129 lines
5.0 KiB
C#
129 lines
5.0 KiB
C#
using System;
|
|
using System.Collections.Generic;
|
|
using System.Linq;
|
|
using System.Web;
|
|
using System.Configuration;
|
|
using System.Data.OleDb;
|
|
using System.Data;
|
|
using System.Collections;
|
|
|
|
namespace MyWeb
|
|
{
|
|
public class master : System.Web.UI.MasterPage
|
|
{
|
|
|
|
|
|
string db = ConfigurationManager.ConnectionStrings["shopConn"].ConnectionString;
|
|
string p_name = ConfigurationManager.ConnectionStrings["shopConn"].ProviderName;
|
|
string scc = ConfigurationManager.AppSettings["shopCarCode"].ToString();
|
|
string SingleIn = ConfigurationManager.AppSettings["SingleIn"].ToString();
|
|
|
|
public company company;
|
|
|
|
public master()
|
|
{
|
|
company = new company();
|
|
}
|
|
|
|
public void MasterLoad()
|
|
{
|
|
if (HttpContext.Current.Request.RawUrl.ToLower().IndexOf("admin/index.aspx") == -1)
|
|
{
|
|
|
|
admin admin = new admin();
|
|
if (!admin.isLoign())
|
|
{
|
|
HttpContext.Current.Response.Redirect("~/admin/index.aspx?msg=A3");
|
|
}
|
|
|
|
if (admin.info.login_ip != admin.MyIP)
|
|
{
|
|
HttpContext.Current.Response.Redirect("~/admin/index.aspx?msg=E");
|
|
}
|
|
|
|
//檢查是否被停權
|
|
if (!(admin.info.u_id == "Designer" && admin.info.group == "EZ" && chkDesignIP()))
|
|
{
|
|
sql sql = new sql();
|
|
OleDbConnection sqlConn = sql.conn(db, p_name);
|
|
try
|
|
{
|
|
sqlConn.Open();
|
|
OleDbCommand sqlCmd = new OleDbCommand("", sqlConn);
|
|
sqlCmd.CommandText = "select adwidth,online,login_code from admin where u_id=? and num=?";
|
|
sqlCmd.Parameters.Add(new OleDbParameter("u_id", admin.info.u_id));
|
|
sqlCmd.Parameters.Add(new OleDbParameter("num", admin.info.num));
|
|
DataTable dt = sql.dataTable(sqlCmd);
|
|
if (dt.Rows.Count > 0)
|
|
{
|
|
if ((bool)dt.Rows[0]["online"] == false)
|
|
{
|
|
sqlConn.Close(); sqlConn.Dispose();
|
|
HttpContext.Current.Response.Redirect("~/admin/index.aspx?msg=B");
|
|
//帳號停權
|
|
}
|
|
if (SingleIn == "Y" && dt.Rows[0]["login_code"].ToString() != admin.info.login_code)
|
|
{
|
|
sqlConn.Close(); sqlConn.Dispose();
|
|
HttpContext.Current.Response.Redirect("~/admin/index.aspx?msg=C"); //不允許同一個帳號多重登入
|
|
}
|
|
}
|
|
else
|
|
{
|
|
//帳號不存在
|
|
sqlConn.Close(); sqlConn.Dispose();
|
|
HttpContext.Current.Response.Redirect("~/admin/index.aspx?msg=D");
|
|
}
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
HttpContext.Current.Response.Clear();
|
|
HttpContext.Current.Response.Write(ex.Message);
|
|
HttpContext.Current.Response.End();
|
|
}
|
|
finally
|
|
{
|
|
sqlConn.Close(); sqlConn.Dispose();
|
|
}
|
|
}
|
|
|
|
|
|
}
|
|
}
|
|
|
|
public bool isHome()
|
|
{
|
|
if (HttpContext.Current.Request.Url.AbsolutePath.ToLower().IndexOf("admin/index.aspx") > -1) { return true; }
|
|
return false;
|
|
}
|
|
|
|
|
|
public static bool chkDesignIP()
|
|
{
|
|
/* 規格:
|
|
* rule 1. 現在IP, 存在 web.config 的 designIP中
|
|
* rule 2. 現在正在本機執行admin
|
|
* rule 3. 如果(rule 1成立), 且IP是127.0.0.1, 但(rule2 不成立)
|
|
* 注意: 若是在客戶自架主機, 必需拿掉web.config的127.0.01
|
|
* 應檢查: 在校稿區的行為是否如預期
|
|
*/
|
|
string designIP = (ConfigurationManager.AppSettings["designIP"] ?? "").ToString();
|
|
string[] IP = (string[])designIP.Split(',').Where(q => !string.IsNullOrEmpty(q)).ToArray();
|
|
string myip = ip.Get();
|
|
bool inDesign = false;
|
|
bool chk = false;
|
|
string[] nowUrl = HttpContext.Current.Request.Url.AbsoluteUri.Split('/');
|
|
//新寫法
|
|
if (IP.Length>0)
|
|
{
|
|
inDesign = Array.Exists(nowUrl, q => q.StartsWith("localhost"))
|
|
&& Array.Exists(nowUrl, q => q.Equals("admin"));//rule 2
|
|
chk = Array.Exists(IP, q => q.Equals(myip));//rule 1
|
|
chk &= !(!inDesign && Array.Exists(IP, q => q.Equals("127.0.0.1")));//rule 3
|
|
}
|
|
return chk;
|
|
}
|
|
|
|
}
|
|
}
|