www.gusucode.com > CC校友录贴吧 CCBar源码程序asp编程 > inc/customer/inc_customer_action.asp
<!-- #include file = "../inc_action.asp" -->
<%
'===================================================================
'= ASP FILENAME : /inc/inc_action.asp
'= CREATED TIME : 2006-4-17 11:10
'= LAST MODIFIED: 2006-4-17 11:10
'= VERSION INFO : CCASP Framework Ver 2.0.1 ALL RIGHTS RESERVED BY www.cclinux.com
'= DESCRIPTION : Action处理
'= Change Log:
'===================================================================
'====================================================================
'= Function : ActionFilter
'= Time : Created At 2206/05/02
'= Input :
'= Description : 用户请求校验与分拣
'= Change Log :
'= 2006-7-20 增加非法字符校验
'===================================================================
Function ActionFilter(strPageName,strAction)
Dim i
Dim blnAuthFlag : blnAuthFlag = True '== 不需要做权限校验的页面
Dim strActionName '== 请求名
Dim strActionFile '== 所属文件
Dim intActionType '== 请求类型 0--show 1--pure execute
'== 若未加载则需即可加载才能使用
If Application(GBL_strCookieURL & "APP_ConfigLoaded") = "" Or IsNull(Application(GBL_strCookieURL & "APP_ConfigLoaded")) Then
Call LoadParaLogic()
End If
'== 贴吧相关
GBL_strForumMasterName = Application(GBL_strCookieURL & "strForumMasterName")
GBL_strForumMasterAccount = Application(GBL_strCookieURL & "strForumMasterAccount")
GBL_strForumMasterId = Application(GBL_strCookieURL & "strForumMasterId")
'== 网站公告
GBL_strWebBoard = Application(GBL_strCookieURL & "APP_strBoard")
GBL_strWebReg = Application(GBL_strCookieURL & "APP_strReg")
GBL_intAlbumMaxSize = Application(GBL_strCookieURL & "APP_intAlbumSize")
'== for cc test
GBL_strUserRole = GBL_strUserAction
If GBL_intUserId = 0 Then
Dim strUser,strPwd
strUser = Trim(Request.Cookies(GBL_strCookieURL)("user"))
strPwd = Trim(Request.Cookies(GBL_strCookieURL)("pass"))
If CheckPass(strUser,strPwd,1) Then
Call ActionOver()
Response.Redirect GBL_strHomeUrl & "user/user_info_show.asp"
Exit Function
Else
'== destory cookie
Response.Cookies(GBL_strCookieURL)("user") = ""
Response.Cookies(GBL_strCookieURL)("pass") = ""
Response.Cookies(GBL_strCookieURL).Expires = Date - 1
If Not ParseActionNoAuth(strAction,strActionName,intActionType,strActionFile) Then
Call ActionOver()
Response.Redirect GBL_strHomeUrl & "user/user_login_form.asp"
Exit Function
End If
End If
End If
'== 更新在线用户情况
'If Not GetNowOnline() Then
' Exit Function
'End If
'== 不需要做权限校验的页面
If Not ParseActionNoAuth(strAction,strActionName,intActionType,strActionFile) Then
blnAuthFlag = True
Else
blnAuthFlag = False
End If
'== 权限校验
If blnAuthFlag = True Then
If Not ParseAction(strAction,strActionName,intActionType,strActionFile) Then
If GBL_intUserId = 0 Or IsNull(GBL_intUserId) Then '== 未登陆则返回登陆页
Call ActionOver()
Response.Redirect GBL_strHomeUrl & "user/user_login_form.asp"
Response.End
Exit Function
Else '== 登陆则错误提示
Call GBL_objException.catchErr(E_USER_PUB,"该页面不存在或您没有访问权限")
Exit Function
End If
End If
End If
'== 非法数据校验
If CTL_FORBIDDEN_VALID Then
Call ForSqlForm()
End If
'== 执行逻辑
If intActionType = 1 Then
Call ActionExecute(strAction)
Call ExceptionExecute()
ElseIf intActionType = 0 Then
'== 当页显示成功信息模式
If GBL_intSuccType = 3 Then
GBL_strSuccInfoHint = Trim(Request.QueryString("succInfo"))
End If
'== 加载页面
Call LoadPageTpl()
Call ExceptionExecute()
Else
Call GBL_objException.catchErr(E_USER_PUB,"错误的页面请求")
Exit Function
End If
End Function
'===================================================================
