📄 manager_process.asp
字号:
<%
Option Explicit
'----------------------------------------------------------------------------------
'本页:
' 用户处理页面
'说明:
'
'----------------------------------------------------------------------------------
%>
<!--#include file="inc/Config.class.asp"-->
<!--#include file="inc/DBControl.class.asp"-->
<!--#include file="inc/FunctionLib.class.asp"-->
<!--#include file="inc/Manager.class.asp"-->
<!--#include file="inc/md5.asp"-->
<%
Dim Cfg, Db, FLib, Admin
Set Cfg = New Config
Set Db = New DBControl
Set FLib = New FunctionLib
Set Admin = New Manager
If Not Admin.Logined Then
FLib.Alert "对不起,你已经超时或未登录","./",1
Response.End
End If
Db.Open()
Dim Work
Work = Request("Work")
'选择执行操作
Select Case Work
Case "MdyPwd"
MdyPwd()
Case "MdyReco"
MdyReco()
Case "AddReco"
AddReco()
Case "LockReco"
LockReco()
Case "DeleteReco"
DeleteReco()
End Select
'函数:锁定记录
Function LockReco()
If Not Admin.CheckPopedom("TSYS_GROUP3_MANAGER") Then
FLib.Alert "权限不足", "BACK", 0
Response.End
ENd If
Dim IdList, Flag
IdList = FLib.SafeSql(Request("IdList"))
Flag = FLib.SafeSql(Request("Flag"))
If IdList = "" Then
Exit Function
End If
Dim Sql
Sql = "UPDATE manager_base SET disabled=" & Flag & " WHERE owner <> 1 AND id IN(" & IdList & ")"
Db.ExeCute(Sql)
FLib.Alert "执行完毕","Manager_List.asp",0
Response.End
End Function
'函数:删除记录
Function DeleteReco()
If Not Admin.CheckPopedom("TSYS_GROUP3_MANAGER") Then
FLib.Alert "权限不足", "BACK", 0
Response.End
ENd If
Dim IdList
IdList = FLib.SafeSql(Request("IdList"))
If IdList = "" Then
Exit Function
End If
Dim Sql, Rs, tmpTitle
tmpTitle = "''"
Sql = "SELECT title FROM manager_base WHERE owner<>1 AND id IN(" & IdList & ")"
Set Rs = Db.ExeCute(Sql)
While Not Rs.Eof
tmpTitle = tmpTitle & ", '" & Rs("title") & "'"
Rs.MoveNext()
Wend
Rs.Close()
Set Rs = Nothing
Sql = "DELETE FROM manager_base WHERE owner<>1 AND id IN(" & IdList & ")"
Db.ExeCute(Sql)
Sql = "DELETE FROM manager_info1 WHERE owner<>1 AND manager_title IN(" & tmpTitle & ")"
Db.ExeCute(Sql)
FLib.AddLog "删除用户:" & FLib.SafeSql(tmpTitle)
FLib.Alert "执行完毕","Manager_List.asp",0
Response.End
End Function
'函数:增加记录
Function AddReco()
If Not Admin.CheckPopedom("TSYS_GROUP3_MANAGER") Then
FLib.Alert "权限不足", "BACK", 0
Response.End
ENd If
Dim title, pwd, remark, pope_role
title = LCase(FLib.SafeSql(Request("title")))
pwd = FLib.SafeSql(Request("pwd"))
remark = FLib.SafeSql(Request("remark"))
pope_role = FLib.SafeSql(Request("pope_role"))
If title = "" Or pwd = "" Or Not FLib.Check_UserName(title) Then
FLib.Alert "参数有误","BACK",0
Response.End
End If
'未选角色则置为-1
If pope_role = "" Then
pope_role = "-1"
End If
Dim Sql, Rs
Sql = "SELECT TOP 1 id FROM manager_base WHERE title='" & title & "'"
Set Rs = Db.ExeCute(Sql)
If Not(Rs.Eof And Rs.Bof) Then
Rs.Close
Set Rs = Nothing
FLib.Alert "用户已经存在","BACK",0
Response.End
End If
Sql = "INSERT INTO manager_base(title, pwd, disabled, remark, pope_role, owner, creator, addtime, uptime)VALUES('" & title &"', '" & md5(Cfg.Password_EncodeKey & md5(pwd)) &"', 1, '" & remark &"', " & pope_role &", 2, '" & Admin.UserName & "', GETDATE(), GETDATE())"
Db.ExeCute(Sql)
Sql = "INSERT INTO manager_info1(manager_title, resource_count, owner)VALUES('" & title &"', 0, 2)"
Db.ExeCute(Sql)
FLib.AddLog "增加用户:" & title
FLib.Alert "执行完毕","Manager_List.asp",0
Response.End
End Function
'函数:修改记录
Function MdyReco()
If Not Admin.CheckPopedom("TSYS_GROUP3_MANAGER") Then
FLib.Alert "权限不足", "BACK", 0
Response.End
ENd If
Dim title, pwd, remark, pope_role
title = LCase(FLib.SafeSql(Request("title")))
remark = FLib.SafeSql(Request("remark"))
pope_role = FLib.SafeSql(Request("pope_role"))
If title = "" Or Not FLib.Check_UserName(title) Then
FLib.Alert "参数有误","BACK",0
Response.End
End If
'未选角色则置为-1
If pope_role = "" Then
pope_role = "-1"
End If
Dim Sql
Sql = "UPDATE manager_base SET remark='" & remark & "', pope_role=" & pope_role &", uptime=GETDATE() WHERE title='" & title & "'"
Db.ExeCute(Sql)
FLib.AddLog "修改用户:" & title & "信息"
FLib.Alert "执行完毕","Manager_List.asp",0
Response.End
End Function
'函数:修改密码
'说明:
' 以下分两类情况说明:
' 1.具有[用户管理]权限的操作者
' a.允许修改所有人的密码
' b.修改密码时无需输入原密码
' 2.不具有[用户管理]权限的操作者
' a.只允许修改自己的密码
' b.修改密码前必须给出原密码
Function MdyPwd()
Dim title, pwd, pwd1
title = LCase(FLib.SafeSql(Request("title")))
pwd = md5(Cfg.Password_EncodeKey & md5(Request("pwd")))
pwd1 = md5(Cfg.Password_EncodeKey & md5(Request("pwd1")))
Dim Enable_ManagerPopedom '是否具有[用户管理]权限
Enable_ManagerPopedom = Admin.CheckPopedom("TSYS_GROUP3_MANAGER")
If title = "" Then
Response.End
End If
If Not Enable_ManagerPopedom Then
If pwd = "" Then
Response.End
End If
End If
'是否具有[用户管理]
If Not Enable_ManagerPopedom Then
'不允许修改他人密码
If Admin.UserName <> title Then
FLib.Alert "权限不足", "BACK", 0
Response.End
End If
'是否具有修改自己密码的权限
If Not Admin.CheckPopedom("TSYS_GROUP1_PWD") Then
FLib.Alert "权限不足", "BACK", 0
Response.End
ENd If
End If
Dim Sql, Rs
Sql = "SELECT TOP 1 id,pwd FROM manager_base WHERE title='" & title & "'"
Set Rs = Db.ExeCute(Sql)
If Rs.Eof And Rs.Bof Then
Rs.Close
Set Rs = Nothing
FLib.Alert "用户不存在","BACK",0
Response.End
End If
If Not Enable_ManagerPopedom Then
If Rs("pwd") <> pwd Then
Rs.Close
Set Rs = Nothing
FLib.Alert "旧密码不正确","BACK",0
Response.End
End If
End If
Sql = "UPDATE manager_base SET pwd='" & pwd1 & "' WHERE title='" & title & "'"
Db.ExeCute(Sql)
FLib.AddLog "修改用户" & title & "的密码"
FLib.Alert "执行完毕","Manager_List.asp",0
Response.End
End Function
%>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -