using System; using System.Collections; using System.Data; using System.Data.OleDb; using System.Web.UI; using System.Configuration; using Newtonsoft.Json; using System.Web; using System.Web.UI.HtmlControls; public partial class admin_index : MyWeb.function { string db = ConfigurationManager.ConnectionStrings["shopConn"].ConnectionString; string p_name = ConfigurationManager.ConnectionStrings["shopConn"].ProviderName; string scc = ConfigurationManager.AppSettings["shopCarCode"].ToString(); public MyWeb.Recaptcha recaptcha = new MyWeb.Recaptcha(); MyWeb.encrypt encrypt = new MyWeb.encrypt(); MyWeb.function function = new MyWeb.function(); MyWeb.sql sql = new MyWeb.sql(); MyWeb.admin admin = new MyWeb.admin(); protected void Page_Load(object sender, EventArgs e) { var m = (admin_Templates_TBS5ADM001_MasterPage)Page.Master; m.set_navs(false, "nav_hide home"); if (MyWeb.admin.chkAdmIP && (MyWeb.admin.chkTwIP || MyWeb.admin.chkAdmIP_Enable)) { if (!IsPostBack) { MyWeb.security security = new MyWeb.security(); psdRule.ValidationExpression = security.PasswordValidator(); psdRule.ErrorMessage = security.PasswordNotice(); if (isStrNull(psdRule.ValidationExpression)) psdRule.Visible = false; if (admin.isLoign(false)) { admin.ClearInfo(); Response.Cookies[scc + "_menu_oid"].Expires = DateTime.Now.AddDays(-1); Response.Redirect(Request.Url.AbsoluteUri); } if (!isStrNull(Request["msg"])) { if (Request["msg"] == "A") { this.L_msg.Text = "您尚未登錄系統或登錄時間逾時,請重新登錄!"; } else if (Request["msg"] == "B") { this.L_msg.Text = "您的帳號已被停權,請洽管理者!"; } else if (Request["msg"] == "C") { this.L_msg.Text = "您的帳號重複登入,請檢查是否有人使用相同帳號!"; } else if (Request["msg"] == "D") { this.L_msg.Text = "您的帳號不存在,請洽管理者!"; } else if (Request["msg"] == "E") { this.L_msg.Text = "您的網路環境已變動,請重新登入!"; } } if (recaptcha.Used) { MultiView1.ActiveViewIndex = 1; } else { chksum_img.ImageUrl = "~/App_Script/chksum.ashx"; } DesignModeButton.Visible = MyWeb.master.chkDesignIP(); } } else { HttpContext.Current.Response.Clear(); HttpContext.Current.Response.StatusCode = 404; HttpContext.Current.Response.End(); } } #region 驗證碼 protected void chksum_img_Load(object sender, EventArgs e) { if (Session["chknum"] != null) { ViewState["chknum"] = Session["chknum"]; } } protected void rechk_Click(object sender, EventArgs e) { chksum_img.ImageUrl = "~/App_Script/chksum.ashx?time=" + DateTime.Now.ToString("yyyyMMddHHmmss"); } #endregion #region 回首頁鈕事件 protected void ImageButton1_Click(object sender, ImageClickEventArgs e) { Response.Redirect("~/index.aspx"); } #endregion #region 登入 protected void Button1_Click(object sender, EventArgs e) { msg.Text = ""; int LoginTryCount = Val(ConfigurationManager.AppSettings["LoginTryCount"].ToString()); int LoginTryLockMin = Val(ConfigurationManager.AppSettings["LoginTryLockMin"].ToString()); if (LoginTryCount > 0 && !isStrNull(Session[scc + "ezLgErr"])) { ezLgErr ezLgErr = JsonConvert.DeserializeObject(ValString(Session[scc + "ezLgErr"])); if (ezLgErr.count >= LoginTryCount && DateTime.Now < ezLgErr.reg_time.AddMinutes(LoginTryLockMin)) { TimeSpan ts = ezLgErr.reg_time.AddMinutes(LoginTryLockMin) - DateTime.Now; ScriptMsg("您嘗試登入失敗太多次,請稍待 " + Math.Round(ts.TotalMinutes) + " 分鐘後再嘗試!", "", msgIcon.warning); return; } } bool isOk = false; if (MultiView1.ActiveViewIndex == 0) { if (isStrNull(ViewState["chknum"])) { msg.Text = "檢核碼逾時,請重新輸入!"; chksum_img.ImageUrl = "~/App_Script/chksum.ashx"; } else if (ViewState["chknum"].ToString() == this.chknum.Text.ToUpper()) { isOk = true; } else { msg.Text = "您所輸入的檢核碼有誤!"; chksum_img.ImageUrl = "~/App_Script/chksum.ashx"; } } else if (recaptcha.Verification()) { isOk = true; } else { msg.Text = "驗證未通過!"; } if (isOk) { OleDbConnection sqlConn = sql.conn(db, p_name); try { sqlConn.Open(); bool isErr = true; OleDbCommand sqlCmd = new OleDbCommand("", sqlConn); sqlCmd.CommandText = "Select * from admin where u_id=?"; sqlCmd.Parameters.Add(new OleDbParameter("u_id", u_id.Text)); DataTable dt = sql.dataTable(sqlCmd); if (dt.Rows.Count > 0) { var userr = dt.Rows[0]; if (u_password.Text == encrypt.DecryptAutoKey(userr["u_password"].ToString())) { isErr = false; if ((bool)userr["online"]) { string log = chk_setting(Val(userr["num"]), userr["u_id"].ToString(), userr["power"].ToString()); if (log == null) { if (!isStrNull(Session[scc + "ezLgErr"])) Session[scc + "ezLgErr"] = null; if (!(userr["gauth_enabled"] is System.DBNull) && (bool)(userr["gauth_enabled"])) { GoogleAuth gauth = new GoogleAuth(); gauth.User = userr["u_id"].ToString(); gauth.Password = userr["u_password"].ToString(); gauth.SecretKey = userr["gauth_key"].ToString(); string ValidateCode = u_gauth.Text; isErr = !(gauth.ValidateGoogleAuthCode(ValidateCode)); } if (!isErr) { Response.Redirect("index2.aspx"); } } else { this.msg.Text = log; chksum_img.ImageUrl = "~/App_Script/chksum.ashx"; } } else { LoginHistoryAdd(sqlConn, userr["u_id"].ToString(), Model.admin_log.Detail.Disable); msg.Text = "您的帳號已停權,請洽管理者!"; chksum_img.ImageUrl = "~/App_Script/chksum.ashx"; } } } if (isErr) { LoginHistoryAdd(sqlConn, u_id.Text, Model.admin_log.Detail.Incorrect); msg.Text = "您所輸入的帳號或密碼有誤!"; chksum_img.ImageUrl = "~/App_Script/chksum.ashx"; if (LoginTryCount > 0) { ezLgErr ezLgErr = new ezLgErr(); ezLgErr.count = 0; if (!isStrNull(Session[scc + "ezLgErr"])) ezLgErr = JsonConvert.DeserializeObject(ValString(Session[scc + "ezLgErr"])); ezLgErr.count++; ezLgErr.reg_time = DateTime.Now; Session[scc + "ezLgErr"] = JsonConvert.SerializeObject(ezLgErr); } } } catch (Exception ex) { msg.Text = "資料庫連接錯誤"; chksum_img.ImageUrl = "~/App_Script/chksum.ashx"; } finally { sqlConn.Close(); sqlConn.Dispose(); } } } public class ezLgErr { public int count; public DateTime reg_time; } public string chk_setting(int num, string u_id, string g_name) { string myip = MyWeb.admin.MyIP; if (myip != "127.0.0.1") { myip = Request.UserHostAddress; if (g_name.ToUpper() == "EZ" & myip != "211.20.239.58") { return "禁止登入"; } } string login_code = function.randCode(10); string log = null; OleDbConnection sqlConn = sql.conn(db, p_name); try { sqlConn.Open(); OleDbCommand sqlCmd = new OleDbCommand("", sqlConn); sqlCmd.CommandText = "Select log_class,menu from company"; DataTable dt = sql.dataTable(sqlCmd); if (dt.Rows.Count > 0) { bool log_class = (bool)dt.Rows[0]["log_class"]; string menu = dt.Rows[0]["menu"].ToString(); OleDbCommand sqlCmd2 = new OleDbCommand("", sqlConn); sqlCmd2.CommandText = "SELECT items FROM admin_group where g_name=?"; sqlCmd2.Parameters.Add(new OleDbParameter("g_name", g_name)); DataTable dt2 = sql.dataTable(sqlCmd2); if (dt2.Rows.Count > 0) { DateTime ntime = DateTime.Now; MyWeb.admin.AdmItem aItem = new MyWeb.admin.AdmItem(); aItem.num = num; aItem.power = dt2.Rows[0]["items"].ToString(); aItem.group = g_name; aItem.u_id = u_id; aItem.login_time = ntime; aItem.login_code = login_code; aItem.login_ip = myip; aItem.menu = menu; admin.SaveInfo(aItem, log_class); //記錄登入時間和ip sqlCmd = new OleDbCommand("", sqlConn); sqlCmd.CommandText = "update admin set login_time=?, login_ip=?, login_code=? where num=?"; sqlCmd.Parameters.Add(new OleDbParameter("login_time", ntime.ToString("yyyy/MM/dd HH:mm:ss"))); sqlCmd.Parameters.Add(new OleDbParameter("login_ip", myip)); sqlCmd.Parameters.Add(new OleDbParameter("login_code", login_code)); sqlCmd.Parameters.Add(new OleDbParameter("num", num)); sqlCmd.ExecuteNonQuery(); LoginHistoryAdd(sqlConn, u_id, Model.admin_log.Detail.Success); } else { LoginHistoryAdd(sqlConn,u_id, Model.admin_log.Detail.PermissionsNotSet); log = "您所屬的群組未設定使用權限,請洽管理員"; } } else { LoginHistoryAdd(sqlConn, u_id, Model.admin_log.Detail.GroupNotExist); log = "您所屬的群組不存在,請洽管理員"; } } catch (Exception ex) { log = "資料庫連接錯誤"; } finally { sqlConn.Close(); sqlConn.Dispose(); } return log; } #endregion #region 設計師模式 protected void DesignModeButton_Click(object sender, EventArgs e) { if (MyWeb.master.chkDesignIP()) { string u_id = "Designer"; string g_name = "EZ"; MyWeb.sql sql = new MyWeb.sql(); MyWeb.function function = new MyWeb.function(); string login_code = function.randCode(10); string log = null; OleDbConnection sqlConn = sql.conn(db, p_name); try { sqlConn.Open(); OleDbCommand sqlCmd = new OleDbCommand("", sqlConn); sqlCmd.CommandText = "Select log_class,menu from company"; DataTable dt = sql.dataTable(sqlCmd); if (dt.Rows.Count > 0) { bool log_class = (bool)dt.Rows[0]["log_class"]; string menu = dt.Rows[0]["menu"].ToString(); OleDbCommand sqlCmd2 = new OleDbCommand("", sqlConn); sqlCmd2.CommandText = "SELECT items FROM admin_group where g_name=?"; sqlCmd2.Parameters.Add(new OleDbParameter("g_name", g_name)); DataTable dt2 = sql.dataTable(sqlCmd2); if (dt2.Rows.Count > 0) { DateTime ntime = DateTime.Now; MyWeb.admin.AdmItem aItem = new MyWeb.admin.AdmItem(); aItem.num = 0; aItem.power = dt2.Rows[0]["items"].ToString(); aItem.group = g_name; aItem.u_id = u_id; aItem.login_time = ntime; aItem.login_code = login_code; aItem.login_ip = MyWeb.admin.MyIP; aItem.menu = menu; admin.SaveInfo(aItem, log_class); LoginHistoryAdd(sqlConn, u_id, Model.admin_log.Detail.Success); } else { LoginHistoryAdd(sqlConn, u_id, Model.admin_log.Detail.GroupNotExist); log = "設計師群組不存在,無法登入"; } } else { LoginHistoryAdd(sqlConn, u_id, Model.admin_log.Detail.GroupNotExist); log = "您所屬的群組不存在,請洽管理員"; } } catch (Exception ex) { log = "資料庫連接錯誤"; } finally { sqlConn.Close(); sqlConn.Dispose(); } if (log == null) { Response.Redirect("index2.aspx"); } else { Response.Write(""); } } } #endregion #region 登入歷史記錄 protected void LoginHistoryAdd(OleDbConnection sqlConn, string u_id, Model.admin_log.Detail status) { try { OleDbCommand sqlCmd = new OleDbCommand("", sqlConn); string cu = "u_id,login_time,login_ip,status,word,agent"; sqlCmd.CommandText = "INSERT INTO [admin_log] (" + cu + ") VALUES (" + sql.mark(cu) + ")"; sqlCmd.Parameters.Add(new OleDbParameter("u_id", u_id)); sqlCmd.Parameters.Add(new OleDbParameter("login_time", DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss"))); sqlCmd.Parameters.Add(new OleDbParameter("login_ip", Model.admin.MyIP.Replace("本機", "127.0.0.1"))); sqlCmd.Parameters.Add(new OleDbParameter("status", (int)Model.admin_log.Status.Login)); sqlCmd.Parameters.Add(new OleDbParameter("word", GetEnumsDescription(status))); sqlCmd.Parameters.Add(new OleDbParameter("agent", Model.admin_log.UserAgent)); sqlCmd.ExecuteNonQuery(); //只保留1年內的登入記錄 sqlCmd = new OleDbCommand("", sqlConn); sqlCmd.CommandText = "delete from [admin_log] where login_time