473 lines
17 KiB
C#
473 lines
17 KiB
C#
using System;
|
|
using System.Collections;
|
|
using System.Data;
|
|
using System.Data.OleDb;
|
|
using System.Web.UI;
|
|
using System.Configuration;
|
|
using Newtonsoft.Json;
|
|
using System.Web;
|
|
using System.Web.UI.HtmlControls;
|
|
|
|
public partial class admin_index : MyWeb.function
|
|
{
|
|
|
|
string db = ConfigurationManager.ConnectionStrings["shopConn"].ConnectionString;
|
|
string p_name = ConfigurationManager.ConnectionStrings["shopConn"].ProviderName;
|
|
string scc = ConfigurationManager.AppSettings["shopCarCode"].ToString();
|
|
|
|
public MyWeb.Recaptcha recaptcha = new MyWeb.Recaptcha();
|
|
MyWeb.encrypt encrypt = new MyWeb.encrypt();
|
|
MyWeb.function function = new MyWeb.function();
|
|
MyWeb.sql sql = new MyWeb.sql();
|
|
MyWeb.admin admin = new MyWeb.admin();
|
|
|
|
protected void Page_Load(object sender, EventArgs e)
|
|
{
|
|
var m = (admin_Templates_TBS5ADM001_MasterPage)Page.Master;
|
|
m.set_navs(false, "nav_hide home");
|
|
if (MyWeb.admin.chkAdmIP && (MyWeb.admin.chkTwIP || MyWeb.admin.chkAdmIP_Enable))
|
|
{
|
|
if (!IsPostBack)
|
|
{
|
|
MyWeb.security security = new MyWeb.security();
|
|
psdRule.ValidationExpression = security.PasswordValidator();
|
|
psdRule.ErrorMessage = security.PasswordNotice();
|
|
if (isStrNull(psdRule.ValidationExpression))
|
|
psdRule.Visible = false;
|
|
|
|
if (admin.isLoign(false))
|
|
{
|
|
admin.ClearInfo();
|
|
Response.Cookies[scc + "_menu_oid"].Expires = DateTime.Now.AddDays(-1);
|
|
Response.Redirect(Request.Url.AbsoluteUri);
|
|
}
|
|
|
|
if (!isStrNull(Request["msg"]))
|
|
{
|
|
if (Request["msg"] == "A")
|
|
{
|
|
this.L_msg.Text = "您尚未登錄系統或登錄時間逾時,請重新登錄!";
|
|
}
|
|
else if (Request["msg"] == "B")
|
|
{
|
|
this.L_msg.Text = "您的帳號已被停權,請洽管理者!";
|
|
}
|
|
else if (Request["msg"] == "C")
|
|
{
|
|
this.L_msg.Text = "您的帳號重複登入,請檢查是否有人使用相同帳號!";
|
|
}
|
|
else if (Request["msg"] == "D")
|
|
{
|
|
this.L_msg.Text = "您的帳號不存在,請洽管理者!";
|
|
}
|
|
else if (Request["msg"] == "E")
|
|
{
|
|
this.L_msg.Text = "您的網路環境已變動,請重新登入!";
|
|
}
|
|
}
|
|
|
|
if (recaptcha.Used)
|
|
{
|
|
MultiView1.ActiveViewIndex = 1;
|
|
}
|
|
else
|
|
{
|
|
chksum_img.ImageUrl = "~/App_Script/chksum.ashx";
|
|
}
|
|
|
|
DesignModeButton.Visible = MyWeb.master.chkDesignIP();
|
|
|
|
}
|
|
}
|
|
else
|
|
{
|
|
HttpContext.Current.Response.Clear();
|
|
HttpContext.Current.Response.StatusCode = 404;
|
|
HttpContext.Current.Response.End();
|
|
}
|
|
|
|
}
|
|
|
|
#region 驗證碼
|
|
|
|
protected void chksum_img_Load(object sender, EventArgs e)