'= Function : ActionAuThenCheck(intAuThen)
'= Time : Created At 2006-5-3
'= Input : None
'= Description : 用户访问权限校验
'===================================================================
Function ActionAuThenCheck(intAuThen)
Dim intAuthenNow
Dim strUser,strPwd
strUser = Trim(Request.Cookies(GBL_strCookieURL)("user"))
strPwd = Trim(Request.Cookies(GBL_strCookieURL)("pass"))
If Not IsEmpty(Session(GBL_strCookieURL & "SEN_strUserAuThen")) Then
If IsNumeric(Session(GBL_strCookieURL & "SEN_strUserAuThen")) Then
intAuthenNow = Cint(Session(GBL_strCookieURL & "SEN_strUserAuThen"))
Else
intAuthenNow = -1
End If
Else
intAuthenNow = -1
End If
'== open for all (include guest)
If intAuThen = 9 Then
If CONST_PAGE_FILE = "user/user_login_form.asp" Or CONST_PAGE_FILE = "user/user_announce.asp" Or CONST_PAGE_FILE = "user/user_reg_form.asp" Then
Exit Function
End If
'== check cookie exsit
If (Not IsEmpty(strUser)) And _
(strUser <> "") And _
Not IsEmpty(strPwd) And _
(strPwd <> "") And _
(IsEmpty(Session(GBL_strCookieURL & "SEN_UserId")) Or _
Session(GBL_strCookieURL & "SEN_UserId") = "") _
Then
If CheckPass(strUser,strPwd,1) Then
Set GBL_objPubDB = Nothing
Response.Redirect GBL_strHomeUrl & "user/user_info_show.asp?action=ShowUserAllInfo"
Exit Function
Else
'== destory cookie
Response.Cookies(GBL_strCookieURL)("user") = ""
Response.Cookies(GBL_strCookieURL)("pass") = ""
Response.Cookies(GBL_strCookieURL).Expires = Date - 1
Set GBL_objPubDB = Nothing
Response.Redirect GBL_strHomeUrl & "user/user_login_form.asp?action=FormUserLogin"
Exit Function
End If
Else
Exit Function
End If
End If
'== check the comm user
If IsEmpty(Session(GBL_strCookieURL & "SEN_strUserRealName")) Or _
IsEmpty(Session(GBL_strCookieURL & "SEN_UserId")) Or _
IsEmpty(Session(GBL_strCookieURL & "SEN_strUserAccount")) Or _
Session(GBL_strCookieURL & "SEN_strUserRealName") = "" Or _
Session(GBL_strCookieURL & "SEN_UserId") = "" Or _
Session(GBL_strCookieURL & "SEN_strUserAccount") = "" Then
If CheckPass(strUser,strPwd,1) Then
Set GBL_objPubDB = Nothing
Response.Redirect GBL_strHomeUrl & "user/user_info_show.asp?action=ShowUserAllInfo"
Exit Function
Else
Set GBL_objPubDB = Nothing
Response.Redirect GBL_strHomeUrl & "user/user_login_form.asp?action=FormUserLogin"
Exit Function
End If
End If
'== check the administrator
If intAuThen = 1 Then
If intAuthenNow <> intAuThen Then
Call ResultExecute(18,"管理员权限","ES_ERR")
Exit Function
End If
End If
End Function
'===================================================================
'= Function : ParseAction
'= Time : Created At 2006-5-3
'= Input : None
'= Description : 解析权限字符串
'===================================================================
Function ParseAction(strNowAction,ByRef strActionName,ByRef intActionType,ByRef strActionFile)
Dim objReg,Matches,strTmp,arrTmp,Item
Dim strActionStr '== 目前的权限校验字符串
'== 检验是否登陆
If GBL_intUserId <> "" And GBL_strUserRole <> "" Then
strActionStr = GBL_strUserRole & "|||"
Else
strActionStr = GBL_strDefaultUserRole & "|||"
End If
Set objReg = new RegExp ' 建立正则表达式
objReg.IgnoreCase = true ' 忽略大小写
objReg.Global = false ' 设置全局可用
objReg.Pattern = "\|\|\|" & strNowAction & "(.|\n)*?\|\|\|"
Set Matches = objReg.Execute(strActionStr)
strTmp = ""
For Each Item in Matches
strTmp = strTmp & Item.Value
Next
Set objReg = Nothing
Set Matches = Nothing
Set Item = Nothing
If Trim(strTmp) = "" Then
ParseAction = False '== 不存在该权限
Exit Function
Else
strTmp = Replace(strTmp,"|||","")
strTmp = Replace(strTmp,strNowAction,"")
