ss001/g.hnyhua.cn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
g.hnyhua.cn/Mtxfw.VipSite/Global.asax.cs

484 lines
19 KiB
C#
Raw Permalink Normal View History

代码修改后的版本,全部提交
2026-02-07 15:48:27 +08:00
using System;
using System.Collections.Generic;
using System.Web;
using System.Web.Security;
using System.Web.SessionState;
using System.Security;
using System.Globalization;
using System.Timers;
using System.Data;
using System.Threading;
using System.Text.RegularExpressions;
using System.Web.Script.Serialization;
namespace Mtxfw.VipSite
{
public class Global : System.Web.HttpApplication
{
DAL.user_Results daoResults = new DAL.user_Results();
DAL.timer_control daotimer = new DAL.timer_control();
DAL.order_info daoorder = new DAL.order_info();
DAL.user_info daoUser = new DAL.user_info();
public string apath = "";
private static System.Timers.Timer aTimer;
protected void Application_Start(object sender, EventArgs e)
{
apath = System.Web.Hosting.HostingEnvironment.ApplicationPhysicalPath;
SetTimer();
}
protected void Session_Start(object sender, EventArgs e)
{
//Response.Cookies["ASP.NET_SessionId"].Value = Session.SessionID.ToString();
//Response.Cookies["ASP.NET_SessionId"].Domain = ".vip.fuanmei.cn";
}
protected void Application_BeginRequest(object sender, EventArgs e)
{
bool ifb = true;
string oldUrl = Request.RawUrl.ToString().ToLower();
Model.User_Errlog mo = new Model.User_Errlog();
string strkeys = "", strkeys0 = "";
try
{
if (Request.Files.Count > 0)
{
if (Request.Files[0].ContentLength > 0)
{
string strContentType = Request.Files[0].ContentType.ToLower();
if (ifb)
{
string FileType = Request.Files[0].FileName.Substring(Request.Files[0].FileName.LastIndexOf(".")).ToLower();
if (FileType.IndexOf("jpg") == -1 && FileType.IndexOf("jpeg") == -1 && FileType.IndexOf("gif") == -1 && FileType.IndexOf("png") == -1 && FileType.IndexOf("bmp") == -1 && FileType.IndexOf("jfif") == -1 && FileType.IndexOf("xls") == -1 && FileType.IndexOf("doc") == -1 && FileType.IndexOf("mp4") == -1)
{
ifb = false;
HttpContext.Current.RewritePath("/");
}
if (ifb)
{
if (FileType.IndexOf("jpg") != -1 || FileType.IndexOf("jpeg") != -1 || FileType.IndexOf("gif") != -1 || FileType.IndexOf("png") != -1 || FileType.IndexOf("bmp") != -1 || FileType.IndexOf("jfif") != -1)
{
if (strContentType.IndexOf("jpg") == -1 && strContentType.IndexOf("jpeg") == -1 && strContentType.IndexOf("gif") == -1 && strContentType.IndexOf("png") == -1 && strContentType.IndexOf("bmp") == -1 && strContentType.IndexOf("jfif") == -1 && strContentType.IndexOf("xls") == -1 && strContentType.IndexOf("doc") == -1)
{
ifb = false;
HttpContext.Current.RewritePath("/");
}
}
}
}
if (ifb)
{
if (strContentType.IndexOf("jpg") != -1 || strContentType.IndexOf("jpeg") != -1 || strContentType.IndexOf("gif") != -1 || strContentType.IndexOf("png") != -1 || strContentType.IndexOf("bmp") != -1 || strContentType.IndexOf("jfif") != -1)
{
try
{
System.Drawing.Image img = System.Drawing.Image.FromStream(Request.Files[0].InputStream);
}
catch (Exception uperr)
{
mo = new Model.User_Errlog();
mo.DLID = 0;
mo.ErrType = "upfile1";
mo.addtime = DateTime.Now;
mo.ErrBody = oldUrl;
mo.ErrBody2 = uperr.Message;
new DAL.User_Errlog().Add(mo);
}
}
}
}
}
bool ifb0 = true, ifb1 = true;
if (ifb)
{
if (Request.QueryString != null)
{
string getkeys = "";
