public void ProcessRequest(HttpContext context) { context.Response.ContentType = "text/plain"; HttpRequest request = context.Request; XHD.BLL.ssn_art_menu menu = new XHD.BLL.ssn_art_menu(); XHD.BLL.sys_info info = new XHD.BLL.sys_info(); var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName]; var ticket = FormsAuthentication.Decrypt(cookie.Value); string CoockiesID = ticket.UserData; XHD.BLL.hr_employee emp = new XHD.BLL.hr_employee(); int emp_id = int.Parse(CoockiesID); DataSet dsemp = emp.GetList("id=" + emp_id); XHD.Model.hr_employee employeeModel = emp.GetModel(emp_id); //当前员工 string empname = string.Empty; string uid = string.Empty; string depid = string.Empty; string roletype = string.Empty; string factory_Id = string.Empty; if (employeeModel != null) { empname = employeeModel.name; //员工姓名 uid = employeeModel.uid; //员工Uid depid = employeeModel.d_id.ToString(); //员工所在部门 factory_Id = employeeModel.factory_Id; //员工所属工厂 roletype = employeeModel.roletype.ToString(); } #region GetSysApp if (request["Action"] == "GetSysApp") { DataSet ds = null; int appid = int.Parse(request["appid"]); if (dsemp.Tables[0].Rows.Count > 0) { if (dsemp.Tables[0].Rows[0]["uid"].ToString() == "admin") { ds = menu.GetList(0, "App_id=" + appid, "Menu_order"); } else { DataSSN.SSN_GetAuthorityByUid getauth = new DataSSN.SSN_GetAuthorityByUid(); string menus = getauth.GetAuthority(emp_id.ToString(), "Menus"); //ds = menu.GetList(0, "App_id=" + appid + " and Menu_id in " + menus + " and menu_type='aft'", "Menu_order"); ds = menu.GetList(0, "App_id=" + appid + " and Id in " + menus + " ", "Menu_order"); } } string strRe = string.Empty; //==============整理返回============================================== strRe = "[" + GetTasksString(emp_id.ToString(), empname, factory_Id, 0, ds.Tables[0]) + "]"; context.Response.Write(strRe); } #endregion #region getUserTree else if (request["Action"] == "getUserTree") { XHD.BLL.Sys_online sol = new XHD.BLL.Sys_online(); XHD.Model.Sys_online model = new XHD.Model.Sys_online(); model.UserName = PageValidate.InputText(empname, 250); model.UserID = emp_id; model.LastLogTime = DateTime.Now; DataSet ds1 = sol.GetList(" UserID=" + emp_id); //添加当前用户信息 if (ds1.Tables[0].Rows.Count > 0) { sol.Update(model, " UserID=" + emp_id); } else { sol.Add(model); } //删除超时用户 //2分钟用户失效,删除 --Robert 2015-11-24 sol.Delete(" LastLogTime<date_sub(now(), interval 2 minute)"); XHD.BLL.hr_department dep = new XHD.BLL.hr_department(); XHD.BLL.hr_post hp = new XHD.BLL.hr_post(); DataSet ds = dep.GetList(0, "factory_Id='" + factory_Id + "'", "d_order"); StringBuilder str = new StringBuilder(); str.Append("["); str.Append(GetTreeString(0, ds.Tables[0], 1, "1=1")); str.Replace(",", "", str.Length - 1, 1); str.Append("]"); context.Response.Write(str); } #endregion #region GetUserInfo else if (request["Action"] == "GetUserInfo") { string dt = XHD.Common.DataToJson.DataToJSON(dsemp); context.Response.Write(dt); } #endregion #region GetOnline else if (request["Action"] == "GetOnline") { XHD.BLL.Sys_online sol = new XHD.BLL.Sys_online(); XHD.Model.Sys_online model = new XHD.Model.Sys_online(); model.UserName = empname; model.UserID = emp_id; model.LastLogTime = DateTime.Now; DataSet ds1 = sol.GetList(" UserID=" + emp_id); //添加当前用户信息 if (ds1.Tables[0].Rows.Count > 0) { sol.Update(model, " UserID=" + emp_id); } else { sol.Add(model); } //} //删除超时用户 //2分钟用户失效,删除 --Robert 2015-11-24 sol.Delete(" LastLogTime<date_sub(now(), interval 2 minute)"); context.Response.Write(XHD.Common.GetGridJSON.DataTableToJSON(sol.GetAllList().Tables[0])); } #endregion #region getinfo else if (request["Action"] == "getinfo") { DataSet ds = info.GetList(" id=2 or id=3"); context.Response.Write(XHD.Common.GetGridJSON.DataTableToJSON(ds.Tables[0])); } #endregion #region changepwd else if (request["Action"] == "changepwd") { DataSet ds = emp.GetPWD(emp_id); XHD.Model.hr_employee model = new XHD.Model.hr_employee(); string