protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
Decoder dcode = new Decoder();
string mErr = "";
// 檢查使用者權限但不存入登入紀錄
//Check_Power("3002", false);
if (Request["fl_url"] != null)
{
lb_fl_url.Text = dcode.DeCode(Request["fl_url"].Trim());
if (lb_fl_url.Text == Album.Root)
mErr = "根目錄不可刪除\\n";
else
{
lb_path.Text = Server.MapPath(lb_fl_url.Text);
#region 取得目前目錄的名稱
lb_al_name.Text = lb_fl_url.Text.Replace(Album.Root,"").Replace("//","");
if (!Directory.Exists(lb_path.Text))
mErr = "找不到指定的路徑\\n";
#endregion
}
}
else
mErr = "參數傳送錯誤!\\n";
if (mErr != "")
lt_show.Text = "<script language=\"javascript\">alert(\"" + mErr + "\");parent.close_all();parent.clean_win();</script>";
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
Decoder dcode = new Decoder();
string mErr = "", fl_name = "", fl_url = "", fpath = "";
// 檢查使用者權限,但不存登入紀錄
//Check_Power("3002", false);
if (Request["fl_name"] == null || Request["fl_url"] == null)
mErr = "參數傳送錯誤!\\n";
else
{
fl_name = Request["fl_name"].Trim().ToLower();
fl_url = dcode.DeCode(Request["fl_url"].Trim());
if (fl_name == "" || fl_url == "")
mErr = "參數傳送錯誤!\\n";
}
#region 取得相片資訊
if (mErr == "") {
fpath = Server.MapPath(fl_url);
if (fpath.Substring(fpath.Length - 1, 1) != "\\")
fpath += "\\";
string[] mFiles = Directory.GetFiles(fpath, fl_name);
if (mFiles.Length > 0)
{
FileInfo fi_obj = new FileInfo(mFiles[0].ToString());
lb_ac_name.Text = fl_name;
lb_ac_size.Text = fi_obj.Length.ToString("N0");
lb_init_time.Text = fi_obj.LastWriteTime.ToString("yyyy/MM/dd HH:mm:ss");
lb_ac_type.Text = fi_obj.Extension.ToLower();
#region 讀取圖檔資料
using (System.Drawing.Image img_obj = System.Drawing.Image.FromFile(fpath + fl_name))
{
lb_ac_wh.Text = img_obj.Width.ToString() + " × " + img_obj.Height.ToString();
}
#endregion
}
else
mErr = "找不到指定的相片!\\n";
mFiles = null;
}
#endregion
if (mErr != "")
lt_show.Text = "<script language=javascript>alert(\"" + mErr + "\");parent.close_all();parent.clean_win();</script>";
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
Decoder dcode = new Decoder();
string mErr = "";
// 檢查使用者權限但不存入登入紀錄
//Check_Power("3002", false);
if (Request["fl_url"] != null)
{
lb_fl_url.Text = dcode.DeCode(Request["fl_url"].Trim());
}
else
mErr = "參數傳送錯誤!\\n";
if (mErr != "")
lt_show.Text = "<script language=\"javascript\">alert(\"" + mErr + "\");parent.close_all();parent.clean_win();</script>";
}
}
protected void Page_Load(object sender, EventArgs e)
{
Decoder dcode = new Decoder();
if (!IsPostBack)
{
// 檢查使用者權限並存入登入紀錄
//Check_Power("3002", true);
if (Request["fl_url"] != null)
{
lb_fl_url.Text = dcode.DeCode(Request["fl_url"].Trim());
lb_fl_url_encode.Text = Server.UrlEncode(dcode.EnCode(lb_fl_url.Text));
lb_path.Text = Server.MapPath(lb_fl_url.Text);
if (lb_fl_url.Text == Album.Root)
{
lb_show_path.Text = "根目錄";
}
else
{
// 僅顯示 Album.Root 以後的目錄名稱
lb_show_path.Text = lb_fl_url.Text.Replace(Album.Root, "");
// 檢查目錄是否存在
if (! Directory.Exists(lb_path.Text))
lt_show.Text = "<script language=javascript>alert(\"找不到指定的路徑\\n\");location.replace(\"3002.aspx\");</script>";
}
}
else
