www.gusucode.com > CC校友录贴吧 CCBar源码程序asp编程 > inc/inc_role.asp
<% '=================================================================== '= ASP FILENAME : /inc/inc_role.asp '= CREATED TIME : 2006-4-17 11:10 '= LAST MODIFIED: 2006-4-17 11:10 '= VERSION INFO : CCASP Framework Ver 2.0.1 ALL RIGHTS RESERVED BY www.cclinux.com '= DESCRIPTION : 权限控制配置文件 '= Change Log: '=================================================================== %> <% '==================================================================================== '== 用户访问权限控制表 '==================================================================================== Dim d : d= "|||" Dim GBL_strUserAction : GBL_strUserAction = "" GBL_strUserAction = GBL_strUserAction &_ d & "FormAddBoardCtl|填写新留言|board/board_add_form.asp|0" &_ d & "FormSaveAddBoardCtl|保存新留言|board/board_add_save.asp|1" &_ d & "FormMdyBoardCtl|修改新留言|board/board_mdy_form.asp|0" &_ d & "FormSaveMdyBoardCtl|修改新留言保存|board/board_mdy_save.asp|1" &_ d & "DelBoardCtl|删除留言|board/board_del.asp|1" &_ d & "ShowBoardCtl|浏览留言|board/board_list.asp|0"&_ d & "ShowUserAllInfoCtl|用户个人信息|user/user_info_show.asp|0" &_ d & "FormBaseInfoMdyCtl|用户资料修改|user/user_basemdy_form.asp|0" &_ d & "UserFaceUpCtl|图片上传|user/upfile_userface.asp|0" &_ d & "FormSaveBaseInfoMdyCtl|用户资料修改|user/user_basemdy_save.asp|1" &_ d & "FormPwdMdyCtl|用户密码修改|user/user_pwdmdy_form.asp|0" &_ d & "FormSavePwdMdyCtl|用户密码修改|user/user_pwdmdy_save.asp|1" &_ d & "FormFaceSetCtl|用户首选签名图设置|user/user_face_set_form.asp|0" &_ d & "FormSaveFaceSetCtl|用户首选签名图设置|user/user_face_set_save.asp|1" &_ d & "FormCartoonCtl|用户卡通/qq签名图设置|user/user_cartoon_form.asp|0" &_ d & "FormSaveCartoonCtl|用户卡通签名图设置|user/user_cartoon_save.asp|1" &_ d & "ShowUserMyFriendListCtl|用户好友名单|user/user_my_friend_list.asp|0" &_ d & "ShowUserMyGoodTopicListCtl|用户好贴收藏|user/user_my_good_topic_list.asp|0" &_ d & "ShowUserFavAlbumListCtl|我的相片收藏|user/user_my_fav_album_list.asp|0" &_ d & "DelUserCollection|删除我的收藏|user/user_collection_del.asp|1" &_ d & "ShowUserMyTopicListCtl|用户所发表帖子|user/user_my_topic_list.asp|0" &_ d & "ShowUserMyReplyListCtl|用户所回复帖子|user/user_my_reply_list.asp|0" &_ d & "ShowUserMyBoardListCtl|用户所回复帖子|user/user_my_board_list.asp|0" &_ d & "ShowUserMyAlbumListCtl|用户所发表的相片|user/user_my_album_list.asp|0" &_ d & "ShowUserMyReviewListCtl|用户所评论过的相片|user/user_my_review_list.asp|0" &_ d & "ShowPopCartoonFacelist|用户选择卡通头像|user/user_cartoon_face.asp|0" &_ d & "FormShowUploadCtl|用户签名图上传|user/user_show_upload_form.asp|0" &_ d & "FormSaveShowUpload|用户签名图上传|user/user_show_upload_save.asp|1" &_ d & "ShowCateListCtl|贴吧板块列表|forum/forum_cate.asp|0" &_ d & "ShowForumListCtl|贴吧主题列表|forum/forum_list.asp|0" &_ d & "ShowForumContentCtl|浏览帖子|forum/forum_show.asp|0" &_ d & "FormAddTopicsCtl|发表贴吧新贴|forum/forum_add_topics.asp|0" &_ d & "FormSaveAddTopicsCtl|发表贴吧新贴|forum/forum_add_topics.asp|1" &_ d & "FormAddReplyCtl|回复帖子|forum/forum_add_reply.asp|0" &_ d & "DelTopicsCtl|删除帖子|forum/forum_del.asp|1" &_ d & "MdyTopicsStatusCtl|改变帖子状态|forum/forum_status.asp|1" &_ d & "SetTopicsGoodCtl|帖子设置为精华|forum/forum_good.asp|1" &_ d & "FormTopicsMoveCtl|移动帖子|forum/forum_move.asp|0" &_ d & "FormSaveTopicsMoveCtl|移动帖子|forum/forum_move_save.asp|1" &_ d & "ShowAllAlbumCtl|相册列表显示|album/album_list.asp|0" &_ d & "FormUpPhotoCtl|添加新相片|album/album_add_form.asp|0" &_ d & "FormSaveUpPhotoCtl|添加新相片|album/album_add_save.asp|1" &_ d & "FormPastePhotoCtl|粘贴网络相片|album/album_paste_form.asp|0" &_ d & "FormSavePastePhotoCtl|粘贴网络相片|album/album_paste_save.asp|1" &_ d & "ShowAlbumCtl|浏览相片|album/album_view.asp|0" &_ d & "FormSaveReviewCtl|添加相片评论|album/album_view_save.asp|1" &_ d & "DelReviewAlbumCtl|删除相片评论|album/album_review_del.asp|1" &_ d & "DelAlbumCtl|删除相片|album/album_del.asp|1" &_ d & "FormAddCollectionCtl|添加收藏|dialog/dialog_collection_form.asp|0" &_ d & "ShowAddressCtl|用户资料浏览|address/address_list.asp|0" &_ d & "ShowPopUserInfoCtl|弹出窗口显示用户信息|user/address_userinfo_pop.asp|0" &_ d & "FormSaveAddCollectionCtl|添加收藏|dialog/dialog_collection_save.asp|0" &_ d & "ShowMeetListCtl|聚会列表显示|meet/meet_list.asp|0" &_ d & "ShowMeetDetailCtl|聚会详细信息|meet/meet_detail.asp|0" &_ d & "ShowJoinListPopCtl|聚会报名表|meet/meet_joinlist_pop.asp|0" &_ d & "MeetJoinCtl|聚会报名参与或退出报名|meet/meet_join.asp|1" &_ d & "FormAddMeetCtl|创建新聚会|meet/meet_add_form.asp|0" &_ d & "FormSaveAddMeetCtl|创建新聚会|meet/meet_add_form_save.asp|1" &_ d & "FormMdyMeetCtl|修改聚会|meet/meet_mdy_form.asp|0" &_ d & "FormSaveMdyMeetCtl|修改聚会|meet/meet_mdy_form_save.asp|1" &_ d & "FormSaveMeetBBSCtl|保存聚会留言|meet/meet_bbs_save.asp|1" &_ d & "DelMeetBBSCtl|删除聚会留言|meet/meet_bbs_del.asp|1" &_ d & "ShowSmsMainCtl|用户站内短信|sms/sms_list.asp|0" &_ d & "ShowSmsDetailCtl|站内短信查看|sms/sms_detail.asp|0" &_ d & "FormAddSmsCtl|写站内短信|sms/sms_add_form.asp|0" &_ d & "FormSaveAddSmsCtl|写站内短信|sms/sms_add_save.asp|1" &_ d & "DelSmsCtl|删除站内短信|sms/sms_del|1" &_ d & "ShowPopSmileFacelistCtl|留言心情选择|board/board_smile_face.asp|0" &_ d & "FormUserInfoDownCtl|用户资料导出|address/address_user_down_form.asp|0" &_ d & "ShowClassmateSearchCtl|校友搜索|address/address_search_result.asp|0" &_ d & "FormClassmateSearchCtl|校友搜索|address/address_search_form.asp|0" &_ d & "AddressUserDownCtl|校友列表导出|address/address_user_down.asp|1" &_ d & "ShowArticleCtl|文章浏览|info/info_list.asp|0" &_ d & "ShowArticleDetailCtl|文章内容浏览|info/info_detail.asp|0" &_ d & "BoardDelCtl|删除留言|board/board_del.asp|1" '== 非校验用户权限 Dim GBL_strUserActionNoAuth : GBL_strUserActionNoAuth = "" GBL_strUserActionNoAuth = GBL_strUserActionNoAuth &_ d & "HomePageCtl|首页|index1.asp|0" &_ d & "ShowOnlineCtl|在线人数|online_frame.asp|0" &_ d & "ShowSuccCtl|成功提示|result/success.asp|0" &_ d & "ShowErrCtl|错误提示|result/error.asp|0" &_ d & "UserExitCtl|用户退出登陆|user/user_exit.asp|1" &_ d & "ShowUserRegAnnounceCtl|服务条款和说明|user/user_announce.asp|0" &_ d & "FormUserRegisterCtl|用户注册|user/user_reg_form.asp|0" &_ d & "ShowInfoCtl|浏览|info/info.asp|0" &_ d & "FormSaveUserRegisterCtl|用户注册|user/user_reg_save.asp|1" &_ d & "FormUserLoginCtl|用户登陆|user/user_login_form.asp|0" &_ d & "UserLoginCtl|用户登陆|user/user_login.asp|1" '=================================================================== '= Function : CheckPass(strUserName,strUserPassword,intFlag) '= Time : Created At Jun,16,2004 '= Input : intFlag : 0 -- error redirect '= 1 -- no error redirect '= Output : '= Description : check username and pwd by login and cookie '=================================================================== Function CheckPass(strUserName,strUserPassword,intFlag) Dim strAccount,strRealName,strAuthen,UserId,strIsMaster,strClew1 CheckPass = False GBL_objPubDB.Clear() GBL_objPubDB.TableName = "CLASS_USER" GBL_objPubDB.SQLType = "SELECT" GBL_objPubDB.Where = "USER_ACCOUNT='" & strUserName & "'" GBL_objPubDB.AddField "USER_REALNAME,USER_ID,USER_IS_MASTER,USER_AUTHEN,USER_PASSWORD,USER_ACCOUNT","" If Not GBL_objPubDB.SQLRSExecute() Then CheckPass = False Exit Function End If '== 校验用户是否存在 If GBL_objPubDB.intRSNum = 0 Then If intFlag = 0 Then Call ResultExecute(E_USER_PUB,"您输入的密码有误或用户不存在","ES_ERR") End If CheckPass = False Exit Function Else '== 校验用户密码是否正确 If strUserPassword <> GBL_objPubDB.objPubRS("USER_PASSWORD") Then If intFlag = 0 Then Call ResultExecute(E_USER_PUB,"您输入的密码有误或用户不存在","ES_ERR") End If CheckPass = False Exit Function Else '== 校验是否允许登陆 If GBL_objPubDB.objPubRS("USER_AUTHEN") = 8 Then If intFlag = 0 Then Call ResultExecute(E_USER_PUB,"您还尚未通过批准<br>请等待批准或联系管理员","ES_ERR") End If CheckPass = False Exit Function End If '== Get login user infomation now Session.Contents.RemoveAll() '==??? strRealName = GBL_objPubDB.objPubRS("USER_REALNAME") UserId = GBL_objPubDB.objPubRS("USER_ID") strAccount = GBL_objPubDB.objPubRS("USER_ACCOUNT") strAuthen = Cint(GBL_objPubDB.objPubRS("USER_AUTHEN")) strIsMaster = GBL_objPubDB.objPubRS("USER_IS_MASTER") '== Check user access If CTL_USER_ACCESS Then If Not CheckUserAccess(strUserName,strClew1) Then Call ResultExecute(E_USER_PUB,strClew1,"ES_ERR") Exit Function End If End If '== Get login user infomation now Session(GBL_strCookieURL & "SEN_strUserRealName") = strRealName Session(GBL_strCookieURL & "SEN_UserId") = UserId Session(GBL_strCookieURL & "SEN_strUserAccount") = strAccount Session(GBL_strCookieURL & "SEN_strUserAuthen") = strAuthen Session(GBL_strCookieURL & "SEN_strIsMaster") = strIsMaster '== Update login user infomation now GBL_objPubDB.Clear() GBL_objPubDB.TableName = "CLASS_USER" GBL_objPubDB.SQLType = "UPDATE" GBL_objPubDB.Where = "USER_ACCOUNT='" & strUserName & "'" GBL_objPubDB.AddField "USER_LAST_TIME",now() GBL_objPubDB.AddSet "USER_LOGIN_COUNT = USER_LOGIN_COUNT + 1" '== Get real ip If Request.ServerVariables("HTTP_X_FORWARDED_FOR") <> "" Then GBL_objPubDB.AddField "USER_LAST_IP", Request.ServerVariables("HTTP_X_FORWARDED_FOR") Else GBL_objPubDB.AddField "USER_LAST_IP", Request.ServerVariables("REMOTE_ADDR") End If If Not GBL_objPubDB.SQLRSExecute() Then CheckPass = False Exit Function End If '== Update level Call UpdateLevel(GBL_intLoginLevel) CheckPass = True End If End If End Function '=================================================================== '= Function : CheckUserAccess() '= Time : Created At Jun,28,2004 '= Description : check user access to web '=================================================================== Function CheckUserAccess(strUserAccount,ByRef strClew) Dim strUserIp,arrUserIp CheckUserAccess = True '== check user account GBL_objPubDB.Clear() GBL_objPubDB.AllSQL = "SELECT * FROM CLASS_ACCESS WHERE ACCESS_CONTENT= '" & strUserAccount & "' AND ACCESS_ACTION_TYPE=0 " GBL_objPubDB.SQLRSExecute() Call ResultExecute(GBL_objPubDB.intErrNum,"check user access","ES_ERR") If GBL_objPubDB.intRSNum > 0 Then If GBL_objPubDB.objPubRS("ACCESS_TYPE") = 1 Then strClew = "您被禁止登陆," If GBL_objPubDB.objPubRS("ACCESS_DESC") <> "" Then strClew = strClew & "原因是:<br>" & GBL_objPubDB.objPubRS("ACCESS_DESC") End If CheckUserAccess = False Exit Function ElseIf GBL_objPubDB.objPubRS("ACCESS_TYPE") = 0 Then Session(GBL_strCookieURL & "SEN_strUserAccess") = 0 CheckUserAccess = True Exit Function End If End If '== check user ip area '== Get real ip If Request.ServerVariables("HTTP_X_FORWARDED_FOR") <> "" Then strUserIp = Request.ServerVariables("HTTP_X_FORWARDED_FOR") Else strUserIp = Request.ServerVariables("REMOTE_ADDR") End If arrUserIp = Split(strUserIp,".") If Not IsArray(arrUserIp) Then Exit Function End If '== check ip exta GBL_objPubDB.Clear() GBL_objPubDB.AllSQL = "SELECT * FROM CLASS_ACCESS WHERE ACCESS_CONTENT='" & strUserIp & "' AND ACCESS_ACTION_TYPE=1 " GBL_objPubDB.SQLRSExecute() Call ResultExecute(GBL_objPubDB.intErrNum,"check user access","ES_ERR") If GBL_objPubDB.intRSNum > 0 Then If GBL_objPubDB.objPubRS("ACCESS_TYPE") = 1 Then strClew = "您被禁止登陆," If GBL_objPubDB.objPubRS("ACCESS_DESC") <> "" Then strClew = strClew & "原因是:<br>" & GBL_objPubDB.objPubRS("ACCESS_DESC") End If CheckUserAccess = False Exit Function ElseIf GBL_objPubDB.objPubRS("ACCESS_TYPE") = 0 Then Session(GBL_strCookieURL & "SEN_strUserAccess") =_ Cint(GBL_objPubDB.objPubRS("ACCESS_TYPE")) Exit Function End If End If '== check ip D GBL_objPubDB.Clear() GBL_objPubDB.AllSQL = "SELECT * FROM CLASS_ACCESS WHERE ACCESS_CONTENT LIKE '%" & arrUserIp(0) & "." & arrUserIp(1) & "." & arrUserIp(2) & "%' AND ACCESS_ACTION_TYPE=2 " GBL_objPubDB.SQLRSExecute() Call ResultExecute(GBL_objPubDB.intErrNum,"check user access","ES_ERR") If GBL_objPubDB.intRSNum > 0 Then If GBL_objPubDB.objPubRS("ACCESS_TYPE") = 1 Then strClew = "您被禁止登陆," If GBL_objPubDB.objPubRS("ACCESS_DESC") <> "" Then strClew = strClew & "原因是:<br>" & GBL_objPubDB.objPubRS("ACCESS_DESC") End If CheckUserAccess = False Exit Function ElseIf GBL_objPubDB.objPubRS("ACCESS_TYPE") = 0 Then Session(GBL_strCookieURL & "SEN_strUserAccess") =_ Cint(GBL_objPubDB.objPubRS("ACCESS_TYPE")) Exit Function End If End If End Function '=================================================================== '= Function : UpdateLevel(intLevelNum) '= Time : Created At Nov,10,2003 '= Input : intLevelNum : to add this level '= Description : Get user now level '=================================================================== Function UpdateLevel(intLevelNum) GBL_objPubDB.Clear() GBL_objPubDB.TableName = "CLASS_USER" GBL_objPubDB.SQLType = "UPDATE" GBL_objPubDB.Where = "USER_ID=" & Session(GBL_strCookieURL & "SEN_UserId") & " AND USER_ACCOUNT='" & Session(GBL_strCookieURL & "SEN_strUserAccount") & "'" GBL_objPubDB.AddSet "USER_LEVEL=USER_LEVEL+" & intLevelNum GBL_objPubDB.SQLExecute() Call ResultExecute(GBL_objPubDB.intErrNum,"Level:" & intLevelNum,"ES_ERR") End Function '=================================================================== '= Function : AdminCheck() '= Time : Created At DEC,20,2003 '= Input : None '= Description : 是否有管理员权限 '=================================================================== Function AdminCheck() If Session(GBL_strCookieURL & "SEN_strUserAuThen") <> 1 Or IsEmpty(Session(GBL_strCookieURL & "SEN_strUserAuThen")) Then AdminCheck = FALSE Exit Function End If AdminCheck = TRUE End Function %>