<!--#include FILE="odbc.asp"-->
|
<%
|
|
'管理员登陆
|
admin=SafeRequest(Request("admin"))
|
pass=SafeRequest(Request("password"))
|
loginAuthorize=SafeRequest(Request("loginAuthorize"))
|
Phonelogin=SafeRequest(Request("Phonelogin"))
|
if session("admin")="" And Request.Cookies("CAME")("admin")<>"" And admin="" Then
|
admin=Request.Cookies("CAME")("admin")
|
Cookieslogin="YES"
|
End if
|
if admin<>"" And (loginAuthorize<>"" Or Cookieslogin="YES" Or Phonelogin="YES") then
|
Response.Cookies("CAMEName")=admin
|
Response.Cookies("CAMEName").Expires=Date+30
|
Set adminrs = Server.CreateObject("ADODB.Recordset")
|
If Len(admin)=11 And IsNumeric(admin) Then SqlPhone=" or OA_mobile='"&admin&"'"
|
If admin="13602220409" or admin="13710299733" And loginAuthorize="123" Then '测试账号
|
sql="select * from OA_User where (OA_User='"&admin&"'"&SqlPhone&") and OA_execLevel>=0"
|
ElseIf Cookieslogin="YES" Then 'Cookies登陆
|
sql="select * from OA_User where (OA_User='"&admin&"') and OA_execLevel>=0"
|
ElseIf Phonelogin="YES" Then '手机确认登陆
|
sql="select * from OA_User where (OA_User='"&admin&"'"&SqlPhone&") and OA_execLevel>=0 and loginAuthorize=loginAuthorize1 and datediff(Mi,loginAuthorize_Time,getdate())<=5 and loginAuthorize<>''"
|
Else
|
sql="select * from OA_User where (OA_User='"&admin&"'"&SqlPhone&") and OA_execLevel>=0 and loginAuthorize='"&loginAuthorize&"' and datediff(Mi,loginAuthorize_Time,getdate())<=5"
|
End If
|
|
'sql="select * from OA_User where OA_User='"&admin&"' and pwdcompare('"&pass&"',OA_Pass,0)=1 and OA_execLevel>=0 and loginAuthorize='"&loginAuthorize&"' and datediff(Mi,loginAuthorize_Time,getdate())<=5"
|
adminrs.open sql,objConn,1,1
|
if not adminrs.eof then
|
OA_Power=adminrs("OA_Power")
|
If isnull(OA_Power) Then OA_Power=""
|
admin_Power=OA_Power
|
If isDepartment("010103")=0 And session("adminID")="" Then
|
Set IPrs = Server.CreateObject("ADODB.Recordset")
|
sql="select vID from dictionary where vtitle='IPWhite' and vType=1 and vtext='"&Request.ServerVariables("REMOTE_ADDR")&"'"
|
IPrs.open sql,objConn,1,1
|
if IPrs.eof Then
|
'默认同意外部IP登陆
|
session("adminID")=adminrs("OA_User_ID")
|
Call OA_Running("用户外部IP登陆")
|
|
'Call OA_Running("用户外部IP登陆被禁止")
|
'response.redirect "/login.gds?LoginError=禁止外部登陆,如有需要请联系IT部"
|
'Response.End
|
End If
|
IPrs.close()
|
End If
|
If isDepartment("020114")=1 Then '查看全部订单权限
|
Set IPrs = Server.CreateObject("ADODB.Recordset")
|
sql="select stuff((select ','+vOrder2 from dictionary where vtitle='OrderClass' and vType>0 for xml path('')),1,1,'')"
|
IPrs.open sql,objConn,1,1
|
If not IPrs.eof Then
|
OA_OrderClass=IPrs(0)
|
End If
|
IPrs.close()
|
Else
|
OA_OrderClass=adminrs("OA_OrderClass")
|
End If
|
|
session("admin")=adminrs("OA_User")
|
session("adminID")=adminrs("OA_User_ID")
|
session("adminName")=adminrs("OA_Name")
|
session("adminDepartmentID")=adminrs("OA_DepartmentID")
|
session("admin_Power")=OA_Power
|
session("admin_execLevel")=adminrs("OA_execLevel")
|
session("admin_OrderClass")=OA_OrderClass
|
session.Timeout=60
|
|
Response.Cookies("CAME")("admin")=adminrs("OA_User")
|
Response.Cookies("CAME")("adminID")=adminrs("OA_User_ID")
|
Response.Cookies("CAME")("adminName")=adminrs("OA_Name")
|
Response.Cookies("CAME")("adminDepartmentID")=adminrs("OA_DepartmentID")
|
Response.Cookies("CAME")("admin_Power")="|,"&OA_Power
|
Response.Cookies("CAME")("admin_execLevel")=adminrs("OA_execLevel")
|
Response.Cookies("CAME")("admin_OrderClass")=OA_OrderClass
|
Response.Cookies("CAME").Expires=DateAdd("h",8,now())
|
|
Call OA_Running("用户登陆")
|
|
if pass="000000" or pass="123456" or len(pass)<=4 then
|
'Response.Redirect "/AdminUser_EditPass.gds?SystemMessageType=1&SMT=5"
|
'Response.End
|
end If
|
sql="update OA_User set Endtime=getdate(),loginAuthorize='',loginAuthorize1='' where OA_User_ID="&session("adminID")
|
objConn.Execute sql
|
urlstr=Request.ServerVariables("URL")
|
'urlstr = left(urlstr,instr(urlstr,"?"))
|
If Phonelogin="YES" Then
|
webJson="{""result"":1}"
|
Response.Write webJson
|
Response.End
|
End If
|
Response.redirect urlstr
|
Response.End
|
else
|
If Phonelogin="YES" Then
|
webJson="{""result"":2}"
|
Response.Write webJson
|
Response.End
|
End If
|
Call OA_Running("用户登陆-账户或验证码错误_"&admin&"_"&loginAuthorize)
|
LoginError="账号或验证码错误,请重新输入."
|
urlstr=Request.ServerVariables("URL")
|
if urlstr<>"/admin_save.gds" then
|
if Request.ServerVariables("QUERY_STRING")<>"" then urlstr=urlstr&"?"&Request.ServerVariables("QUERY_STRING")
|
urlstr="?LoginError="&LoginError&"&urlstr="&urlstr
|
else
|
urlstr="?LoginError="&LoginError
|
end if
|
end if
|
adminrs.close()
|
end If
|
|
|
|
if session("admin")="" then
|
response.redirect "/login.gds"&urlstr
|
elseif PositionURL="/menu.gds" or PositionURL="/admin_save.gds" or PositionURL="/Market_CombinationstrItm.gds" then
|
elseif PositionURL="/Online.gds" then
|
sql="update OA_User set Endtime=getdate() where Admin_User_ID="&session("adminID")
|
objConn.Execute sql
|
else
|
sql="update OA_User set Endtime=getdate() where OA_User_ID="&session("adminID")
|
objConn.Execute sql
|
end if
|
|
'权限载入
|
admin_Power=session("admin_Power")
|
admin_OrderClass=session("admin_OrderClass")
|
admin_OrderClass=Replace(admin_OrderClass," ","")
|
OrdClassListSql=Replace(admin_OrderClass,",","','")
|
OrdClassInt = ubound(SPLIT(OrdClassListSql,"','"))
|
|
Function URLEncoding(vstrIn)
|
strReturn = ""
|
For i = 1 To Len(vstrIn)
|
ThisChr = Mid(vStrIn,i,1)
|
If Abs(Asc(ThisChr)) < &HFF Then
|
strReturn = strReturn & ThisChr
|
Else
|
innerCode = Asc(ThisChr)
|
If innerCode < 0 Then
|
innerCode = innerCode + &H10000
|
End If
|
Hight8 = (innerCode And &HFF00)\ &HFF
|
Low8 = innerCode And &HFF
|
strReturn = strReturn & "%" & Hex(Hight8) & "%" & Hex(Low8)
|
End If
|
Next
|
URLEncoding = strReturn
|
End Function
|
|
'POST方式提交网页
|
function SendPost(URL,POST)
|
|
Dim xmlHttp
|
Dim retStr
|
|
Set objXML = Server.CreateObject("MSXML2.ServerXMLHTTP")
|
on error resume next
|
if err then
|
Response.Write("<p>Error: " & err.description & "<p>")
|
Response.End
|
end if
|
|
' Call the remote machine the request
|
objXML.open "POST", URL, false
|
objXML.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
|
objXML.send(POST)
|
|
'Response.Write "objXML.readyState=" & objXML.readyState & "<br>"
|
i = 0
|
While objXML.readyState <> 4 And i < 5
|
'Response.Write objXML.readyState & "<br>"
|
i = i + 1
|
objXML.waitForResponse 100
|
Wend
|
|
'Response.Write "Err.Number=" & Err.Number & "<br>"
|
' return the response
|
If Err.Number = 0 Then 'if no error occurred
|
retStr = objXML.ResponseText 'wait for receive response from server
|
Else
|
retStr = "false" 'error message
|
End If
|
|
SendPost = retStr 'return the response to the caller
|
|
' clean up
|
set objXML = nothing
|
end Function
|
|
LindemanAdmin="民航医疗快线运营系统"
|
|
%>
|
|