{
lb_fl_url.Text = Album.Root;
lb_fl_url_encode.Text = Server.UrlEncode(dcode.EnCode(lb_fl_url.Text));
lb_path.Text = Server.MapPath(lb_fl_url.Text);
lb_show_path.Text = "根目錄";
}
}
}
// Check_ID() 檢查帳號密碼,儲存紀錄,傳回權限
// 傳入參數 mg_id 使用者帳號
// mg_pass 登入密碼
// ip_addr 使用者 IP
// 傳回數值 *開頭 *錯誤訊息
// 其它 管理者編號;管理者姓名;權限字串
public string Check_ID(string mg_id, string mg_pass, string ip_addr)
{
string SqlString = "";
string mCheck = "", mErr = "", mg_sid = "", mg_name = "";
StringBuilder mg_power = new StringBuilder();
Decoder dcode = new Decoder();
// 取得使用者資料
using (SqlConnection Sql_Conn = new SqlConnection(WebConfigurationManager.ConnectionStrings["AppSysConnectionString"].ConnectionString))
{
SqlString = "Select Top 1 mg_sid, mg_name, mg_id, mg_pass From Manager Where mg_id = @mg_id";
Sql_Conn.Open();
using (SqlCommand Sql_Command = new SqlCommand())
{
SqlDataReader Sql_Reader;
Sql_Command.Connection = Sql_Conn;
Sql_Command.CommandText = SqlString;
Sql_Command.Parameters.AddWithValue("@mg_id", mg_id);
Sql_Reader = Sql_Command.ExecuteReader();
if (Sql_Reader.Read())
{
// 再次確認帳號及密碼,以防有人使用 SQL 隱碼攻擊侵入
if (Sql_Reader["mg_id"].ToString().Trim() == mg_id)
{
// 密碼欄位需解密後再行核對
if (mg_pass == dcode.DeCode(Sql_Reader["mg_pass"].ToString().Trim()))
{
// 建立 Session
mg_sid = Sql_Reader["mg_sid"].ToString().Trim();
mg_name = Sql_Reader["mg_name"].ToString().Trim();
Sql_Command.Dispose();
Sql_Reader.Close();
Sql_Reader.Dispose();
// 取得執行權限,置入 mg_power
// 清除 SqlString 字串
SqlString.Remove(0, SqlString.Length);
if (mg_sid.ToString() == "0")
{
// 若為系統總管理者,擁有全部的功能執行權限
SqlString = "Select fi_no2 From Func_Item2 Where is_visible <> 0";
}
else
{
// 一般使用者,由人員系統權限 Func_Power 資料表取得可執行的權限,以及系統管理用的功能
SqlString = "Select fi_no2 From Func_Power Where mg_sid = @mg_sid And is_enable = 1";
SqlString = SqlString + " Union ";
SqlString = SqlString + "Select fi_no2 From Func_Item2 Where is_visible = 2";
}
// 取得權限,並填入 mg_power
Sql_Command.Connection = Sql_Conn;
Sql_Command.CommandText = SqlString;
Sql_Command.Parameters.AddWithValue("@mg_sid", mg_sid);
Sql_Reader = Sql_Command.ExecuteReader();
while (Sql_Reader.Read())
{
mg_power.Append(Sql_Reader["fi_no2"].ToString() + ";");
}
Sql_Command.Dispose();
Sql_Reader.Close();
if (mg_power.ToString() == "")
mErr = "沒有任何的執行權限,請用其它帳號重新登入!\\n";
else
{ // 存入使用者登入紀錄,並更新最後更新紀錄
SqlString = "Insert Into Mg_Log (mg_sid, fi_no2, lg_time, lg_ip) Values";
SqlString += " (@mg_sid, '0001', getdate(), @lg_ip);";
SqlString += "Update Manager Set last_date = getdate() Where mg_sid = @mg_sid";
Sql_Command.Parameters.Clear();
Sql_Command.Connection = Sql_Conn;
Sql_Command.CommandText = SqlString;
Sql_Command.Parameters.AddWithValue("@mg_sid", mg_sid);
Sql_Command.Parameters.AddWithValue("@lg_ip", ip_addr);
Sql_Command.ExecuteNonQuery();
// 刪除一年前所有使用者的登入資料
SqlString = "Delete Mg_Log Where lg_time < DateAdd(yy, -1,getdate())";
Sql_Command.Parameters.Clear();
Sql_Command.Connection = Sql_Conn;
Sql_Command.CommandText = SqlString;
Sql_Command.Parameters.AddWithValue("@mg_sid", mg_sid);
Sql_Command.ExecuteNonQuery();
}
}
else
