public void Add_log(int uid, string uname, string ip, string EventTitle, string EventType, int EventID, string Remind_name, string Original_txt, string Current_txt, string factory_Id) { XHD.BLL.Sys_log log = new XHD.BLL.Sys_log(); XHD.Model.Sys_log modellog = new XHD.Model.Sys_log(); modellog.EventDate = DateTime.Now; modellog.UserID = uid; modellog.UserName = PageValidate.InputText(uname, 255); modellog.IPStreet = PageValidate.InputText(ip, 255); modellog.EventTitle = PageValidate.InputText(EventTitle, 255); modellog.EventType = PageValidate.InputText(EventType, 255); modellog.EventID = EventID.ToString(); modellog.Original_txt = "【" + PageValidate.InputText(Remind_name, 255) + "】" + PageValidate.InputText(Original_txt, int.MaxValue); modellog.Current_txt = "【" + PageValidate.InputText(Remind_name, 255) + "】" + PageValidate.InputText(Current_txt, int.MaxValue); modellog.Factory_Id = factory_Id; log.Add(modellog); }
public void ProcessRequest(HttpContext context) { context.Response.ContentType = "text/plain"; HttpRequest request = context.Request; XHD.BLL.ssn_role_emp rm = new XHD.BLL.ssn_role_emp(); XHD.Model.ssn_role_emp model = new XHD.Model.ssn_role_emp(); var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName]; var ticket = FormsAuthentication.Decrypt(cookie.Value); string CoockiesID = ticket.UserData; XHD.BLL.hr_employee emp = new XHD.BLL.hr_employee(); int emp_id = int.Parse(CoockiesID); DataSet dsemp = emp.GetList("id=" + emp_id); string empname = string.Empty; string uid = string.Empty; string factory_Id = string.Empty; if (dsemp != null && dsemp.Tables[0].Rows.Count > 0) { empname = dsemp.Tables[0].Rows[0]["name"].ToString(); uid = dsemp.Tables[0].Rows[0]["uid"].ToString(); factory_Id = dsemp.Tables[0].Rows[0]["Factory_Id"].ToString(); } if (request["Action"] == "add") { string rid = PageValidate.InputText(request["role_id"], 50); string empids = XHD.Common.PageValidate.InputText(request["empids"], int.MaxValue); //rm.Delete(string.Format("RoleID={0} and empID in ({1})", int.Parse(rid), empids)); string[] emplist = empids.Split(','); model.RoleID = int.Parse(rid); for (int i = 0; i < emplist.Length; i++) { model.empID = int.Parse(emplist[i].ToString()); rm.Add(model); } XHD.BLL.Sys_log log = new XHD.BLL.Sys_log(); XHD.Model.Sys_log modellog = new XHD.Model.Sys_log(); modellog.EventDate = DateTime.Now; modellog.UserID = emp_id; modellog.UserName = PageValidate.InputText(empname, 255); modellog.IPStreet = context.Request.UserHostAddress; modellog.EventType = "权限人员调整"; modellog.EventID = rid.ToString(); log.Add(modellog); } else if (request["Action"] == "remove") { string rid = PageValidate.InputText(request["role_id"], 50); string empids = XHD.Common.PageValidate.InputText(request["empids"], int.MaxValue); rm.Delete(string.Format("RoleID={0} and empID in ({1})", int.Parse(rid), empids)); XHD.BLL.Sys_log log = new XHD.BLL.Sys_log(); XHD.Model.Sys_log modellog = new XHD.Model.Sys_log(); modellog.EventDate = DateTime.Now; modellog.UserID = emp_id; modellog.UserName = PageValidate.InputText(empname, 255); modellog.IPStreet = context.Request.UserHostAddress; modellog.EventType = "权限人员调整"; modellog.EventID = rid.ToString(); log.Add(modellog); } else if (request["Action"] == "emplist") { string rid = PageValidate.InputText(request["role_id"], 50); string sql = (string.Format("ID not in (select empID from ssn_role_emp where RoleID={0}) and uid !='admin' ", rid)); sql += " and factory_Id='" + factory_Id + "'"; if (!string.IsNullOrEmpty(request["stext"])) { sql += " and name like '%" + PageValidate.InputText(request["stext"], 255) + "%'"; } int PageIndex = int.Parse(request["page"] == null ? "1" : request["page"]); int PageSize = int.Parse(request["pagesize"] == null ? "30" : request["pagesize"]); string sortname = request["sortname"]; string sortorder = request["sortorder"]; if (string.IsNullOrEmpty(sortname)) { sortname = " ID"; } if (string.IsNullOrEmpty(sortorder)) { sortorder = " desc"; } string sorttext = " " + sortname + " " + sortorder; string Total; dsemp = emp.GetList(PageSize, PageIndex, sql, sorttext, out Total); string dt = XHD.Common.GetGridJSON.DataTableToJSON1(dsemp.Tables[0], Total); context.Response.Write(dt); } else if (request["Action"] == "emplistDep") { string rid = PageValidate.InputText(request["role_id"], 50); string depid = PageValidate.InputText(request["depid"], 50); string sql = (string.Format("ID not in (select empID from ssn_role_emp where RoleID={0}) and uid !