SCP
/
SCPBJBQ
7
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

北汽scp 验证码 提示 权限漏洞 + 查看3000条

master
qian 1 year ago
parent
d4d3301ea0
commit
d0965f84d2
14 changed files with 494 additions and 165 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      北京北汽/Controller/SCP_LOGINNUMBER_CONTROLLER.cs
  2. 100
      北京北汽/SCP/Business/PageBase.cs
  3. 20
      北京北汽/SCP/Views/BasicData/Part.aspx.cs
  4. 22
      北京北汽/SCP/Views/BasicData/Price.aspx.cs
  5. 20
      北京北汽/SCP/Views/BasicData/PriceUpdate.aspx.cs
  6. 20
      北京北汽/SCP/Views/BasicData/SCP_RECIVE_PORT.aspx.cs
  7. 2
      北京北汽/SCP/Views/BasicData/SCP_TA_VEND_PART.aspx.cs
  8. 20
      北京北汽/SCP/Views/BasicData/SCP_TB_Address.aspx.cs
  9. 25
      北京北汽/SCP/Views/BasicData/Supplier.aspx.cs
  10. 7
      北京北汽/SCP/Views/SupplierData/SCP_RECEIVE_LIST.aspx
  11. 37
      北京北汽/SCP/Views/SupplierData/SCP_RECEIVE_LIST.aspx.cs
  12. 184
      北京北汽/SCP/default_hb.aspx
  13. 85
      北京北汽/SCP/default_hb.aspx.cs
  14. 13
      北京北汽/SCP/default_hb.aspx.designer.cs

2
北京北汽/Controller/SCP_LOGINNUMBER_CONTROLLER.cs
View File

@ -36,7 +36,7 @@ namespace CK.SCP.Controller
if (user == null) if (user == null)
{ {
_ret.MessageList.Add("用户名"+ username+"不存在,请输入正确用户名"); _ret.MessageList.Add("用户名或密码错误!");
} }
else else
{ {

100
北京北汽/SCP/Business/PageBase.cs
View File

@ -28,6 +28,9 @@ using NPOI.XSSF.UserModel;
using NPOI.SS.Util; using NPOI.SS.Util;
using static CK.SCP.Controller.SCP_COM_CONTROLLER; using static CK.SCP.Controller.SCP_COM_CONTROLLER;
using CK.SCP.Models.Enums; using CK.SCP.Models.Enums;
using SCP.Common;
using System.Drawing.Imaging;
using System.Drawing;
namespace SCP namespace SCP
{ {
@ -1712,7 +1715,8 @@ namespace SCP
try try
{ {
EpPlusHelper _helper = new EpPlusHelper(); EpPlusHelper _helper = new EpPlusHelper();
_helper.ExportExcelCompleted += (filePath,fileName) => { _helper.ExportExcelCompleted += (filePath, fileName) =>
{
Alert.Show($"<a href=\'/exportfiles/{fileName}\'>{fileName}</a>", "文件导出成功,请点击文件名下载", MessageBoxIcon.Information); Alert.Show($"<a href=\'/exportfiles/{fileName}\'>{fileName}</a>", "文件导出成功,请点击文件名下载", MessageBoxIcon.Information);
@ -1735,5 +1739,99 @@ namespace SCP
} }
} }
/// <summary>
/// 当前账号页面列表
/// </summary>
/// <param name="id"></param>
/// <returns></returns>
public static List<string> GetMenus(int Id)
{
List<string> Menus = new List<string>();
using (AppBoxContext db = EntitiesFactory.CreateAppBoxInstance())
{
StringBuilder _buffer = new StringBuilder();
_buffer.Append(" select Name from Menus where ViewPowerID in( ");
_buffer.Append(" select powerID from RolePowers where RoleID in( ");
_buffer.AppendFormat(" select RoleID from RoleUsers where UserID = '{0}' )) ", Id);
Menus = db.Database.SqlQuery<string>(_buffer.ToString()).ToList();
}
return Menus;
}
/// <summary>
/// 生成验证码
/// </summary>
/// <param name="lengths">长度</param>
/// <returns></returns>
public static string RandomVerificationCode(int lengths)
{
string[] chars = new string[] { "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "P", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z" };
string code = "";
Random random = new Random();
for (int i = 0; i < lengths; i++)
{
code += chars[random.Next(chars.Length)];
}
return code;
}
/// <summary>
/// 绘制验证码
/// </summary>
/// <param name="code"></param>
/// <returns></returns>
public static Bitmap DrawImage(string code)
{
Color[] colors = {
Color.Red, Color.OrangeRed,Color.SaddleBrown,
Color.LimeGreen,Color.Green,Color.MediumAquamarine,
Color.Blue,Color.MediumOrchid,Color.Black,
Color.DarkBlue,Color.Orange,Color.Brown,
Color.DarkCyan,Color.Purple
};
string[] fonts = { "Verdana", "Microsoft Sans Serif", "Comic Sans MS", "Arial", "宋体" };
Random random = new Random();
// 创建一个 Bitmap 图片类型对象
Bitmap bitmap = new Bitmap(code.Length * 18, 32);
// 创建一个图形画笔
Graphics graphics = Graphics.FromImage(bitmap);
// 将图片背景填充成白色
graphics.Clear(Color.White);
// 绘制验证码噪点
for (int i = 0; i < random.Next(60, 80); i++)
{
int pointX = random.Next(bitmap.Width);
int pointY = random.Next(bitmap.Height);
graphics.DrawLine(new Pen(Color.LightGray, 1), pointX, pointY, pointX + 1, pointY);
}
// 绘制验证码
for (int i = 0; i < code.Length; i++)
{
graphics.DrawString(
code.Substring(i, 1),
new Font(fonts[random.Next(fonts.Length)], 15, FontStyle.Bold),
new SolidBrush(colors[random.Next(colors.Length)]),
16 * i + 1,
random.Next(0, 5)
);
}
return bitmap;
}
/// <summary>
/// 返回图片
/// </summary>
/// <param name="bitmap"></param>
/// <returns></returns>
public static string BitmapToBase64Str(Bitmap bitmap)
{
using (MemoryStream memoryStream = new MemoryStream())
{
bitmap.Save(memoryStream, ImageFormat.Jpeg);
byte[] bytes = memoryStream.ToArray();
return Convert.ToBase64String(memoryStream.ToArray());
}
}
} }
} }

