<%@ WebHandler Language="C#" Class="chromeGetShortCode" %> using System; using System.Web; using System.Collections.Generic; using System.Runtime.Serialization.Json; using Newtonsoft.Json; using Newtonsoft.Json.Linq; using System.Web.Services.Protocols; using System.Security.Cryptography; using System.Text; using System.Web.SessionState; using System.Data; public class chromeGetShortCode : IHttpHandler { public void ProcessRequest (HttpContext context) { result objRet = new result(); DataContractJsonSerializer json = new DataContractJsonSerializer(objRet.GetType()); context.Response.ContentType = "application/json;charset=utf-8"; context.Response.AddHeader("Access-Control-Allow-Origin", "*"); authPermission objAuth = new authPermission(); string id = (context.Request["id"] == null) ? "" : context.Request["id"].ToString(); string pwd = (context.Request["pwd"] == null) ? "" : context.Request["pwd"].ToString(); string user_sql = string.Format("select * from users where user_id = '{0}'", id); autoBindDataTable objUser = new autoBindDataTable(user_sql); if (objUser.dataRows.Count == 0) { string elab_sql = string.Format("select * from new_userdata where userid = '{0}'", id); autoBindElab objElabUser = new autoBindElab(elab_sql); if (objElabUser.dataRows.Count == 0) { objRet.ret = "no"; objRet.err_code = "0001"; objRet.message = "無此帳號密碼!"; json.WriteObject(context.Response.OutputStream, objRet); return; } else { objRet.ret = "no"; objRet.err_code = "0002"; objRet.message = "此帳號尚未擁有權限，請專案管理者加入權限!"; json.WriteObject(context.Response.OutputStream, objRet); return; } } else { //系統內建帳號 if (objUser.dataRows[0]["user_type"].ToString() == "Y") { if (objUser.dataRows[0]["user_onjob"].ToString() == "N") { objRet.ret = "no"; objRet.err_code = "0003"; objRet.message = "此帳號已經離職!"; json.WriteObject(context.Response.OutputStream, objRet); return; } if (pwd != SHA256_Encode(objUser.dataRows[0]["user_pwd"].ToString())) { string test = SHA256_Encode(objUser.dataRows[0]["user_pwd"].ToString()); objRet.ret = "no"; objRet.err_code = "0004"; objRet.message = "密碼有誤!"; json.WriteObject(context.Response.OutputStream, objRet); return; } } //E白板帳號 if (objUser.dataRows[0]["user_type"].ToString() == "N") { string elab_sql = string.Format("select * from new_userdata where userid = '{0}'", id); autoBindElab objElabUser = new autoBindElab(elab_sql); if (objElabUser.dataRows.Count == 0) { objRet.ret = "no"; objRet.err_code = "0001"; objRet.message = "無此帳號密碼!"; json.WriteObject(context.Response.OutputStream, objRet); return; } else { if (objElabUser.dataRows[0]["onjob"].ToString() == "1") { objUser.dataRows[0]["user_onjob"] = "N"; objUser.updateDataTable(); objRet.ret = "no"; objRet.err_code = "0003"; objRet.message = "此帳號已經離職!"; json.WriteObject(context.Response.OutputStream, objRet); return; } if (pwd != SHA256_Encode(objElabUser.dataRows[0]["userpw"].ToString())) { objRet.ret = "no"; objRet.err_code = "0004"; objRet.message = "密碼有誤!"; json.WriteObject(context.Response.OutputStream, objRet); return; } } } string shor_Code = globalClass.CreateCaseRandomCode(6); Boolean isCheck = false; while (isCheck == false) { string checkString = string.Format("select * from url where url_code Collate SQL_Latin1_General_CP1_CS_AS = '{0}'", shor_Code); autoBindDataTable checkSQL = new autoBindDataTable(checkString); if (checkSQL.dataRows.Count == 0) { isCheck = true; } else { shor_Code = globalClass.CreateCaseRandomCode(6); } } objRet.ret = "yes"; objRet.shorCode = shor_Code; json.WriteObject(context.Response.OutputStream, objRet); return; } } string SHA256_Encode(string value) { byte[] bytValue = System.Text.Encoding.UTF8.GetBytes(value); try { SHA256 sha256 = new SHA256CryptoServiceProvider(); byte[] retVal = sha256.ComputeHash(bytValue); StringBuilder sb = new StringBuilder(); for (int i = 0; i < retVal.Length; i++) { sb.Append(retVal[i].ToString("x2")); } return sb.ToString(); } catch (Exception ex) { throw new Exception("GetSHA256HashFromString() fail,error:" + ex.Message); } } public class result { public string ret = "no"; public string err_code = "0000"; public string message = ""; public string shorCode = ""; public string urlHeader = HttpContext.Current.Request.Url.Scheme + "://" + HttpContext.Current.Request.Url.Authority + "/"; } public bool IsReusable { get { return false; } } }