='admin' ", rid)); sql += " and factory_Id='" + factory_Id + "' and d_id in ( " + depid + ")"; int PageIndex = int.Parse(request["page"] == null ? "1" : request["page"]); int PageSize = int.Parse(request["pagesize"] == null ? "30" : request["pagesize"]); string sortname = request["sortname"]; string sortorder = request["sortorder"]; if (string.IsNullOrEmpty(sortname)) { sortname = " ID"; } if (string.IsNullOrEmpty(sortorder)) { sortorder = " desc"; } string sorttext = " " + sortname + " " + sortorder; string Total; dsemp = emp.GetList(PageSize, PageIndex, sql, sorttext, out Total); string dt = XHD.Common.GetGridJSON.DataTableToJSON1(dsemp.Tables[0], Total); context.Response.Write(dt); } else if (request["Action"] == "get") { string rid = PageValidate.InputText(request["role_id"], 50); if (!string.IsNullOrEmpty(rid)) { string sql = (string.Format("ID in (select empID from ssn_role_emp where RoleID={0})", int.Parse(rid))); sql += " and factory_Id=" + factory_Id; if (!string.IsNullOrEmpty(request["stext"])) { sql += " and name like '%" + PageValidate.InputText(request["stext"], 255) + "%'"; } int PageIndex = int.Parse(request["page"] == null ? "1" : request["page"]); int PageSize = int.Parse(request["pagesize"] == null ? "30" : request["pagesize"]); string sortname = request["sortname"]; string sortorder = request["sortorder"]; if (string.IsNullOrEmpty(sortname)) { sortname = " ID"; } if (string.IsNullOrEmpty(sortorder)) { sortorder = " desc"; } string sorttext = " " + sortname + " " + sortorder; string Total; dsemp = emp.GetList(PageSize, PageIndex, sql, sorttext, out Total); string dt = XHD.Common.GetGridJSON.DataTableToJSON1(dsemp.Tables[0], Total); context.Response.Write(dt); } else { context.Response.Write("test" + rid); } } }
public void ProcessRequest(HttpContext context) { context.Response.ContentType = "text/plain"; context.Response.Charset = "utf-8"; HttpRequest request = context.Request; if (request["Action"] == "login") { XHD.BLL.hr_employee emp = new XHD.BLL.hr_employee(); XHD.BLL.Sys_FactoryInfo fty = new XHD.BLL.Sys_FactoryInfo(); string username = PageValidate.InputText(request["username"], 255); //string password = FormsAuthentication.HashPasswordForStoringInConfigFile(request["password"], "MD5"); string password = PageValidate.InputText(request["password"], 255); string validate = PageValidate.InputText(request["validate"], 255); //SQL注入式攻击过滤=========================================================================================== string path = context.Server.MapPath(@"../file/SQLFile.txt"); if (CommonData.getSQLPercolation(username.ToUpper(), path)) { context.Response.Write("999");//系统错误 return; } //============================================================================================================ if (!string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password)) { //if (validate == context.Session["CheckCode"].ToString() || validate.ToLower() == context.Session["CheckCode"].ToString().ToLower()) //{ //DataSet ds = emp.GetList(" uid='" + username + "' and pwd='" + password + "'"); XHD.Model.hr_employee empModel = emp.LoginUser(username); //IP 限制==================================================================================================== string vrip = GetClientIPv4Address(); List <string> lstIp = new List <string>(); lstIp.Add("219.146.197.91"); //电信IP地址 lstIp.Add("60.213.50.226"); //联通IP地址 lstIp.Add("172.178.1.118"); //本地(邢荣) lstIp.Add("172.178.1.211"); //本地(陈伟) lstIp.Add("172.178.1.100"); //本地(陈伟) lstIp.Add("172.178.1.203"); //本地(robert) lstIp.Add("172.178.1.201"); //本地(李明) lstIp.Add("172.178.1.79"); //本地(王德胜) lstIp.Add("172.178.1.117"); //本地(王立全) lstIp.Add("172.178.1.243"); //本地(王虎) lstIp.Add("172.178.1.56"); //本地(马萧) lstIp.Add("172.178.1.29"); //本地(张杰) lstIp.Add("172.178.1.45"); //本地(张顾严) lstIp.Add("172.178.1.133"); //本地(吴瑞曾) //if (!lstIp.Contains(vrip)) //{ // //修改:robert, 2016-06-04 过滤特殊人群,当前:王频频wpp6274======== // if (username.Trim() != "wpp6274" && username.Trim() != "gjc1010") // { // context.Response.Write("6");//ip受限制 // return; // } // //======================================================================= //} //============================================================================================================ if (empModel != null && empModel.pwd == password.ToUpper()) { //存在该 uid的用户,并且 pwd-密码正确;执行以下内容 //if (ds.Tables[0].Rows.Count > 0) //{ if (empModel.uid.Trim() == "admin") { #region //string userid = empModel.ID.ToString(); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, empModel.uid, DateTime.Now, DateTime.Now.AddMinutes(20), true, empModel.ID.ToString(), "/" ); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); cookie.HttpOnly = true; context.Response.Cookies.Add(cookie); //FormsAuthentication.SetAuthCookie(userid, true); //日志 XHD.BLL.Sys_log log = new XHD.BLL.Sys_log(); XHD.Model.Sys_log modellog = new XHD.Model.Sys_log(); modellog.EventType = "系统登录"; modellog.EventDate = DateTime.Now; modellog.UserID = empModel.ID; modellog.UserName = empModel.name; modellog.IPStreet = request.UserHostAddress; modellog.Factory_Id = empModel.factory_Id; log.Add(modellog); //online XHD.BLL.Sys_online sol = new XHD.BLL.Sys_online(); XHD.Model.Sys_online model = new XHD.Model.Sys_online(); model.UserName = empModel.name; model.UserID = empModel.ID; model.LastLogTime = DateTime.Now; DataSet ds1 = sol.GetList(" UserID=" + empModel.ID); //添加当前用户信息 if (ds1.Tables[0].Rows.Count > 0) { sol.Update(model, " UserID=" + empModel.ID); } else { sol.Add(model); } //删除超时用户 //2分钟用户失效,删除 --Robert 2015-11-24 sol.Delete(" LastLogTime<date_sub(now(), interval 2 minute)"); //验证完毕,允许登录 context.Response.Write("2"); #endregion } else { #region DataSet dsfty = fty.GetList("Factory_Id='" + empModel.factory_Id + "'"); string isDelete = dsfty.Tables[0].Rows[0]["IsDelete"].ToString(); if (int.Parse(isDelete) == 0) { if (empModel.canlogin.ToString() == "1") { FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, username, DateTime.Now, DateTime.Now.AddMinutes(20), true, empModel.ID.ToString(), "/" ); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); cookie.HttpOnly = true; context.Response.Cookies.Add(cookie); //FormsAuthentication.SetAuthCookie(userid, true); //日志 XHD.BLL.Sys_log log = new XHD.BLL.Sys_log(); XHD.Model.Sys_log modellog = new XHD.Model.Sys_log(); modellog.EventType = "系统登录"; modellog.EventDate = DateTime.Now; modellog.UserID = empModel.ID; modellog.UserName = empModel.name; modellog.IPStreet = request.UserHostAddress; modellog.Factory_Id = empModel.factory_Id; log.Add(modellog); //online XHD.BLL.Sys_online sol = new XHD.BLL.Sys_online(); XHD.Model.Sys_online model = new XHD.Model.Sys_online(); model.UserName = empModel.name; model.UserID = empModel.ID; model.LastLogTime = DateTime.Now; DataSet ds1 = sol.GetList(" UserID=" + empModel.ID); //添加当前用户信息 if (ds1.Tables[0].Rows.Count > 0) { sol.Update(model, " UserID=" + empModel.ID); } else { sol.Add(model); } //删除超时用户 //2分钟用户失效,删除 --Robert 2015-11-24 sol.Delete(" LastLogTime<date_sub(now(), interval 2 minute)"); //验证完毕,允许登录 context.Response.Write("2"); } else { context.Response.Write("4");//不允许登录 } } else { context.Response.Write("5");//不允许登录 } #endregion } } else { context.Response.Write("1");//用户名或密码错误 } //} //else //{ // context.Response.Write("0");//验证码错误 //} } else { context.Response.Write("999");//系统数据错误 } } else if (request["Action"] == "logout") { #region var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName]; if (null != cookie) { var ticket = FormsAuthentication.Decrypt(cookie.Value); string CoockiesID = ticket.UserData; FormsAuthentication.SignOut(); context.Response.Write("true"); //online XHD.BLL.Sys_online sol = new XHD.BLL.Sys_online(); try { if (!string.IsNullOrEmpty(CoockiesID)) { sol.Delete(" UserID=" + int.Parse(CoockiesID)); } } catch { } } #endregion } else if (request["Action"] == "checkpwd") { #region var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName]; var ticket = FormsAuthentication.Decrypt(cookie.Value); string CoockiesID = ticket.UserData; XHD.BLL.hr_employee emp = new XHD.BLL.hr_employee(); int emp_id = int.Parse(CoockiesID); string password = FormsAuthentication.HashPasswordForStoringInConfigFile(request["password"], "MD5"); DataSet ds = emp.GetList(string.Format("ID={0} and pwd='{1}'", emp_id, password)); if (ds.Tables[0].Rows.Count > 0) { context.Response.Write("{sucess:sucess}"); } else { context.Response.Write("{sucess:false}"); } #endregion } }