20
北京北汽/SCP/Views/BasicData/Part.aspx.cs
View File

@ -27,9 +27,29 @@ namespace SCP.BasicData
protected void Page_Load(object sender, EventArgs e) protected void Page_Load(object sender, EventArgs e)
{ {
if (!IsPostBack) if (!IsPostBack)
{
if (CurrentUser.ID != 0)
{
//读取 所有菜单列表
var mlist = GetMenus(CurrentUser.ID);
if (mlist.Count > 0 && mlist.Contains("零件档案"))
{ {
LoadData(); LoadData();
} }
else
{
Response.Write("当前用户没有操作该页面权限");
Response.End();
return;
}
}
else
{
Response.Write("当前用户没有操作该页面权限");
Response.End();
return;
}
}
} }
public void LoadData() public void LoadData()
{ {

22
北京北汽/SCP/Views/BasicData/Price.aspx.cs
View File

@ -24,6 +24,12 @@ namespace SCP.BasicData
protected void Page_Load(object sender, EventArgs e) protected void Page_Load(object sender, EventArgs e)
{ {
if (!IsPostBack) if (!IsPostBack)
{
if (CurrentUser.ID != 0)
{
//读取 所有菜单列表
var mlist = GetMenus(CurrentUser.ID);
if (mlist.Count > 0 && mlist.Contains("价格表管理"))
{ {
CheckRolesMenu(); CheckRolesMenu();
//DDL_IMPORT.DataSource = DB.Users.Where(p => p.Roles.Select(q => q.Name).Contains("采购人员")).Select(p=>p.Name); //DDL_IMPORT.DataSource = DB.Users.Where(p => p.Roles.Select(q => q.Name).Contains("采购人员")).Select(p=>p.Name);
@ -31,8 +37,20 @@ namespace SCP.BasicData
var site = CurrentUser.FactoryList.FirstOrDefault(); var site = CurrentUser.FactoryList.FirstOrDefault();
BindData(); BindData();
BindFactory(); BindFactory();
}
else
{
Response.Write("当前用户没有操作该页面权限");
Response.End();
return;
}
}
else
{
Response.Write("当前用户没有操作该页面权限");
Response.End();
return;
}
} }
} }
private void CheckRolesMenu() private void CheckRolesMenu()

20
北京北汽/SCP/Views/BasicData/PriceUpdate.aspx.cs
View File

@ -24,6 +24,12 @@ namespace SCP.BasicData
protected void Page_Load(object sender, EventArgs e) protected void Page_Load(object sender, EventArgs e)
{ {
if (!IsPostBack) if (!IsPostBack)
{
if (CurrentUser.ID != 0)
{
//读取 所有菜单列表
var mlist = GetMenus(CurrentUser.ID);
if (mlist.Count > 0 && mlist.Contains("价格单修改"))
{ {
CheckRolesMenu(); CheckRolesMenu();
//DDL_IMPORT.DataSource = DB.Users.Where(p => p.Roles.Select(q => q.Name).Contains("采购人员")).Select(p=>p.Name); //DDL_IMPORT.DataSource = DB.Users.Where(p => p.Roles.Select(q => q.Name).Contains("采购人员")).Select(p=>p.Name);
@ -31,6 +37,20 @@ namespace SCP.BasicData
BindData(); BindData();
BindFactory(); BindFactory();
} }
else
{
Response.Write("当前用户没有操作该页面权限");
Response.End();
return;
}
}
else
{
Response.Write("当前用户没有操作该页面权限");
Response.End();
return;
}
}
} }
private void CheckRolesMenu() private void CheckRolesMenu()
{ {