|
|
{
|
|
if (Session["chknum"] != null)
|
|
{
|
|
ViewState["chknum"] = Session["chknum"];
|
|
}
|
|
}
|
|
protected void rechk_Click(object sender, EventArgs e)
|
|
{
|
|
chksum_img.ImageUrl = "~/App_Script/chksum.ashx?time=" + DateTime.Now.ToString("yyyyMMddHHmmss");
|
|
}
|
|
|
|
#endregion
|
|
|
|
#region 回首頁鈕事件
|
|
|
|
protected void ImageButton1_Click(object sender, ImageClickEventArgs e)
|
|
{
|
|
Response.Redirect("~/index.aspx");
|
|
}
|
|
|
|
#endregion
|
|
|
|
#region 登入
|
|
|
|
protected void Button1_Click(object sender, EventArgs e)
|
|
{
|
|
msg.Text = "";
|
|
int LoginTryCount = Val(ConfigurationManager.AppSettings["LoginTryCount"].ToString());
|
|
int LoginTryLockMin = Val(ConfigurationManager.AppSettings["LoginTryLockMin"].ToString());
|
|
|
|
if (LoginTryCount > 0 && !isStrNull(Session[scc + "ezLgErr"]))
|
|
{
|
|
ezLgErr ezLgErr = JsonConvert.DeserializeObject<ezLgErr>(ValString(Session[scc + "ezLgErr"]));
|
|
if (ezLgErr.count >= LoginTryCount && DateTime.Now < ezLgErr.reg_time.AddMinutes(LoginTryLockMin))
|
|
{
|
|
TimeSpan ts = ezLgErr.reg_time.AddMinutes(LoginTryLockMin) - DateTime.Now;
|
|
ScriptMsg("您嘗試登入失敗太多次,請稍待 " + Math.Round(ts.TotalMinutes) + " 分鐘後再嘗試!", "", msgIcon.warning);
|
|
return;
|
|
}
|
|
|
|
}
|
|
|
|
|
|
bool isOk = false;
|
|
if (MultiView1.ActiveViewIndex == 0)
|
|
{
|
|
if (isStrNull(ViewState["chknum"]))
|
|
{
|
|
msg.Text = "檢核碼逾時,請重新輸入!";
|
|
chksum_img.ImageUrl = "~/App_Script/chksum.ashx";
|
|
}
|
|
else if (ViewState["chknum"].ToString() == this.chknum.Text.ToUpper())
|
|
{
|
|
isOk = true;
|
|
}
|
|
else
|
|
{
|
|
msg.Text = "您所輸入的檢核碼有誤!";
|
|
chksum_img.ImageUrl = "~/App_Script/chksum.ashx";
|
|
}
|
|
}
|
|
else if (recaptcha.Verification())
|
|
{
|
|
isOk = true;
|
|
}
|
|
else
|
|
{
|
|
msg.Text = "驗證未通過!";
|
|
}
|
|
|
|
if (isOk)
|
|
{
|
|
OleDbConnection sqlConn = sql.conn(db, p_name);
|
|
try
|
|
{
|
|
sqlConn.Open();
|
|
|
|
bool isErr = true;
|
|
OleDbCommand sqlCmd = new OleDbCommand("", sqlConn);
|
|
sqlCmd.CommandText = "Select * from admin where u_id=?";
|
|
sqlCmd.Parameters.Add(new OleDbParameter("u_id", u_id.Text));
|
|
DataTable dt = sql.dataTable(sqlCmd);
|
|
if (dt.Rows.Count > 0)
|
|
{
|
|
var userr = dt.Rows[0];
|
|
if (u_password.Text == encrypt.DecryptAutoKey(userr["u_password"].ToString()))
|
|
{
|
|
isErr = false;
|
|
if ((bool)userr["online"])
|
|
{
|
|
string log = chk_setting(Val(userr["num"]), userr["u_id"].ToString(), userr["power"].ToString());
|
|
if (log == null)
|
|
{
|
|
if (!isStrNull(Session[scc + "ezLgErr"]))
