www.gusucode.com > CC校友录贴吧 CCBar源码程序asp编程 > inc/inc_role.asp
<%
'===================================================================
'= ASP FILENAME : /inc/inc_role.asp
'= CREATED TIME : 2006-4-17 11:10
'= LAST MODIFIED: 2006-4-17 11:10
'= VERSION INFO : CCASP Framework Ver 2.0.1 ALL RIGHTS RESERVED BY www.cclinux.com
'= DESCRIPTION : 权限控制配置文件
'= Change Log:
'===================================================================
%>
<%
'====================================================================================
'== 用户访问权限控制表
'====================================================================================
Dim d : d= "|||"
Dim GBL_strUserAction : GBL_strUserAction = ""
GBL_strUserAction = GBL_strUserAction &_
d & "FormAddBoardCtl|填写新留言|board/board_add_form.asp|0" &_
d & "FormSaveAddBoardCtl|保存新留言|board/board_add_save.asp|1" &_
d & "FormMdyBoardCtl|修改新留言|board/board_mdy_form.asp|0" &_
d & "FormSaveMdyBoardCtl|修改新留言保存|board/board_mdy_save.asp|1" &_
d & "DelBoardCtl|删除留言|board/board_del.asp|1" &_
d & "ShowBoardCtl|浏览留言|board/board_list.asp|0"&_
d & "ShowUserAllInfoCtl|用户个人信息|user/user_info_show.asp|0" &_
d & "FormBaseInfoMdyCtl|用户资料修改|user/user_basemdy_form.asp|0" &_
d & "UserFaceUpCtl|图片上传|user/upfile_userface.asp|0" &_
d & "FormSaveBaseInfoMdyCtl|用户资料修改|user/user_basemdy_save.asp|1" &_
d & "FormPwdMdyCtl|用户密码修改|user/user_pwdmdy_form.asp|0" &_
d & "FormSavePwdMdyCtl|用户密码修改|user/user_pwdmdy_save.asp|1" &_
d & "FormFaceSetCtl|用户首选签名图设置|user/user_face_set_form.asp|0" &_
d & "FormSaveFaceSetCtl|用户首选签名图设置|user/user_face_set_save.asp|1" &_
d & "FormCartoonCtl|用户卡通/qq签名图设置|user/user_cartoon_form.asp|0" &_
d & "FormSaveCartoonCtl|用户卡通签名图设置|user/user_cartoon_save.asp|1" &_
d & "ShowUserMyFriendListCtl|用户好友名单|user/user_my_friend_list.asp|0" &_
d & "ShowUserMyGoodTopicListCtl|用户好贴收藏|user/user_my_good_topic_list.asp|0" &_
d & "ShowUserFavAlbumListCtl|我的相片收藏|user/user_my_fav_album_list.asp|0" &_
d & "DelUserCollection|删除我的收藏|user/user_collection_del.asp|1" &_
d & "ShowUserMyTopicListCtl|用户所发表帖子|user/user_my_topic_list.asp|0" &_
d & "ShowUserMyReplyListCtl|用户所回复帖子|user/user_my_reply_list.asp|0" &_
d & "ShowUserMyBoardListCtl|用户所回复帖子|user/user_my_board_list.asp|0" &_
d & "ShowUserMyAlbumListCtl|用户所发表的相片|user/user_my_album_list.asp|0" &_
d & "ShowUserMyReviewListCtl|用户所评论过的相片|user/user_my_review_list.asp|0" &_
d & "ShowPopCartoonFacelist|用户选择卡通头像|user/user_cartoon_face.asp|0" &_
d & "FormShowUploadCtl|用户签名图上传|user/user_show_upload_form.asp|0" &_
d & "FormSaveShowUpload|用户签名图上传|user/user_show_upload_save.asp|1" &_
d & "ShowCateListCtl|贴吧板块列表|forum/forum_cate.asp|0" &_
d & "ShowForumListCtl|贴吧主题列表|forum/forum_list.asp|0" &_
d & "ShowForumContentCtl|浏览帖子|forum/forum_show.asp|0" &_
d & "FormAddTopicsCtl|发表贴吧新贴|forum/forum_add_topics.asp|0" &_
d & "FormSaveAddTopicsCtl|发表贴吧新贴|forum/forum_add_topics.asp|1" &_
d & "FormAddReplyCtl|回复帖子|forum/forum_add_reply.asp|0" &_
d & "DelTopicsCtl|删除帖子|forum/forum_del.asp|1" &_
d & "MdyTopicsStatusCtl|改变帖子状态|forum/forum_status.asp|1" &_
d & "SetTopicsGoodCtl|帖子设置为精华|forum/forum_good.asp|1" &_
d & "FormTopicsMoveCtl|移动帖子|forum/forum_move.asp|0" &_
d & "FormSaveTopicsMoveCtl|移动帖子|forum/forum_move_save.asp|1" &_
d & "ShowAllAlbumCtl|相册列表显示|album/album_list.asp|0" &_
d & "FormUpPhotoCtl|添加新相片|album/album_add_form.asp|0" &_
d & "FormSaveUpPhotoCtl|添加新相片|album/album_add_save.asp|1" &_
d & "FormPastePhotoCtl|粘贴网络相片|album/album_paste_form.asp|0" &_