20
北京北汽/SCP/Views/BasicData/SCP_RECIVE_PORT.aspx.cs
View File

@ -19,11 +19,31 @@ namespace SCP.BasicData
protected void Page_Load(object sender, EventArgs e) protected void Page_Load(object sender, EventArgs e)
{ {
if (!IsPostBack) if (!IsPostBack)
{
if (CurrentUser.ID != 0)
{
//读取 所有菜单列表
var mlist = GetMenus(CurrentUser.ID);
if (mlist.Count > 0 && mlist.Contains("收货口管理"))
{ {
BindData(); BindData();
DDL_FACTORY.DataSource = ScpCache.FactoryList; DDL_FACTORY.DataSource = ScpCache.FactoryList;
DDL_FACTORY.DataBind(); DDL_FACTORY.DataBind();
} }
else
{
Response.Write("当前用户没有操作该页面权限");
Response.End();
return;
}
}
else
{
Response.Write("当前用户没有操作该页面权限");
Response.End();
return;
}
}
} }
public void BindData() public void BindData()

2
北京北汽/SCP/Views/BasicData/SCP_TA_VEND_PART.aspx.cs
View File

@ -146,7 +146,7 @@ namespace SCP.Views.BasicData
} }
protected void LinkButton_Click(object sender, EventArgs e) protected void LinkButton_Click(object sender, EventArgs e)
{ {
Alert.Show($"<a href=\'/uploadfiles/{".xls"}\'>{".xls"}</a>", "请点击文件名下载", MessageBoxIcon.Information); Alert.Show($"<a href=\'/uploadfiles/{".xlsx"}\'>{".xlsx"}</a>", "请点击文件名下载", MessageBoxIcon.Information);
} }
protected void Btn_Click(object sender, EventArgs e) protected void Btn_Click(object sender, EventArgs e)

20
北京北汽/SCP/Views/BasicData/SCP_TB_Address.aspx.cs
View File

@ -19,11 +19,31 @@ namespace SCP.Views.BasicData
protected void Page_Load(object sender, EventArgs e) protected void Page_Load(object sender, EventArgs e)
{ {
if (!IsPostBack) if (!IsPostBack)
{
if (CurrentUser.ID != 0)
{
//读取 所有菜单列表
var mlist = GetMenus(CurrentUser.ID);
if (mlist.Count > 0 && mlist.Contains("收货信息管理(重庆专用)"))
{ {
BindData(); BindData();
TranslatorAgent(Grid1); TranslatorAgent(Grid1);
TranslatorAgents(Toolbar1); TranslatorAgents(Toolbar1);
} }
else
{
Response.Write("当前用户没有操作该页面权限");
Response.End();
return;
}
}
else
{
Response.Write("当前用户没有操作该页面权限");
Response.End();
return;
}
}
} }
// //
public void BindData() public void BindData()

25
北京北汽/SCP/Views/BasicData/Supplier.aspx.cs
View File

@ -18,6 +18,7 @@ using NPOI.HSSF.UserModel;
using NPOI.SS.UserModel; using NPOI.SS.UserModel;
using CK.SCP.Models; using CK.SCP.Models;
using CK.SCP.Models.ScpEntity.ExcelExportEnttity; using CK.SCP.Models.ScpEntity.ExcelExportEnttity;
using System.Web.Security;
namespace SCP.BasicData namespace SCP.BasicData
{ {
@ -28,8 +29,28 @@ namespace SCP.BasicData
protected void Page_Load(object sender, EventArgs e) protected void Page_Load(object sender, EventArgs e)
{ {
if (!IsPostBack) if (!IsPostBack)
{
if (CurrentUser.ID != 0)
{
//读取 所有菜单列表
var mlist = GetMenus(CurrentUser.ID);
if (mlist.Count > 0 && mlist.Contains("供应商档案"))
{ {
BindData(); BindData();
}
else
{
Response.Write("当前用户没有操作该页面权限");
Response.End();
return;
}
}
else
{
Response.Write("当前用户没有操作该页面权限");
Response.End();
return;
}
// BtnAdd.OnClientClick = Window1.GetShowReference("/BasicData/SupplierEdit.aspx", "新增"); // BtnAdd.OnClientClick = Window1.GetShowReference("/BasicData/SupplierEdit.aspx", "新增");
} }
} }
@ -43,9 +64,9 @@ namespace SCP.BasicData
DPL_Factory.DataSource = _ls; DPL_Factory.DataSource = _ls;
DPL_Factory.DataBind(); DPL_Factory.DataBind();
// _list = SCP_TB_VENDER_CONTROLLER.Getlist(); // _list = SCP_TB_VENDER_CONTROLLER.Getlist();
var list = new List<TA_VENDER>();
_list = SearchData(); _list = SearchData();
var list = Sort<TA_VENDER>(_list.AsQueryable(), Grid1); list = Sort<TA_VENDER>(_list.AsQueryable(), Grid1).ToList();
Grid1.DataSource = list; Grid1.DataSource = list;
Grid1.RecordCount = list.Count(); Grid1.RecordCount = list.Count();
Grid1.DataBind(); Grid1.DataBind();

