Line 1: <!-- #include file="sqlstring.cs" -->
Line 2: <!-- #include file="mail.cs" -->
Line 3:
Line 4: <%@Language=C# Debug="true" %>
Line 5: <%@Import Namespace="System.Web.Caching" %>
Line 6: <%@Import Namespace="System.Data" %>
Line 7: <%@Import Namespace="System.Data.SqlClient" %>
Line 8: <%@Import Namespace="System.IO" %>
Line 9: <%@Import Namespace="System.Globalization" %>
Line 10: <%@Import Namespace="System.Threading" %>
Line 11: <%@ Import Namespace="System.Drawing" %>
Line 12: <%@ Import Namespace="System.Drawing.Imaging" %>
Line 13: <%@ Import Namespace="System.Drawing.Text" %>
Line 14: <%@ Import Namespace="System.Collections" %>
Line 15: <%@ Import Namespace="System.Collections.Specialized" %>
Line 16: <%@ Import Namespace="System.Collections.Generic" %>
Line 17:
Line 18:
Line 19: <script runat=server>
Line 20: #if !DEBUG
Line 21: private class _c : System.Web.UI.Page
Line 22: #endif
Line 23: //public partial class _common : System.Web.UI.Page{
Line 24:
Line 25: //////////////////////////////////////////////////////////////////////////////////////
Line 26: //common functions for all sites
Line 27: string m_sHeaderCacheName = "header"; //will append current virtual path later
Line 28: string m_sSalesEmail = "";
Line 29: string m_sAdminEmail = "sales@yellow-price.com";
Line 30: string m_supplierString = "";
Line 31: string m_catTableString = "";
Line 32: //string m_code = "";
Line 33: const int const_sleeps = 1; //for throat CPU usage
Line 34: int monitorCount = 0; //for remote process monitoring
Line 35:
Line 36: SqlConnection myConnection;// = new SqlConnection("Initial Catalog=" + m_sCompanyName + m_sDataSource + m_sSecurityString);
Line 37: SqlDataAdapter myAdapter;
Line 38: SqlCommand myCommand;
Line 39:
Line 40: DataTable dtUser = new DataTable();
Line 41: DataSet dstcom = new DataSet();
Line 42:
Line 43: int m_pMonitor = 0;
Line 44: string m_sMonitor = @".......";
Line 45:
Line 46: void Trim(ref string s)
Line 47: {
Line 48: if(s == null)
Line 49: return;
Line 50: s = s.TrimStart(null);
Line 51: s = s.TrimEnd(null);
Line 52: }
Line 53: void DEBUG(string msg, string value)
Line 54: {
Line 55: string sd = "";
Line 56: sd += "<font color=red>";
Line 57: sd += msg;
Line 58: sd += "</font>";
Line 59: sd += value;
Line 60: sd += "<br>\r\n";
Line 61: Response.Write(sd);
Line 62: Response.Flush();
Line 63: }
Line 64: void DEBUG(string msg, int value)
Line 65: {
Line 66: string sd = "";
Line 67: sd += "<font color=red>";
Line 68: sd += msg;
Line 69: sd += "</font>";
Line 70: sd += value.ToString();
Line 71: sd += "<br>\r\n";
Line 72: Response.Write(sd);
Line 73: Response.Flush();
Line 74: }
Line 75: void DEBUG(string msg, double value)
Line 76: {
Line 77: string sd = "";
Line 78: sd += "<font color=red>";
Line 79: sd += msg;
Line 80: sd += "</font>";
Line 81: sd += value.ToString();
Line 82: sd += "<br>\r\n";
Line 83: Response.Write(sd);
Line 84: Response.Flush();
Line 85: }
Line 86: void DEBUG(string msg, float value)
Line 87: {
Line 88: string sd = "";
Line 89: sd += "<font color=red>";
Line 90: sd += msg;
Line 91: sd += "</font>";
Line 92: sd += value.ToString();
Line 93: sd += "<br>\r\n";
Line 94: Response.Write(sd);
Line 95: Response.Flush();
Line 96: }
Line 97: void DEBUG(string msg, bool value)
Line 98: {
Line 99: string sd = "";
Line 100: sd += "<font color=red>";
Line 101: sd += msg;
Line 102: sd += "</font>";
Line 103: sd += value.ToString();
Line 104: sd += "<br>\r\n";
Line 105: Response.Write(sd);
Line 106: Response.Flush();
Line 107: }
Line 108: void ShowExp(string query, Exception e)
Line 109: {
Line 110: myConnection.Close();
Line 111:
Line 112: Response.Write("Execute SQL Query Error.<br>\r\nQuery = ");
Line 113: Response.Write(query);
Line 114: Response.Write("<br>\r\n Error: ");
Line 115: Response.Write(e);
Line 116: Response.Write("<br>\r\n");
Line 117: return;
Line 118:
Line 119: if(Session["email"] != null)
Line 120: {
Line 121: if(Request.ServerVariables["SERVER_NAME"] == "localhost"
Line 122: || Session["email"].ToString().IndexOf("@eznz") >= 0
Line 123: || Session["email"].ToString().IndexOf("@yellow-price") >= 0
Line 124: )
Line 125: {
Line 126: Response.Write("Execute SQL Query Error.<br>\r\nQuery = ");
Line 127: Response.Write(query);
Line 128: Response.Write("<br>\r\n Error: ");
Line 129: Response.Write(e);
Line 130: Response.Write("<br>\r\n");
Line 131: }
Line 132: else
Line 133: {
Line 134: Response.Write("Internal Error");
Line 135: }
Line 136: }
Line 137: else
Line 138: {
Line 139: Response.Write("<script type='text/javascript' ");
Line 140: Response.Write(">");
Line 141: Response.Write(" window.alert('Internal Error'); ");
Line 142: Response.Write("</script");
Line 143: Response.Write(">");
Line 144: }
Line 145:
Line 146: string msg = "\r\n<font color=red><b>EXP</b></font><br>\r\n";
Line 147: msg += e.ToString();
Line 148: msg += "<br><br><font color=red><b>QUERY</b></font><br>\r\n";
Line 149: msg += query;
Line 150: msg += "<br><br>\r\n\r\n";
Line 151: msg += "ip : " + Session["ip"] + "<br>\r\n";
Line 152: msg += "login : " + Session["name"] + "<br>\r\n";
Line 153: msg += "email : " + Session["email"] + "<br>\r\n";
Line 154: msg += "url : " + Request.ServerVariables["URL"] + "?" + Request.ServerVariables["QUERY_STRING"] + "<br>\r\n";
Line 155: // AlertAdmin(msg);
Line 156: }
Line 157: void MonitorProcess(int step)
Line 158: {
Line 159: monitorCount++;
Line 160: if(monitorCount > step)
Line 161: {
Line 162: monitorCount = 0;
Line 163: // Response.Write(".");
Line 164: Response.Write(m_sMonitor[m_pMonitor++]);
Line 165: if(m_pMonitor >= m_sMonitor.Length)
Line 166: m_pMonitor = 0;
Line 167: Response.Flush();
Line 168: }
Line 169: // Thread.Sleep(const_sleeps);
Line 170: }
Line 171: void AlertAdmin(string msg)
Line 172: {
Line 173: if(Request.ServerVariables["SERVER_NAME"].ToString().ToLower().IndexOf("localhost") >= 0)
Line 174: return;
Line 175: MailMessage msgMail = new MailMessage();
Line 176: msgMail.To = m_emailAlertTo;
Line 177: msgMail.From = GetSiteSettings("postmaster_email", "postmaster@eznz.com");
Line 178: msgMail.Subject = m_sCompanyName + " site " + Request.ServerVariables["SERVER_NAME"] + " err: " + Request.ServerVariables["LOCAL_ADDR"].ToString();
Line 179: msgMail.BodyFormat = MailFormat.Html;
Line 180: msgMail.Body = msg;
Line 181: SmtpMail.Send(msgMail);
Line 182: }
Line 183: void AlertAdmin(string subject, string msg)
Line 184: {
Line 185: if(Request.ServerVariables["SERVER_NAME"].ToString().ToLower().IndexOf("localhost") >= 0)
Line 186: return;
Line 187: MailMessage msgMail = new MailMessage();
Line 188: msgMail.To = m_emailAlertTo;
Line 189: msgMail.From = GetSiteSettings("postmaster_email", "postmaster@eznz.com");
Line 190: msgMail.Subject = Request.ServerVariables["SERVER_NAME"] + " @ " + Request.ServerVariables["LOCAL_ADDR"].ToString();
Line 191: msgMail.Subject += subject;
Line 192: msgMail.BodyFormat = MailFormat.Html;
Line 193: msgMail.Body = msg;
Line 194:
Line 195: SmtpMail.Send(msgMail);
Line 196: }
Line 197: void PrintBasicHeader()
Line 198: {
Line 199: }
Line 200: string GetSiteSettings(string name)
Line 201: {
Line 202: return GetSiteSettings(name, "");
Line 203: }
Line 204: string GetSiteSettings(string name, string sDefault)
Line 205: {
Line 206: return GetSiteSettings(name, sDefault, false);
Line 207: }
Line 208: string GetSiteSettings(string name, string sDefault, bool bHide)
Line 209: {
Line 210: return GetSiteSettings(name, sDefault, bHide, "");
Line 211: }
Line 212: string GetSiteSettings(string name, string sDefault, bool bHide, string sDescription)
Line 213: {
Line 214: string s = "";
Line 215: string sc = "SELECT value FROM settings WHERE name='";
Line 216: sc += name;
Line 217: sc += "'";
Line 218: int rows = 0;
Line 219: try
Line 220: {
Line 221: SqlDataAdapter myCommand = new SqlDataAdapter(sc, myConnection);
Line 222: DataSet ds = new DataSet();
Line 223: rows = myCommand.Fill(ds);