arrTmp = Split(strTmp,"|")
strActionName = arrTmp(1)
strActionFile = arrTmp(2)
intActionType = arrTmp(3)
End If
ParseAction = True
End Function
'===================================================================
'= Function : ParseActionNoAuth
'= Time : Created At 2006-5-4
'= Input : None
'= Description : 解析非权限校验权限字符串
'===================================================================
Function ParseActionNoAuth(strNowAction,ByRef strActionName,ByRef intActionType,ByRef strActionFile)
Dim objReg,Matches,strTmp,arrTmp,Item
Dim strActionStr '== 目前的权限校验字符串
strActionStr = GBL_strUserActionNoAuth & "|||"
Set objReg = new RegExp ' 建立正则表达式
objReg.IgnoreCase = true ' 忽略大小写
objReg.Global = false ' 设置全局可用
objReg.Pattern = "\|\|\|" & strNowAction & "(.|\n)*?\|\|\|"
Set Matches = objReg.Execute(strActionStr)
strTmp = ""
For Each Item in Matches
strTmp = strTmp & Item.Value
Next
Set objReg = Nothing
Set Matches = Nothing
Set Item = Nothing
If Trim(strTmp) = "" Then
ParseActionNoAuth = False '== 不存在该权限
Exit Function
Else
strTmp = Replace(strTmp,"|||","")
strTmp = Replace(strTmp,strNowAction,"")
arrTmp = Split(strTmp,"|")
strActionName = arrTmp(1)
strActionFile = arrTmp(2)
intActionType = arrTmp(3)
End If
ParseActionNoAuth = True
End Function
'=====================================================================
'= Function : GetNowOnline()
'= Time : Created At 2006-5-3
'= Input : None
'= Description : 统计用户在线情况
'=====================================================================
Function GetNowOnline()
Exit Function
Dim clsTable
Dim intOnline '== now online all
Dim intOnlineUser '== now online user
Dim intOnlineGuest '== now online guest
Dim strGetIp,intSessionId
If GBL_intHomeViewCount = 1 And CONST_PAGE_FILE <> "/index1.asp" Then
GetNowOnline = True
Exit Function
End If
GBL_objPubDB.Clear()
GBL_objPubDB.TableName = "CLASS_ONLINE"
GBL_objPubDB.SQLType = "DELETE"
If CONST_DB_TYPE = 1 Or CONST_DB_TYPE = 2 Then
GBL_objPubDB.Where = "ONLINE_ACTIVE_TIME<'" & Cstr(DateAdd("n",-20,Now())) & "' "
Else
GBL_objPubDB.Where = "ONLINE_ACTIVE_TIME<#" & Cstr(DateAdd("n",-20,Now())) & "# "
End If
If Not GBL_objPubDB.SQLExecute() Then
GetNowOnline = False
Exit Function
End If
GBL_objPubDB.Clear()
GBL_objPubDB.TableName = "CLASS_ONLINE"
GBL_objPubDB.SQLType = "SELECT"
GBL_objPubDB.Where = "ONLINE_SESSION_ID=" & Session.SessionId
GBL_objPubDB.AddField "*",""
If Not GBL_objPubDB.SQLRSExecute() Then
GetNowOnline = False
Exit Function
End If
If GBL_objPubDB.intRSNum = 0 Then
GBL_objPubDB.Clear()
GBL_objPubDB.TableName = "CLASS_ONLINE"
GBL_objPubDB.SQLType = "INSERT"
GBL_objPubDB.AddField "ONLINE_USER","guest"
GBL_objPubDB.AddField "ONLINE_LOGIN_TIME",Now()
GBL_objPubDB.AddField "ONLINE_USER_AUTHEN",3
GBL_objPubDB.AddField "ONLINE_SESSION_ID",Session.SessionId
GBL_objPubDB.AddField "ONLINE_ACTIVE_TIME",Now()
If Not GBL_objPubDB.SQLExecute() Then
GetNowOnline = False
Exit Function
End If
Else
intSessionId = GBL_objPubDB.objPubRS("ONLINE_SESSION_ID")
GBL_objPubDB.Clear()
GBL_objPubDB.TableName = "CLASS_ONLINE"
GBL_objPubDB.SQLType = "UPDATE"
GBL_objPubDB.Where = "ONLINE_SESSION_ID=" & intSessionId
If Session(GBL_strCookieURL & "SEN_strUserRealName") = "" Or IsNull(Session(GBL_strCookieURL & "SEN_strUserRealName")) Then
GBL_objPubDB.AddField "ONLINE_USER","guest"
GBL_objPubDB.AddField "ONLINE_USER_AUTHEN",3
Else
GBL_objPubDB.AddField "ONLINE_USER",Session(GBL_strCookieURL & "SEN_strUserRealName")
GBL_objPubDB.AddField "ONLINE_USER_AUTHEN",0
GBL_objPubDB.AddField "ONLINE_USER_ID",GBL_intUserId
End If
GBL_objPubDB.AddField "ONLINE_ACTIVE_TIME",Now()
If Not GBL_objPubDB.SQLExecute() Then
GetNowOnline = False
Exit Function
End If
End If
GetNowOnline = True
End Function
'===================================================================
'= Function : ViewCount
'= Time : Created At 2006-5-3
'= Input : strPageName : the count page name
'= Description : 统计每页访问情况
'===================================================================
Function ViewCount()
Dim strUserIp
Dim intMonth,intDay,intTotal
Dim intLastMonth,intLastDay
'== 是否只能首页统计访问量
If GBL_intHomeViewCount = 0 AND CONST_PAGE_FILE <> "/index1.asp" Then
ViewCount = True
Exit Function
End If
GBL_objPubDB.Clear()
GBL_objPubDB.TableName = "CLASS_COUNT"
GBL_objPubDB.SQLType = "SELECT"
GBL_objPubDB.Where = "COUNT_PAGE_NAME='" & CONST_PAGE_FILE & "' AND COUNT_POST_NAME='" & CONST_ACTION_FUNC & "'"
GBL_objPubDB.AddField "COUNT_ID",""
If Not GBL_objPubDB.SQLRSExecute() Then
ViewCount = False
Exit Function
End If
If GBL_objPubDB.intRSNum <> 1 Then
'== delete all record
GBL_objPubDB.Clear()
GBL_objPubDB.TableName = "CLASS_COUNT"
GBL_objPubDB.SQLType = "DELETE"
GBL_objPubDB.Where = "COUNT_PAGE_NAME='" & CONST_PAGE_FILE & "' AND COUNT_POST_NAME='" & CONST_ACTION_FUNC & "'"
If Not GBL_objPubDB.SQLExecute() Then
ViewCount = False
Exit Function
End If
'== insert a new formatted record
GBL_objPubDB.Clear()
GBL_objPubDB.TableName = "CLASS_COUNT"
GBL_objPubDB.SQLType = "INSERT"
GBL_objPubDB.AddField "COUNT_PAGE_NAME",CONST_PAGE_FILE
GBL_objPubDB.AddField "COUNT_POST_NAME",CONST_ACTION_FUNC
If Not GBL_objPubDB.SQLExecute() Then
ViewCount = False
Exit Function
End If
End If
GBL_objPubDB.Clear()
GBL_objPubDB.TableName = "CLASS_COUNT"
GBL_objPubDB.SQLType = "SELECT"
GBL_objPubDB.AddField "*",""
GBL_objPubDB.Where = "COUNT_PAGE_NAME='" & CONST_PAGE_FILE & "' AND COUNT_POST_NAME='" & CONST_ACTION_FUNC & "'"
If Not GBL_objPubDB.SQLRSExecute() Then
ViewCount = False
Exit Function
End If
If GBL_objPubDB.intRSNum > 0 Then
intLastMonth = GBL_objPubDB.objPubRS("COUNT_LAST_MONTH")
intLastDay = GBL_objPubDB.objPubRS("COUNT_LAST_DAY")
intMonth = GBL_objPubDB.objPubRS("COUNT_MONTH")
intDay = GBL_objPubDB.objPubRS("COUNT_DAY")
intTotal = GBL_objPubDB.objPubRS("COUNT_TOTAL_VIEW")
'== set show value of view count and begin time
GBL_intHomeCount = intTotal
GBL_intHomeLastViewCount = intLastDay
GBL_intHomeTodayViewCount = intDay
GBL_strHomeViewBegin = GBL_objPubDB.objPubRS("COUNT_ADD_TIME")
If Cstr(Month(GBL_objPubDB.objPubRS("COUNT_LAST_TIME"))) <> Cstr(Month(Date())) Then
intLastMonth = GBL_objPubDB.objPubRS("COUNT_MONTH")
intMonth = 1
Else
If Cstr(Day(GBL_objPubDB.objPubRS("COUNT_LAST_TIME"))) <> Cstr(Day(Date())) Then
intLastDay = GBL_objPubDB.objPubRS("COUNT_DAY")
intDay = 1
End If
End If
GBL_objPubDB.Clear()
GBL_objPubDB.TableName = "CLASS_COUNT"
GBL_objPubDB.SQLType = "UPDATE"
GBL_objPubDB.Where = "COUNT_PAGE_NAME='" & CONST_PAGE_FILE & "' AND COUNT_POST_NAME='" & CONST_ACTION_FUNC & "'"
GBL_objPubDB.AddField "COUNT_TOTAL_VIEW",intTotal + 1
GBL_objPubDB.AddField "COUNT_DAY",intDay + 1
GBL_objPubDB.AddField "COUNT_MONTH",intMonth + 1
GBL_objPubDB.AddField "COUNT_LAST_TIME",Now()
GBL_objPubDB.AddField "COUNT_LAST_MONTH",intLastMonth
GBL_objPubDB.AddField "COUNT_LAST_DAY",intLastDay
If Not GBL_objPubDB.SQLExecute() Then
ViewCount = False
Exit Function
End If
End If
ViewCount = True
End Function
%>