7
北京北汽/SCP/Views/SupplierData/SCP_RECEIVE_LIST.aspx
View File

@ -165,10 +165,11 @@
<f:ListItem Text="200" Value="200" /> <f:ListItem Text="200" Value="200" />
<f:ListItem Text="500" Value="500" /> <f:ListItem Text="500" Value="500" />
<f:ListItem Text="1000" Value="1000" /> <f:ListItem Text="1000" Value="1000" />
<f:ListItem Text="3000" Value="3000" />
</f:DropDownList> </f:DropDownList>
</PageItems> </PageItems>
<Columns> <Columns>
<f:RowNumberField runat="server" ID="chb" HeaderText="行号" /> <f:RowNumberField runat="server" ID="chb" HeaderText="行号" width="40" />
<%-- <f:TemplateField HeaderText="否可开票" Width="120px" ColumnID="IsCheck"> <%-- <f:TemplateField HeaderText="否可开票" Width="120px" ColumnID="IsCheck">
@ -271,6 +272,10 @@
var selection = grid.getSelectionModel().getSelection(); var selection = grid.getSelectionModel().getSelection();
var store = grid.getStore(); var store = grid.getStore();
var total = 0; var total = 0;
if (grid.getSelectionModel().getCount() > 1000) {
window.alert("选择发票条数" + grid.getSelectionModel().getCount() +",超过发票允许条数(1000条)");
return;
}
$.each(selection, function (index, item) { $.each(selection, function (index, item) {
var rowIndex = store.indexOf(item); var rowIndex = store.indexOf(item);
var row = $(grid.body.el.dom).find('.x-grid-item').eq(rowIndex); var row = $(grid.body.el.dom).find('.x-grid-item').eq(rowIndex);

37
北京北汽/SCP/Views/SupplierData/SCP_RECEIVE_LIST.aspx.cs
View File

@ -25,7 +25,7 @@ namespace SCP.SupplierData
{ {
protected void Page_Load(object sender, EventArgs e) protected void Page_Load(object sender, EventArgs e)
{ {
IsRoleRight(); //IsRoleRight();
if (!IsPostBack) if (!IsPostBack)
{ {
TranslatorAgents(Toolbar2); TranslatorAgents(Toolbar2);
@ -402,6 +402,16 @@ namespace SCP.SupplierData
// return; // return;
// } // }
//} //}
if (Grid_V_TB_RECEIVE_LIST.SelectedRowIndexArray.Length == 0)
{
Alert.Show("请选择要创建发票的记录!");
return;
}
if (Grid_V_TB_RECEIVE_LIST.SelectedRowIndexArray.Length > 1000)
{
Alert.Show("选择发票条数" + Grid_V_TB_RECEIVE_LIST.SelectedRowIndexArray.Length + ",超过发票允许条数(1000条)");
return;
}
CreateInvoice("0"); CreateInvoice("0");
} }
private void CreateInvoice(string p_all) private void CreateInvoice(string p_all)
@ -428,11 +438,16 @@ namespace SCP.SupplierData
SearchData((rs) => SearchData((rs) =>
{ {
string IsCreate = "0"; string IsCreate = "0";
if (Grid_V_TB_RECEIVE_LIST.SelectedRowIndexArray.Length == 0) //if (Grid_V_TB_RECEIVE_LIST.SelectedRowIndexArray.Length == 0)
{ //{
Alert.Show("请选择要创建发票的记录!"); // Alert.Show("请选择要创建发票的记录!");
return; // return;
} //}
//if (Grid_V_TB_RECEIVE_LIST.SelectedRowIndexArray.Length > 1000)
//{
// Alert.Show("选择发票条数"+ Grid_V_TB_RECEIVE_LIST.SelectedRowIndexArray.Length + ",超过发票允许条数(1000条)");
// return;
//}
string IDS = ""; string IDS = "";
List<string> _list = new List<string>(); List<string> _list = new List<string>();
List<string> _projectList = new List<string>(); List<string> _projectList = new List<string>();
@ -720,6 +735,16 @@ namespace SCP.SupplierData
Alert.Show("收货月份不能为空!"); Alert.Show("收货月份不能为空!");
return; return;
} }
if (Grid_V_TB_RECEIVE_LIST.SelectedRowIndexArray.Length == 0)
{
Alert.Show("请选择要创建发票的记录!");
return;
}
if (Grid_V_TB_RECEIVE_LIST.SelectedRowIndexArray.Length > 1000)
{
Alert.Show("选择发票条数" + Grid_V_TB_RECEIVE_LIST.SelectedRowIndexArray.Length + ",超过发票允许条数(1000条)");
return;
}
CreateInvoice("1"); CreateInvoice("1");
} }

