<%@ WebHandler Language="C#" Class="chromeProjectsList" %> using System; using System.Web; using System.Collections.Generic; using System.Runtime.Serialization.Json; using Newtonsoft.Json; using Newtonsoft.Json.Linq; using System.Web.Services.Protocols; using System.Security.Cryptography; using System.Text; using System.Web.SessionState; using System.Data; public class chromeProjectsList : IHttpHandler { public void ProcessRequest(HttpContext context) { result objRet = new result(); DataContractJsonSerializer json = new DataContractJsonSerializer(objRet.GetType()); context.Response.ContentType = "application/json;charset=utf-8"; context.Response.AddHeader("Access-Control-Allow-Origin", "*"); string id = (context.Request["id"] == null) ? "" : context.Request["id"].ToString(); string pwd = (context.Request["pwd"] == null) ? "" : context.Request["pwd"].ToString(); string user_sql = string.Format("select * from users where user_id = '{0}'", id); autoBindDataTable objUser = new autoBindDataTable(user_sql); if (objUser.dataRows.Count == 0) { string elab_sql = string.Format("select * from new_userdata where userid = '{0}'", id); autoBindElab objElabUser = new autoBindElab(elab_sql); if (objElabUser.dataRows.Count == 0) { objRet.ret = "no"; objRet.err_code = "0001"; objRet.message = "無此帳號密碼!"; json.WriteObject(context.Response.OutputStream, objRet); return; } else { objRet.ret = "no"; objRet.err_code = "0002"; objRet.message = "此帳號尚未擁有權限，請專案管理者加入權限!"; json.WriteObject(context.Response.OutputStream, objRet); return; } } else { //系統內建帳號 if (objUser.dataRows[0]["user_type"].ToString() == "Y") { if (objUser.dataRows[0]["user_onjob"].ToString() == "N") { objRet.ret = "no"; objRet.err_code = "0003"; objRet.message = "此帳號已經離職!"; json.WriteObject(context.Response.OutputStream, objRet); return; } if (pwd != SHA256_Encode(objUser.dataRows[0]["user_pwd"].ToString())) { string test = SHA256_Encode(objUser.dataRows[0]["user_pwd"].ToString()); objRet.ret = "no"; objRet.err_code = "0004"; objRet.message = "密碼有誤!"; json.WriteObject(context.Response.OutputStream, objRet); return; } } //E白板帳號 if (objUser.dataRows[0]["user_type"].ToString() == "N") { string elab_sql = string.Format("select * from new_userdata where userid = '{0}'", id); autoBindElab objElabUser = new autoBindElab(elab_sql); if (objElabUser.dataRows.Count == 0) { objRet.ret = "no"; objRet.err_code = "0001"; objRet.message = "無此帳號密碼!"; json.WriteObject(context.Response.OutputStream, objRet); return; } else { if (objElabUser.dataRows[0]["onjob"].ToString() == "1") { objUser.dataRows[0]["user_onjob"] = "N"; objUser.updateDataTable(); objRet.ret = "no"; objRet.err_code = "0003"; objRet.message = "此帳號已經離職!"; json.WriteObject(context.Response.OutputStream, objRet); return; } if (pwd != SHA256_Encode(objElabUser.dataRows[0]["userpw"].ToString())) { objRet.ret = "no"; objRet.err_code = "0004"; objRet.message = "密碼有誤!"; json.WriteObject(context.Response.OutputStream, objRet); return; } } } string projectString = "select * from projects where project_isRevoke = 'N' order by project_sn desc"; if (objUser.dataRows[0]["user_perm"].ToString() != "A") { projectString = string.Format("select A.* from projects A, projectUser B where A.project_uid = B.project_uid and A.project_isRevoke = 'N' and B.user_uid = '{0}' order by A.project_sn desc", objUser.dataRows[0]["user_uid"].ToString()); } autoBindDataTable sqlProjects = new autoBindDataTable(projectString); foreach (DataRow tmpRow in sqlProjects.dataRows) { projectBase tmpProject = new projectBase(tmpRow["project_uid"].ToString()); objRet.projectlist.Add(tmpProject); } objRet.ret = "yes"; json.WriteObject(context.Response.OutputStream, objRet); return; } } string SHA256_Encode(string value) { byte[] bytValue = System.Text.Encoding.UTF8.GetBytes(value); try { SHA256 sha256 = new SHA256CryptoServiceProvider(); byte[] retVal = sha256.ComputeHash(bytValue); StringBuilder sb = new StringBuilder(); for (int i = 0; i < retVal.Length; i++) { sb.Append(retVal[i].ToString("x2")); } return sb.ToString(); } catch (Exception ex) { throw new Exception("GetSHA256HashFromString() fail,error:" + ex.Message); } } public bool IsReusable { get { return false; } } public class result { public string ret = "no"; public string err_code = "0000"; public string message = ""; public string user_perm = "N"; public List projectlist = new List(); } }