📄 flagset.asp
字号:
<%@ LANGUAGE="VBSCRIPT" %>
<%
'总管理人员的设置各录入员权限页面
'如果flagset.asp后无view参数,则为新增用户以后设置该新增用户的权限
'有参数,则修改对应用户的权限,但原先属于该用户的对应公司的权限将被删除
%>
<%
response.buffer=true
Response.Expires = 0
Response.CacheControl = "Private"
response.cachecontrol="no-cache"
response.addheader "pragma","no-cache"
hurry = split(session("username"),";")
UserCompanyid = hurry(0)
UserFlag = hurry(1)
User = hurry(2)
if UserFlag > 3 then
Response.End
end if
%>
<%const title="权限设置界面"%>
<!-- #include file=../data/username.inc-->
<!-- #include file=../data/connect.asp-->
<!--#include file=../data/myPrg.asp-->
<html>
<head>
<script language="JavaScript">
<!--
function GetUrl(selobject){
var myTime = new Date();
var timeNow = myTime.getTime();
<%
viewflag = trim(request("view"))
if request("flagview") = "" then
if viewflag <> "" then
%>
self.location="flagset.asp?username=<%=request("username")%>&view=yes&companyid="+selobject.options[selobject.selectedIndex].value +"&now="+timeNow;
<%
else
%>
self.location="flagset.asp?username=<%=request("username")%>&companyid="+selobject.options[selobject.selectedIndex].value +"&now="+timeNow;
<%
end if
else
if viewflag <> "" then
%>
self.location="flagset.asp?username=<%=request("username")%>&view=yes&flagview=yes&companyid="+selobject.options[selobject.selectedIndex].value +"&now="+timeNow;
<%
else
%>
self.location="flagset.asp?username=<%=request("username")%>&flagview=yes&companyid="+selobject.options[selobject.selectedIndex].value +"&now="+timeNow;
<%
end if
end if
%>
}
var checkflag = "true";
function check(field) {
if (checkflag == "false") {
for (i = 0; i < field.length; i++) {
field[i].checked = true;}
checkflag = "true";
return "Uncheck All"; }
else {
for (i = 0; i < field.length; i++) {
field[i].checked = false; }
checkflag = "false";
return "Check All"; }
}
//-->
</script>
<meta http-equiv="Content-Type"content="text/html; charset=gb_2312-80">
<title><%=title%></title>
<link rel="stylesheet" type="text/css" href="../data/forum.css">
</head>
<%
if Request.ServerVariables("REQUEST_METHOD")="POST" then
dc_no = request("dc_no")
type_no = request("type_no")
service = request("service")
if service <> "" then
service = 1
else
service = 0
end if
stock = request("stock")
if stock <> "" then
stock = 1
else
stock = 0
end if
cull = request("cull")
if cull <> "" then
cull = 1
else
cull = 0
end if
attemper = request("attemper")
if attemper <> "" then
attemper = 1
else
attemper = 0
end if
sign = request("sign")
if sign <> "" then
sign = 1
else
sign = 0
end if
code = request("code")
if code <> "" then
code = 1
else
code = 0
end if
edit = request("edit")
if edit <> "" then
edit = 1
else
edit = 0
end if
companyid = request("company")
ttt = request("username")
ttt = replace(ttt,"'","’")
sql = "select id from users where username = '"&ttt&"'"
set rst = conn.execute(sql)
if not rst.eof then
flag_user_id = rst("id")
else
rst.close
set rst = nothing
call closedatabase
Response.Write "无此用户名!"