184
北京北汽/SCP/default_hb.aspx
View File

@ -57,9 +57,15 @@
<label runat="server" id="lab2"><%= GetResourceKey("密码") %></label><input type="password" runat="server" class="text" id="textPassword" placeholder="密码" name="textPassword" tabindex="5" onkeydown="keyDown(event)"> <label runat="server" id="lab2"><%= GetResourceKey("密码") %></label><input type="password" runat="server" class="text" id="textPassword" placeholder="密码" name="textPassword" tabindex="5" onkeydown="keyDown(event)">
</div> </div>
<div class="yzm" id="div_20"> <div class="yzm" id="div_20">
<label runat="server" id="Label2" style="font-size:14px;margin-top:4px;margin-left:4px"><%= GetResourceKey("验证码") %></label><input type="text" runat="server" class="text" id="inputValue" placeholder="验证码(不区分大小写)" name="textPassword" tabindex="5" onkeydown="keyDown(event)" style="width:120px;height:16px;margin-left:2px;margin-top:18px "> <label runat="server" id="Label2" style="font-size:14px;margin-top:4px;margin-left:4px"><%= GetResourceKey("验证码") %></label>
<input type="text" runat="server" class="text" id="inputValue" placeholder="验证码(不区分大小写)" name="textPassword" tabindex="5" onkeydown="keyDown(event)" style="width:120px;height:16px;margin-left:2px;margin-top:18px ">
<%-- <canvas id="c1" style="border:1px solid black; position: absolute; width:20%;height:18%;font-size:30px" runat="server" ></canvas>--%> <%-- <canvas id="c1" style="border:1px solid black; position: absolute; width:20%;height:18%;font-size:30px" runat="server" ></canvas>--%>
<canvas id="c1" width="100" height="30" style="position: absolute;height:10%;width:24%; left:65%;top:70%; border:1px solid black;font-weight:bold" runat="server" ></canvas> <%-- <canvas id="c1" width="100" height="30" style="position: absolute;height:10%;width:24%; left:65%;top:70%; border:1px solid black;font-weight:bold" runat="server" ></canvas>--%>
<f:Image runat="server" ID="img" />
<f:LinkButton CssStyle="float:left;margin-top:8px;" ID="btnRefresh" Text="看不清?"
runat="server" OnClick="btnRefresh_Click">
</f:LinkButton>
<br> <br>
</div> </div>
@ -120,100 +126,100 @@
<script type="text/javascript" src="res/js/fun.base.js"></script> <script type="text/javascript" src="res/js/fun.base.js"></script>
<script type="text/javascript" src="res/js/script.js"></script> <script type="text/javascript" src="res/js/script.js"></script>
<script type="text/javascript"> <script type="text/javascript">
$(function () { //$(function () {
// 存放随机的验证码 // // 存放随机的验证码
var showNum = [] // var showNum = []
draw(showNum) // draw(showNum)
$("#c1").click(function () { // $("#c1").click(function () {
draw(showNum) // draw(showNum)
}) // })
$("#btn_Login").click(function () { // $("#btn_Login").click(function () {
var s = $("#inputValue").val().toLowerCase() // var s = $("#inputValue").val().toLowerCase()
var s1 = showNum.join("") // var s1 = showNum.join("")
if (s != s1) { // if (s != s1) {
$("#Text1").val('false') // $("#Text1").val('false')
alert("验证码错误") // alert("验证码错误")
} else { // } else {
$("#Text1").val('') // $("#Text1").val('')
} // }
draw(showNum) // draw(showNum)
}) // })
// 封装一个把随机验证码放在画布上 // // 封装一个把随机验证码放在画布上
function draw(showNum) { // function draw(showNum) {
// 获取canvas // // 获取canvas
var canvas = $("#c1") // var canvas = $("#c1")
var ctx = canvas[0].getContext("2d") // var ctx = canvas[0].getContext("2d")