d & "FormSavePastePhotoCtl|粘贴网络相片|album/album_paste_save.asp|1" &_
d & "ShowAlbumCtl|浏览相片|album/album_view.asp|0" &_
d & "FormSaveReviewCtl|添加相片评论|album/album_view_save.asp|1" &_
d & "DelReviewAlbumCtl|删除相片评论|album/album_review_del.asp|1" &_
d & "DelAlbumCtl|删除相片|album/album_del.asp|1" &_
d & "FormAddCollectionCtl|添加收藏|dialog/dialog_collection_form.asp|0" &_
d & "ShowAddressCtl|用户资料浏览|address/address_list.asp|0" &_
d & "ShowPopUserInfoCtl|弹出窗口显示用户信息|user/address_userinfo_pop.asp|0" &_
d & "FormSaveAddCollectionCtl|添加收藏|dialog/dialog_collection_save.asp|0" &_
d & "ShowMeetListCtl|聚会列表显示|meet/meet_list.asp|0" &_
d & "ShowMeetDetailCtl|聚会详细信息|meet/meet_detail.asp|0" &_
d & "ShowJoinListPopCtl|聚会报名表|meet/meet_joinlist_pop.asp|0" &_
d & "MeetJoinCtl|聚会报名参与或退出报名|meet/meet_join.asp|1" &_
d & "FormAddMeetCtl|创建新聚会|meet/meet_add_form.asp|0" &_
d & "FormSaveAddMeetCtl|创建新聚会|meet/meet_add_form_save.asp|1" &_
d & "FormMdyMeetCtl|修改聚会|meet/meet_mdy_form.asp|0" &_
d & "FormSaveMdyMeetCtl|修改聚会|meet/meet_mdy_form_save.asp|1" &_
d & "FormSaveMeetBBSCtl|保存聚会留言|meet/meet_bbs_save.asp|1" &_
d & "DelMeetBBSCtl|删除聚会留言|meet/meet_bbs_del.asp|1" &_
d & "ShowSmsMainCtl|用户站内短信|sms/sms_list.asp|0" &_
d & "ShowSmsDetailCtl|站内短信查看|sms/sms_detail.asp|0" &_
d & "FormAddSmsCtl|写站内短信|sms/sms_add_form.asp|0" &_
d & "FormSaveAddSmsCtl|写站内短信|sms/sms_add_save.asp|1" &_
d & "DelSmsCtl|删除站内短信|sms/sms_del|1" &_
d & "ShowPopSmileFacelistCtl|留言心情选择|board/board_smile_face.asp|0" &_
d & "FormUserInfoDownCtl|用户资料导出|address/address_user_down_form.asp|0" &_
d & "ShowClassmateSearchCtl|校友搜索|address/address_search_result.asp|0" &_
d & "FormClassmateSearchCtl|校友搜索|address/address_search_form.asp|0" &_
d & "AddressUserDownCtl|校友列表导出|address/address_user_down.asp|1" &_
d & "ShowArticleCtl|文章浏览|info/info_list.asp|0" &_
d & "ShowArticleDetailCtl|文章内容浏览|info/info_detail.asp|0" &_
d & "BoardDelCtl|删除留言|board/board_del.asp|1"
'== 非校验用户权限
Dim GBL_strUserActionNoAuth : GBL_strUserActionNoAuth = ""
GBL_strUserActionNoAuth = GBL_strUserActionNoAuth &_
d & "HomePageCtl|首页|index1.asp|0" &_
d & "ShowOnlineCtl|在线人数|online_frame.asp|0" &_
d & "ShowSuccCtl|成功提示|result/success.asp|0" &_
d & "ShowErrCtl|错误提示|result/error.asp|0" &_
d & "UserExitCtl|用户退出登陆|user/user_exit.asp|1" &_
d & "ShowUserRegAnnounceCtl|服务条款和说明|user/user_announce.asp|0" &_
d & "FormUserRegisterCtl|用户注册|user/user_reg_form.asp|0" &_
d & "ShowInfoCtl|浏览|info/info.asp|0" &_
d & "FormSaveUserRegisterCtl|用户注册|user/user_reg_save.asp|1" &_
d & "FormUserLoginCtl|用户登陆|user/user_login_form.asp|0" &_
d & "UserLoginCtl|用户登陆|user/user_login.asp|1"
'===================================================================
'= Function : CheckPass(strUserName,strUserPassword,intFlag)
'= Time : Created At Jun,16,2004
'= Input : intFlag : 0 -- error redirect
'= 1 -- no error redirect
'= Output :
'= Description : check username and pwd by login and cookie
'===================================================================
Function CheckPass(strUserName,strUserPassword,intFlag)
Dim strAccount,strRealName,strAuthen,UserId,strIsMaster,strClew1
CheckPass = False
GBL_objPubDB.Clear()
GBL_objPubDB.TableName = "CLASS_USER"
GBL_objPubDB.SQLType = "SELECT"
GBL_objPubDB.Where = "USER_ACCOUNT='" & strUserName & "'"
GBL_objPubDB.AddField "USER_REALNAME,USER_ID,USER_IS_MASTER,USER_AUTHEN,USER_PASSWORD,USER_ACCOUNT",""
If Not GBL_objPubDB.SQLRSExecute() Then
CheckPass = False
Exit Function