Response.End
end if
rst.close
set rst = nothing
if split(session("username"),";")(1) < 4 then
sql = "delete from flag where flag_user_id = "&flag_user_id&" and flag_disabled = 0 and flag_companyid = "&companyid&""
conn.execute(sql)
'设置是否为客户
flagview = trim(request("flagview"))
if dc_no > 0 and type_no > 0 then
for i = 1 to dc_no
dc_id = request(""&i&"")
if dc_id <> "" then
for j=1 to type_no
prod_id = request("type"&j&"")
if prod_id <> "" then
if flagview = "" then
sql = "insert into flag(flag_user_id,flag_dc_id,flag_view,flag_service,flag_disabled,flag_companyid,flag_prod,flag_stock,flag_cull,flag_attemper,flag_sign,flag_code,flag_edit) values("&flag_user_id&","&dc_id&",1,"&service&",0,"&companyid&","&prod_id&","&stock&","&cull&","&attemper&","&sign&","&code&","&edit&")"
else
sql = "insert into flag(flag_user_id,flag_dc_id,flag_view,flag_service,flag_disabled,flag_companyid,flag_prod,flag_stock,flag_cull,flag_attemper,flag_sign,flag_code,flag_edit) values("&flag_user_id&","&dc_id&",1,0,0,"&companyid&","&prod_id&",0,0,0,0,0,0)"
end if
conn.execute(sql)
end if
next
end if
next
if flagview = "" then
'Response.Write "jdaojdoafjoajfoaj"
'Response.End
call closedatabase
Response.Redirect "flagset.asp?comanyid="&companyid&"&username="&request("username")&"&view=yes"
Response.End
else
call closedatabase
Response.Redirect "flagset.asp?comanyid="&companyid&"&username="&request("username")&"&view=yes&flagview=yes"
Response.End
end if
else
call closedatabase
Response.Write "<script language=javascript>"
Response.Write "alert(""您没有设置权限!"");"
Response.Write "</script>"
Response.End
end if
else
call closedatabase
Response.Write "非法操作,所以您不能进行添加用户<br>"
Response.Write "请与管理员确认!"
Response.Write "<a href=javascript:history.go(-1)>后退</a>"
Response.End
end if
end if
%>
<body topmargin="0" bgcolor="#FFF7E7">
<%
dim view
view = trim(Request("view"))
%>
<form method="POST" action="flagset.asp" name="hamier2">
<table>
<table width="100%" bordercolor="#000000" border="1" bgcolor="#D8C8A8" cellspacing="0">
<tr bgcolor="#C9D7E7" bordercolor="#C9D7E7">
<td class="big" valign="bottom" height="2" width="54%">
<div align="right">请选择修改 <%if view <> "" then Response.Write "<font color=red>"&request("username")&"</font>"%> 权限的公司: </div>
</td>
<td>
<% companyid = request("companyid")
flag = split(session("username"),";")(1)
if companyid = "" then companyid = 0
if flag = 3 then companyid = split(session("username"),";")(0)
response.write " <select class='smallinput' onchange=""GetUrl(this)"" name='company' size='1' >"
if flag < 3 then
sql="select * from company where company_disabled = 0 order by company_id "
elseif flag = 3 then
sql="select * from company where company_disabled = 0 and company_id = "&split(session("username"),";")(0)&" order by company_id "
else
call closedatabase
Response.End
end if
set rs_guest = server.CreateObject("adodb.recordset")
rs_guest.open sql,conn,1,1
if not rs_guest.eof then
rs_guest.movefirst
dim i
i =0
do while not rs_guest.eof
if cint(rs_guest("company_id")) = cint(companyid) then
response.write "<option selected value='"&rs_guest("company_id")&"' >"&rs_guest("company_name")&"</option>"+chr(13)+chr(10)
else
response.write "<option value='"&rs_guest("company_id")&"'>"&rs_guest("company_name")&"</option>"+chr(13)+chr(10)
end if
if i = 0 and companyid = 0 then companyid = rs_guest("company_id")
