using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Configuration; using System.Data.OleDb; using System.Data; using System.Collections; namespace MyWeb { public class master : System.Web.UI.MasterPage { string db = ConfigurationManager.ConnectionStrings["shopConn"].ConnectionString; string p_name = ConfigurationManager.ConnectionStrings["shopConn"].ProviderName; string scc = ConfigurationManager.AppSettings["shopCarCode"].ToString(); string SingleIn = ConfigurationManager.AppSettings["SingleIn"].ToString(); public company company; public master() { company = new company(); } public void MasterLoad() { if (HttpContext.Current.Request.RawUrl.ToLower().IndexOf("admin/index.aspx") == -1) { admin admin = new admin(); if (!admin.isLoign()) { HttpContext.Current.Response.Redirect("~/admin/index.aspx?msg=A3"); } if (admin.info.login_ip != admin.MyIP) { HttpContext.Current.Response.Redirect("~/admin/index.aspx?msg=E"); } //檢查是否被停權 if (!(admin.info.u_id == "Designer" && admin.info.group == "EZ" && chkDesignIP())) { sql sql = new sql(); OleDbConnection sqlConn = sql.conn(db, p_name); try { sqlConn.Open(); OleDbCommand sqlCmd = new OleDbCommand("", sqlConn); sqlCmd.CommandText = "select adwidth,online,login_code from admin where u_id=? and num=?"; sqlCmd.Parameters.Add(new OleDbParameter("u_id", admin.info.u_id)); sqlCmd.Parameters.Add(new OleDbParameter("num", admin.info.num)); DataTable dt = sql.dataTable(sqlCmd); if (dt.Rows.Count > 0) { if ((bool)dt.Rows[0]["online"] == false) { sqlConn.Close(); sqlConn.Dispose(); HttpContext.Current.Response.Redirect("~/admin/index.aspx?msg=B"); //帳號停權 } if (SingleIn == "Y" && dt.Rows[0]["login_code"].ToString() != admin.info.login_code) { sqlConn.Close(); sqlConn.Dispose(); HttpContext.Current.Response.Redirect("~/admin/index.aspx?msg=C"); //不允許同一個帳號多重登入 } } else { //帳號不存在 sqlConn.Close(); sqlConn.Dispose(); HttpContext.Current.Response.Redirect("~/admin/index.aspx?msg=D"); } } catch (Exception ex) { HttpContext.Current.Response.Clear(); HttpContext.Current.Response.Write(ex.Message); HttpContext.Current.Response.End(); } finally { sqlConn.Close(); sqlConn.Dispose(); } } } } public bool isHome() { if (HttpContext.Current.Request.Url.AbsolutePath.ToLower().IndexOf("admin/index.aspx") > -1) { return true; } return false; } public static bool chkDesignIP() { /* 規格: * rule 1. 現在IP, 存在 web.config 的 designIP中 * rule 2. 現在正在本機執行admin * rule 3. 如果(rule 1成立), 且IP是127.0.0.1, 但(rule2 不成立) * 注意: 若是在客戶自架主機, 必需拿掉web.config的127.0.01 * 應檢查: 在校稿區的行為是否如預期 */ string designIP = (ConfigurationManager.AppSettings["designIP"] ?? "").ToString(); string[] IP = (string[])designIP.Split(',').Where(q => !string.IsNullOrEmpty(q)).ToArray(); string myip = ip.Get(); bool inDesign = false; bool chk = false; string[] nowUrl = HttpContext.Current.Request.Url.AbsoluteUri.Split('/'); //新寫法 if (IP.Length>0) { inDesign = Array.Exists(nowUrl, q => q.StartsWith("localhost")) && Array.Exists(nowUrl, q => q.Equals("admin"));//rule 2 chk = Array.Exists(IP, q => q.Equals(myip));//rule 1 chk &= !(!inDesign && Array.Exists(IP, q => q.Equals("127.0.0.1")));//rule 3 } return chk; } } }