public void Add_log(int uid, string uname, string ip, string EventTitle, string EventType, int EventID, string Remind_name, string Original_txt, string Current_txt, string factory_Id)
{
XHD.BLL.Sys_log log = new XHD.BLL.Sys_log();
XHD.Model.Sys_log modellog = new XHD.Model.Sys_log();
modellog.EventDate = DateTime.Now;
modellog.UserID = uid;
modellog.UserName = PageValidate.InputText(uname, 255);
modellog.IPStreet = PageValidate.InputText(ip, 255);
modellog.EventTitle = PageValidate.InputText(EventTitle, 255);
modellog.EventType = PageValidate.InputText(EventType, 255);
modellog.EventID = EventID.ToString();
modellog.Original_txt = "【" + PageValidate.InputText(Remind_name, 255) + "】" + PageValidate.InputText(Original_txt, int.MaxValue);
modellog.Current_txt = "【" + PageValidate.InputText(Remind_name, 255) + "】" + PageValidate.InputText(Current_txt, int.MaxValue);
modellog.Factory_Id = factory_Id;
log.Add(modellog);
}
public void ProcessRequest(HttpContext context)
{
context.Response.ContentType = "text/plain";
HttpRequest request = context.Request;
XHD.BLL.ssn_role_emp rm = new XHD.BLL.ssn_role_emp();
XHD.Model.ssn_role_emp model = new XHD.Model.ssn_role_emp();
var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];
var ticket = FormsAuthentication.Decrypt(cookie.Value);
string CoockiesID = ticket.UserData;
XHD.BLL.hr_employee emp = new XHD.BLL.hr_employee();
int emp_id = int.Parse(CoockiesID);
DataSet dsemp = emp.GetList("id=" + emp_id);
string empname = string.Empty;
string uid = string.Empty;
string factory_Id = string.Empty;
if (dsemp != null && dsemp.Tables[0].Rows.Count > 0)
{
empname = dsemp.Tables[0].Rows[0]["name"].ToString();
uid = dsemp.Tables[0].Rows[0]["uid"].ToString();
factory_Id = dsemp.Tables[0].Rows[0]["Factory_Id"].ToString();
}
if (request["Action"] == "add")
{
string rid = PageValidate.InputText(request["role_id"], 50);
string empids = XHD.Common.PageValidate.InputText(request["empids"], int.MaxValue);
//rm.Delete(string.Format("RoleID={0} and empID in ({1})", int.Parse(rid), empids));
string[] emplist = empids.Split(',');
model.RoleID = int.Parse(rid);
for (int i = 0; i < emplist.Length; i++)
{
model.empID = int.Parse(emplist[i].ToString());
rm.Add(model);
}
XHD.BLL.Sys_log log = new XHD.BLL.Sys_log();
XHD.Model.Sys_log modellog = new XHD.Model.Sys_log();
modellog.EventDate = DateTime.Now;
modellog.UserID = emp_id;
modellog.UserName = PageValidate.InputText(empname, 255);
modellog.IPStreet = context.Request.UserHostAddress;
modellog.EventType = "权限人员调整";
modellog.EventID = rid.ToString();
log.Add(modellog);
}
else if (request["Action"] == "remove")
{
string rid = PageValidate.InputText(request["role_id"], 50);
string empids = XHD.Common.PageValidate.InputText(request["empids"], int.MaxValue);
rm.Delete(string.Format("RoleID={0} and empID in ({1})", int.Parse(rid), empids));
XHD.BLL.Sys_log log = new XHD.BLL.Sys_log();
XHD.Model.Sys_log modellog = new XHD.Model.Sys_log();
modellog.EventDate = DateTime.Now;
modellog.UserID = emp_id;
modellog.UserName = PageValidate.InputText(empname, 255);
modellog.IPStreet = context.Request.UserHostAddress;
modellog.EventType = "权限人员调整";
modellog.EventID = rid.ToString();
log.Add(modellog);
}
else if (request["Action"] == "emplist")