i = i +1
rs_guest.movenext
loop
else
response.write "<option value='0'>没有公司</option>"+chr(13)+chr(10)
end if
rs_guest.close
set rs_guest = nothing
response.write " </select>"
Response.Write "</td>"
Response.Write "<td>"
'得到要设置的用户名
dim username
username = request("username")
username = replace(username,"'","’")
'发送一条当前用户的指令
sql = "select * from flag where flag_companyid = "&companyid&" and flag_user_id=(select id from users where username = '"&username&"')"
SET rs1=server.CreateObject("adodb.recordset")
rs1.Open sql,conn,3,3
'设置变量have_nothing,判断权限表中的用户是否有相对应的数组
' 有则为1,无则为0
'为下边确定是否越界
dim have_nothing
have_nothing = 1
if not rs1.eof then
dim t
t = 0
'取出FLAG表中相对应的记录数,创建动态数组存储相关元素
userno = rs1.recordcount - 1
redim FlagUser(userno,8)
while not rs1.eof
FlagUser(t,0) = rs1("flag_dc_id")
FlagUser(t,1) = rs1("flag_prod")
FlagUser(t,2) = rs1("flag_service")
FlagUser(t,3) = rs1("flag_stock")
FlagUser(t,4) = rs1("flag_cull")
FlagUser(t,5) = rs1("flag_attemper")
FlagUser(t,6) = rs1("flag_sign")
FlagUser(t,7) = rs1("flag_code")
FlagUser(t,8) = rs1("flag_edit")
t = t + 1
rs1.movenext
wend
else
have_nothing = 0
end if
rs1.Close
set rs1 = nothing
%>
</td>
<input type="hidden" name="username" value="<%=username%>">
<input type="hidden" name="flagview" value="<%=request("flagview")%>">
<td valign="middle" height="2" width="37%"> </td>
</tr>
</table>
</td>
</tr>
<tr>
<td height="349" colspan="3">
<table width="100%" cellspacing="1" bgcolor="#666666" class="small">
<%
sql = "select dc_id,dc_code,dc_name from dc where dc_disabled = 0 and dc_companyid ="&companyid&""
set rs_dc = server.CreateObject("adodb.recordset")
rs_dc.Open sql,conn,3,3
if not rs_dc.eof then
rs_dc.movefirst
i = 0
dim dc_i
dc_i = 1
dc_record_no = rs_dc.recordcount
%>
<input type="hidden" name="dc_no" value="<%=dc_record_no%>">
<%
do while not rs_dc.eof
%>
<tr>
<td width="13%" height="19" valign="middle" bgcolor="#D8C8A8">
<div align="left"><b><font color="#330099">
<%if i =0 then
Response.write "D C 分类"
else
Response.Write " "
end if
%></font></b></div>
</td>
<%
for t=0 to 7 step 1
dim dc_id
dc_id = rs_dc("dc_id")
dc_name = rs_dc("dc_name")
%>
<td width="11%" height="19" valign="middle" bgcolor="#F4F4E8">
<div align="left">
<%
if view <> "" then
dim flagtrue
flagtrue = 8
if have_nothing <> 0 then
for ver = 0 to userno
if dc_id = FlagUser(ver,0) then
%>
<input type="checkbox" id="check_box" name="<%=dc_i%>" value="<%=dc_id%>" checked>
<%=dc_name%></div></td>
<%
flagtrue = 1
dc_i = dc_i + 1
exit for
end if
next
end if
if flagtrue <> 1 then
Response.Write "<input type=""checkbox"" id=""check_box"" name="&dc_i&" value="&dc_id&">"&dc_name&"</div></td>"
flagtrue = 8
dc_i = dc_i + 1
end if
else
%>
<input type="checkbox" id="check_box" name="<%=dc_i%>" value="<%=dc_id%>" checked>
<%=dc_name%></div>
</td>
<%
dc_i = dc_i + 1
end if
i = i + 1
rs_dc.movenext
if rs_dc.eof and t < 7 then
for u=t+1 to 7 step 1
%>
<td width="4%" height="19" valign="middle" bgcolor="#F4F4E8">
<div align="left">
</div>
</td>
<%
next
exit for
'else
'dc_id = rs_dc("dc_id")
'dc_name = rs_dc("dc_name")
end if
next
loop
end if
rs_dc.close
set rs_dc = nothing
sql = "select id,type_name from prod_type where type_companyid ="&companyid&""
set rs_type = server.CreateObject("adodb.recordset")
rs_type.Open sql,conn,3,3
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -