查后重试!"; return(false); } //字段名称:查询条件 string txtFieldWhere = form["txtFieldWhere"] as string; if (string.IsNullOrWhiteSpace(txtFieldWhere)) { stateInfo = "[字段名称:查询条件]不能为空!"; return(false); } if (ValidHelper.IsSqlInjectionOfString(txtFieldWhere) || ValidHelper.IsSqlInjectionOfType(txtFieldWhere)) { stateInfo = "您输入的[字段名称:查询条件]存在安全问题,请检查后重试!"; return(false); } //连接属性:数据源 string txtConnSource = form["txtConnSource"] as string; if (string.IsNullOrWhiteSpace(txtConnSource)) { stateInfo = "[连接属性:数据源]不能为空!"; return(false); } if (txtConnSource != "(local)" && ValidHelper.IsSqlFilter(txtConnSource)) { stateInfo = "您输入的[连接属性:数据源]存在安全问题,请检查后重试!"; return(false); } //连接属性:数据库名 string txtConnData = form["txtConnData"] as string; if (string.IsNullOrWhiteSpace(txtConnData)) { stateInfo = "[连接属性:数据库名]不能为空!"; return(false); } if (ValidHelper.IsSqlFilter(txtConnData)) { stateInfo = "您输入的[连接属性:数据库名]存在安全问题,请检查后重试!"; return(false); } //连接属性:用户名称 string txtConnUser = form["txtConnUser"] as string; if (string.IsNullOrWhiteSpace(txtConnUser)) { stateInfo = "[连接属性:用户名称]不能为空!"; return(false); } if (ValidHelper.IsSqlFilter(txtConnUser)) { stateInfo = "您输入的[连接属性:用户名称]存在安全问题,请检查后重试!"; return(false); } //连接属性:用户密码 string txtConnPwd = form["txtConnPwd"] as string; if (string.IsNullOrWhiteSpace(txtConnPwd)) { stateInfo = "[连接属性:用户密码]不能为空!"; return(false); } if (ValidHelper.IsSqlFilter(txtConnPwd)) { stateInfo = "您输入的[连接属性:用户密码]存在安全问题,请检查后重试!"; return(false); } return(true); }
/// <summary> /// 用户登录验证 /// <para>返回的哈希表包含键值:</para> /// <para>Msg 消息正文,值为[refresh]时需要刷新整个页面</para> /// <para>Url 跳转的URL链接</para> /// <para>IsCode 刷新验证码</para> /// </summary> /// <param name="userName">帐号名称</param> /// <param name="userPwd">帐号密码</param> /// <param name="checkCode">验证码</param> /// <param name="returnUrl">登录跳转页面</param> /// <param name="outEx">异常信息对象</param> /// <returns>验证结果</returns> public static Hashtable VerifyLogin(string userName, string userPwd, string checkCode, string returnUrl, out Exception outEx) { outEx = null; Hashtable ht = new Hashtable(); ht.Add("Msg", GeneralHandler.FBaseInfo); ht.Add("Url", GeneralHandler.SiteLoginUrl); ht.Add("IsCode", false); try { if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(userPwd) || string.IsNullOrEmpty(checkCode)) { return(ht); } userPwd = CryptoHelper.MD5(userPwd, true); checkCode = checkCode.ToLower(); string verifyCode = HttpContext.Current.Session["CheckCode"] as string; verifyCode = verifyCode.ToLower(); if (checkCode.Length != 4 || !ValidHelper.EngIsEngAndNum(checkCode) || checkCode != verifyCode) { ht["Msg"] = "您输入的验证码不正确[4个字符]。"; ht["IsCode"] = true; } else if (userName.Length < 4 || userName.Length > 16 || !ValidHelper.EngIsRegisters(userName)) { ht["Msg"] = "您输入的用户名不正确[4-16个字符]。"; } else if (ValidHelper.IsSqlFilter(userName)) { ht["Msg"] = "您输入的用户名不正确[4-16个字符]。IsSqlFilter"; } else if (!DawnAuthUserBLL.ExistsOfName(userName)) { ht["Msg"] = "您输入的用户名不存在!"; } else { var userIList = DawnAuthUserBLL.ISelect(string.Format("[user_name]='{0}' and [user_pwd]='{1}'", userName, userPwd)); if (userIList.Count == 0) { ht["Msg"] = "您输入的用户名与密码不匹配!"; } else if (userIList.Count > 1) { ht["Msg"] = "您的账号存在异常,请联系管理员!"; } else { var userInfo = userIList.First(); if (userInfo.UserStatus == 0) { ht["Msg"] = "您的账号存已禁用,请联系管理员!"; } else if (userInfo.UserGrade < 1) { ht["Msg"] = "对不起,您的管理级别不符合!"; } else { userIList.Clear(); HttpContext.Current.Session["LoginName"] = userName; HttpContext.Current.Session[userName] = CryptoHelper.Encrypt(JsonConvert.SerializeObject(userInfo), GeneralHandler.TokenKey); var userAuth = DawnAuthUserBLL.GetUserAuthority(userInfo.UserId); HttpContext.Current.Session["LoginAuthority"] = CryptoHelper.Encrypt(JsonConvert.SerializeObject(userAuth), GeneralHandler.TokenKey); var userStat = DawnAuthUserBLL.GetUserStatus(userInfo.UserId); HttpContext.Current.Session["LoginStatus"] = CryptoHelper.Encrypt(JsonConvert.SerializeObject(userStat), GeneralHandler.TokenKey); var userExtent = DawnAuthUserExtentBLL.ISelect(string.Format("user_id='{0}'", userInfo.UserId)); HttpContext.Current.Session["LoginExtent"] = CryptoHelper.Encrypt(JsonConvert.SerializeObject(userExtent), GeneralHandler.TokenKey); FormsAuthentication.SetAuthCookie(CryptoHelper.Encrypt(userName, GeneralHandler.TokenKey), false); #region 登录日志 DawnAuthUserLoginMDL dataInfo = new DawnAuthUserLoginMDL(); dataInfo.UserId = userInfo.UserId; dataInfo.LogTime = DateTime.Now; dataInfo.LogIp = RequestHelper.GetIPAddress(); dataInfo.LogMac = DawnXZ.PHYUtility.ManagementHelper.Instance().MacAddress.ToUpper(); dataInfo.LogComputer = "Unknown"; dataInfo.LogAttach = null; dataInfo.LogCount = 1; DawnAuthUserLoginBLL.Insert(dataInfo); #endregion ht["Msg"] = GeneralHandler.StateSuccess; ht["Url"] = string.IsNullOrEmpty(returnUrl) ? GeneralHandler.SiteLoginedUrl : returnUrl; } } } } catch (Exception ex) { outEx = ex; ht["Msg"] = GeneralHandler.StateRefresh; } return(ht); }
public JsonResult Logined(FormCollection form) { Hashtable ht = new Hashtable(); ht.Add("Msg", GeneralHandler.FBaseInfo); ht.Add("Url", GeneralHandler.SiteLoginUrl); ht.Add("IsCode", false); try { string txtUname = form["txtUname"] as string; string txtUpwd = form["txtUpwd"] as string; txtUpwd = CryptoHelper.MD5(txtUpwd, true); string txtCheckCode = form["txtCheckCode"] as string; txtCheckCode = txtCheckCode.ToLower(); string strCheckCode = Session["CheckCode"] as string; strCheckCode = strCheckCode.ToLower(); if (txtCheckCode.Length != 4 || !ValidHelper.EngIsEngAndNum(txtCheckCode) || txtCheckCode != strCheckCode) { ht["Msg"] = "您输入的验证码不正确[4个字符]。"; ht["IsCode"] = true; } else if (txtUname.Length < 4 || txtUname.Length > 16 || !ValidHelper.EngIsRegisters(txtUname)) { ht["Msg"] = "您输入的用户名不正确[4-16个字符]。"; } else if (ValidHelper.IsSqlFilter(txtUname)) { ht["Msg"] = "您输入的用户名不正确[4-16个字符]。IsSqlFilter"; } else if (!DawnAuthUserBLL.ExistsOfName(txtUname)) { ht["Msg"] = "您输入的用户名不存在!"; } else { var userIList = DawnAuthUserBLL.ISelect(string.Format("[user_name]='{0}' and [user_pwd]='{1}'", txtUname, txtUpwd)); if (userIList.Count == 0) { ht["Msg"] = "您输入的用户名与密码不匹配!"; } else if (userIList.Count > 1) { ht["Msg"] = "您的账号存在异常,请联系管理员!"; } else { var userInfo = userIList.First(); if (userInfo.UserStatus == 0) { ht["Msg"] = "您的账号存已禁用,请联系管理员!"; } else if (userInfo.UserGrade < 2) { ht["Msg"] = "对不起,您的管理级别不符合!"; } else { userIList.Clear(); Session["LoginName"] = txtUname; Session[txtUname] = CryptoHelper.Encrypt(JsonConvert.SerializeObject(userInfo), GeneralHandler.TokenKey); var userAuth = DawnAuthUserBLL.GetUserAuthority(userInfo.UserId); Session["LoginAuthority"] = CryptoHelper.Encrypt(JsonConvert.SerializeObject(userAuth), GeneralHandler.TokenKey); var userStat = DawnAuthUserBLL.GetUserStatus(userInfo.UserId); Session["LoginStatus"] = CryptoHelper.Encrypt(JsonConvert.SerializeObject(userStat), GeneralHandler.TokenKey); var userExtent = DawnAuthUserExtentBLL.ISelect(string.Format("user_id='{0}'", userInfo.UserId)); Session["LoginExtent"] = CryptoHelper.Encrypt(JsonConvert.SerializeObject(userExtent), GeneralHandler.TokenKey); FormsAuthentication.SetAuthCookie(CryptoHelper.Encrypt(txtUname, GeneralHandler.TokenKey), false); #region 登录日志 DawnAuthUserLoginMDL dataInfo = new DawnAuthUserLoginMDL(); dataInfo.UserId = userInfo.UserId; dataInfo.LogTime = DateTime.Now; dataInfo.LogIp = RequestHelper.GetIPAddress(); dataInfo.LogMac = "Unknown"; dataInfo.LogComputer = "Unknown"; dataInfo.LogAttach = null; dataInfo.LogCount = 1; DawnAuthUserLoginBLL.Insert(dataInfo); #endregion ht["Msg"] = GeneralHandler.StateSuccess; ht["Url"] = GeneralHandler.SiteLoginedUrl; //var hidReturnUrl = form["hidReturnUrl"] as string; //ht["Url"] = string.IsNullOrEmpty(hidReturnUrl) ? GeneralHandler.SiteLoginedUrl : hidReturnUrl; } } } } catch (Exception ex) { //ht["Msg"] = GeneralHandler.StateRefresh; ht["Msg"] = "对不起!无法与数据库建立连接!请联系管理员!"; GeneralHandler.InsertByError(ex); } return(Json(ht)); }