Line 224: if(rows > 0)
Line 225: s = ds.Tables[0].Rows[0].ItemArray[0].ToString();
Line 226: }
Line 227: catch(Exception e)
Line 228: {
Line 229: ShowExp(sc, e);
Line 230: return sDefault;
Line 231: }
Line 232: if(rows == 0)
Line 233: {
Line 234: string sHide = "0";
Line 235: if(bHide)
Line 236: sHide = "1";
Line 237: if(name == "next_cheque_number")
Line 238: s = "100000";
Line 239: else
Line 240: s = sDefault;
Line 241: s = EncodeQuote(s);
Line 242: sc = " INSERT INTO settings (name, value, hidden, description) VALUES('" + name + "', '" + s + "', " + sHide + ", '"+ sDescription +"') ";
Line 243: try
Line 244: {
Line 245: myCommand = new SqlCommand(sc);
Line 246: myCommand.Connection = myConnection;
Line 247: myCommand.Connection.Open();
Line 248: myCommand.ExecuteNonQuery();
Line 249: myCommand.Connection.Close();
Line 250: }
Line 251: catch(Exception e)
Line 252: {
Line 253: ShowExp(sc, e);
Line 254: }
Line 255: }
Line 256: return s;
Line 257: }
Line 258: bool SetSiteSettings(string name, string value)
Line 259: {
Line 260: string sc = "UPDATE settings SET value=N'";
Line 261: sc += EncodeQuote(value);
Line 262: sc += "' WHERE name='";
Line 263: sc += name;
Line 264: sc += "'";
Line 265: try
Line 266: {
Line 267: myCommand = new SqlCommand(sc);
Line 268: myCommand.Connection = myConnection;
Line 269: myCommand.Connection.Open();
Line 270: myCommand.ExecuteNonQuery();
Line 271: myCommand.Connection.Close();
Line 272: }
Line 273: catch(Exception e)
Line 274: {
Line 275: ShowExp(sc, e);
Line 276: return false;
Line 277: }
Line 278: return true;
Line 279: }
Line 280: string ReadSitePage(string name)
Line 281: {
Line 282: //string lang = Session[m_sCompanyName + "_personal_language_setting"].ToString(); //GetSiteSettings("language_in_use", "english", true);
Line 283: //if(lang == "chinese_traditional" && m_sSite == "www")
Line 284: // name += "_cn";
Line 285: string id = "";
Line 286: return ReadSitePage(name, ref id);
Line 287: }
Line 288: string ReadSitePage(string name, ref string id)
Line 289: {
Line 290: string s = GetSitePageText(name, ref id);
Line 291: int p = s.IndexOf("[[");
Line 292: int protect = 99;
Line 293: while(p >=0 && protect-->0)
Line 294: {
Line 295: string tag = "";
Line 296: for(int i=p+2; i<s.Length-1; i++)
Line 297: {
Line 298: if(s[i] == ']' && s[i+1] == ']')
Line 299: break;
Line 300: tag += s[i];
Line 301: }
Line 302: string sid = ""; //dummy
Line 303: //DEBUG("tag=", tag);
Line 304: s = s.Replace("[[" + tag + "]]", GetSitePageText(tag, ref sid));
Line 305: p = s.IndexOf("[[");
Line 306: }
Line 307: return s;
Line 308: }
Line 309: string GetSitePageText(string name, ref string id)
Line 310: {
Line 311: string cat = "";
Line 312: return GetSitePageText(name, ref id, ref cat);
Line 313: }
Line 314: string GetSitePageText(string name, ref string id, ref string cat)
Line 315: {
Line 316: name = name.ToLower();
Line 317: string s = "";
Line 318: string sc = "SELECT id, text, cat FROM site_pages WHERE name=N'";
Line 319: sc += name;
Line 320: sc += "'";
Line 321: int rows = 0;
Line 322: try
Line 323: {
Line 324: SqlDataAdapter myCommand = new SqlDataAdapter(sc, myConnection);
Line 325: DataSet ds = new DataSet();
Line 326: rows = myCommand.Fill(ds);
Line 327: if(rows > 0)
Line 328: {
Line 329: s = ds.Tables[0].Rows[0]["text"].ToString();
Line 330: id = ds.Tables[0].Rows[0]["id"].ToString();
Line 331: cat = ds.Tables[0].Rows[0]["cat"].ToString();
Line 332: }
Line 333: }
Line 334: catch(Exception e)
Line 335: {
Line 336: ShowExp(sc, e);
Line 337: }
Line 338: if(Session["email"] != null)
Line 339: {
Line 340: if(Request.ServerVariables["SERVER_NAME"] == "localhost"
Line 341: || Session["email"].ToString().IndexOf("@eznz") >= 0
Line 342: || Session["email"].ToString().IndexOf("@yellow-price") >= 0
Line 343: )
Line 344: {
Line 345: Response.Write("\r\n<!--SPRead:" + name + "-->\r\n");
Line 346: }
Line 347: }
Line 348: return s;
Line 349: }
Line 350: void RememberLastPage()
Line 351: {
Line 352: string sl = "http";
Line 353:
Line 354: if(String.Compare(Request.ServerVariables["HTTPS"].ToString(), "on", true) == 0)
Line 355: sl += "s";
Line 356:
Line 357: sl += "://";
Line 358: sl += Request.ServerVariables["SERVER_NAME"];
Line 359: string sPort = Request.ServerVariables["SERVER_PORT"].ToString();
Line 360: if (sPort != "" && sPort != "80")
Line 361: sl += ":" + sPort;
Line 362: sl += Request.ServerVariables["URL"].ToString();
Line 363: sl += "?";
Line 364: sl += Request.ServerVariables["QUERY_STRING"];
Line 365: Session["LastPage"] = sl;
Line 366: }
Line 367: void BackToLastPage()
Line 368: {
Line 369: // Response.Write("lastpage = "+Session["LastPage"]);
Line 370: string url;
Line 371: string currentURL = Request.ServerVariables["URL"];
Line 372: if(Session["LastPage"] != null)
Line 373: {
Line 374: url = Session["LastPage"].ToString();
Line 375: int p = 0;
Line 376: if(url.IndexOf("checkout.aspx") >= 0)
Line 377: {
Line 378: if(Session[m_sCompanyName + "sales"] != null && (bool)Session[m_sCompanyName + "sales"])
Line 379: {
Line 380: url = "/sales/pos.aspx";
Line 381: }
Line 382: }
Line 383: if(Session["card_type"] != null && Session["card_type"] != "")
Line 384: {
Line 385: if(Session["card_type"].ToString() == "2")
Line 386: {
Line 387: if(url.IndexOf("/dealer") < 0 && Request.ServerVariables["URL"].ToString().IndexOf("/dealer/login.aspx") >= 0)
Line 388: {
Line 389: string tmpURL = Request.ServerVariables["URL"].ToString();
Line 390: tmpURL = tmpURL.Replace("login.aspx", "");
Line 391: url = tmpURL;
Line 392: }
Line 393: else if(url.IndexOf("/dealer") < 0 && Request.ServerVariables["URL"].ToString().IndexOf("/dealer") < 0)
Line 394: url = "dealer/";
Line 395: }
Line 396: }
Line 397: }
Line 398: else
Line 399: {
Line 400: url = "";
Line 401:
Line 402: if(Session["card_type"] != null && Session["card_type"] != "")
Line 403: {
Line 404: if(Session["card_type"].ToString() == "2")
Line 405: {
Line 406: if((Request.ServerVariables["URL"].ToString()).IndexOf("/dealer") < 0)
Line 407: url = "dealer/";
Line 408: }
Line 409: }
Line 410:
Line 411: url += "default.aspx";
Line 412: }
Line 413: Response.Redirect(url);
Line 414: //Response.Write("<meta http-equiv=\"refresh\" content=\"0; URL=" + url + "\">");
Line 415: //return;
Line 416: }
Line 417: string RemoveQuote(string s)
Line 418: {
Line 419: if(s == null)
Line 420: return null;
Line 421: string ss = "";
Line 422: for(int i=0; i<s.Length; i++)
Line 423: {
Line 424: if(s[i] != '\'')
Line 425: ss += s[i];
Line 426: }
Line 427: return ss;
Line 428: }
Line 429: string EncodeQuote(string s) //double single quote for sql statements
Line 430: {
Line 431: if(s == null)
Line 432: return null;
Line 433: string ss = "";
Line 434: for(int i=0; i<s.Length; i++)
Line 435: {
Line 436: if(s[i] == '\'')
Line 437: ss += '\''; //double it for SQL query
Line 438: ss += s[i];
Line 439: }
Line 440: return ss;
Line 441: }
Line 442: string DecodeQuote(string s) //reverse of EncodeQuote
Line 443: {
Line 444: if(s == null)
Line 445: return null;
Line 446: string ss = "";
Line 447: for(int i=0; i<s.Length; i++)
Line 448: {
Line 449: if(s[i] == '\'')
Line 450: if(i<s.Length-1)
Line 451: if(s[i+1] == '\'')
Line 452: continue; //skip one
Line 453: }
Line 454: return ss;
Line 455: }
Line 456: string TSGetPath() //get virtual path exclusive of page name and slashes, ie: /eden/cart.aspx return eden
Line 457: {
Line 458: string s = Request.ServerVariables["URL"];
Line 459: int i = s.Length - 1;
Line 460: for(; i>=0; i--)
Line 461: {
Line 462: if(s[i] == '/')
Line 463: break;
Line 464: }
Line 465: if(i > 1)
Line 466: return s.Substring(1, i - 1);
Line 467: return Request.ServerVariables["SERVER_NAME"];
Line 468: }
Line 469: string TSGetUserNameByID(string id) //get user name from account table according to user id
Line 470: {
Line 471: DataSet dsu = new DataSet();
Line 472: string sc = "SELECT name FROM card WHERE id='" + id + "'";