|
|
Session[scc + "ezLgErr"] = null;
|
|
if (!(userr["gauth_enabled"] is System.DBNull) &&
|
|
(bool)(userr["gauth_enabled"]))
|
|
{
|
|
GoogleAuth gauth = new GoogleAuth();
|
|
gauth.User = userr["u_id"].ToString();
|
|
gauth.Password = userr["u_password"].ToString();
|
|
gauth.SecretKey = userr["gauth_key"].ToString();
|
|
string ValidateCode = u_gauth.Text;
|
|
isErr = !(gauth.ValidateGoogleAuthCode(ValidateCode));
|
|
}
|
|
|
|
if (!isErr)
|
|
{
|
|
Response.Redirect("index2.aspx");
|
|
}
|
|
}
|
|
else
|
|
{
|
|
this.msg.Text = log;
|
|
chksum_img.ImageUrl = "~/App_Script/chksum.ashx";
|
|
}
|
|
}
|
|
else
|
|
{
|
|
LoginHistoryAdd(sqlConn, userr["u_id"].ToString(), Model.admin_log.Detail.Disable);
|
|
msg.Text = "您的帳號已停權,請洽管理者!";
|
|
chksum_img.ImageUrl = "~/App_Script/chksum.ashx";
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
if (isErr)
|
|
{
|
|
LoginHistoryAdd(sqlConn, u_id.Text, Model.admin_log.Detail.Incorrect);
|
|
msg.Text = "您所輸入的帳號或密碼有誤!";
|
|
chksum_img.ImageUrl = "~/App_Script/chksum.ashx";
|
|
|
|
if (LoginTryCount > 0)
|
|
{
|
|
ezLgErr ezLgErr = new ezLgErr();
|
|
ezLgErr.count = 0;
|
|
if (!isStrNull(Session[scc + "ezLgErr"]))
|
|
ezLgErr = JsonConvert.DeserializeObject<ezLgErr>(ValString(Session[scc + "ezLgErr"]));
|
|
ezLgErr.count++;
|
|
ezLgErr.reg_time = DateTime.Now;
|
|
Session[scc + "ezLgErr"] = JsonConvert.SerializeObject(ezLgErr);
|
|
}
|
|
}
|
|
|
|
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
msg.Text = "資料庫連接錯誤";
|
|
chksum_img.ImageUrl = "~/App_Script/chksum.ashx";
|
|
}
|
|
finally
|
|
{
|
|
sqlConn.Close(); sqlConn.Dispose();
|
|
}
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
public class ezLgErr
|
|
{
|
|
public int count;
|
|
public DateTime reg_time;
|
|
}
|
|
|
|
public string chk_setting(int num, string u_id, string g_name)
|
|
{
|
|
|
|
string myip = MyWeb.admin.MyIP;
|
|
if (myip != "127.0.0.1")
|
|
{
|
|
myip = Request.UserHostAddress;
|
|
if (g_name.ToUpper() == "EZ" & myip != "211.20.239.58")
|
|
{
|
|
return "禁止登入";
|
|
}
|
|
}
|
|
|
|
string login_code = function.randCode(10);
|
|
|
|
|
|
string log = null;
|
|
OleDbConnection sqlConn = sql.conn(db, p_name);
|
|
|
|
try
|
|
{
|
|
sqlConn.Open();
|
|
|
|
OleDbCommand sqlCmd = new OleDbCommand("", sqlConn);
|
|
sqlCmd.CommandText = "Select log_class,menu from company";
|
|
DataTable dt = sql.dataTable(sqlCmd);
|
|
if (dt.Rows.Count > 0)
|
|
{
|
|
bool log_class = (bool)dt.Rows[0]["log_class"];
|
|
string menu = dt.Rows[0]["menu"].ToString();
|
|
|
|
|
|