End If
'== 校验用户是否存在
If GBL_objPubDB.intRSNum = 0 Then
If intFlag = 0 Then
Call ResultExecute(E_USER_PUB,"您输入的密码有误或用户不存在","ES_ERR")
End If
CheckPass = False
Exit Function
Else
'== 校验用户密码是否正确
If strUserPassword <> GBL_objPubDB.objPubRS("USER_PASSWORD") Then
If intFlag = 0 Then
Call ResultExecute(E_USER_PUB,"您输入的密码有误或用户不存在","ES_ERR")
End If
CheckPass = False
Exit Function
Else
'== 校验是否允许登陆
If GBL_objPubDB.objPubRS("USER_AUTHEN") = 8 Then
If intFlag = 0 Then
Call ResultExecute(E_USER_PUB,"您还尚未通过批准<br>请等待批准或联系管理员","ES_ERR")
End If
CheckPass = False
Exit Function
End If
'== Get login user infomation now
Session.Contents.RemoveAll() '==???
strRealName = GBL_objPubDB.objPubRS("USER_REALNAME")
UserId = GBL_objPubDB.objPubRS("USER_ID")
strAccount = GBL_objPubDB.objPubRS("USER_ACCOUNT")
strAuthen = Cint(GBL_objPubDB.objPubRS("USER_AUTHEN"))
strIsMaster = GBL_objPubDB.objPubRS("USER_IS_MASTER")
'== Check user access
If CTL_USER_ACCESS Then
If Not CheckUserAccess(strUserName,strClew1) Then
Call ResultExecute(E_USER_PUB,strClew1,"ES_ERR")
Exit Function
End If
End If
'== Get login user infomation now
Session(GBL_strCookieURL & "SEN_strUserRealName") = strRealName
Session(GBL_strCookieURL & "SEN_UserId") = UserId
Session(GBL_strCookieURL & "SEN_strUserAccount") = strAccount
Session(GBL_strCookieURL & "SEN_strUserAuthen") = strAuthen
Session(GBL_strCookieURL & "SEN_strIsMaster") = strIsMaster
'== Update login user infomation now
GBL_objPubDB.Clear()
GBL_objPubDB.TableName = "CLASS_USER"
GBL_objPubDB.SQLType = "UPDATE"
GBL_objPubDB.Where = "USER_ACCOUNT='" & strUserName & "'"
GBL_objPubDB.AddField "USER_LAST_TIME",now()
GBL_objPubDB.AddSet "USER_LOGIN_COUNT = USER_LOGIN_COUNT + 1"
'== Get real ip
If Request.ServerVariables("HTTP_X_FORWARDED_FOR") <> "" Then
GBL_objPubDB.AddField "USER_LAST_IP", Request.ServerVariables("HTTP_X_FORWARDED_FOR")
Else
GBL_objPubDB.AddField "USER_LAST_IP", Request.ServerVariables("REMOTE_ADDR")
End If
If Not GBL_objPubDB.SQLRSExecute() Then
CheckPass = False
Exit Function
End If
'== Update level
Call UpdateLevel(GBL_intLoginLevel)
CheckPass = True
End If
End If
End Function
'===================================================================
'= Function : CheckUserAccess()
'= Time : Created At Jun,28,2004
'= Description : check user access to web
'===================================================================
Function CheckUserAccess(strUserAccount,ByRef strClew)
Dim strUserIp,arrUserIp
CheckUserAccess = True
'== check user account
GBL_objPubDB.Clear()
GBL_objPubDB.AllSQL = "SELECT * FROM CLASS_ACCESS WHERE ACCESS_CONTENT= '" & strUserAccount & "' AND ACCESS_ACTION_TYPE=0 "
GBL_objPubDB.SQLRSExecute()
Call ResultExecute(GBL_objPubDB.intErrNum,"check user access","ES_ERR")
If GBL_objPubDB.intRSNum > 0 Then
If GBL_objPubDB.objPubRS("ACCESS_TYPE") = 1 Then
strClew = "您被禁止登陆,"
If GBL_objPubDB.objPubRS("ACCESS_DESC") <> "" Then
strClew = strClew & "原因是:<br>" & GBL_objPubDB.objPubRS("ACCESS_DESC")
End If
CheckUserAccess = False
Exit Function
ElseIf GBL_objPubDB.objPubRS("ACCESS_TYPE") = 0 Then
Session(GBL_strCookieURL & "SEN_strUserAccess") = 0
CheckUserAccess = True
Exit Function
End If
End If
'== check user ip area
'== Get real ip
If Request.ServerVariables("HTTP_X_FORWARDED_FOR") <> "" Then
strUserIp = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
Else
strUserIp = Request.ServerVariables("REMOTE_ADDR")
End If
arrUserIp = Split(strUserIp,".")
If Not IsArray(arrUserIp) Then
Exit Function
End If
'== check ip exta
GBL_objPubDB.Clear()
GBL_objPubDB.AllSQL = "SELECT * FROM CLASS_ACCESS WHERE ACCESS_CONTENT='" & strUserIp & "' AND ACCESS_ACTION_TYPE=1 "
GBL_objPubDB.SQLRSExecute()
Call ResultExecute(GBL_objPubDB.intErrNum,"check user access","ES_ERR")
If GBL_objPubDB.intRSNum > 0 Then
If GBL_objPubDB.objPubRS("ACCESS_TYPE") = 1 Then
strClew = "您被禁止登陆,"
If GBL_objPubDB.objPubRS("ACCESS_DESC") <> "" Then
strClew = strClew & "原因是:<br>" & GBL_objPubDB.objPubRS("ACCESS_DESC")
End If
CheckUserAccess = False
Exit Function
ElseIf GBL_objPubDB.objPubRS("ACCESS_TYPE") = 0 Then
Session(GBL_strCookieURL & "SEN_strUserAccess") =_
Cint(GBL_objPubDB.objPubRS("ACCESS_TYPE"))
Exit Function
End If
End If
'== check ip D
GBL_objPubDB.Clear()
GBL_objPubDB.AllSQL = "SELECT * FROM CLASS_ACCESS WHERE ACCESS_CONTENT LIKE '%" & arrUserIp(0) & "." & arrUserIp(1) & "." & arrUserIp(2) & "%' AND ACCESS_ACTION_TYPE=2 "
GBL_objPubDB.SQLRSExecute()
Call ResultExecute(GBL_objPubDB.intErrNum,"check user access","ES_ERR")
If GBL_objPubDB.intRSNum > 0 Then
If GBL_objPubDB.objPubRS("ACCESS_TYPE") = 1 Then
strClew = "您被禁止登陆,"
If GBL_objPubDB.objPubRS("ACCESS_DESC") <> "" Then
strClew = strClew & "原因是:<br>" & GBL_objPubDB.objPubRS("ACCESS_DESC")
End If
CheckUserAccess = False
Exit Function
ElseIf GBL_objPubDB.objPubRS("ACCESS_TYPE") = 0 Then
Session(GBL_strCookieURL & "SEN_strUserAccess") =_
Cint(GBL_objPubDB.objPubRS("ACCESS_TYPE"))
Exit Function
End If
End If
End Function
'===================================================================
'= Function : UpdateLevel(intLevelNum)
'= Time : Created At Nov,10,2003
'= Input : intLevelNum : to add this level
'= Description : Get user now level
'===================================================================
Function UpdateLevel(intLevelNum)
GBL_objPubDB.Clear()
GBL_objPubDB.TableName = "CLASS_USER"
GBL_objPubDB.SQLType = "UPDATE"
GBL_objPubDB.Where = "USER_ID=" & Session(GBL_strCookieURL & "SEN_UserId") & " AND USER_ACCOUNT='" & Session(GBL_strCookieURL & "SEN_strUserAccount") & "'"
GBL_objPubDB.AddSet "USER_LEVEL=USER_LEVEL+" & intLevelNum
GBL_objPubDB.SQLExecute()
Call ResultExecute(GBL_objPubDB.intErrNum,"Level:" & intLevelNum,"ES_ERR")
End Function
'===================================================================
'= Function : AdminCheck()
'= Time : Created At DEC,20,2003
'= Input : None
'= Description : 是否有管理员权限
'===================================================================
Function AdminCheck()
If Session(GBL_strCookieURL & "SEN_strUserAuThen") <> 1 Or IsEmpty(Session(GBL_strCookieURL & "SEN_strUserAuThen")) Then
AdminCheck = FALSE
Exit Function
End If
AdminCheck = TRUE
End Function
%>