Line 473: try
Line 474: {
Line 475: // SqlConnection myConnection = new SqlConnection("Initial Catalog=eznz;" + m_sDataSource + m_sSecurityString);
Line 476: SqlDataAdapter myCommand = new SqlDataAdapter(sc, myConnection);
Line 477: int rows = myCommand.Fill(dsu);
Line 478: if(rows > 0)
Line 479: return dsu.Tables[0].Rows[0]["name"].ToString();
Line 480: }
Line 481: catch(Exception e)
Line 482: {
Line 483: ShowExp(sc, e);
Line 484: return "error";
Line 485: }
Line 486: return "user not found";
Line 487: }
Line 488: string TSGetUserCompanyByID(string id) //get user name from account table according to user id
Line 489: {
Line 490: DataSet dsu = new DataSet();
Line 491: string sc = "SELECT company, name, trading_name FROM card WHERE id='" + id + "'";
Line 492: try
Line 493: {
Line 494: // SqlConnection myConnection = new SqlConnection("Initial Catalog=eznz;" + m_sDataSource + m_sSecurityString);
Line 495: SqlDataAdapter myCommand = new SqlDataAdapter(sc, myConnection);
Line 496: int rows = myCommand.Fill(dsu);
Line 497: if(rows > 0)
Line 498: return dsu.Tables[0].Rows[0]["trading_name"].ToString();
Line 499: }
Line 500: catch(Exception e)
Line 501: {
Line 502: ShowExp(sc, e);
Line 503: return "error";
Line 504: }
Line 505: return "user not found";
Line 506: }
Line 507: string TSGetUserEmailByID(string id) //get user email from account table according to user id
Line 508: {
Line 509: DataSet dsu = new DataSet();
Line 510: string sc = "SELECT email FROM card WHERE id='" + id + "'";
Line 511: try
Line 512: {
Line 513: // SqlConnection myConnection = new SqlConnection("Initial Catalog=eznz;" + m_sDataSource + m_sSecurityString);
Line 514: SqlDataAdapter myCommand = new SqlDataAdapter(sc, myConnection);
Line 515: int rows = myCommand.Fill(dsu);
Line 516: if(rows > 0)
Line 517: return dsu.Tables[0].Rows[0]["email"].ToString();
Line 518: }
Line 519: catch(Exception e)
Line 520: {
Line 521: ShowExp(sc, e);
Line 522: return "error";
Line 523: }
Line 524: return "user not found";
Line 525: }
Line 526: bool TSIsDigit(string s) //is this string valid for int.parse
Line 527: {
Line 528: if(s == null || s == "")
Line 529: return false;
Line 530: Boolean bRet = true;
Line 531: for(int i=0; i<s.Length; i++)
Line 532: {
Line 533: if(Char.IsDigit(s[i]) == false)
Line 534: {
Line 535: if(s[i] != '.' && s[i] != '-' && s[i] != '$')
Line 536: {
Line 537: bRet = false;
Line 538: break;
Line 539: }
Line 540: }
Line 541: }
Line 542: return bRet;
Line 543: }
Line 544: bool IsInteger(string s) //is this string valid for int.parse
Line 545: {
Line 546: if(!TSIsDigit(s))
Line 547: return false;
Line 548:
Line 549: bool bRet = true;
Line 550: for(int i=0; i<s.Length; i++)
Line 551: {
Line 552: if(s[i] == '.')
Line 553: {
Line 554: bRet = false;
Line 555: break;
Line 556: }
Line 557: }
Line 558: return bRet;
Line 559: }
Line 560: private static CacheItemRemovedCallback onCacheRemove = null;
Line 561: public void CacheRemovedCallback(String k, Object v, CacheItemRemovedReason r)
Line 562: {
Line 563: // AlertAdmin("Cache Rmoved Notice", "Cache Rmoved from site: " + TSGetPath() + "\r\nk=" + k + ", objectName=" + v.ToString() + ", reason=" + r.ToString());
Line 564: }
Line 565: void TSAddCache(string sKey, object oValue)
Line 566: {
Line 567: onCacheRemove = new CacheItemRemovedCallback(this.CacheRemovedCallback);
Line 568: // Cache.Insert(sKey, oValue, null, DateTime.MaxValue, TimeSpan.Zero);
Line 569: Cache.Insert(sKey, oValue, null, DateTime.Now.AddMinutes(60), TimeSpan.Zero, CacheItemPriority.Default, onCacheRemove);
Line 570: }
Line 571: void TSRemoveCache(string cn) //remove(refresh) cache
Line 572: {
Line 573: //DEBUG("removing cache, m_sCompanyName=" + m_sCompanyName + " cn=", cn);
Line 574: Cache.Remove(cn); //remove catalog cache
Line 575:
Line 576: //remove all catalog contents cache
Line 577: IDictionaryEnumerator ide = Cache.GetEnumerator();
Line 578: if(ide == null)
Line 579: return;
Line 580: for(int i=Cache.Count-1; i>=0; i--)
Line 581: {
Line 582: ide.MoveNext();
Line 583: string s = ide.Key.ToString();
Line 584: if(s.Length > 7)
Line 585: {
Line 586: if(String.Compare(s.Substring(0, 7), "System.", true) != 0 && String.Compare(s.Substring(0, 5), "ISAPI", true) != 0)
Line 587: {
Line 588: if(s.Length > m_sCompanyName.Length)
Line 589: {
Line 590: if(String.Compare(s.Substring(0, m_sCompanyName.Length), m_sCompanyName, true) == 0)
Line 591: {
Line 592: // if(Cache[s] != null)
Line 593: // {
Line 594: Cache.Remove(s);
Line 595: // DEBUG(s, " removed");
Line 596: // }
Line 597: }
Line 598: // else
Line 599: // {
Line 600: // DEBUG("sub=", s.Substring(0, 4));
Line 601: // }
Line 602: }
Line 603: }
Line 604: }
Line 605: }
Line 606: }
Line 607: void TSRemoveCache() //remove(refresh) cache
Line 608: {
Line 609: IDictionaryEnumerator ide = Cache.GetEnumerator();
Line 610: for(int i=Cache.Count-1; i>=0; i--)
Line 611: {
Line 612: ide.MoveNext();
Line 613: string s = ide.Key.ToString();
Line 614: if(s.Length > 7)
Line 615: {
Line 616: if(String.Compare(s.Substring(0, 7), "System.", true) != 0 && String.Compare(s.Substring(0, 5), "ISAPI", true) != 0)
Line 617: {
Line 618: if(s.Length > m_sCompanyName.Length)
Line 619: {
Line 620: if(String.Compare(s.Substring(0, m_sCompanyName.Length), m_sCompanyName, true) == 0)
Line 621: {
Line 622: Cache.Remove(s);
Line 623: }
Line 624: }
Line 625: }
Line 626: }
Line 627: }
Line 628: }
Line 629: string XMLDecoding(string stext)
Line 630: {
Line 631: stext = stext.Replace("</b>", "");
Line 632: stext = stext.Replace("<b>", "");
Line 633: stext = stext.Replace("<font>", "");
Line 634: stext = stext.Replace("</font>", "");
Line 635: stext = stext.Replace("color=", "");
Line 636: stext = stext.Replace(">", "");
Line 637: stext = stext.Replace("<", "");
Line 638: stext = stext.Replace("'", "");
Line 639: return stext;
Line 640: }
Line 641: string GetRandomNAImage()
Line 642: {
Line 643: Random rnd = new Random();
Line 644: int i = rnd.Next(1, 15);
Line 645: string s = "i/na";
Line 646: s += i.ToString();
Line 647: string f = s + ".gif";
Line 648: if(!File.Exists(Server.MapPath(f)))
Line 649: {
Line 650: f = s + ".jpg";
Line 651: if(!File.Exists(Server.MapPath(f)))
Line 652: f = "i/na.jpg";
Line 653: }
Line 654: return f;
Line 655: }
Line 656: string GetEnumValue(string sClass, string id)
Line 657: {
Line 658: if(id == "")
Line 659: {
Line 660: //Response.Write("Empty ID, class=" + sClass);
Line 661: return "";
Line 662: }
Line 663:
Line 664: DataSet dsEnum = new DataSet();
Line 665: string sValue = "";
Line 666: string sc = "SELECT name FROM enum WHERE class='" + sClass + "' AND id=" + id;
Line 667: try
Line 668: {
Line 669: myAdapter = new SqlDataAdapter(sc, myConnection);
Line 670: if(myAdapter.Fill(dsEnum, "enum") == 1)
Line 671: sValue = dsEnum.Tables["enum"].Rows[0]["name"].ToString();
Line 672: }
Line 673: catch(Exception e)
Line 674: {
Line 675: ShowExp(sc, e);
Line 676: }
Line 677: return sValue;
Line 678: }
Line 679: string GetEnumID(string sClass, string sValue)
Line 680: {
Line 681: DataSet dsEnum = new DataSet();
Line 682: string sID = "";
Line 683: string sc = "SELECT id FROM enum WHERE class='" + sClass + "' AND name='" + sValue + "'";
Line 684: try
Line 685: {
Line 686: myAdapter = new SqlDataAdapter(sc, myConnection);
Line 687: if(myAdapter.Fill(dsEnum, "enum") == 1)
Line 688: sID = dsEnum.Tables["enum"].Rows[0]["id"].ToString();
Line 689: }
Line 690: catch(Exception e)
Line 691: {
Line 692: ShowExp(sc, e);
Line 693: }
Line 694: return sID;
Line 695: }
Line 696: string GetEnumOptions(string sClass, string current_id)
Line 697: {
Line 698: return GetEnumOptions(sClass, current_id, false);
Line 699: }
Line 700: string GetEnumOptions(string sClass, string current_id, bool bNoBeforeOptions)
Line 701: {
Line 702: return GetEnumOptions(sClass, current_id, bNoBeforeOptions, true);
Line 703: }
Line 704: string GetEnumOptions(string sClass, string current_id, bool bNoBeforeOptions, bool bShowEnumID)
Line 705: {
Line 706: return GetEnumOptions(sClass, current_id, bNoBeforeOptions, bShowEnumID, "");
Line 707: }
Line 708: //string GetEnumOptions(string sClass, string current_id)
Line 709: string GetEnumOptions(string sClass, string current_id, bool bNoBeforeOptions, bool bShowEnumID, string sCheckedOption)
Line 710: {
Line 711: return GetEnumOptions(sClass, current_id, bNoBeforeOptions, bShowEnumID, sCheckedOption, false);
Line 712: }
Line 713: string GetEnumOptions(string sClass, string current_id, bool bNoBeforeOptions, bool bShowEnumID, string sCheckedOption, bool bRestrictAccess)
Line 714: {
Line 715: return GetEnumOptions(sClass, current_id, bNoBeforeOptions, bShowEnumID, sCheckedOption, bRestrictAccess, "");
Line 716: }
Line 717: string GetEnumOptions(string sClass, string current_id, bool bNoBeforeOptions, bool bShowEnumID, string sCheckedOption, bool bRestrictAccess, string sEscapeID)
Line 718: {
Line 719: string sOut = "";
Line 720: DataSet dsEnum = new DataSet();
Line 721: string sc = "SELECT id, name FROM enum WHERE class='" + sClass + "'";
Line 722: if(sEscapeID != "")
Line 723: sc += " AND id NOT IN ("+ sEscapeID +") ";
Line 724: if(bRestrictAccess)
Line 725: {
Line 726: sc += "AND id = "+ current_id;
Line 727: }
Line 728: if(!bShowEnumID)
Line 729: sc += " AND name <> 'deleted' ";
Line 730: try
Line 731: {
Line 732: myAdapter = new SqlDataAdapter(sc, myConnection);
Line 733: myAdapter.Fill(dsEnum, "enum");
Line 734: }
Line 735: catch(Exception e)
Line 736: {
Line 737: ShowExp(sc, e);
Line 738: return "";
Line 739: }
Line 740: for(int i=0; i<dsEnum.Tables["enum"].Rows.Count; i++)
Line 741: {
Line 742: string id = dsEnum.Tables["enum"].Rows[i]["id"].ToString();
Line 743: string name = dsEnum.Tables["enum"].Rows[i]["name"].ToString();
Line 744: if(sClass == "access_level")
Line 745: {
Line 746: if(name == "administrator" || name == "dev") //no one can give out administrator access_level except eznz staff
Line 747: {
Line 748: if(Session["email"].ToString().IndexOf("@eznz.com") < 0)
Line 749: continue;
Line 750: }
Line 751: }
Line 752: if(bNoBeforeOptions)
Line 753: if(int.Parse(id) < int.Parse(current_id))
Line 754: continue;
Line 755: sOut += "<option value='";
Line 756: if(bShowEnumID)
Line 757: sOut += id;
Line 758: else
Line 759: sOut += name;
Line 760: sOut += "'";
Line 761:
Line 762: if(id == current_id)
Line 763: sOut += " selected";
Line 764: if(sCheckedOption == i.ToString())
Line 765: sOut += " selected";
Line 766: sOut += ">" + Capital(Lang(name)) + "</option>";
Line 767: }
Line 768: return sOut;
Line 769: }
Line 770: string GenRandomString()
Line 771: {
Line 772: string password = "";
Line 773: // string passchar = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890";
Line 774: string passchar = "abcdefghijklmnpqrstuvwxyz123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
Line 775:
Line 776: int runs = 0;
Line 777: int digits = 0;
Line 778: while(digits < 2)
Line 779: {
Line 780: digits = 0;
Line 781: password = "";
Line 782: Byte[] ranbuff = new Byte[50];
Line 783:
Line 784: // gen a password
Line 785: System.Security.Cryptography.RandomNumberGenerator rng = System.Security.Cryptography.RandomNumberGenerator.Create();
Line 786: rng.GetBytes(ranbuff);
Line 787: int iLen = (ranbuff[0] % 4) + 8; // random length 8 to 12 chars
Line 788: iLen = 8; //8 is enough, DW
Line 789:
Line 790: for (int iIndex = 1; iIndex <= iLen; iIndex++)
Line 791: {
Line 792: int bNum = (int) ranbuff[iIndex+1];
Line 793: bNum %= passchar.Length;
Line 794: char c = passchar[bNum];
Line 795: if(Char.IsDigit(c))
Line 796: digits++;
Line 797: password += passchar.Substring(bNum,1);
Line 798: }
Line 799: runs++;
Line 800: if(runs > 1000)
Line 801: break;
Line 802: }
Line 803: return password;
Line 804: }
Line 805: string GetRootPath()
Line 806: {
Line 807: string tspath = TSGetPath().ToLower();
Line 808: string tmCompanyName = m_sCompanyName.ToLower();
Line 809: if(tspath.IndexOf("www.") == 0)
Line 810: tspath = tspath.Replace("www.", "");
Line 811: if(tspath.IndexOf(tmCompanyName) == 0)
Line 812: {
Line 813: if(tspath.IndexOf(".") < 0)
Line 814: {
Line 815: return "/" + m_sCompanyName;
Line 816: }
Line 817: }
Line 818: else
Line 819: {
Line 820: int n = tspath.IndexOf(m_sCompanyName);
Line 821: if(n > 0)
Line 822: {
Line 823: string s = "/" + tspath.Substring(0, n + m_sCompanyName.Length);
Line 824: return s;
Line 825: }
Line 826: }
Line 827: return "";
Line 828: }
Line 829: bool GetCardID(string email, ref string id)
Line 830: {
Line 831: DataSet dsu = new DataSet();
Line 832: string sc = "SELECT id FROM card WHERE email='" + email + "'";
Line 833: try
Line 834: {
Line 835: // SqlConnection myConnection = new SqlConnection("Initial Catalog=eznz;" + m_sDataSource + m_sSecurityString);
Line 836: SqlDataAdapter myCommand = new SqlDataAdapter(sc, myConnection);
Line 837: int rows = myCommand.Fill(dsu);
Line 838: if(rows == 1)
Line 839: id = dsu.Tables[0].Rows[0]["id"].ToString();
Line 840: }
Line 841: catch(Exception e)
Line 842: {
Line 843: ShowExp(sc, e);
Line 844: return false;
Line 845: }
Line 846: return true;
Line 847: }
Line 848: long MyLongParse(string s)
Line 849: {
Line 850: Trim(ref s);
Line 851: if(s == null || s == "")
Line 852: return 0;
Line 853:
Line 854: long n = 0;
Line 855: try
Line 856: {
Line 857: n = long.Parse(s);
Line 858: }
Line 859: catch(Exception e)
Line 860: {
Line 861: ShowParseException(s);
Line 862: }
Line 863: return n;
Line 864: }
Line 865: int MyIntParse(string s)
Line 866: {
Line 867: return MyIntParse(s, true);
Line 868: }
Line 869: int MyIntParse(string s, bool bShowExp)
Line 870: {
Line 871: Trim(ref s);
Line 872: if(s == null || s == "")
Line 873: return 0;
Line 874:
Line 875: return (int)MyDoubleParse(s, bShowExp);
Line 876: }
Line 877: double MyDoubleParse(string s)
Line 878: {
Line 879: return MyDoubleParse(s, true);
Line 880: }
Line 881: double MyDoubleParse(string s, bool bShowExp)
Line 882: {
Line 883: Trim(ref s);
Line 884:
Line 885: if(s == null || s == "")
Line 886: return 0;
Line 887: if(s.IndexOf("(")==0 && s.IndexOf(")") == s.Length-1)
Line 888: {
Line 889: s = s.Replace("(", "");
Line 890: s = s.Replace(")", "");
Line 891: s = "-" + s;
Line 892: }
Line 893:
Line 894: double d = 0;
Line 895:
Line 896: try
Line 897: {
Line 898: d = double.Parse(s);
Line 899: }
Line 900: catch(Exception e)
Line 901: {
Line 902: if(bShowExp)
Line 903: ShowParseException(s);
Line 904: }
Line 905: return d;
Line 906: }
Line 907: bool MyBooleanParse(string s)
Line 908: {
Line 909: Trim(ref s);
Line 910: if(s == null || s == "" || s == "0")
Line 911: return false;
Line 912: else if(s == "1")
Line 913: return true;
Line 914: else if(s == "on")
Line 915: return true;
Line 916: else if(s == "true")
Line 917: return true;
Line 918: else if(s == "True")
Line 919: return true;
Line 920: else if(s == "On")
Line 921: return true;
Line 922: else if(s == "ON")
Line 923: return true;
Line 924: else if(s == "TRUE")
Line 925: return true;
Line 926: else if(s == "off")
Line 927: return false;
Line 928:
Line 929: bool b = false;
Line 930: try
Line 931: {
Line 932: b = Boolean.Parse(s);
Line 933: }
Line 934: catch(Exception e)
Line 935: {
Line 936: ShowParseException(s);
Line 937: }
Line 938: return b;
Line 939: }
Line 940: double MyMoneyParse(string s)
Line 941: {
Line 942: Trim(ref s);
Line 943: if(s == null || s == "")
Line 944: return 0;
Line 945:
Line 946: double d = 0;
Line 947: try
Line 948: {
Line 949: d = double.Parse(s, NumberStyles.Currency, null);
Line 950: }
Line 951: catch(Exception e)
Line 952: {
Line 953: ShowParseException(s);
Line 954: }
Line 955: return d;
Line 956: }
Line 957: void ShowParseException(string s)
Line 958: {
Line 959: string s1 = "<br><br><center><h3>Error, input string \"<font color=red>" + s + "</font>\" was not in a correct format</h3></center>";
Line 960: s1 += Environment.StackTrace;
Line 961: Response.Write(s1);
Line 962: s1 += Environment.StackTrace;
Line 963: // AlertAdmin(s1);
Line 964: Response.End();
Line 965: }
Line 966: void MsgDie(string msg) //out put error msg and terminate script
Line 967: {
Line 968: Response.Write("<br><br><center><h3>" + msg);
Line 969: // Response.End();
Line 970: }
Line 971: string Capital(string s)
Line 972: {
Line 973: if(s == "")
Line 974: return s;
Line 975:
Line 976: string sc = "";
Line 977: bool bCap = true; //cap the first one
Line 978: for(int i=0; i<s.Length; i++)
Line 979: {
Line 980: if(bCap)
Line 981: {
Line 982: sc += s[i].ToString().ToUpper();
Line 983: bCap = false;
Line 984: }
Line 985: else
Line 986: sc += s[i];
Line 987:
Line 988: if(s[i] == ' ')
Line 989: bCap = true;
Line 990: }
Line 991: return sc;
Line 992: // return s[0].ToString().ToUpper() + s.Substring(1, s.Length-1);
Line 993: }
Line 994: DataRow GetCardData(string id)
Line 995: {
Line 996: return GetCardData(id, false, "");
Line 997: }
Line 998: DataRow GetCardData(string id, bool bsearchByBarcode, string sales_barcode)
Line 999: {
Line 1000: Trim(ref id);
Line 1001: if(!bsearchByBarcode)
Line 1002: {
Line 1003: if(id == null || id == "")
Line 1004: return null;
Line 1005: }
Line 1006: else
Line 1007: {
Line 1008: if(sales_barcode == null || sales_barcode == "")
Line 1009: return null;
Line 1010: }
Line 1011: DataSet dsa = new DataSet();
Line 1012: int rows = 0;
Line 1013: string sc = "SELECT c.*, b.stock_type FROM card c JOIN branch b ON b.id = c.our_branch ";
Line 1014: if(!bsearchByBarcode)
Line 1015: sc += " WHERE c.id=" + id;
Line 1016: else
Line 1017: sc += " WHERE c.barcode = '"+ sales_barcode +"' ";
Line 1018: //DEBUG("sc = ", sc);
Line 1019: try
Line 1020: {
Line 1021: myAdapter = new SqlDataAdapter(sc, myConnection);
Line 1022: if(myAdapter.Fill(dsa, "card") == 1)
Line 1023: return dsa.Tables["card"].Rows[0];
Line 1024: }
Line 1025: catch(Exception e)
Line 1026: {
Line 1027: ShowExp(sc, e);
Line 1028: return null;
Line 1029: }
Line 1030: return null;
Line 1031: }
Line 1032: string GetAccessClassName(string id)
Line 1033: {
Line 1034: if(dstcom.Tables["getclassname"] != null)
Line 1035: dstcom.Tables["getclassname"].Clear();
Line 1036:
Line 1037: string sc = " SELECT name FROM menu_access_class WHERE id=" + id;
Line 1038: try
Line 1039: {
Line 1040: SqlDataAdapter myCommand = new SqlDataAdapter(sc, myConnection);
Line 1041: if(myCommand.Fill(dstcom, "getclassname") == 1)
Line 1042: return dstcom.Tables["getclassname"].Rows[0]["name"].ToString();
Line 1043: }
Line 1044: catch(Exception e)
Line 1045: {
Line 1046: ShowExp(sc, e);
Line 1047: }
Line 1048: return id;
Line 1049: }
Line 1050: string GetAccessClassID(string name)
Line 1051: {
Line 1052: if(dstcom.Tables["getclassid"] != null)
Line 1053: dstcom.Tables["getclassid"].Clear();
Line 1054:
Line 1055: string sc = " SELECT id FROM menu_access_class WHERE name='" + name + "'";
Line 1056: try
Line 1057: {
Line 1058: SqlDataAdapter myCommand = new SqlDataAdapter(sc, myConnection);
Line 1059: if(myCommand.Fill(dstcom, "getclassid") == 1)
Line 1060: return dstcom.Tables["getclassid"].Rows[0]["id"].ToString();
Line 1061: }
Line 1062: catch(Exception e)
Line 1063: {
Line 1064: ShowExp(sc, e);
Line 1065: }
Line 1066: return name;
Line 1067: }
Line 1068: bool TryRedirect(string class_id, string uri)
Line 1069: {
Line 1070: return true;
Line 1071: }
Line 1072: bool CheckAccess(string class_id, string uri)
Line 1073: {
Line 1074: if(class_id == GetAccessClassID("Administrator"))
Line 1075: {
Line 1076: g_bReadOnly = false;
Line 1077: return true;
Line 1078: }
Line 1079:
Line 1080: if(dstcom.Tables["checkaccess"] != null)
Line 1081: dstcom.Tables["checkaccess"].Clear();
Line 1082: int nRows = 0;
Line 1083: string sc = " SELECT readonly ";
Line 1084: sc += " FROM menu_admin_card c ";
Line 1085: sc += " JOIN menu_admin_id i ON i.id = c.menu_id ";
Line 1086: sc += " JOIN menu_admin_sub s ON s.menu = i.id ";
Line 1087: sc += " JOIN menu_admin_catalog cat ON cat.id = s.cat ";
Line 1088: sc += " JOIN menu_area a ON a.id = cat.menu_area_id ";
Line 1089: sc += " WHERE 1 = 1 ";
Line 1090: sc += " AND (a.path + '/' + i.uri LIKE '%" + uri + "%' OR a.path + '/' + i.sisters LIKE '%" + uri + "%') ";
Line 1091: sc += " AND (c.card_id = " + Session["card_id"].ToString() + " OR c.class_id = " + Session[m_sCompanyName + "AccessLevel"].ToString() + ")";
Line 1092: sc += " ORDER BY c.card_id DESC "; //card auth prior group(accesslevel)
Line 1093: //DEBUG("sc=", sc);
Line 1094: try
Line 1095: {
Line 1096: SqlDataAdapter myCommand = new SqlDataAdapter(sc, myConnection);
Line 1097: nRows = myCommand.Fill(dstcom, "checkaccess");
Line 1098: if(nRows <= 0) //no authority
Line 1099: {
Line 1100: TryRedirect(class_id, uri);
Line 1101: return false;
Line 1102: }
Line 1103: }
Line 1104: catch(Exception e)
Line 1105: {
Line 1106: ShowExp(sc, e);
Line 1107: }
Line 1108: DataRow dr = dstcom.Tables["checkaccess"].Rows[0]; //we only care the first row, if auth specified on this card then it must appeared before group
Line 1109: g_bReadOnly = MyBooleanParse(dr["readonly"].ToString());
Line 1110: return true;
Line 1111: }
Line 1112: bool CheckAccess(string class_id)
Line 1113: {
Line 1114: if(class_id == GetAccessClassID("Administrator"))
Line 1115: return true;
Line 1116:
Line 1117: string s = Request.ServerVariables["URL"];
Line 1118: int pos = s.LastIndexOf("/");
Line 1119: if(pos > 0)
Line 1120: {
Line 1121: // pos = s.LastIndexOf("/", pos - 1);
Line 1122: if(pos > 0)
Line 1123: {
Line 1124: s = s.Substring(pos + 1, s.Length - pos - 1);
Line 1125: }
Line 1126: }
Line 1127: string uri = s;
Line 1128: //DEBUG("uri=", uri);
Line 1129: /* string uri = Request.ServerVariables["URL"];
Line 1130: uri = uri.Substring(0, uri.IndexOf(".aspx") + 5); //strip off parameters
Line 1131: int i = uri.Length-1;
Line 1132: for(; i>=0; i--)
Line 1133: {
Line 1134: if(uri[i] == '/')
Line 1135: break;
Line 1136: }
Line 1137: uri = uri.Substring(i+1, uri.Length - i - 1);
Line 1138: */
Line 1139: return CheckAccess(class_id, uri);
Line 1140: }
Line 1141: bool SecurityCheck(string sLevel)
Line 1142: {
Line 1143: if(sLevel == "normal")
Line 1144: {
Line 1145: if(!TS_UserLoggedIn())
Line 1146: {
Line 1147: RememberLastPage();
Line 1148: Response.Redirect("login.aspx");
Line 1149: return false;
Line 1150: }
Line 1151: else
Line 1152: {
Line 1153: return true;
Line 1154: }
Line 1155: }
Line 1156: return SecurityCheck(sLevel, true);
Line 1157: }
Line 1158: bool SecurityCheck(string sLevel, bool bSayNo)
Line 1159: {
Line 1160: if(!TS_UserLoggedIn())
Line 1161: {
Line 1162: if(!bSayNo)
Line 1163: return false;
Line 1164: RememberLastPage();
Line 1165: Response.Redirect("login.aspx");
Line 1166: return false;
Line 1167: }
Line 1168: //DEBUG("SS=",Session[m_sCompanyName + "AccessLevel"].ToString());
Line 1169: if(CheckAccess(Session[m_sCompanyName + "AccessLevel"].ToString()))
Line 1170: {
Line 1171: return true;
Line 1172: }
Line 1173: else if(bSayNo)
Line 1174: {
Line 1175: Response.Write("<h3>"+Lang("ACCESS DENIED")+"</h3>");
Line 1176: Response.End();
Line 1177: }
Line 1178: return false;
Line 1179: }
Line 1180: string GetAccessClassOptions(string current_class)
Line 1181: {
Line 1182: if(dstcom.Tables["getaccessclass"] != null)
Line 1183: dstcom.Tables["getaccessclass"].Clear();
Line 1184: string s = "";
Line 1185: string sc = " SELECT * FROM menu_access_class ";
Line 1186: // sc += " WHERE name NOT LIKE '%no access%' AND name NOT LIKE '%administrator%' ";
Line 1187: sc += " ORDER BY id";
Line 1188: try
Line 1189: {
Line 1190: SqlDataAdapter myCommand = new SqlDataAdapter(sc, myConnection);
Line 1191: myCommand.Fill(dstcom, "getaccessclass");
Line 1192: }
Line 1193: catch(Exception e)
Line 1194: {
Line 1195: ShowExp(sc, e);
Line 1196: }
Line 1197:
Line 1198: for(int i=0; i<dstcom.Tables["getaccessclass"].Rows.Count; i++)
Line 1199: {
