protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
string username = System.Web.HttpContext.Current.Request.Cookies.Get("UserName").Value;
conn.OpenConnection();
string sql = "SELECT * FROM UserRole WHERE UserID IN (SELECT ID FROM [User] WHERE UserName= '******')";
DataTable dt = conn.Detail(sql);
string get_roleid = dt.Rows[0][1].ToString();
conn.CloseConnection();
//fcinfo = new filterContextInfo(filterContext);
//fcinfo.actionName;//获取域名
//fcinfo.controllerName;获取 controllerName 名称
//bool isstate = true;
//islogin = false;
if (get_roleid != "")//如果满足
{
//filterContext.Result = new ContentResult { Content = @"您的角色ID是:" + get_roleid };
//filterContext.Result = new HttpUnauthorizedResult("../Admin/Index");//直接URL输入的页面地址跳转到登陆页
//filterContext.Result = new RedirectResult("../Admin/Index");//也可以跳到别的站点
//filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { controller = "../Admin", action = "Index" }));
filterContext.HttpContext.Response.Redirect("../Admin/Index");//重定向
}
else
{
filterContext.Result = new ContentResult {
Content = @"<script>alert('空!');</script>"
};
//filterContext.Result = new ContentResult { Content = @"抱歉,你不具有当前操作的权限!" };
}
}
//首页
public ActionResult Index()
{
conn.OpenConnection();
string sql = "select top 3 * from [Article] order by CreateTime desc";
DataSet ds = conn.Ds_List(sql);
ViewBag.Data = ds.Tables[0];
string sql1 = "select * from [Carousel]";
DataSet ds1 = conn.Ds_List(sql1);
ViewBag.Data1 = ds1.Tables[0];
conn.CloseConnection();
return(View(ViewBag.Data));
}
public ActionResult Index()
{
conn.OpenConnection();
string sql_UserCount = "select COUNT(*) from [User]";
int usercount = conn.Select(sql_UserCount);
string sql_TaskCount = "select COUNT(*) from [Task]";
int taskcount = conn.Select(sql_TaskCount);
string sql_ArticleCount = "select COUNT(*) from [Article]";
int articlecount = conn.Select(sql_ArticleCount);
string sql_FinishedTaskCount = "select COUNT(*) from [Task] where IsValid = 'True'";
int finishedtaskcount = conn.Select(sql_FinishedTaskCount);
ViewBag.UserCount = usercount;
ViewBag.TaskCount = taskcount;
ViewBag.ArticleCount = articlecount;
ViewBag.FinishedTaskCount = finishedtaskcount;
string sql = "select top 5 * from [Article] order by CreateTime desc";
DataSet ds = conn.Ds_List(sql);
ViewBag.Data = ds.Tables[0];
conn.CloseConnection();
return(View(ViewBag.Data));
}
protected void Page_OnUnload(object sender, EventArgs e)
{
Conn.CloseConnection();
}
public ActionResult Install(string action)
{
string sqlUser =
"******" +
"ID int identity(1,1) primary key," +
"UserName varchar(50)," +
"RealName varchar(50)," +
"Password varchar(200)," +
"CreateTime varchar(50)," +
"LastEditTime varchar(50)," +
"Phone varchar(50)," +
"Email varchar(50)," +
"Birthday varchar(50)," +
"IsValid bit);";
string sqlUserRole =
"create table UserRole (" +
"ID int identity(1,1) primary key," +
"UserID int," +
"RoleID int);";
string sqlRole =
"create table Role (" +
"ID int identity(1,1) primary key," +
"Name varchar(50)," +
"Description varchar(200));";
string sqlArticle =
"create table Article (" +
"ID int identity(1,1) primary key," +
"Title varchar(50)," +
"Content text," +
"UserID int," +
"CreateTime varchar(50)," +
"LastEditTime varchar(50)," +
"ArticleClassID int," +
"AttachmentPath varchar(200)," +
"TitleImgPath varchar(200)," +
"IsValid bit);";
string sqlTableIsValid =
"create table TableIsValid (" +
"ID int identity(1,1) primary key," +
"TableName varchar(50)," +
"IsValid bit);";
string sqlArticleClass =
"create table ArticleClass (" +
"ID int identity(1,1) primary key," +
"ClassName varchar(20)," +
"CreateTime varchar(50)," +
"LastEditTime varchar(50)," +
"IsValid bit);";
string sqlControllerActionRole =
"create table ControllerActionRole (" +