// 获取画布的宽高 // // 获取画布的宽高
var canvas_width = canvas.width() // var canvas_width = canvas.width()
var canvas_height = canvas.height() // var canvas_height = canvas.height()
// 清空之前绘制的内容 // // 清空之前绘制的内容
// 0,0清空的起始坐标 // // 0,0清空的起始坐标
// 矩形的宽高 // // 矩形的宽高
ctx.clearRect(0, 0, canvas_width, canvas_height) // ctx.clearRect(0, 0, canvas_width, canvas_height)
// 开始绘制 // // 开始绘制
var scode = "a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,1,2,3,4,5,6,7,8,9," // var scode = "a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,1,2,3,4,5,6,7,8,9,"
var arrCode = scode.split(",") // var arrCode = scode.split(",")
var arrLength = arrCode.length // var arrLength = arrCode.length
for (var i = 0; i < 4; i++) { // for (var i = 0; i < 4; i++) {
var index = Math.floor(Math.random() * arrCode.length) // var index = Math.floor(Math.random() * arrCode.length)
var txt = arrCode[index]//随机一个字符 // var txt = arrCode[index]//随机一个字符
showNum[i] = txt.toLowerCase()//转化为小写存入验证码数组 // showNum[i] = txt.toLowerCase()//转化为小写存入验证码数组
// 开始控制字符的绘制位置 // // 开始控制字符的绘制位置
var x = 10 + 20 * i //每一个验证码绘制的起始点x坐标 // var x = 10 + 20 * i //每一个验证码绘制的起始点x坐标
var y = 20 + Math.random() * 8// 起始点y坐标 // var y = 20 + Math.random() * 8// 起始点y坐标
ctx.font = "bold 20px 微软雅黑" // ctx.font = "bold 20px 微软雅黑"
// 开始旋转字符 // // 开始旋转字符
var deg = Math.random * -0.5 // var deg = Math.random * -0.5
// canvas 要实现绘制内容具有倾斜的效果,必须先平移,目的是把旋转点移动到绘制内容的地方 // // canvas 要实现绘制内容具有倾斜的效果,必须先平移,目的是把旋转点移动到绘制内容的地方
ctx.translate(x, y) // ctx.translate(x, y)
ctx.rotate(deg) // ctx.rotate(deg)
// 设置绘制的随机颜色 // // 设置绘制的随机颜色
ctx.fillStyle = randomColor() // ctx.fillStyle = randomColor()
ctx.fillText(txt, 0, 0) // ctx.fillText(txt, 0, 0)
// 把canvas复原 // // 把canvas复原
ctx.rotate(-deg) // ctx.rotate(-deg)
ctx.translate(-x, -y) // ctx.translate(-x, -y)
} // }
for (var i = 0; i < 30; i++) { // for (var i = 0; i < 30; i++) {
if (i < 5) { // if (i < 5) {
// 绘制线 // // 绘制线
ctx.strokeStyle = randomColor() // ctx.strokeStyle = randomColor()
ctx.beginPath() // ctx.beginPath()
//ctx.moveTo(Math.random() * canvas_width, Math.random() * canvas_height) // //ctx.moveTo(Math.random() * canvas_width, Math.random() * canvas_height)
//ctx.lineTo(Math.random() * canvas_width, Math.random() * canvas_height) // //ctx.lineTo(Math.random() * canvas_width, Math.random() * canvas_height)
ctx.stroke() // ctx.stroke()
} // }
// 绘制点 // // 绘制点
ctx.strokeStyle = randomColor() // ctx.strokeStyle = randomColor()
ctx.beginPath() // ctx.beginPath()
//var x = Math.random() * canvas_width // //var x = Math.random() * canvas_width
//var y = Math.random() * canvas_height // //var y = Math.random() * canvas_height
//ctx.moveTo(x, y) // //ctx.moveTo(x, y)
//ctx.lineTo(x + 1, y + 1) // //ctx.lineTo(x + 1, y + 1)
ctx.stroke() // ctx.stroke()
} // }
} // }
// 随机颜色 // // 随机颜色
function randomColor() { // function randomColor() {
var r = Math.floor(Math.random() * 256) // var r = Math.floor(Math.random() * 256)
var g = Math.floor(Math.random() * 256) // var g = Math.floor(Math.random() * 256)
var b = Math.floor(Math.random() * 256) // var b = Math.floor(Math.random() * 256)
return `rgb(${r},${g},${b})` // return `rgb(${r},${g},${b})`
} // }
}) //})
var _factoryValue = '<%= factoryValue.ClientID %>'; var _factoryValue = '<%= factoryValue.ClientID %>';
window.onload = function () window.onload = function ()
{ {