for (int i = 0; i < Request.QueryString.Count; i++)
{
if (Request.QueryString.Keys[i] != null)
{
getkeys = Request.QueryString.Keys[i];
if (getkeys != "")
{
strkeys += getkeys + "=" + Request.QueryString[getkeys].ToString() + "|";
if (!ProcessSqlStr(Request.QueryString[getkeys]))
{
ifb0 = false;
}
}
}
}
}
}
if (ifb)
{
if (Request.Form != null)
{
string getkeys = "";
for (int i = 0; i < Request.Form.Count; i++)
{
if (Request.Form.Keys[i] != null)
{
getkeys = Request.Form.Keys[i];
if (getkeys != "")
{
string keyvalue = Request.Form[getkeys].ToString();
strkeys0 += getkeys + "=" + keyvalue + "|";
if (getkeys != "__VIEWSTATE" && getkeys != "__EVENTTARGET" && getkeys != "__EVENTARGUMENT")
{
if (!ProcessSqlStr(keyvalue))
{
ifb1 = false;
}
}
}
}
}
}
}
if (ifb)
{
if (!ifb0)
{
ifb = false;
HttpContext.Current.RewritePath("/");
}
}
if (ifb)
{
if (!ifb1)
{
mo = new Model.User_Errlog();
mo.DLID = 0;
mo.ErrType = "FormRequest";
mo.addtime = DateTime.Now;
mo.ErrBody = oldUrl;
mo.ErrBody2 = strkeys0;
new DAL.User_Errlog().Add(mo);
ifb = false;
HttpContext.Current.RewritePath("/");
}
}
if (ifb)
{
if (!String.IsNullOrEmpty(Request["t"]))
{
if (Request["t"].ToString() != "null")
{
if (!System.Text.RegularExpressions.Regex.IsMatch(Request["t"].ToString(), @"^-?\d+$"))
{
ifb = false;
HttpContext.Current.RewritePath("/");
}
}
}
}
if (ifb)
{
if (!String.IsNullOrEmpty(Request["t0"]))
{
if (Request["t0"].ToString() != "null")
{
if (!System.Text.RegularExpressions.Regex.IsMatch(Request["t0"].ToString(), @"^-?\d+$"))
{
ifb = false;
HttpContext.Current.RewritePath("/");
}
}
}
}
if (ifb)
{
if (!String.IsNullOrEmpty(Request["id"]))
{
if (!System.Text.RegularExpressions.Regex.IsMatch(Request["id"].ToString(), @"^-?\d+$"))
{
ifb = false;
HttpContext.Current.RewritePath("/");
}
}
}
if (ifb)
{
if (!String.IsNullOrEmpty(Request["SJ"]))
{
try
{
DateTime dt = Convert.ToDateTime(Request["SJ"]);
}
catch
{
ifb = false;
HttpContext.Current.RewritePath("/");
}
}
}
if (ifb)
{
if (!String.IsNullOrEmpty(Request["SJ2"]))
{
try
{
DateTime dt = Convert.ToDateTime(Request["SJ2"]);
}
catch
{
ifb = false;
HttpContext.Current.RewritePath("/");
}
}
}
if (ifb)
{
if (!String.IsNullOrEmpty(Request["addtime"]))
{
try
{
DateTime dt = Convert.ToDateTime(Request["addtime"]);
}
catch
{
ifb = false;
HttpContext.Current.RewritePath("/");
}
}
}
if (ifb)
{
if (!String.IsNullOrEmpty(Request["MemberId"]))
{
if (!System.Text.RegularExpressions.Regex.IsMatch(Request["MemberId"].ToString(), @"^-?\d+$"))
{
ifb = false;
HttpContext.Current.RewritePath("/");
}
}
}
if (ifb)
{
if (!String.IsNullOrEmpty(Request["key"]))
{
if (!ProcessSqlStr(Request["key"].ToString()) || Request["key"].ToString().Length > 50)
{
ifb = false;
HttpContext.Current.RewritePath("/");
}
}
}
if (ifb)
{
if (!String.IsNullOrEmpty(Request["name"]))
{
string name = Request["name"].ToString();
if (name.IndexOf("'") != -1)
{
ifb = false;
HttpContext.Current.RewritePath("/");
}
}
}
if (ifb)
{
if (!String.IsNullOrEmpty(Request["ProvinceID"]))
{
string name = Request["ProvinceID"].ToString();
if (name.IndexOf("'") != -1)
{
ifb = false;
HttpContext.Current.RewritePath("/");
}
}
}
if (ifb)
{
if (!String.IsNullOrEmpty(Request["cityIDs"]))
{
string name = Request["cityIDs"].ToString();
if (name.IndexOf("'") != -1)
{
ifb = false;
HttpContext.Current.RewritePath("/");
}
}
}
if (ifb)
{
if (!String.IsNullOrEmpty(Request["CityID"]))
{
string name = Request["CityID"].ToString();
if (name.IndexOf("'") != -1)
{
ifb = false;
HttpContext.Current.RewritePath("/");
}
}
}
if (ifb)
{
if (!String.IsNullOrEmpty(Request["countyIDs"]))
{
string name = Request["countyIDs"].ToString();
if (name.IndexOf("'") != -1)
{
ifb = false;
HttpContext.Current.RewritePath("/");
}
}
}
if (ifb)
{
if (!String.IsNullOrEmpty(Request["UserName"]))
{
string name = Request["UserName"].ToString();
if (name.IndexOf("'") != -1)
{
ifb = false;
HttpContext.Current.RewritePath("/");
}
}
}
if (ifb)
{
if (!String.IsNullOrEmpty(Request["realname"]))
{
string name = Request["realname"].ToString();
if (name.IndexOf("'") != -1)
{
ifb = false;
HttpContext.Current.RewritePath("/");
}
}
}
}
catch (Exception err)
{
mo = new Model.User_Errlog();
mo.DLID = 0;
mo.ErrType = "Application_BeginRequest";
mo.addtime = DateTime.Now;
mo.ErrBody = oldUrl + "|" + strkeys + "|" + strkeys0;
mo.ErrBody2 = err.ToString();
new DAL.User_Errlog().Add(mo);
}
}
/// <summary>
/// 分析用户请求是否正常
/// </summary>
/// <param name="Str">传入用户提交数据 </param>
/// <returns>返回是否含有SQL注入式攻击代码 </returns>
private bool ProcessSqlStr(string Str)
{
bool ReturnValue = true;
try
{
if (Str.Trim() != "")
{
//string SqlStr = "and |exec |insert |select |delete |update |count |* |chr |mid |master |truncate |char |declare";
string SqlStr = "exec |insert |select |delete |update |alter |create |drop |grant |with |master |truncate |declare |db_name()|backup |to disk|convert(|database[|table[|set |waitfor delay|and |cast(|chr(";
string[] anySqlStr = SqlStr.Split('|');
foreach (string ss in anySqlStr)
{
if (Str.ToLower().IndexOf(ss) >= 0)
{
ReturnValue = false;
break;
}
}
}
}
catch
{
ReturnValue = false;
}
return ReturnValue;
}
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
Mtxfw.Utility.Authentication Action = new Mtxfw.Utility.Authentication();
if (Action.IsAuthenticated)
{
Action.RequestAuthenticate(sender);
}
}
protected void Application_Error(object sender, EventArgs e)
{
//获取当前异常根源
Exception ex = HttpContext.Current.Server.GetLastError().GetBaseException();
Mtxfw.Utility.Error MyError = new Mtxfw.Utility.Error(ex);
MyError.Write();
}
protected void Session_End(object sender, EventArgs e)
{
}
protected void Application_End(object sender, EventArgs e)
{
}
public void SetTimer()
{
aTimer = new System.Timers.Timer();
aTimer.Elapsed += new ElapsedEventHandler(OnTimer);
aTimer.Interval = 120000;
aTimer.Enabled = true;
aTimer.Start();
}
public void OnTimer(Object source, ElapsedEventArgs e)
{
Model.User_Errlog mo;
DateTime dt = DateTime.Now;
try
{
Mtxfw.Utility.Config config = new Mtxfw.Utility.Config(apath);
if (config.CloseEnable == "0")
{
DateTime dt0 = dt;
int ZXflag = daotimer.GetZXflag("ZXflag0", ref dt0);
if (ZXflag == 0)
{
daotimer.UpdateZXflag("ZXflag0", 1, dt, 0);
Mtxfw.DAL.MemberStatistics.DeleteOrder(config, 0, apath,0);
daotimer.UpdateZXflag("ZXflag0", 0, dt, 0);
}
else
{
if (dt0.AddMinutes(30) < dt)
{
daotimer.UpdateZXflag("ZXflag0", 0, dt, 0);
}
}
}
}
catch (Exception ex)
{
daotimer.UpdateZXflag("ZXflag0", 0, dt, 0);
mo = new Model.User_Errlog();
mo.DLID = 0;
mo.ErrType = "银花优选删除未付款订单";
mo.addtime = DateTime.Now;
mo.ErrBody = ex.ToString();
mo.ErrBody2 = ex.Message;
new DAL.User_Errlog().Add(mo);
}
}
}
}
Reference in New Issue Copy Permalink