"ID int identity(1,1) primary key," +
"IsAllowed bit," +
"RoleID int," +
"Controller varchar(50)," +
"Action varchar(50));";
string sqlLoginRecord =
"create table LoginRecord (" +
"ID int identity(1,1) primary key," +
"LoginTime varchar(50)," +
"UserID int," +
"UserIP varchar(50));";
string sqlTask =
"create table Task (" +
"ID int identity(1,1) primary key," +
"Title varchar(50)," +
"Content text," +
"PublisherID int," +
"Developers varchar(200)," + //参与开发人员
"BudgetTime int," + //预算完成时长
"TurnoverTime varchar(50)," + //项目交付时间
"CreateTime varchar(50)," +
"LastEditTime varchar(50)," +
"IsValid bit); ";
string sqlTaskSchedule =
"create table TaskSchedule (" +
"ID int identity(1,1) primary key," +
"Content text," +
"TaskID int," +
"PublisherID int," +
"CreateTime varchar(50)," +
"LastEditTime varchar(50)," +
"IsValid bit); ";
string sqlModule =
"create table Module (" +
"ID int identity(1,1) primary key," +
"ModuleName varchar(50)," +
"TableName varchar(50)," +
"IsValid bit); ";
string sqlCarousel =
"create table Carousel (" +
"ID int identity(1,1) primary key," +
"CarouselPath varchar(200));";
string sqlInsertUser =
"******" +
"superadmin','姓名1','123456','2017/12/16 13:03:09','2017/12/16 13:03:09','13000000000','*****@*****.**','1997-12-16',1)," +
"('admin','姓名2','123456','2017/12/16 13:03:09','2017/12/16 13:03:09','13000000001','*****@*****.**','1997-12-16',1)," +
"('teacher','姓名3','123456','2017/12/16 13:03:09','2017/12/16 13:03:09','13000000002','*****@*****.**','1997-12-16',1)," +
"('student','姓名4','123456','2017/12/16 13:03:09','2017/12/16 13:03:09','13000000003','*****@*****.**','1997-12-16',1)";
string sqlInsertRole =
"insert into [Role] VALUES ('" +
"超级管理员','超级管理员')," +
"('管理员','管理员')," +
"('教师','教师')," +
"('学生','学生');";
string sqlInsertUserRole =
"insert into [UserRole] VALUES (" +
"1,1)," +
"(2,2)," +
"(3,3)," +
"(4,4);";
string sqlInsertPermission =
"insert into [ControllerActionRole] VALUES " +
"(1,1,'Admin','Article')," +
"(1,1,'Admin','Article_Add')," +
"(1,1,'Admin','Article_Detail')," +
"(1,1,'Admin','Article_Edit')," +
"(1,1,'Admin','Article_Remove')," +
"(1,1,'Admin','Class')," +
"(1,1,'Admin','Class_Edit')," +
"(1,1,'Admin','Permission_Add')," +
"(1,1,'Admin','PermissionSet')," +
"(1,1,'Admin','Role')," +
"(1,1,'Admin','Role_Remove')," +
"(1,1,'Admin','Task')," +
"(1,1,'Admin','Task_Add')," +
"(1,1,'Admin','Task_Detail')," +
"(1,1,'Admin','Task_Edit')," +
"(1,1,'Admin','Task_Remove')," +
"(1,1,'Admin','TaskSchedule')," +
"(1,1,'Admin','TaskSchedule_Add')," +
"(1,1,'Admin','TaskSchedule_Detail')," +
"(1,1,'Admin','TaskSchedule_Edit')," +
"(1,1,'Admin','TaskSchedule_Remove')," +
"(1,1,'Admin','UserTable')," +
"(1,1,'Admin','UserTable_Detail')," +
"(1,1,'Admin','UserTable_Edit')," +
"(1,1,'Admin','UserTable_Remove')," +
"(1,1,'Admin','Index')," +
"(1,1,'Admin','LoginRecord')," +
"(1,1,'Admin','UserCenter')," +
"(1,2,'Admin','Article_Add')," +
"(1,2,'Admin','Article_Detail')," +
"(1,2,'Admin','Article_Edit')," +
"(1,2,'Admin','Article_Remove')," +
"(1,2,'Admin','Class')," +
"(1,2,'Admin','Class_Edit')," +
"(1,2,'Admin','Permission_Add')," +
"(1,2,'Admin','PermissionSet')," +
"(1,2,'Admin','Role')," +
"(1,2,'Admin','Role_Remove')," +
"(1,2,'Admin','Task')," +
"(1,2,'Admin','Task_Add')," +
"(1,2,'Admin','Task_Detail')," +
"(1,2,'Admin','Task_Edit')," +
"(1,2,'Admin','Task_Remove')," +
"(1,2,'Admin','TaskSchedule')," +
"(1,2,'Admin','TaskSchedule_Add')," +
"(1,2,'Admin','TaskSchedule_Detail')," +
"(1,2,'Admin','TaskSchedule_Edit')," +
"(1,2,'Admin','TaskSchedule_Remove')," +
"(1,2,'Admin','UserTable')," +
"(1,2,'Admin','UserTable_Detail')," +
"(1,2,'Admin','UserTable_Edit')," +
"(1,2,'Admin','UserTable_Remove')," +
"(1,2,'Admin','Index')," +
"(1,2,'Admin','LoginRecord')," +
"(1,2,'Admin','UserCenter');";
string sqlInsertModule =
"insert into [Module] VALUES ('" +
"文章','Article','1')," +
"('投票','Vote','1')," +
"('问卷','Survey','1')";
conn.OpenConnection();
if (action == "Drop tables")
{
string sql =
"declare @sql varchar(8000) " +
"while (select count(*) from sysobjects where type='U')>0 " +
"begin SELECT @sql='drop table [' + name+']' FROM sysobjects WHERE (type = 'U') ORDER BY 'drop table [' + name+']' " +
"exec(@sql) " +
"end ";
int drop = conn.Drop(sql);
if (drop != 0)
{
ViewBag.Result = "Drop tables successfully.";
}
else
{
ViewBag.Result = "Failed to drop tables.";
}
}
if (action == "Create tables")
{
int result = conn.CreateTable(sqlUser
+ sqlUserRole
+ sqlRole
+ sqlArticle
+ sqlArticleClass
+ sqlControllerActionRole
+ sqlLoginRecord
+ sqlTask
+ sqlTaskSchedule
+ sqlInsertPermission
+ sqlTableIsValid
+ sqlModule
+ sqlCarousel
);
if (result != 0)
{
ViewBag.Result = "Create tables succuss.";
conn.CloseConnection();
return(View());
}
conn.CloseConnection();
return(View());
}
if (action == "Initialized Data")
{
int result = conn.InsertData(sqlInsertUser + sqlInsertRole + sqlInsertUserRole + sqlInsertModule);
if (result != 0)
{
ViewBag.Result = "InsertData success.";
}
else
{
ViewBag.Result = "Fail to InsertData.";
}
}
return(View());
}
//[HttpPost]
public ActionResult Register(FormCollection collection, string action)
{
string username = collection["username"];
string password = collection["password"];
string realname = collection["realname"];
string phone = collection["phone"];
string email = collection["email"];
//验证用户名格式
string usernameStr = @"^[a-zA-Z][a-zA-Z0-9_]{4,15}$";
Regex usernameReg = new Regex(usernameStr);
//验证密码格式
string passwordStr = @"^[\w\W]{6,}$";
Regex passwordReg = new Regex(passwordStr);
//验证真实名字格式
string realnameStr = @"^[\u4e00-\u9fa5]{0,}$";
Regex realnameReg = new Regex(realnameStr);
//验证手机号码格式
string phoneStr = @"^(13[0-9]|14[5|7]|15[0|1|2|3|5|6|7|8|9]|18[0|1|2|3|5|6|7|8|9])\d{8}$";
Regex phoneReg = new Regex(phoneStr);
//验证邮箱地址格式
string emailStr = @"^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,5})+$";
Regex emailReg = new Regex(emailStr);
if (action == "注册")
{
conn.OpenConnection();
string sql_reg = "INSERT INTO [User](UserName,RealName,Password,CreateTime,LastEditTime,Phone,Email,Birthday,IsValid) VALUES('" + collection["username"] + "','" + collection["realname"] + "','" + collection["password"] + "','" + DateTime.Now + "','" + DateTime.Now + "','" + collection["phone"] + "','" + collection["email"] + "','" + collection["birthday"] + "','1')";
string sql = sql_reg;
string sql_check = "select Count(*) from [User] where UserName = '******'";
int count = conn.Select(sql_check);
if (count > 0)
{
ViewBag.Result = "该用户名已注册";
}
else
{
if (!usernameReg.IsMatch(username.Trim()))
{
ViewBag.Result = "注册失败,用户名有误 (Tips:字母开头,允许5-16字节,允许字母数字下划线)";
}
else
{
if (!passwordReg.IsMatch(password.Trim()))
{
ViewBag.Result = "注册失败,密码必须6位或以上";
}
else
{
if (!realnameReg.IsMatch(realname.Trim()))
{
ViewBag.Result = "注册失败,真实名字有误";
}
else
{
if (!phoneReg.IsMatch(phone.Trim()))
{
ViewBag.Result = "注册失败,手机号码有误";
}
else
{
if (!emailReg.IsMatch(email.Trim()))
{
ViewBag.Result = "注册失败,邮箱有误";
}
else
{
int result = conn.InsertData(sql);
//分配默认角色
string sql_uid = "SELECT * FROM [User] WHERE UserName='******'";
DataSet ds = conn.Ds_List(sql_uid);
foreach (DataRow item in ds.Tables[0].Rows)
{
//查询新增用户ID
int ID = int.Parse(item["ID"].ToString());
//给新增用户分配默认角色
string user_role = "INSERT INTO [UserRole] (UserID,RoleID) VALUES(" + ID + ",4)";
int result1 = conn.InsertData(user_role);
if (result > 0)
{
conn.CloseConnection();
return(Content("<script>alert('注册成功!');window.location.href='Login'</script>"));
}
}
}
}
}
}
}
}
}
return(View());
}