OleDbCommand sqlCmd2 = new OleDbCommand("", sqlConn);
|
|
sqlCmd2.CommandText = "SELECT items FROM admin_group where g_name=?";
|
|
sqlCmd2.Parameters.Add(new OleDbParameter("g_name", g_name));
|
|
DataTable dt2 = sql.dataTable(sqlCmd2);
|
|
|
|
if (dt2.Rows.Count > 0)
|
|
{
|
|
DateTime ntime = DateTime.Now;
|
|
|
|
MyWeb.admin.AdmItem aItem = new MyWeb.admin.AdmItem();
|
|
aItem.num = num;
|
|
aItem.power = dt2.Rows[0]["items"].ToString();
|
|
aItem.group = g_name;
|
|
aItem.u_id = u_id;
|
|
aItem.login_time = ntime;
|
|
aItem.login_code = login_code;
|
|
aItem.login_ip = myip;
|
|
aItem.menu = menu;
|
|
admin.SaveInfo(aItem, log_class);
|
|
|
|
|
|
//記錄登入時間和ip
|
|
sqlCmd = new OleDbCommand("", sqlConn);
|
|
sqlCmd.CommandText = "update admin set login_time=?, login_ip=?, login_code=? where num=?";
|
|
sqlCmd.Parameters.Add(new OleDbParameter("login_time", ntime.ToString("yyyy/MM/dd HH:mm:ss")));
|
|
sqlCmd.Parameters.Add(new OleDbParameter("login_ip", myip));
|
|
sqlCmd.Parameters.Add(new OleDbParameter("login_code", login_code));
|
|
sqlCmd.Parameters.Add(new OleDbParameter("num", num));
|
|
sqlCmd.ExecuteNonQuery();
|
|
|
|
LoginHistoryAdd(sqlConn, u_id, Model.admin_log.Detail.Success);
|
|
|
|
}
|
|
else
|
|
{
|
|
LoginHistoryAdd(sqlConn,u_id, Model.admin_log.Detail.PermissionsNotSet);
|
|
log = "您所屬的群組未設定使用權限,請洽管理員";
|
|
}
|
|
}
|
|
else
|
|
{
|
|
LoginHistoryAdd(sqlConn, u_id, Model.admin_log.Detail.GroupNotExist);
|
|
log = "您所屬的群組不存在,請洽管理員";
|
|
}
|
|
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
log = "資料庫連接錯誤";
|
|
}
|
|
finally
|
|
{
|
|
sqlConn.Close(); sqlConn.Dispose();
|
|
}
|
|
|
|
return log;
|
|
|
|
}
|
|
|
|
|
|
#endregion
|
|
|
|
#region 設計師模式
|
|
|
|
protected void DesignModeButton_Click(object sender, EventArgs e)
|
|
{
|
|
if (MyWeb.master.chkDesignIP())
|
|
{
|
|
string u_id = "Designer";
|
|
string g_name = "EZ";
|
|
|
|
MyWeb.sql sql = new MyWeb.sql();
|
|
MyWeb.function function = new MyWeb.function();
|
|
string login_code = function.randCode(10);
|
|
|
|
string log = null;
|
|
OleDbConnection sqlConn = sql.conn(db, p_name);
|
|
|
|
try
|
|
{
|
|
sqlConn.Open();
|
|
|
|
OleDbCommand sqlCmd = new OleDbCommand("", sqlConn);
|
|
sqlCmd.CommandText = "Select log_class,menu from company";
|
|
DataTable dt = sql.dataTable(sqlCmd);
|
|
if (dt.Rows.Count > 0)
|
|
{
|
|
bool log_class = (bool)dt.Rows[0]["log_class"];
|
|
string menu = dt.Rows[0]["menu"].ToString();
|
|
|
|
|
|
OleDbCommand sqlCmd2 = new OleDbCommand("", sqlConn);
|
|
sqlCmd2.CommandText = "SELECT items FROM admin_group where g_name=?";