Line 1200: string id = dstcom.Tables["getaccessclass"].Rows[i]["id"].ToString();
Line 1201: string name = dstcom.Tables["getaccessclass"].Rows[i]["name"].ToString();
Line 1202: // if(name == "administrator" || name == "dev") //no one can give out administrator access_level except eznz staff
Line 1203: // {
Line 1204: // if(Session["email"].ToString().IndexOf("@eznz.com") < 0)
Line 1205: // continue;
Line 1206: // }
Line 1207: s += "<option value=" + id;
Line 1208: if(id == current_class)
Line 1209: s += " selected";
Line 1210: s += ">" + Lang(name) + "</option>";
Line 1211: }
Line 1212: return s;
Line 1213: }
Line 1214: string GetCatAccessGroupString(string card_id)
Line 1215: {
Line 1216: if(dstcom.Tables["cagroup"] != null)
Line 1217: dstcom.Tables["cagroup"].Clear();
Line 1218:
Line 1219: string sc = " SELECT limit FROM view_limit v JOIN card c ON v.id=c.cat_access_group WHERE c.id=" + card_id;
Line 1220: try
Line 1221: {
Line 1222: myAdapter = new SqlDataAdapter(sc, myConnection);
Line 1223: if(myAdapter.Fill(dstcom, "cagroup") <= 0)
Line 1224: return "";//no limit
Line 1225: }
Line 1226: catch(Exception e)
Line 1227: {
Line 1228: ShowExp(sc, e);
Line 1229: return "";
Line 1230: }
Line 1231: return dstcom.Tables["cagroup"].Rows[0]["limit"].ToString();
Line 1232: }
Line 1233: string EncodeDoubleQuote(string s)
Line 1234: {
Line 1235: if(s == null)
Line 1236: return null;
Line 1237: string ss = "";
Line 1238: for(int i=0; i<s.Length; i++)
Line 1239: {
Line 1240: if(s[i] == '\"')
Line 1241: ss += '\"'; //double it
Line 1242: if(s[i] == 8220 || s[i] == 8221) //chinese double quote
Line 1243: {
Line 1244: //DEBUG("s=", (int)s[i]);
Line 1245: ss += "\"\""; //add double quote
Line 1246: continue; //skip this
Line 1247: }
Line 1248:
Line 1249: ss += s[i];
Line 1250: }
Line 1251: return ss;
Line 1252: }
Line 1253: bool CheckSQLAttack(string str)
Line 1254: {
Line 1255: if(str == null || str == "")
Line 1256: return true;
Line 1257:
Line 1258: string s = str.ToLower();
Line 1259: Trim(ref s);
Line 1260: bool bUpdate = (s.IndexOf("update") >= 0);
Line 1261: bool bDelete = (s.IndexOf("delete") >= 0);
Line 1262: bool bDrop = (s.IndexOf("drop") >= 0);
Line 1263: bool bCreate = false;//(s.IndexOf("create") >= 0);
Line 1264: bool bSelect = false;//(s.IndexOf("select") >= 0);
Line 1265: bool bQuote = (s.IndexOf("'") >= 0);
Line 1266: // bool bSpace = (s.IndexOf(" ") >= 0);
Line 1267:
Line 1268: if(bUpdate || bDelete || bDrop || bCreate || bSelect || bQuote)
Line 1269: {
Line 1270: string manager_email = GetSiteSettings("manager_email", "alert@eznz.com");
Line 1271: string ip = Request.ServerVariables["REMOTE_ADDR"]; //cache ip
Line 1272: string rip = ""; //real ip
Line 1273: if(Request.ServerVariables["HTTP_X_FORWARDED_FOR"] != null)
Line 1274: rip = Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
Line 1275: else
Line 1276: rip = ip;
Line 1277:
Line 1278: string sbody = "SQL Injection Attack detected and blocked. <br>";
Line 1279: sbody += "ip : " + rip + "<br>";
Line 1280: sbody += "user : " + Session["name"] + "<br>";
Line 1281: sbody += "email : " + Session["email"] + "<br>";
Line 1282: sbody += "Account# : " + Session["login_card_id"] + "<br>";
Line 1283: sbody += "URI : " + Request.ServerVariables["URL"] + "<br>";
Line 1284: sbody += "Parameter : " + str + "<br><br>";
Line 1285:
Line 1286: /* sbody += "This attack is potential, the attacker was trying take control of you database useing<br>";
Line 1287: sbody += "a technic called 'SQL Injection Attack', which could issentially destory your database if succeeded.<br>";
Line 1288: sbody += "<br>We strongly suggest that you investigate this accoun/person if account# or user name is showing.<br>";
Line 1289: sbody += " Detailed log is available in database if evidence is needed to take legal action.<br>";
Line 1290:
Line 1291: sbody += "<br>EZNZ Team";
Line 1292: */
Line 1293: MailMessage msgMail = new MailMessage();
Line 1294:
Line 1295: // msgMail.To = manager_email;
Line 1296: msgMail.To = "alert@eznz.com";
Line 1297: msgMail.From = manager_email;
Line 1298: msgMail.Subject = "Warning, SQL Injection Attack !";
Line 1299: msgMail.BodyFormat = MailFormat.Html;
Line 1300: msgMail.Body = sbody;
Line 1301:
Line 1302: // SmtpMail.Send(msgMail);
Line 1303: return false;
Line 1304: }
Line 1305: return true;
Line 1306: }
Line 1307: string StripHTMLtags(string s)
Line 1308: {
Line 1309: string ss = "";
Line 1310: bool remove = false;
Line 1311: for(int i=0; i<s.Length; i++)
Line 1312: {
Line 1313: if(i >0)
Line 1314: if(s[i-1] == '>')
Line 1315: remove = false;
Line 1316: if(s[i] == '<')
Line 1317: remove = true;
Line 1318:
Line 1319: if(remove == false)
Line 1320: ss += s[i];
Line 1321: }
Line 1322: return ss;
Line 1323: }
Line 1324: bool CreateBarcode(string sValue, string spath)
Line 1325: {
Line 1326: //----------user private font to generate code39 barcode-------------------
Line 1327: string sFontPath = Server.MapPath("./bar/BARCODE39.TTF");
Line 1328: // Create a private font collection
Line 1329: PrivateFontCollection pfc = new PrivateFontCollection();
Line 1330:
Line 1331: // Load in the temporary barcode font
Line 1332: pfc.AddFontFile(""+ sFontPath +"");
Line 1333:
Line 1334: // Select the font family to use
Line 1335: FontFamily usefont = new FontFamily("code 39",pfc);
Line 1336:
Line 1337: //-------------end of using private font---------------------
Line 1338:
Line 1339: int n_ImgWidth = int.Parse(GetSiteSettings("barcode_width", "350"));
Line 1340: int n_ImgHeight = int.Parse(GetSiteSettings("barcode_height", "160"));
Line 1341:
Line 1342: Bitmap b = new Bitmap(n_ImgWidth,n_ImgHeight,PixelFormat.Format32bppRgb);
Line 1343: Graphics g = Graphics.FromImage(b);
Line 1344: SolidBrush sb = new SolidBrush(Color.Black);
Line 1345: SolidBrush sb2 = new SolidBrush(Color.Orange);
Line 1346: //Font f = new Font(bfCode39,30);
Line 1347: //Font myCode39 = new Font(""+ sFontPath +"", 30);
Line 1348: Font myCode39 = new Font(usefont, 30);
Line 1349: Font f2 = new Font("Verdana",10);
Line 1350: Font f3 = new Font("Verdana", 12,FontStyle.Bold);
Line 1351: Font f4 = new Font("Verdana", 12);
Line 1352: g.FillRectangle(new SolidBrush(Color.White),0,0,n_ImgWidth,n_ImgHeight);
Line 1353: g.DrawString("*"+ sValue +"*",myCode39,sb,(n_ImgWidth/2)-(n_ImgWidth/3),(n_ImgHeight/2)-30);
Line 1354: b.Save(Server.MapPath(spath) +"\\"+ sValue +".gif",System.Drawing.Imaging.ImageFormat.Gif);
Line 1355: g.Dispose();
Line 1356: return true;
Line 1357: }
Line 1358: bool PrintBarcode(string sValue, string spath)
Line 1359: {
Line 1360: string swidth = GetSiteSettings("barcode_width_percent", "25%");
Line 1361: string sheight = GetSiteSettings("barcode_height_percent", "18%");
Line 1362: string dest_path = Server.MapPath(spath);
Line 1363: DirectoryInfo di = new DirectoryInfo(dest_path);
Line 1364: foreach (FileInfo f in di.GetFiles("*.gif"))
Line 1365: {
Line 1366: string sfile = f.Name.ToString();
Line 1367: sfile = sfile.Replace(".gif", "");
Line 1368: int nSpace = int.Parse(GetSiteSettings("barcode_bt_space", "6"));
Line 1369:
Line 1370: if(sValue == sfile)
Line 1371: {
Line 1372: string dest_file = "./bar/" + f.Name;
Line 1373: for(int j=0; j<nSpace; j++)
Line 1374: Response.Write(" ");
Line 1375: Response.Write("<img width="+ swidth +" height="+ sheight +" src='"+ dest_file +"'>");
Line 1376: }
Line 1377: }
Line 1378: return true;
Line 1379: }
Line 1380: bool TS_UserLoggedIn()
Line 1381: {
Line 1382: if(Session[m_sCompanyName + "loggedin"] != null)
Line 1383: return true;
Line 1384: if(Session["login_card_id"] != null)
Line 1385: return true;
Line 1386: return false;
Line 1387: }
Line 1388: void TS_LogUserIn()
Line 1389: {
Line 1390: Session[m_sCompanyName + "loggedin"] = true;
Line 1391: }
Line 1392: void print_t(DataTable dt)
Line 1393: {
Line 1394: int rows = dt.Rows.Count;
Line 1395: int cols = dt.Columns.Count;
Line 1396: Response.Write("<table border=1>");
