www.gusucode.com > CC校友录贴吧 CCBar源码程序asp编程 > inc/customer/inc_customer_action.asp
<!-- #include file = "../inc_action.asp" --> <% '=================================================================== '= ASP FILENAME : /inc/inc_action.asp '= CREATED TIME : 2006-4-17 11:10 '= LAST MODIFIED: 2006-4-17 11:10 '= VERSION INFO : CCASP Framework Ver 2.0.1 ALL RIGHTS RESERVED BY www.cclinux.com '= DESCRIPTION : Action处理 '= Change Log: '=================================================================== '==================================================================== '= Function : ActionFilter '= Time : Created At 2206/05/02 '= Input : '= Description : 用户请求校验与分拣 '= Change Log : '= 2006-7-20 增加非法字符校验 '=================================================================== Function ActionFilter(strPageName,strAction) Dim i Dim blnAuthFlag : blnAuthFlag = True '== 不需要做权限校验的页面 Dim strActionName '== 请求名 Dim strActionFile '== 所属文件 Dim intActionType '== 请求类型 0--show 1--pure execute '== 若未加载则需即可加载才能使用 If Application(GBL_strCookieURL & "APP_ConfigLoaded") = "" Or IsNull(Application(GBL_strCookieURL & "APP_ConfigLoaded")) Then Call LoadParaLogic() End If '== 贴吧相关 GBL_strForumMasterName = Application(GBL_strCookieURL & "strForumMasterName") GBL_strForumMasterAccount = Application(GBL_strCookieURL & "strForumMasterAccount") GBL_strForumMasterId = Application(GBL_strCookieURL & "strForumMasterId") '== 网站公告 GBL_strWebBoard = Application(GBL_strCookieURL & "APP_strBoard") GBL_strWebReg = Application(GBL_strCookieURL & "APP_strReg") GBL_intAlbumMaxSize = Application(GBL_strCookieURL & "APP_intAlbumSize") '== for cc test GBL_strUserRole = GBL_strUserAction If GBL_intUserId = 0 Then Dim strUser,strPwd strUser = Trim(Request.Cookies(GBL_strCookieURL)("user")) strPwd = Trim(Request.Cookies(GBL_strCookieURL)("pass")) If CheckPass(strUser,strPwd,1) Then Call ActionOver() Response.Redirect GBL_strHomeUrl & "user/user_info_show.asp" Exit Function Else '== destory cookie Response.Cookies(GBL_strCookieURL)("user") = "" Response.Cookies(GBL_strCookieURL)("pass") = "" Response.Cookies(GBL_strCookieURL).Expires = Date - 1 If Not ParseActionNoAuth(strAction,strActionName,intActionType,strActionFile) Then Call ActionOver() Response.Redirect GBL_strHomeUrl & "user/user_login_form.asp" Exit Function End If End If End If '== 更新在线用户情况 'If Not GetNowOnline() Then ' Exit Function 'End If '== 不需要做权限校验的页面 If Not ParseActionNoAuth(strAction,strActionName,intActionType,strActionFile) Then blnAuthFlag = True Else blnAuthFlag = False End If '== 权限校验 If blnAuthFlag = True Then If Not ParseAction(strAction,strActionName,intActionType,strActionFile) Then If GBL_intUserId = 0 Or IsNull(GBL_intUserId) Then '== 未登陆则返回登陆页 Call ActionOver() Response.Redirect GBL_strHomeUrl & "user/user_login_form.asp" Response.End Exit Function Else '== 登陆则错误提示 Call GBL_objException.catchErr(E_USER_PUB,"该页面不存在或您没有访问权限") Exit Function End If End If End If '== 非法数据校验 If CTL_FORBIDDEN_VALID Then Call ForSqlForm() End If '== 执行逻辑 If intActionType = 1 Then Call ActionExecute(strAction) Call ExceptionExecute() ElseIf intActionType = 0 Then '== 当页显示成功信息模式 If GBL_intSuccType = 3 Then GBL_strSuccInfoHint = Trim(Request.QueryString("succInfo")) End If '== 加载页面 Call LoadPageTpl() Call ExceptionExecute() Else Call GBL_objException.catchErr(E_USER_PUB,"错误的页面请求") Exit Function End If End Function '=================================================================== '= Function : ActionAuThenCheck(intAuThen) '= Time : Created At 2006-5-3 '= Input : None '= Description : 用户访问权限校验 '=================================================================== Function ActionAuThenCheck(intAuThen) Dim intAuthenNow Dim strUser,strPwd strUser = Trim(Request.Cookies(GBL_strCookieURL)("user")) strPwd = Trim(Request.Cookies(GBL_strCookieURL)("pass")) If Not IsEmpty(Session(GBL_strCookieURL & "SEN_strUserAuThen")) Then If IsNumeric(Session(GBL_strCookieURL & "SEN_strUserAuThen")) Then intAuthenNow = Cint(Session(GBL_strCookieURL & "SEN_strUserAuThen")) Else intAuthenNow = -1 End If Else intAuthenNow = -1 End If '== open for all (include guest) If intAuThen = 9 Then If CONST_PAGE_FILE = "user/user_login_form.asp" Or CONST_PAGE_FILE = "user/user_announce.asp" Or CONST_PAGE_FILE = "user/user_reg_form.asp" Then Exit Function End If '== check cookie exsit If (Not IsEmpty(strUser)) And _ (strUser <> "") And _ Not IsEmpty(strPwd) And _ (strPwd <> "") And _ (IsEmpty(Session(GBL_strCookieURL & "SEN_UserId")) Or _ Session(GBL_strCookieURL & "SEN_UserId") = "") _ Then If CheckPass(strUser,strPwd,1) Then Set GBL_objPubDB = Nothing Response.Redirect GBL_strHomeUrl & "user/user_info_show.asp?action=ShowUserAllInfo" Exit Function Else '== destory cookie Response.Cookies(GBL_strCookieURL)("user") = "" Response.Cookies(GBL_strCookieURL)("pass") = "" Response.Cookies(GBL_strCookieURL).Expires = Date - 1 Set GBL_objPubDB = Nothing Response.Redirect GBL_strHomeUrl & "user/user_login_form.asp?action=FormUserLogin" Exit Function End If Else Exit Function End If End If '== check the comm user If IsEmpty(Session(GBL_strCookieURL & "SEN_strUserRealName")) Or _ IsEmpty(Session(GBL_strCookieURL & "SEN_UserId")) Or _ IsEmpty(Session(GBL_strCookieURL & "SEN_strUserAccount")) Or _ Session(GBL_strCookieURL & "SEN_strUserRealName") = "" Or _ Session(GBL_strCookieURL & "SEN_UserId") = "" Or _ Session(GBL_strCookieURL & "SEN_strUserAccount") = "" Then If CheckPass(strUser,strPwd,1) Then Set GBL_objPubDB = Nothing Response.Redirect GBL_strHomeUrl & "user/user_info_show.asp?action=ShowUserAllInfo" Exit Function Else Set GBL_objPubDB = Nothing Response.Redirect GBL_strHomeUrl & "user/user_login_form.asp?action=FormUserLogin" Exit Function End If End If '== check the administrator If intAuThen = 1 Then If intAuthenNow <> intAuThen Then Call ResultExecute(18,"管理员权限","ES_ERR") Exit Function End If End If End Function '=================================================================== '= Function : ParseAction '= Time : Created At 2006-5-3 '= Input : None '= Description : 解析权限字符串 '=================================================================== Function ParseAction(strNowAction,ByRef strActionName,ByRef intActionType,ByRef strActionFile) Dim objReg,Matches,strTmp,arrTmp,Item Dim strActionStr '== 目前的权限校验字符串 '== 检验是否登陆 If GBL_intUserId <> "" And GBL_strUserRole <> "" Then strActionStr = GBL_strUserRole & "|||" Else strActionStr = GBL_strDefaultUserRole & "|||" End If Set objReg = new RegExp ' 建立正则表达式 objReg.IgnoreCase = true ' 忽略大小写 objReg.Global = false ' 设置全局可用 objReg.Pattern = "\|\|\|" & strNowAction & "(.|\n)*?\|\|\|" Set Matches = objReg.Execute(strActionStr) strTmp = "" For Each Item in Matches strTmp = strTmp & Item.Value Next Set objReg = Nothing Set Matches = Nothing Set Item = Nothing If Trim(strTmp) = "" Then ParseAction = False '== 不存在该权限 Exit Function Else strTmp = Replace(strTmp,"|||","") strTmp = Replace(strTmp,strNowAction,"") arrTmp = Split(strTmp,"|") strActionName = arrTmp(1) strActionFile = arrTmp(2) intActionType = arrTmp(3) End If ParseAction = True End Function '=================================================================== '= Function : ParseActionNoAuth '= Time : Created At 2006-5-4 '= Input : None '= Description : 解析非权限校验权限字符串 '=================================================================== Function ParseActionNoAuth(strNowAction,ByRef strActionName,ByRef intActionType,ByRef strActionFile) Dim objReg,Matches,strTmp,arrTmp,Item Dim strActionStr '== 目前的权限校验字符串 strActionStr = GBL_strUserActionNoAuth & "|||" Set objReg = new RegExp ' 建立正则表达式 objReg.IgnoreCase = true ' 忽略大小写 objReg.Global = false ' 设置全局可用 objReg.Pattern = "\|\|\|" & strNowAction & "(.|\n)*?\|\|\|" Set Matches = objReg.Execute(strActionStr) strTmp = "" For Each Item in Matches strTmp = strTmp & Item.Value Next Set objReg = Nothing Set Matches = Nothing Set Item = Nothing If Trim(strTmp) = "" Then ParseActionNoAuth = False '== 不存在该权限 Exit Function Else strTmp = Replace(strTmp,"|||","") strTmp = Replace(strTmp,strNowAction,"") arrTmp = Split(strTmp,"|") strActionName = arrTmp(1) strActionFile = arrTmp(2) intActionType = arrTmp(3) End If ParseActionNoAuth = True End Function '===================================================================== '= Function : GetNowOnline() '= Time : Created At 2006-5-3 '= Input : None '= Description : 统计用户在线情况 '===================================================================== Function GetNowOnline() Exit Function Dim clsTable Dim intOnline '== now online all Dim intOnlineUser '== now online user Dim intOnlineGuest '== now online guest Dim strGetIp,intSessionId If GBL_intHomeViewCount = 1 And CONST_PAGE_FILE <> "/index1.asp" Then GetNowOnline = True Exit Function End If GBL_objPubDB.Clear() GBL_objPubDB.TableName = "CLASS_ONLINE" GBL_objPubDB.SQLType = "DELETE" If CONST_DB_TYPE = 1 Or CONST_DB_TYPE = 2 Then GBL_objPubDB.Where = "ONLINE_ACTIVE_TIME<'" & Cstr(DateAdd("n",-20,Now())) & "' " Else GBL_objPubDB.Where = "ONLINE_ACTIVE_TIME<#" & Cstr(DateAdd("n",-20,Now())) & "# " End If If Not GBL_objPubDB.SQLExecute() Then GetNowOnline = False Exit Function End If GBL_objPubDB.Clear() GBL_objPubDB.TableName = "CLASS_ONLINE" GBL_objPubDB.SQLType = "SELECT" GBL_objPubDB.Where = "ONLINE_SESSION_ID=" & Session.SessionId GBL_objPubDB.AddField "*","" If Not GBL_objPubDB.SQLRSExecute() Then GetNowOnline = False Exit Function End If If GBL_objPubDB.intRSNum = 0 Then GBL_objPubDB.Clear() GBL_objPubDB.TableName = "CLASS_ONLINE" GBL_objPubDB.SQLType = "INSERT" GBL_objPubDB.AddField "ONLINE_USER","guest" GBL_objPubDB.AddField "ONLINE_LOGIN_TIME",Now() GBL_objPubDB.AddField "ONLINE_USER_AUTHEN",3 GBL_objPubDB.AddField "ONLINE_SESSION_ID",Session.SessionId GBL_objPubDB.AddField "ONLINE_ACTIVE_TIME",Now() If Not GBL_objPubDB.SQLExecute() Then GetNowOnline = False Exit Function End If Else intSessionId = GBL_objPubDB.objPubRS("ONLINE_SESSION_ID") GBL_objPubDB.Clear() GBL_objPubDB.TableName = "CLASS_ONLINE" GBL_objPubDB.SQLType = "UPDATE" GBL_objPubDB.Where = "ONLINE_SESSION_ID=" & intSessionId If Session(GBL_strCookieURL & "SEN_strUserRealName") = "" Or IsNull(Session(GBL_strCookieURL & "SEN_strUserRealName")) Then GBL_objPubDB.AddField "ONLINE_USER","guest" GBL_objPubDB.AddField "ONLINE_USER_AUTHEN",3 Else GBL_objPubDB.AddField "ONLINE_USER",Session(GBL_strCookieURL & "SEN_strUserRealName") GBL_objPubDB.AddField "ONLINE_USER_AUTHEN",0 GBL_objPubDB.AddField "ONLINE_USER_ID",GBL_intUserId End If GBL_objPubDB.AddField "ONLINE_ACTIVE_TIME",Now() If Not GBL_objPubDB.SQLExecute() Then GetNowOnline = False Exit Function End If End If GetNowOnline = True End Function '=================================================================== '= Function : ViewCount '= Time : Created At 2006-5-3 '= Input : strPageName : the count page name '= Description : 统计每页访问情况 '=================================================================== Function ViewCount() Dim strUserIp Dim intMonth,intDay,intTotal Dim intLastMonth,intLastDay '== 是否只能首页统计访问量 If GBL_intHomeViewCount = 0 AND CONST_PAGE_FILE <> "/index1.asp" Then ViewCount = True Exit Function End If GBL_objPubDB.Clear() GBL_objPubDB.TableName = "CLASS_COUNT" GBL_objPubDB.SQLType = "SELECT" GBL_objPubDB.Where = "COUNT_PAGE_NAME='" & CONST_PAGE_FILE & "' AND COUNT_POST_NAME='" & CONST_ACTION_FUNC & "'" GBL_objPubDB.AddField "COUNT_ID","" If Not GBL_objPubDB.SQLRSExecute() Then ViewCount = False Exit Function End If If GBL_objPubDB.intRSNum <> 1 Then '== delete all record GBL_objPubDB.Clear() GBL_objPubDB.TableName = "CLASS_COUNT" GBL_objPubDB.SQLType = "DELETE" GBL_objPubDB.Where = "COUNT_PAGE_NAME='" & CONST_PAGE_FILE & "' AND COUNT_POST_NAME='" & CONST_ACTION_FUNC & "'" If Not GBL_objPubDB.SQLExecute() Then ViewCount = False Exit Function End If '== insert a new formatted record GBL_objPubDB.Clear() GBL_objPubDB.TableName = "CLASS_COUNT" GBL_objPubDB.SQLType = "INSERT" GBL_objPubDB.AddField "COUNT_PAGE_NAME",CONST_PAGE_FILE GBL_objPubDB.AddField "COUNT_POST_NAME",CONST_ACTION_FUNC If Not GBL_objPubDB.SQLExecute() Then ViewCount = False Exit Function End If End If GBL_objPubDB.Clear() GBL_objPubDB.TableName = "CLASS_COUNT" GBL_objPubDB.SQLType = "SELECT" GBL_objPubDB.AddField "*","" GBL_objPubDB.Where = "COUNT_PAGE_NAME='" & CONST_PAGE_FILE & "' AND COUNT_POST_NAME='" & CONST_ACTION_FUNC & "'" If Not GBL_objPubDB.SQLRSExecute() Then ViewCount = False Exit Function End If If GBL_objPubDB.intRSNum > 0 Then intLastMonth = GBL_objPubDB.objPubRS("COUNT_LAST_MONTH") intLastDay = GBL_objPubDB.objPubRS("COUNT_LAST_DAY") intMonth = GBL_objPubDB.objPubRS("COUNT_MONTH") intDay = GBL_objPubDB.objPubRS("COUNT_DAY") intTotal = GBL_objPubDB.objPubRS("COUNT_TOTAL_VIEW") '== set show value of view count and begin time GBL_intHomeCount = intTotal GBL_intHomeLastViewCount = intLastDay GBL_intHomeTodayViewCount = intDay GBL_strHomeViewBegin = GBL_objPubDB.objPubRS("COUNT_ADD_TIME") If Cstr(Month(GBL_objPubDB.objPubRS("COUNT_LAST_TIME"))) <> Cstr(Month(Date())) Then intLastMonth = GBL_objPubDB.objPubRS("COUNT_MONTH") intMonth = 1 Else If Cstr(Day(GBL_objPubDB.objPubRS("COUNT_LAST_TIME"))) <> Cstr(Day(Date())) Then intLastDay = GBL_objPubDB.objPubRS("COUNT_DAY") intDay = 1 End If End If GBL_objPubDB.Clear() GBL_objPubDB.TableName = "CLASS_COUNT" GBL_objPubDB.SQLType = "UPDATE" GBL_objPubDB.Where = "COUNT_PAGE_NAME='" & CONST_PAGE_FILE & "' AND COUNT_POST_NAME='" & CONST_ACTION_FUNC & "'" GBL_objPubDB.AddField "COUNT_TOTAL_VIEW",intTotal + 1 GBL_objPubDB.AddField "COUNT_DAY",intDay + 1 GBL_objPubDB.AddField "COUNT_MONTH",intMonth + 1 GBL_objPubDB.AddField "COUNT_LAST_TIME",Now() GBL_objPubDB.AddField "COUNT_LAST_MONTH",intLastMonth GBL_objPubDB.AddField "COUNT_LAST_DAY",intLastDay If Not GBL_objPubDB.SQLExecute() Then ViewCount = False Exit Function End If End If ViewCount = True End Function %>