85
北京北汽/SCP/default_hb.aspx.cs
View File

@ -16,6 +16,8 @@ using CK.SCP.Common;
using System.Configuration; using System.Configuration;
using SCP.Code; using SCP.Code;
using CK.SCP.Models.Enums; using CK.SCP.Models.Enums;
using System.Drawing;
namespace SCP namespace SCP
{ {
public partial class default_hb : PageBase public partial class default_hb : PageBase
@ -62,13 +64,14 @@ namespace SCP
} }
} }
private void LoadData() private void LoadData( int? a =0)
{ {
// 如果用户已经登录,则重定向到管理首页 // 如果用户已经登录,则重定向到管理首页
if (User.Identity.IsAuthenticated) if (User.Identity.IsAuthenticated && a == 0)
{ {
Response.Redirect(FormsAuthentication.DefaultUrl); Response.Redirect(FormsAuthentication.DefaultUrl);
} }
img.ImageUrl = DrawToBase64(4);
} }
protected string GetFactoryName() protected string GetFactoryName()
{ {
@ -106,7 +109,6 @@ namespace SCP
{ {
string userName = textUserName.Value.Trim(); string userName = textUserName.Value.Trim();
string password = textPassword.Value.Trim(); string password = textPassword.Value.Trim();
LoadResouce(); LoadResouce();
Login(userName, password); Login(userName, password);
} }
@ -115,11 +117,30 @@ namespace SCP
} }
private void Login(string p_userName, string p_password) private void Login(string p_userName, string p_password)
{ {
HttpCookie cookie_checkingcode = Request.Cookies["ImageV"];
if (string.IsNullOrEmpty(textUserName.Value) || string.IsNullOrEmpty(textPassword.Value)) if (string.IsNullOrEmpty(textUserName.Value) || string.IsNullOrEmpty(textPassword.Value))
{ {
Alert.Show(GetResourceKey("用户名或密码不能为空!")); Alert.Show(GetResourceKey("用户名或密码不能为空!"));
cookie_checkingcode.Expires = DateTime.Now;
img.ImageUrl = DrawToBase64(4);
return; return;
} }
if (string.IsNullOrEmpty(inputValue.Value))
{
Alert.Show(GetResourceKey("验证码不能为空!"));
cookie_checkingcode.Expires = DateTime.Now;
img.ImageUrl = DrawToBase64(4);
return;
}
if (inputValue.Value.Trim().ToLower() != (cookie_checkingcode.Value.ToLower().ToString()))
{
Alert.Show(GetResourceKey("验证码错误!"));
cookie_checkingcode.Expires = DateTime.Now;
img.ImageUrl = DrawToBase64(4);
return;
}
User user = DB.Users.Where(u => u.Name == p_userName).FirstOrDefault(); User user = DB.Users.Where(u => u.Name == p_userName).FirstOrDefault();
if (user != null) if (user != null)
@ -127,6 +148,8 @@ namespace SCP
if (!user.Enabled) if (!user.Enabled)
{ {
Alert.Show(GetResourceKey("用户未启用,请联系管理员!")); Alert.Show(GetResourceKey("用户未启用,请联系管理员!"));
cookie_checkingcode.Expires = DateTime.Now;
img.ImageUrl = DrawToBase64(4);
return; return;
} }
if (PasswordUtil.ComparePasswords(user.Password, p_password)) if (PasswordUtil.ComparePasswords(user.Password, p_password))
@ -134,7 +157,6 @@ namespace SCP
String pattern = "(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])(?=.*[~!@#$%^&*_.]).{8,}"; String pattern = "(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])(?=.*[~!@#$%^&*_.]).{8,}";
if (!Regex.IsMatch(p_password, pattern)) if (!Regex.IsMatch(p_password, pattern))
{ {
@ -146,6 +168,8 @@ namespace SCP
if (this.textPassword1.Value.Trim() != textConfim.Value.Trim()) if (this.textPassword1.Value.Trim() != textConfim.Value.Trim())
{ {
Alert.Show(GetResourceKey("新密码与确认密码不一致!")); Alert.Show(GetResourceKey("新密码与确认密码不一致!"));
cookie_checkingcode.Expires = DateTime.Now;
img.ImageUrl = DrawToBase64(4);
return; return;
} }
else else
@ -153,6 +177,8 @@ namespace SCP
if (!Regex.IsMatch(this.textPassword1.Value.Trim(), pattern)) if (!Regex.IsMatch(this.textPassword1.Value.Trim(), pattern))
{ {
Alert.Show(GetResourceKey("新密码必须包含大小写字母,英文特殊符号~!@#$%^&*_中的一个和数字且不能少于8位!")); Alert.Show(GetResourceKey("新密码必须包含大小写字母,英文特殊符号~!@#$%^&*_中的一个和数字且不能少于8位!"));
cookie_checkingcode.Expires = DateTime.Now;
img.ImageUrl = DrawToBase64(4);
return; return;
} }
@ -163,6 +189,8 @@ namespace SCP
else else
{ {
Alert.Show(GetResourceKey("您的密码过于简单,请修改密码,新密码必须包含大小写字母,英文特殊符号~!@#$%^&*_中的一个和数字且不能少于8位!")); Alert.Show(GetResourceKey("您的密码过于简单,请修改密码,新密码必须包含大小写字母,英文特殊符号~!@#$%^&*_中的一个和数字且不能少于8位!"));
cookie_checkingcode.Expires = DateTime.Now;
img.ImageUrl = DrawToBase64(4);
return; return;
} }
} }
@ -173,12 +201,17 @@ namespace SCP
{ {
string date = DateTime.Now.ToShortDateString(); string date = DateTime.Now.ToShortDateString();