Line 1397: Response.Write("<tr>");
Line 1398: for(int i=0; i<cols; i++)
Line 1399: {
Line 1400: Response.Write("<th>" + dt.Columns[i].ColumnName + "</th>");
Line 1401: }
Line 1402: Response.Write("</tr>");
Line 1403: for(int m=0; m<rows; m++)
Line 1404: {
Line 1405: DataRow dr = dt.Rows[m];
Line 1406: Response.Write("<tr>");
Line 1407: for(int i=0; i<cols; i++)
Line 1408: {
Line 1409: Response.Write("<td>" + dr[i].ToString() + "</th>");
Line 1410: }
Line 1411: Response.Write("</tr>");
Line 1412: }
Line 1413: Response.Write("</table>");
Line 1414: }
Line 1415: string Lang(string key)
Line 1416: {
Line 1417: return key;
Line 1418: if(key == null)
Line 1419: return "";
Line 1420: if(Session["languagealreadydefined"] == null)
Line 1421: DoDefineSessionLanguage();
Line 1422: else if(Session["refreshsessionlanguage"] != null)
Line 1423: {
Line 1424: DoDefineSessionLanguage();
Line 1425: Session["refreshsessionlanguage"] = null;
Line 1426: }
Line 1427:
Line 1428: string lang = GetSiteSettings("language_in_use", "english", true);
Line 1429: if(lang == "english")
Line 1430: return key;
Line 1431:
Line 1432: if(Session["language" + key] != null)
Line 1433: {
Line 1434: return Session["language" + key].ToString();
Line 1435: }
Line 1436: Trim(ref key);
Line 1437:
Line 1438: //chinese control
Line 1439: int nLen = key.Length;
Line 1440: if(nLen <= 2)
Line 1441: return key;
Line 1442: for(int i=0; i<key.Length; i++)
Line 1443: {
Line 1444: if(key[i] > 10000)
Line 1445: return key; //has chinese charater, return as input
Line 1446: }
Line 1447:
Line 1448: if(key != "" && lang != "")
Line 1449: {
Line 1450: string sc = " IF NOT EXISTS(SELECT id FROM dict WHERE english LIKE N'" + EncodeQuote(key.ToLower()) + "') ";
Line 1451: sc += " INSERT INTO dict (english, " + lang + ") VALUES(N'" + EncodeQuote(key) + "', N'') ";
Line 1452: //DEBUG("SC=",sc + key);
Line 1453: try
Line 1454: {
Line 1455: myCommand = new SqlCommand(sc);
Line 1456: myCommand.Connection = myConnection;
Line 1457: myCommand.Connection.Open();
Line 1458: myCommand.ExecuteNonQuery();
Line 1459: myCommand.Connection.Close();
Line 1460: }
Line 1461: catch(Exception e)
Line 1462: {
Line 1463: ShowExp(sc, e);
Line 1464: }
Line 1465: }
Line 1466: return key;
Line 1467: }
Line 1468: bool DoDefineSessionLanguage()
Line 1469: {
Line 1470: string lang = Session[m_sCompanyName + "_personal_language_setting"].ToString(); //GetSiteSettings("language_in_use", "english", true);
Line 1471: lang = lang.Trim();
Line 1472: if(lang == "")
Line 1473: lang = "english";
Line 1474: if(lang == "english")
Line 1475: return true; //no need
Line 1476:
Line 1477: DataSet dst = new DataSet();
Line 1478: string sc = " SELECT english, " + lang + " FROM dict ";
Line 1479: try
Line 1480: {
Line 1481: myAdapter = new SqlDataAdapter(sc, myConnection);
Line 1482: myAdapter.Fill(dst, "lang");
Line 1483: }
Line 1484: catch(Exception e)
Line 1485: {
Line 1486: ShowExp(sc, e);
Line 1487: return false;
Line 1488: }
Line 1489:
Line 1490: for(int i=0; i<dst.Tables["lang"].Rows.Count; i++)
Line 1491: {
Line 1492: if(dst.Tables["lang"].Rows[i][lang].ToString() == "")
Line 1493: Session["language" + dst.Tables["lang"].Rows[i]["english"].ToString()] = dst.Tables["lang"].Rows[i]["english"].ToString();
Line 1494: else
Line 1495: Session["language" + dst.Tables["lang"].Rows[i]["english"].ToString()] = dst.Tables["lang"].Rows[i][lang].ToString();
Line 1496: }
Line 1497: Session["languagealreadydefined"] = true;
Line 1498: return true;
Line 1499: }
Line 1500: string PrintCurrencyOptions(bool bRates, string current_id)
Line 1501: {
Line 1502: if(dstcom.Tables["currency"] != null)
Line 1503: dstcom.Tables["currency"].Clear();
Line 1504:
Line 1505: int rows = 0;
Line 1506: string s = "";
Line 1507: string sc = " SELECT * FROM currency ORDER BY id ";
Line 1508: try
Line 1509: {
Line 1510: myAdapter = new SqlDataAdapter(sc, myConnection);
Line 1511: rows = myAdapter.Fill(dstcom, "currency");
Line 1512: }
Line 1513: catch(Exception e1)
Line 1514: {
Line 1515: ShowExp(sc, e1);
Line 1516: return "";
Line 1517: }
Line 1518:
Line 1519: // s += "<select name=currency>";
Line 1520: for(int i=0; i<rows; i++)
Line 1521: {
Line 1522: DataRow dr = dstcom.Tables["currency"].Rows[i];
Line 1523: string id = dr["id"].ToString();
Line 1524: string rates = dr["rates"].ToString();
Line 1525: string name = dr["currency_name"].ToString();
Line 1526: name = name.ToUpper();
Line 1527: s += "<option value=";
Line 1528: if(bRates)
Line 1529: s += rates;
Line 1530: else
Line 1531: s += id;
Line 1532: if(id == current_id)
Line 1533: s += " selected";
Line 1534: s += ">" + name + "</option>";
Line 1535: }
Line 1536: // s += "</select>";
Line 1537: return s;
Line 1538: }
Line 1539: string GetCurrencyID(string currencyName)
Line 1540: {
Line 1541: if(currencyName == null || currencyName == "")
Line 1542: currencyName = GetSiteSettings("default_currency_name", "NZD");
Line 1543: if(currencyName == null || currencyName == "")
Line 1544: currencyName = "NZD";
Line 1545: DataSet dsCurrency = new DataSet();
Line 1546: string sID = "1";
Line 1547: string sc = "SELECT id FROM currency WHERE UPPER(currency_name)='" + currencyName.ToUpper() + "'";
Line 1548: try
Line 1549: {
Line 1550: myAdapter = new SqlDataAdapter(sc, myConnection);
Line 1551: if(myAdapter.Fill(dsCurrency, "currency") == 1)
Line 1552: sID = dsCurrency.Tables["currency"].Rows[0]["id"].ToString();
Line 1553: }
Line 1554: catch(Exception e)
Line 1555: {
Line 1556: ShowExp(sc, e);
Line 1557: }
Line 1558: return sID;
Line 1559: }
Line 1560: string GetCurrencyName(string id)
Line 1561: {
Line 1562: DataSet dsCurrency = new DataSet();
Line 1563: string sID = "1";
Line 1564: string currencyName = GetSiteSettings("default_currency_name", "NZD");
Line 1565: string sc = "SELECT currency_name FROM currency WHERE id = "+ id +"";
Line 1566: try
Line 1567: {
Line 1568: myAdapter = new SqlDataAdapter(sc, myConnection);
Line 1569: if(myAdapter.Fill(dsCurrency, "currency") == 1)
Line 1570: currencyName = dsCurrency.Tables["currency"].Rows[0]["currency_name"].ToString();
Line 1571: }
Line 1572: catch(Exception e)
Line 1573: {
Line 1574: ShowExp(sc, e);
Line 1575: }
Line 1576: return currencyName;
Line 1577: }
Line 1578: string GetCurrencyRate(string id)
Line 1579: {
Line 1580: DataSet dsCurrency = new DataSet();
Line 1581: string sID = "1";
Line 1582: string rates = "1";
Line 1583: string sc = "SELECT rates FROM currency WHERE id = "+ id +"";
Line 1584: try
Line 1585: {
Line 1586: myAdapter = new SqlDataAdapter(sc, myConnection);
Line 1587: if(myAdapter.Fill(dsCurrency, "currency") == 1)
Line 1588: rates = dsCurrency.Tables["currency"].Rows[0]["rates"].ToString();
Line 1589: }
Line 1590: catch(Exception e)
Line 1591: {
Line 1592: ShowExp(sc, e);
Line 1593: }
Line 1594: return rates;
Line 1595: }
Line 1596: double MyCurrencyPrice(string sprice)
Line 1597: {
Line 1598: //double dPrice = MyDoubleParse(sprice);
Line 1599: if(sprice.IndexOf("(")==0 && sprice.IndexOf(")") == sprice.Length-1)
Line 1600: {
Line 1601: sprice = sprice.Replace("(", "");
Line 1602: sprice = sprice.Replace(")", "");
Line 1603: sprice = "-" + sprice;
Line 1604: }
Line 1605: // string sPriceConvert = dPrice.ToString("c");
Line 1606: string sPriceConvert = sprice;
Line 1607: string swap = "";
Line 1608: bool bFoundDecimalPoint = false;
Line 1609: bool bNagativeValue = false;
Line 1610: for(int i=0; i<sPriceConvert.Length; i++)
Line 1611: {
Line 1612: //check if is minus figure first //
Line 1613: if(sPriceConvert[i].ToString() == "-")
Line 1614: bNagativeValue = true;
Line 1615: // swap += sPriceConvert[i].ToString();
Line 1616: //check for float figure //
Line 1617: try
Line 1618: {
Line 1619: swap += double.Parse(sPriceConvert[i].ToString()).ToString();
Line 1620: }
Line 1621: catch
Line 1622: {
Line 1623: }
Line 1624: //check for decimal point //
Line 1625: if(sPriceConvert[i].ToString() == ".")