|
|
sqlCmd2.Parameters.Add(new OleDbParameter("g_name", g_name));
|
|
DataTable dt2 = sql.dataTable(sqlCmd2);
|
|
|
|
if (dt2.Rows.Count > 0)
|
|
{
|
|
DateTime ntime = DateTime.Now;
|
|
|
|
MyWeb.admin.AdmItem aItem = new MyWeb.admin.AdmItem();
|
|
aItem.num = 0;
|
|
aItem.power = dt2.Rows[0]["items"].ToString();
|
|
aItem.group = g_name;
|
|
aItem.u_id = u_id;
|
|
aItem.login_time = ntime;
|
|
aItem.login_code = login_code;
|
|
aItem.login_ip = MyWeb.admin.MyIP;
|
|
aItem.menu = menu;
|
|
admin.SaveInfo(aItem, log_class);
|
|
|
|
LoginHistoryAdd(sqlConn, u_id, Model.admin_log.Detail.Success);
|
|
|
|
}
|
|
else
|
|
{
|
|
LoginHistoryAdd(sqlConn, u_id, Model.admin_log.Detail.GroupNotExist);
|
|
log = "設計師群組不存在,無法登入";
|
|
}
|
|
}
|
|
else
|
|
{
|
|
LoginHistoryAdd(sqlConn, u_id, Model.admin_log.Detail.GroupNotExist);
|
|
log = "您所屬的群組不存在,請洽管理員";
|
|
}
|
|
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
log = "資料庫連接錯誤";
|
|
}
|
|
finally
|
|
{
|
|
sqlConn.Close(); sqlConn.Dispose();
|
|
}
|
|
|
|
if (log == null)
|
|
{
|
|
Response.Redirect("index2.aspx");
|
|
}
|
|
else
|
|
{
|
|
Response.Write("<script>alert('設計師群組不存在,無法登入')</script>");
|
|
}
|
|
}
|
|
}
|
|
|
|
#endregion
|
|
|
|
|
|
#region 登入歷史記錄
|
|
protected void LoginHistoryAdd(OleDbConnection sqlConn, string u_id, Model.admin_log.Detail status)
|
|
{
|
|
try
|
|
{
|
|
OleDbCommand sqlCmd = new OleDbCommand("", sqlConn);
|
|
string cu = "u_id,login_time,login_ip,status,word,agent";
|
|
sqlCmd.CommandText = "INSERT INTO [admin_log] (" + cu + ") VALUES (" + sql.mark(cu) + ")";
|
|
sqlCmd.Parameters.Add(new OleDbParameter("u_id", u_id));
|
|
sqlCmd.Parameters.Add(new OleDbParameter("login_time", DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss")));
|
|
sqlCmd.Parameters.Add(new OleDbParameter("login_ip", Model.admin.MyIP.Replace("本機", "127.0.0.1")));
|
|
sqlCmd.Parameters.Add(new OleDbParameter("status", (int)Model.admin_log.Status.Login));
|
|
sqlCmd.Parameters.Add(new OleDbParameter("word", GetEnumsDescription(status)));
|
|
sqlCmd.Parameters.Add(new OleDbParameter("agent", Model.admin_log.UserAgent));
|
|
sqlCmd.ExecuteNonQuery();
|
|
|
|
//只保留1年內的登入記錄
|
|
sqlCmd = new OleDbCommand("", sqlConn);
|
|
sqlCmd.CommandText = "delete from [admin_log] where login_time<?";
|
|
sqlCmd.Parameters.Add(new OleDbParameter("login_time", DateTime.Now.AddYears(-1).ToString("yyyy/MM/dd HH:mm:ss")));
|
|
sqlCmd.ExecuteNonQuery();
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
// ex.Message;
|
|
}
|
|
}
|
|
#endregion
|
|
|
|
} |