{
string rid = PageValidate.InputText(request["role_id"], 50);
string sql = (string.Format("ID not in (select empID from ssn_role_emp where RoleID={0}) and uid !='admin' ", rid));
sql += " and factory_Id='" + factory_Id + "'";
if (!string.IsNullOrEmpty(request["stext"]))
{
sql += " and name like '%" + PageValidate.InputText(request["stext"], 255) + "%'";
}
int PageIndex = int.Parse(request["page"] == null ? "1" : request["page"]);
int PageSize = int.Parse(request["pagesize"] == null ? "30" : request["pagesize"]);
string sortname = request["sortname"];
string sortorder = request["sortorder"];
if (string.IsNullOrEmpty(sortname))
{
sortname = " ID";
}
if (string.IsNullOrEmpty(sortorder))
{
sortorder = " desc";
}
string sorttext = " " + sortname + " " + sortorder;
string Total;
dsemp = emp.GetList(PageSize, PageIndex, sql, sorttext, out Total);
string dt = XHD.Common.GetGridJSON.DataTableToJSON1(dsemp.Tables[0], Total);
context.Response.Write(dt);
}
else if (request["Action"] == "emplistDep")
{
string rid = PageValidate.InputText(request["role_id"], 50);
string depid = PageValidate.InputText(request["depid"], 50);
string sql = (string.Format("ID not in (select empID from ssn_role_emp where RoleID={0}) and uid !='admin' ", rid));
sql += " and factory_Id='" + factory_Id + "' and d_id in ( " + depid + ")";
int PageIndex = int.Parse(request["page"] == null ? "1" : request["page"]);
int PageSize = int.Parse(request["pagesize"] == null ? "30" : request["pagesize"]);
string sortname = request["sortname"];
string sortorder = request["sortorder"];
if (string.IsNullOrEmpty(sortname))
{
sortname = " ID";
}
if (string.IsNullOrEmpty(sortorder))
{
sortorder = " desc";
}
string sorttext = " " + sortname + " " + sortorder;
string Total;
dsemp = emp.GetList(PageSize, PageIndex, sql, sorttext, out Total);
string dt = XHD.Common.GetGridJSON.DataTableToJSON1(dsemp.Tables[0], Total);
context.Response.Write(dt);
}
else if (request["Action"] == "get")
{
string rid = PageValidate.InputText(request["role_id"], 50);
if (!string.IsNullOrEmpty(rid))
{
string sql = (string.Format("ID in (select empID from ssn_role_emp where RoleID={0})", int.Parse(rid)));
sql += " and factory_Id=" + factory_Id;
if (!string.IsNullOrEmpty(request["stext"]))
{
sql += " and name like '%" + PageValidate.InputText(request["stext"], 255) + "%'";
}
int PageIndex = int.Parse(request["page"] == null ? "1" : request["page"]);
int PageSize = int.Parse(request["pagesize"] == null ? "30" : request["pagesize"]);
string sortname = request["sortname"];
string sortorder = request["sortorder"];
if (string.IsNullOrEmpty(sortname))
{
sortname = " ID";
}
if (string.IsNullOrEmpty(sortorder))
{
sortorder = " desc";
}
string sorttext = " " + sortname + " " + sortorder;
string Total;
dsemp = emp.GetList(PageSize, PageIndex, sql, sorttext, out Total);
string dt = XHD.Common.GetGridJSON.DataTableToJSON1(dsemp.Tables[0], Total);
context.Response.Write(dt);
}
else
{
context.Response.Write("test" + rid);
}
}
}
public void ProcessRequest(HttpContext context)
{
context.Response.ContentType = "text/plain";
context.Response.Charset = "utf-8";
HttpRequest request = context.Request;
if (request["Action"] == "login")
{
XHD.BLL.hr_employee emp = new XHD.BLL.hr_employee();
XHD.BLL.Sys_FactoryInfo fty = new XHD.BLL.Sys_FactoryInfo();
string username = PageValidate.InputText(request["username"], 255);
//string password = FormsAuthentication.HashPasswordForStoringInConfigFile(request["password"], "MD5");
string password = PageValidate.InputText(request["password"], 255);
string validate = PageValidate.InputText(request["validate"], 255);
//SQL注入式攻击过滤===========================================================================================
string path = context.Server.MapPath(@"../file/SQLFile.txt");
if (CommonData.getSQLPercolation(username.ToUpper(), path))
{
context.Response.Write("999");//系统错误
return;
}
//============================================================================================================
if (!string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password))
{
//if (validate == context.Session["CheckCode"].ToString() || validate.ToLower() == context.Session["CheckCode"].ToString().ToLower())
//{
//DataSet ds = emp.GetList(" uid='" + username + "' and pwd='" + password + "'");
XHD.Model.hr_employee empModel = emp.LoginUser(username);
//IP 限制====================================================================================================
string vrip = GetClientIPv4Address();
List <string> lstIp = new List <string>();
lstIp.Add("219.146.197.91"); //电信IP地址
lstIp.Add("60.213.50.226"); //联通IP地址
lstIp.Add("172.178.1.118"); //本地(邢荣)
lstIp.Add("172.178.1.211"); //本地(陈伟)
lstIp.Add("172.178.1.100"); //本地(陈伟)
lstIp.Add("172.178.1.203"); //本地(robert)
lstIp.Add("172.178.1.201"); //本地(李明)
lstIp.Add("172.178.1.79"); //本地(王德胜)
lstIp.Add("172.178.1.117"); //本地(王立全)
lstIp.Add("172.178.1.243"); //本地(王虎)
lstIp.Add("172.178.1.56"); //本地(马萧)
lstIp.Add("172.178.1.29"); //本地(张杰)
lstIp.Add("172.178.1.45"); //本地(张顾严)
lstIp.Add("172.178.1.133"); //本地(吴瑞曾)
//if (!lstIp.Contains(vrip))
//{
// //修改:robert, 2016-06-04 过滤特殊人群,当前:王频频wpp6274========
// if (username.Trim() != "wpp6274" && username.Trim() != "gjc1010")
// {
// context.Response.Write("6");//ip受限制
// return;
// }
// //=======================================================================
//}
//============================================================================================================
if (empModel != null && empModel.pwd == password.ToUpper())
{
//存在该 uid的用户,并且 pwd-密码正确;执行以下内容
//if (ds.Tables[0].Rows.Count > 0)
//{
if (empModel.uid.Trim() == "admin")
{
#region
//string userid = empModel.ID.ToString();
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
empModel.uid,
DateTime.Now,
DateTime.Now.AddMinutes(20),
true,
empModel.ID.ToString(),
"/"
);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));
cookie.HttpOnly = true;
context.Response.Cookies.Add(cookie);
//FormsAuthentication.SetAuthCookie(userid, true);
//日志
XHD.BLL.Sys_log log = new XHD.BLL.Sys_log();
XHD.Model.Sys_log modellog = new XHD.Model.Sys_log();
modellog.EventType = "系统登录";
modellog.EventDate = DateTime.Now;
modellog.UserID = empModel.ID;
modellog.UserName = empModel.name;
modellog.IPStreet = request.UserHostAddress;
modellog.Factory_Id = empModel.factory_Id;
log.Add(modellog);
//online
XHD.BLL.Sys_online sol = new XHD.BLL.Sys_online();
XHD.Model.Sys_online model = new XHD.Model.Sys_online();
model.UserName = empModel.name;
model.UserID = empModel.ID;
model.LastLogTime = DateTime.Now;
DataSet ds1 = sol.GetList(" UserID=" + empModel.ID);
//添加当前用户信息
if (ds1.Tables[0].Rows.Count > 0)
{
sol.Update(model, " UserID=" + empModel.ID);
}
else
{
sol.Add(model);
}
//删除超时用户
//2分钟用户失效,删除 --Robert 2015-11-24
sol.Delete(" LastLogTime<date_sub(now(), interval 2 minute)");
//验证完毕,允许登录
context.Response.Write("2");
#endregion
}
else
{
#region
DataSet dsfty = fty.GetList("Factory_Id='" + empModel.factory_Id + "'");
string isDelete = dsfty.Tables[0].Rows[0]["IsDelete"].ToString();
if (int.Parse(isDelete) == 0)
{
if (empModel.canlogin.ToString() == "1")
{
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
username,
DateTime.Now,
DateTime.Now.AddMinutes(20),
true,
empModel.ID.ToString(),
"/"
);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));
cookie.HttpOnly = true;
context.Response.Cookies.Add(cookie);
//FormsAuthentication.SetAuthCookie(userid, true);
//日志
XHD.BLL.Sys_log log = new XHD.BLL.Sys_log();
XHD.Model.Sys_log modellog = new XHD.Model.Sys_log();
modellog.EventType = "系统登录";
modellog.EventDate = DateTime.Now;
modellog.UserID = empModel.ID;
modellog.UserName = empModel.name;
modellog.IPStreet = request.UserHostAddress;
modellog.Factory_Id = empModel.factory_Id;
log.Add(modellog);
//online
XHD.BLL.Sys_online sol = new XHD.BLL.Sys_online();
XHD.Model.Sys_online model = new XHD.Model.Sys_online();
model.UserName = empModel.name;
model.UserID = empModel.ID;
model.LastLogTime = DateTime.Now;
DataSet ds1 = sol.GetList(" UserID=" + empModel.ID);
//添加当前用户信息
if (ds1.Tables[0].Rows.Count > 0)
{
sol.Update(model, " UserID=" + empModel.ID);
}
else
{
sol.Add(model);
}
//删除超时用户
//2分钟用户失效,删除 --Robert 2015-11-24
sol.Delete(" LastLogTime<date_sub(now(), interval 2 minute)");
//验证完毕,允许登录
context.Response.Write("2");
}
else
{
context.Response.Write("4");//不允许登录
}
}
else
{
context.Response.Write("5");//不允许登录
}
#endregion
}
}
else
{
context.Response.Write("1");//用户名或密码错误
}
//}
//else
//{
// context.Response.Write("0");//验证码错误
//}
}
else
{
context.Response.Write("999");//系统数据错误
}
}
else if (request["Action"] == "logout")
{
#region
var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];
if (null != cookie)
{
var ticket = FormsAuthentication.Decrypt(cookie.Value);
string CoockiesID = ticket.UserData;
FormsAuthentication.SignOut();
context.Response.Write("true");
//online
XHD.BLL.Sys_online sol = new XHD.BLL.Sys_online();
try
{
if (!string.IsNullOrEmpty(CoockiesID))
{
sol.Delete(" UserID=" + int.Parse(CoockiesID));
}
}
catch
{
}
}
#endregion
}
else if (request["Action"] == "checkpwd")
{
#region
var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];
var ticket = FormsAuthentication.Decrypt(cookie.Value);
string CoockiesID = ticket.UserData;
XHD.BLL.hr_employee emp = new XHD.BLL.hr_employee();
int emp_id = int.Parse(CoockiesID);
string password = FormsAuthentication.HashPasswordForStoringInConfigFile(request["password"], "MD5");
DataSet ds = emp.GetList(string.Format("ID={0} and pwd='{1}'", emp_id, password));
if (ds.Tables[0].Rows.Count > 0)
{
context.Response.Write("{sucess:sucess}");
}
else
{
context.Response.Write("{sucess:false}");
}
#endregion
}
}