mErr = "帳號、密碼有誤!\\n"; // 不想讓使用者清楚知道是密碼錯誤,所以帳號、密碼兩者都寫
}
else
mErr = "請使用正確的方式登入!\\n";
Sql_Command.Dispose();
Sql_Reader.Close();
Sql_Reader.Dispose();
}
else
mErr = "帳號、密碼有誤!\\n";
}
}
if (mErr == "")
{
// 以 \t\n 為間隔
mCheck = mg_sid + "\t\n" + mg_name + "\t\n" + mg_power;
}
else
{
mCheck = "*" + mErr;
}
return mCheck;
}
protected void bn_decode_Click(object sender, EventArgs e)
{
Decoder dcode = new Decoder();
lb_source.Text = dcode.DeCode(tb_encrypt.Text);
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
Decoder dcode = new Decoder();
string mErr = "", fl_url = "";
// 檢查使用者權限並存入登入紀錄
//Check_Power("2003", true);
#region 取得所屬的實體位置
using (SqlConnection Sql_conn = new SqlConnection(WebConfigurationManager.ConnectionStrings["AppSysConnectionString"].ConnectionString))
{
using (SqlCommand Sql_Command = new SqlCommand())
{
string SqlString = "";
SqlString = "Select Top 1 fl_url From Fi_Location Where fl_no = 3";
Sql_Command.Connection = Sql_conn;
Sql_Command.CommandText = SqlString;
Sql_conn.Open();
using (SqlDataReader Sql_Reader = Sql_Command.ExecuteReader())
{
if (Sql_Reader.Read())
{
lb_fl_url.Text = Sql_Reader["fl_url"].ToString().Trim();
bn_go_root.ToolTip = "回到 " + lb_fl_url.Text + " ";
}
else
mErr = "找不到指定的路徑\\n";
Sql_Reader.Close();
}
}
#endregion
}
if (mErr == "")
{
#region 判斷是否有傳入值
if (Request["fl_url"] == null)
lb_url.Text = lb_fl_url.Text;
else if (Request["fl_url"].Trim() == "")
lb_url.Text = lb_fl_url.Text;
else
{
fl_url = dcode.DeCode(Request["fl_url"].Trim());
// 檢查是否有人使用入侵方式進入
if (fl_url.Length < lb_fl_url.Text.Length)
lb_url.Text = lb_fl_url.Text;
else if (fl_url.Substring(0, lb_fl_url.Text.Length) == lb_fl_url.Text)
lb_url.Text = fl_url;
else
lb_url.Text = lb_fl_url.Text;
}
lb_path.Text = Server.MapPath(lb_url.Text);
// 加密編碼,傳送時以防入侵
lb_url_encode.Text = Server.UrlEncode(dcode.EnCode(lb_url.Text));
lb_fl_url_encode.Text = Server.UrlEncode(dcode.EnCode(lb_fl_url.Text));
#endregion
// 取得路徑內的子目錄及檔案清單
Get_PathFile();
}
// 顯示錯誤訊息
if (mErr != "")
lt_show.Text = "<script language=javascript>alert(\"" + mErr + "\");</script>";
}
}
protected void Page_Load(object sender, EventArgs e)
{
Decoder dcode = new Decoder();
string mErr = "", fpath = "", fext = "", fname = "";
string file_ext = ".jpg.gif.png.bmp.wmf"; // 允許使用的檔案副檔名
int ckint = -1, iCnt = 0, rCnt = 0;
if (!IsPostBack)
{
// 檢查使用者權限,但不存登入紀錄
//Check_Power("3002", false);
// 上下一筆時處理用的指標
if (Request["rownum"] != null)
{
if (int.TryParse(Request["rownum"], out ckint))
rownum = ckint;
else
rownum = 1;
}
else
rownum = 1;
// 顯示效果
if (Request["effect"] != null)
if (int.TryParse(Request["effect"], out ckint))
show_effect = ckint;
else
show_effect = 0;
else
show_effect = 0;
if (Request["fl_url"] != null)
{
fl_url = dcode.DeCode(Request["fl_url"].Trim());
if (fl_url.Substring(fl_url.Length - 1, 1) != "/")
fl_url += "/";
fpath = Server.MapPath(fl_url);
if (fpath.Substring(fpath.Length - 1, 1) != "\\")
fpath = fpath + "\\";
if (Directory.Exists(fpath))
fl_url_encode = Server.UrlEncode(dcode.EnCode(fl_url));
else
mErr = "找不到這個目錄!\\n";
}
else
mErr = "參數傳送錯誤!\\n";
if (mErr == "") {
#region 處理圖形資料
string[] mFiles = Directory.GetFiles(fpath, "*");
if (mFiles.Length > 0)
{
Array.Sort(mFiles);
maxrow = 0;
rCnt = 0;
for (iCnt = 0; iCnt < mFiles.Length; iCnt++)
{
fname = mFiles[iCnt].Replace(fpath, "").Replace("\\", "").ToLower();
fext = Path.GetExtension(fname).ToString().ToLower();
if (file_ext.Contains(fext))
{
maxrow++;
if (rownum == maxrow)
{
rCnt = maxrow;
ac_pic = fl_url + fname;
fl_name = fname;
}
else if (maxrow == 1)
{
ac_pic = fl_url + fname;
fl_name = fname;
}
}
}
if (maxrow == 0)
mErr = "這個目錄已經沒有相片檔案了!\\n";
else
{
#region 找不到指定順序的圖形
if (rCnt == 0)
rCnt = 1;
#endregion
rownum = rCnt;
}
}
else
mErr = "這個目錄已經沒有相片了!\\n";
#endregion
}
if (mErr != "")
lt_show.Text = "<script language=javascript>alert(\"" + mErr + "\");window.close();</script>";
}
}
protected void bn_ok_Click(object sender, EventArgs e)
{
Common_Func cfc = new Common_Func();
string mErr = "", mg_npass = "";
mg_npass = tb_npass.Text.Trim();
if (tb_spass.Text.Trim() == "")
mErr = mErr + "請輸入「原登入密碼」!\\n";
if (mg_npass == "")
mErr = mErr + "請輸入「新登入密碼」!\\n";
else if (cfc.CheckSQL(mg_npass))
mErr = mErr + "「新登入密碼」請勿使用特殊符號!\\n";
else if (mg_npass.Length > 12 || mg_npass.Length < 4)
mErr = mErr + "「新登入密碼」長度為4~12個字!\\n";
if (mg_npass != tb_rpass.Text.Trim())
mErr = mErr + "「新登入密碼」與「新密碼確認」輸入的資料不同!\\n";
else
{
if (tb_spass.Text.Trim() == tb_npass.Text.Trim())
mErr = mErr + "「原登入密碼」與「新登入密碼」不可相同!\\n";
}
if (mErr == "")
{
string mg_pass = "", mg_id = "";
string SqlString = "";
SqlConnection Sql_conn;
SqlCommand Sql_command;
SqlDataReader Sql_reader;
Decoder dcd = new Decoder();
SqlString = "Select Top 1 mg_id, mg_pass From Manager Where mg_sid = @mg_sid";
Sql_conn = new SqlConnection(WebConfigurationManager.ConnectionStrings["AppSysConnectionString"].ConnectionString);
Sql_conn.Open();
Sql_command = new SqlCommand(SqlString, Sql_conn);
Sql_command.Parameters.AddWithValue("@mg_sid", Session["mg_sid"].ToString());
Sql_reader = Sql_command.ExecuteReader();
if (Sql_reader.Read())
{
mg_id = Sql_reader["mg_id"].ToString().Trim();
// 取得登入者於 mg_pass 欄位中的密碼並加以解密。
mg_pass = dcd.DeCode(Sql_reader["mg_pass"].ToString().Trim());
}
Sql_reader.Close();
// 比對資料表中的帳號和密碼是否與使用者所輸入者相符。
if (mg_id == tb_id.Text.Trim() && mg_pass == tb_spass.Text.Trim())
{
// 加密使用者所輸入的新密碼。
mg_pass = dcd.EnCode(tb_npass.Text.Trim());
// 更新密碼。
SqlString = "Update Manager Set mg_pass = @mg_pass Where mg_sid = @mg_sid and mg_id = @mg_id";
Sql_command.Parameters.Clear();
Sql_command = new SqlCommand(SqlString, Sql_conn);
Sql_command.Parameters.AddWithValue("@mg_sid", Session["mg_sid"].ToString());
Sql_command.Parameters.AddWithValue("@mg_id", mg_id);
Sql_command.Parameters.AddWithValue("@mg_pass", mg_pass);
Sql_command.ExecuteNonQuery();
mErr = "密碼已更新完成,會在下一次登入時生效!\\n";
}
else
{
// 為避免有駭客入侵,不可明確表示是那個欄位輸入錯誤的訊息。
mErr = mErr + "「使用者帳號」或「原登入密碼」輸入錯誤!\\n";
}
Sql_command.Dispose();
Sql_conn.Close();
}
Literal txtMsg = new Literal();
// 傳送錯誤訊息
txtMsg.Text = "<script language=javascript>alert('" + mErr + "');</script>";
// 利用 javascript 傳送錯誤訊息或進入功能頁面
Page.Controls.Add(txtMsg);
}