oldpwd = FormsAuthentication.HashPasswordForStoringInConfigFile(request["T_oldpwd"], "MD5"); string newpwd = FormsAuthentication.HashPasswordForStoringInConfigFile(request["T_newpwd"], "MD5"); if (ds.Tables[0].Rows[0]["pwd"].ToString() == oldpwd) { model.pwd = newpwd; model.ID = (emp_id); emp.changepwd(model); context.Response.Write("true"); } else { context.Response.Write("false"); } } #endregion #region form else if (request["Action"] == "form") { string eid = PageValidate.InputText(request["id"], 50); if (eid == "epu") { eid = emp_id.ToString(); } DataSet ds = emp.GetList("id=" + int.Parse(eid)); string dt = XHD.Common.DataToJson.DataToJSON(ds); context.Response.Write(dt); } #endregion #region PersonalUpdate保存修改信息 else if (request["Action"] == "PersonalUpdate") { XHD.Model.hr_employee model = new XHD.Model.hr_employee(); model.email = PageValidate.InputText(request["T_email"], 255); model.name = PageValidate.InputText(request["T_name"], 255); model.birthday = PageValidate.InputText(request["T_birthday"], 255); model.sex = PageValidate.InputText(request["T_sex"], 255); model.idcard = PageValidate.InputText(request["T_idcard"], 255); model.tel = PageValidate.InputText(request["T_tel"], 255); model.address = PageValidate.InputText(request["T_Adress"], 255); model.schools = PageValidate.InputText(request["T_school"], 255); model.education = PageValidate.InputText(request["T_edu"], 255); model.professional = PageValidate.InputText(request["T_professional"], 255); model.remarks = PageValidate.InputText(request["T_remarks"], 255); model.title = PageValidate.InputText(request["headurl"], 255); DataRow dr = dsemp.Tables[0].Rows[0]; model.ID = emp_id; bool isup = emp.PersonalUpdate(model); if (isup) { context.Response.Write("true"); } else { context.Response.Write("false"); } C_Sys_log log = new C_Sys_log(); int UserID = emp_id; string UserName = empname; string IPStreet = request.UserHostAddress; string EventTitle = model.name; string EventType = "个人信息修改"; int EventID = emp_id; if (dr["email"].ToString() != request["T_email"]) { log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "邮箱", dr["email"].ToString(), request["T_email"], factory_Id); } if (dr["name"].ToString() != request["T_name"]) { log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "员工姓名", dr["name"].ToString(), request["T_name"], factory_Id); } if (dr["birthday"].ToString() != request["T_birthday"]) { log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "员工生日", dr["birthday"].ToString(), request["T_birthday"], factory_Id); } if (dr["sex"].ToString() != request["T_sex"]) { log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "员工性别", dr["sex"].ToString(), request["T_sex"], factory_Id); } if (dr["idcard"].ToString() != request["T_idcard"]) { log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "身份证", dr["idcard"].ToString(), request["T_idcard"], factory_Id); } if (dr["tel"].ToString() != request["T_tel"]) { log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "手机", dr["tel"].ToString(), request["T_tel"], factory_Id); } if (dr["address"].ToString() != request["T_Adress"]) { log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "地址", dr["address"].ToString(), request["T_Adress"], factory_Id); } if (dr["schools"].ToString() != request["T_school"]) { log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "毕业学校", dr["schools"].ToString(), request["T_school"], factory_Id); } if (dr["education"].ToString() != request["T_edu"]) { log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "学历", dr["education"].ToString(), request["T_edu"], factory_Id); } if (dr["professional"].ToString() != request["T_professional"]) { log.Add_log(UserID, UserName, IPStreet, EventTitle, EventType, EventID, "专业", dr["professional"].ToString(), request["T_professional"], factory_Id); } } #endregion #region tree else if (request["Action"] == "tree") { string serchtxt = " 1=1 and factory_Id = '" + factory_Id + "'"; //string authtxt = PageValidate.InputText(request["auth"], 50); //if (!string.IsNullOrEmpty(authtxt)) //{ // Data.GetDataAuth dataauth = new Data.GetDataAuth(); // string txt = dataauth.GetDataAuthByid(authtxt, "Sys_add", emp_id.ToString(), factory_Id); // string[] arr = txt.Split(':'); // switch (arr[0]) // { // case "my": // case "dep": // string did = dsemp.Tables[0].Rows[0]["d_id"].ToString(); // if (string.IsNullOrEmpty(did)) // did = "0"; // authtxt = did; // break; // case "all": // authtxt = "0"; // break; // case "depall": // DataSet dsdep = dep.GetList("factory_Id='" + factory_Id + "'"); // string deptask = GetDepTask(int.Parse(arr[1]), dsdep.Tables[0]); // string intext = arr[1] + "," + deptask; // authtxt = intext.TrimEnd(','); // break; // } //} //context.Response.Write(authtxt); XHD.BLL.hr_department dep = new XHD.BLL.hr_department(); DataSet ds = dep.GetList(0, serchtxt, " d_order"); StringBuilder str = new StringBuilder(); str.Append("["); str.Append(GetTreeString(0, ds.Tables[0], "0")); str.Replace(",", "", str.Length - 1, 1); str.Append("]"); context.Response.Write(str); } #endregion }
public void ProcessRequest(HttpContext context) { context.Response.ContentType = "text/plain"; context.Response.Charset = "utf-8"; HttpRequest request = context.Request; if (request["Action"] == "login") { XHD.BLL.hr_employee emp = new XHD.BLL.hr_employee(); XHD.BLL.Sys_FactoryInfo fty = new XHD.BLL.Sys_FactoryInfo(); string username = PageValidate.InputText(request["username"], 255); //string password = FormsAuthentication.HashPasswordForStoringInConfigFile(request["password"], "MD5"); string password = PageValidate.InputText(request["password"], 255); string validate = PageValidate.InputText(request["validate"], 255); //SQL注入式攻击过滤=========================================================================================== string path = context.Server.MapPath(@"../file/SQLFile.txt"); if (CommonData.getSQLPercolation(username.ToUpper(), path)) { context.Response.Write("999");//系统错误 return; } //============================================================================================================ if (!string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password)) { //if (validate == context.Session["CheckCode"].ToString() || validate.ToLower() == context.Session["CheckCode"].ToString().ToLower()) //{ //DataSet ds = emp.GetList(" uid='" + username + "' and pwd='" + password + "'"); XHD.Model.hr_employee empModel = emp.LoginUser(username); //IP 限制==================================================================================================== string vrip = GetClientIPv4Address(); List <string> lstIp = new List <string>(); lstIp.Add("219.146.197.91"); //电信IP地址 lstIp.Add("60.213.50.226"); //联通IP地址 lstIp.Add("172.178.1.118"); //本地(邢荣) lstIp.Add("172.178.1.211"); //本地(陈伟) lstIp.Add("172.178.1.100"); //本地(陈伟) lstIp.Add("172.178.1.203"); //本地(robert) lstIp.Add("172.178.1.201"); //本地(李明) lstIp.Add("172.178.1.79"); //本地(王德胜) lstIp.Add("172.178.1.117"); //本地(王立全) lstIp.Add("172.178.1.243"); //本地(王虎) lstIp.Add("172.178.1.56"); //本地(马萧) lstIp.Add("172.178.1.29"); //本地(张杰) lstIp.Add("172.178.1.45"); //本地(张顾严) lstIp.Add("172.178.1.133"); //本地(吴瑞曾) //if (!lstIp.Contains(vrip)) //{ // //修改:robert, 2016-06-04 过滤特殊人群,当前:王频频wpp6274======== // if (username.Trim() != "wpp6274" && username.Trim() != "gjc1010") // { // context.Response.Write("6");//ip受限制 // return; // } // //======================================================================= //} //============================================================================================================ if (empModel != null && empModel.pwd == password.ToUpper()) { //存在该 uid的用户,并且 pwd-密码正确;执行以下内容 //if (ds.Tables[0].Rows.Count > 0) //{ if (empModel.uid.Trim() == "admin") { #region //string userid = empModel.ID.ToString(); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, empModel.uid, DateTime.Now, DateTime.Now.AddMinutes(20), true, empModel.ID.ToString(), "/" ); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); cookie.HttpOnly = true; context.Response.Cookies.Add(cookie); //FormsAuthentication.SetAuthCookie(userid, true); //日志 XHD.BLL.Sys_log log = new XHD.BLL.Sys_log(); XHD.Model.Sys_log modellog = new XHD.Model.Sys_log(); modellog.EventType = "系统登录"; modellog.EventDate = DateTime.Now; modellog.UserID = empModel.ID; modellog.UserName = empModel.name; modellog.IPStreet = request.UserHostAddress; modellog.Factory_Id = empModel.factory_Id; log.Add(modellog); //online XHD.BLL.Sys_online sol = new XHD.BLL.Sys_online(); XHD.Model.Sys_online model = new XHD.Model.Sys_online(); model.UserName = empModel.name; model.UserID = empModel.ID; model.LastLogTime = DateTime.Now; DataSet ds1 = sol.GetList(" UserID=" + empModel.ID); //添加当前用户信息 if (ds1.Tables[0].Rows.Count > 0) { sol.Update(model, " UserID=" + empModel.ID); } else { sol.Add(model); } //删除超时用户 //2分钟用户失效,删除 --Robert 2015-11-24 sol.Delete(" LastLogTime<date_sub(now(), interval 2 minute)"); //验证完毕,允许登录 context.Response.Write("2"); #endregion } else { #region DataSet dsfty = fty.GetList("Factory_Id='" + empModel.factory_Id + "'"); string isDelete = dsfty.Tables[0].Rows[0]["IsDelete"].ToString(); if (int.Parse(isDelete) == 0) { if (empModel.canlogin.ToString() == "1") { FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, username, DateTime.Now, DateTime.Now.AddMinutes(20), true, empModel.ID.ToString(), "/" ); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); cookie.HttpOnly = true; context.Response.Cookies.Add(cookie); //FormsAuthentication.SetAuthCookie(userid, true); //日志 XHD.BLL.Sys_log log = new XHD.BLL.Sys_log(); XHD.Model.Sys_log modellog = new XHD.Model.Sys_log(); modellog.EventType = "系统登录"; modellog.EventDate = DateTime.Now; modellog.UserID = empModel.ID; modellog.UserName = empModel.name; modellog.IPStreet = request.UserHostAddress; modellog.Factory_Id = empModel.factory_Id; log.Add(modellog); //online XHD.BLL.Sys_online sol = new XHD.BLL.Sys_online(); XHD.Model.Sys_online model = new XHD.Model.Sys_online(); model.UserName = empModel.name; model.UserID = empModel.ID; model.LastLogTime = DateTime.Now; DataSet ds1 = sol.GetList(" UserID=" + empModel.ID); //添加当前用户信息 if (ds1.Tables[0].Rows.Count > 0) { sol.Update(model, " UserID=" + empModel.ID); } else { sol.Add(model); } //删除超时用户 //2分钟用户失效,删除 --Robert 2015-11-24 sol.Delete(" LastLogTime<date_sub(now(), interval 2 minute)"); //验证完毕,允许登录 context.Response.Write("2"); } else { context.Response.Write("4");//不允许登录 } } else { context.Response.Write("5");//不允许登录 } #endregion } } else { context.Response.Write("1");//用户名或密码错误 } //} //else //{ // context.Response.Write("0");//验证码错误 //} } else { context.Response.Write("999");//系统数据错误 } } else if (request["Action"] == "logout") { #region var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName]; if (null != cookie) { var ticket = FormsAuthentication.Decrypt(cookie.Value); string CoockiesID = ticket.UserData; FormsAuthentication.SignOut(); context.Response.Write("true"); //online XHD.BLL.Sys_online sol = new XHD.BLL.Sys_online(); try { if (!string.IsNullOrEmpty(CoockiesID)) { sol.Delete(" UserID=" + int.Parse(CoockiesID)); } } catch { } } #endregion } else if (request["Action"] == "checkpwd") { #region var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName]; var ticket = FormsAuthentication.Decrypt(cookie.Value); string CoockiesID = ticket.UserData; XHD.BLL.hr_employee emp = new XHD.BLL.hr_employee(); int emp_id = int.Parse(CoockiesID); string password = FormsAuthentication.HashPasswordForStoringInConfigFile(request["password"], "MD5"); DataSet ds = emp.GetList(string.Format("ID={0} and pwd='{1}'", emp_id, password)); if (ds.Tables[0].Rows.Count > 0) { context.Response.Write("{sucess:sucess}"); } else { context.Response.Write("{sucess:false}"); } #endregion } }