var ret = SCP_LOGINNUMBER_CONTROLLER.Save_TA_LOGINNUMBER(p_userName, LoginNumer.Sussess, date); var ret = SCP_LOGINNUMBER_CONTROLLER.Save_TA_LOGINNUMBER(p_userName, LoginNumer.Sussess, date);
// 成功就失效
cookie_checkingcode.Expires = DateTime.Now;
// 登录成功 // 登录成功
LoginSuccess(user); LoginSuccess(user);
} }
else else
{ {
Alert.Show("不是选定工厂下供应商"); Alert.Show("不是选定工厂下供应商");
cookie_checkingcode.Expires = DateTime.Now;
img.ImageUrl = DrawToBase64(4);
return; return;
} }
return; return;
@ -194,13 +227,16 @@ namespace SCP
} }
else else
{ {
Alert.Show(GetResourceKey("用户名或密码错误!")); Alert.Show(GetResourceKey("用户名或密码错误!"));
cookie_checkingcode.Expires = DateTime.Now;
img.ImageUrl = DrawToBase64(4);
var number = SCP_LOGINNUMBER_CONTROLLER.GetlistUserNumber(p_userName); var number = SCP_LOGINNUMBER_CONTROLLER.GetlistUserNumber(p_userName);
if (number != null) if (number != null)
{ {
if (number.Number < 5) if (number.Number < 5)
{ {
Text2.Value = "密码错误" + number.Number + "次24小时内错误5次账号将变为未启用状态!"; Text2.Value = "用户名或密码错误" + number.Number + "次24小时内错误5次账号将变为未启用状态!";
} }
} }
@ -222,12 +258,14 @@ namespace SCP
else else
{ {
Alert.Show(GetResourceKey("用户名或密码错误!")); Alert.Show(GetResourceKey("用户名或密码错误!"));
cookie_checkingcode.Expires = DateTime.Now;
img.ImageUrl = DrawToBase64(4);
var number = SCP_LOGINNUMBER_CONTROLLER.GetlistUserNumber(p_userName); var number = SCP_LOGINNUMBER_CONTROLLER.GetlistUserNumber(p_userName);
if (number != null) if (number != null)
{ {
if (number.Number < 5) if (number.Number < 5)
{ {
Text2.Value = "密码错误" + number.Number + "次24小时内错误五次账号将变为未启用状态!"; Text2.Value = "用户名或密码错误" + number.Number + "次24小时内错误五次账号将变为未启用状态!";
} }
} }
} }
@ -262,16 +300,15 @@ namespace SCP
roleIDs = String.Join(",", user.Roles.Select(r => r.ID).ToArray()); roleIDs = String.Join(",", user.Roles.Select(r => r.ID).ToArray());
} }
bool isPersistent = true; bool isPersistent = true;
DateTime expiration = DateTime.Now.AddMinutes(double.Parse(ConfigurationManager.AppSettings["SCP_TIME_OUT"])); DateTime expiration = DateTime.Now.AddSeconds(double.Parse(ConfigurationManager.AppSettings["SCP_TIME_OUT"]));
CreateFormsAuthenticationTicket(user.Name, roleIDs, isPersistent, expiration, user.UsedDomain); CreateFormsAuthenticationTicket(user.Name, roleIDs, isPersistent, expiration, user.UsedDomain);
var first = DB.Users.Where(p => p.Name == user.Name).FirstOrDefault(); var first = DB.Users.Where(p => p.Name == user.Name).FirstOrDefault();
if (first != null) if (first != null)
{ {
first.Remark = user.UsedDomain; first.Remark = user.UsedDomain;
DB.SaveChanges(); DB.SaveChanges();
} }
img.ImageUrl = DrawToBase64(4);
// 重定向到登陆后首页 // 重定向到登陆后首页
Response.Redirect(FormsAuthentication.DefaultUrl); Response.Redirect(FormsAuthentication.DefaultUrl);
} }
@ -418,6 +455,36 @@ namespace SCP
btn_pass.Attributes["value"] = "Forgot Password"; btn_pass.Attributes["value"] = "Forgot Password";
} }
#region
/// <summary>
/// 返回参数
/// </summary>
/// <param name="lengths"></param>
/// <returns></returns>
public string DrawToBase64(int lengths)
{
string code = RandomVerificationCode(lengths);
HttpCookie a = new HttpCookie("ImageV", code);
Response.Cookies.Add(a);
Bitmap png = DrawImage(code);
string r = "data:image/jpg;base64," + BitmapToBase64Str(png);
return r;
}
/// <summary>
/// 刷新验证码
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnRefresh_Click(object sender, EventArgs e)
{
LoadData(1);
}
#endregion
} }
} }

13
北京北汽/SCP/default_hb.aspx.designer.cs
View File

@ -213,13 +213,22 @@ namespace SCP
protected global::System.Web.UI.HtmlControls.HtmlInputText inputValue; protected global::System.Web.UI.HtmlControls.HtmlInputText inputValue;
/// <summary> /// <summary>
/// c1 控件。 /// img 控件。
/// </summary> /// </summary>
/// <remarks> /// <remarks>
/// 自动生成的字段。 /// 自动生成的字段。
/// 若要进行修改,请将字段声明从设计器文件移到代码隐藏文件。 /// 若要进行修改,请将字段声明从设计器文件移到代码隐藏文件。
/// </remarks> /// </remarks>
protected global::System.Web.UI.HtmlControls.HtmlGenericControl c1; protected global::FineUI.Image img;
/// <summary>
/// btnRefresh 控件。
/// </summary>
/// <remarks>
/// 自动生成的字段。
/// 若要进行修改,请将字段声明从设计器文件移到代码隐藏文件。
/// </remarks>
protected global::FineUI.LinkButton btnRefresh;
/// <summary> /// <summary>
/// Text1 控件。 /// Text1 控件。

Write Preview
Loading…
Cancel
Save