Line 1626: {
Line 1627: if(!bFoundDecimalPoint)
Line 1628: {
Line 1629: swap += sPriceConvert[i].ToString();
Line 1630: bFoundDecimalPoint = true;
Line 1631: }
Line 1632: }
Line 1633: }
Line 1634: if(swap == "" || swap == null)
Line 1635: swap = "0";
Line 1636: if(bNagativeValue)
Line 1637: swap = "-" + swap;
Line 1638: return double.Parse(swap);
Line 1639: }
Line 1640: string PrintLanguageOptions(string default_language)
Line 1641: {
Line 1642: if(dstcom.Tables["language"] != null)
Line 1643: dstcom.Tables["language"].Clear();
Line 1644:
Line 1645: int rows = 0;
Line 1646: string s = "";
Line 1647: string sc = " SELECT TOP 1 * FROM dict ";
Line 1648: //DEBUG("sc = ", sc);
Line 1649: try
Line 1650: {
Line 1651: SqlDataAdapter myCommand = new SqlDataAdapter(sc, myConnection);
Line 1652: myCommand.Fill(dstcom, "language");
Line 1653: }
Line 1654: catch(Exception e)
Line 1655: {
Line 1656: ShowExp(sc, e);
Line 1657: return default_language;
Line 1658: }
Line 1659:
Line 1660: //write column names
Line 1661: DataColumnCollection dc = dstcom.Tables["language"].Columns;
Line 1662: int nLangs = dc.Count;
Line 1663:
Line 1664: s = "<select name=\"default_language\">";
Line 1665: for(int i=0; i<nLangs; i++)
Line 1666: {
Line 1667: string cn = dc[i].ColumnName.ToLower();
Line 1668: if(cn == "id" || cn == "fixed")
Line 1669: continue;
Line 1670:
Line 1671: s += "<option value=" + cn;
Line 1672: if(cn == default_language)
Line 1673: s += " selected";
Line 1674: s += " >" + cn + "</option>";
Line 1675: }
Line 1676: s += "</select>";
Line 1677: return s;
Line 1678: }
Line 1679: string g(string key)
Line 1680: {
Line 1681: string sRet = "";
Line 1682: if(key == null || key == "")
Line 1683: return sRet;
Line 1684: if(Request.QueryString[key] != null)
Line 1685: sRet = Request.QueryString[key];
Line 1686: if(!CheckSQLAttack(sRet))
Line 1687: sRet = "";
Line 1688: return sRet;
Line 1689: }
Line 1690: string p(string key)
Line 1691: {
Line 1692: string sRet = "";
Line 1693: if(key == null || key == "")
Line 1694: return sRet;
Line 1695: if(Request.Form[key] != null)
Line 1696: sRet = Request.Form[key];
Line 1697: if(!CheckSQLAttack(sRet))
Line 1698: sRet = "";
Line 1699: return sRet;
Line 1700: }
Line 1701: bool DataSetExportToExcel(DataSet dsSource, string fileName)
Line 1702: {
Line 1703: return DataSetExportToExcel(dsSource.Tables["report"], fileName);
Line 1704: }
Line 1705: bool DataSetExportToExcel(DataTable dtSource, string fileName)
Line 1706: {
Line 1707: System.IO.StreamWriter excelDoc;
Line 1708:
Line 1709: excelDoc = new System.IO.StreamWriter(fileName);
Line 1710: const string startExcelXML = "<xml version>\r\n<Workbook " +
Line 1711: "xmlns=\"urn:schemas-microsoft-com:office:spreadsheet\"\r\n" +
Line 1712: " xmlns:o=\"urn:schemas-microsoft-com:office:office\"\r\n " +
Line 1713: "xmlns:x=\"urn:schemas- microsoft-com:office:" +
Line 1714: "excel\"\r\n xmlns:ss=\"urn:schemas-microsoft-com:" +
Line 1715: "office:spreadsheet\">\r\n <Styles>\r\n " +
Line 1716: "<Style ss:ID=\"Default\" ss:Name=\"Normal\">\r\n " +
Line 1717: "<Alignment ss:Vertical=\"Bottom\"/>\r\n <Borders/>" +
Line 1718: "\r\n <Font/>\r\n <Interior/>\r\n <NumberFormat/>" +
Line 1719: "\r\n <Protection/>\r\n </Style>\r\n " +
Line 1720: "<Style ss:ID=\"BoldColumn\">\r\n <Font " +
Line 1721: "x:Family=\"Swiss\" ss:Bold=\"1\"/>\r\n </Style>\r\n " +
Line 1722: "<Style ss:ID=\"StringLiteral\">\r\n <NumberFormat" +
Line 1723: " ss:Format=\"@\"/>\r\n </Style>\r\n <Style " +
Line 1724: "ss:ID=\"Decimal\">\r\n <NumberFormat " +
Line 1725: "ss:Format=\"0.0000\"/>\r\n </Style>\r\n " +
Line 1726: "<Style ss:ID=\"Integer\">\r\n <NumberFormat " +
Line 1727: "ss:Format=\"0\"/>\r\n </Style>\r\n <Style " +
Line 1728: "ss:ID=\"DateLiteral\">\r\n <NumberFormat " +
Line 1729: "ss:Format=\"yyyy-mm-dd;@\"/>\r\n </Style>\r\n " +
Line 1730: "</Styles>\r\n ";
Line 1731: const string endExcelXML = "</Workbook>";
Line 1732:
Line 1733: int rowCount = 0;
Line 1734: int sheetCount = 1;
Line 1735: excelDoc.Write(startExcelXML);
Line 1736: excelDoc.Write("<Worksheet ss:Name=\"Sheet" + sheetCount + "\">");
Line 1737: excelDoc.Write("<Table>");
Line 1738: excelDoc.Write("<Row>");
Line 1739: for(int x = 0; x < dtSource.Columns.Count; x++)
Line 1740: {
Line 1741: excelDoc.Write("<Cell ss:StyleID=\"BoldColumn\"><Data ss:Type=\"String\">");
Line 1742: excelDoc.Write(dtSource.Columns[x].ColumnName);
Line 1743: excelDoc.Write("</Data></Cell>");
Line 1744: }
Line 1745: excelDoc.Write("</Row>");
Line 1746: foreach(DataRow x in dtSource.Rows)
Line 1747: {
Line 1748: rowCount++;
Line 1749: //if the number of rows is > 64000 create a new page to continue output
Line 1750: if(rowCount==64000)
Line 1751: {
Line 1752: rowCount = 0;
Line 1753: sheetCount++;
Line 1754: excelDoc.Write("</Table>");
Line 1755: excelDoc.Write(" </Worksheet>");
Line 1756: excelDoc.Write("<Worksheet ss:Name=\"Sheet" + sheetCount + "\">");
Line 1757: excelDoc.Write("<Table>");
Line 1758: }
Line 1759: excelDoc.Write("<Row>"); //ID=" + rowCount + "
Line 1760:
Line 1761: for(int y = 0; y < dtSource.Columns.Count; y++)
Line 1762: {
Line 1763: System.Type rowType;
Line 1764: rowType = x[y].GetType();
Line 1765: switch(rowType.ToString())
Line 1766: {
Line 1767: case "System.String":
Line 1768: string XMLstring = x[y].ToString();
Line 1769: XMLstring = XMLstring.Trim();
Line 1770: XMLstring = XMLstring.Replace("&","&");
Line 1771: XMLstring = XMLstring.Replace(">",">");
Line 1772: XMLstring = XMLstring.Replace("<","<");
Line 1773: excelDoc.Write("<Cell ss:StyleID=\"StringLiteral\">" +
Line 1774: "<Data ss:Type=\"String\">");
Line 1775: excelDoc.Write(XMLstring);
Line 1776: excelDoc.Write("</Data></Cell>");
Line 1777: break;
Line 1778: case "System.DateTime":
Line 1779: //Excel has a specific Date Format of YYYY-MM-DD followed by
Line 1780: //the letter 'T' then hh:mm:sss.lll Example 2005-01-31T24:01:21.000
Line 1781: //The Following Code puts the date stored in XMLDate
Line 1782: //to the format above
Line 1783: DateTime XMLDate = (DateTime)x[y];
Line 1784: string XMLDatetoString = ""; //Excel Converted Date
Line 1785: XMLDatetoString = XMLDate.Year.ToString() +
Line 1786: "-" +
Line 1787: (XMLDate.Month < 10 ? "0" +
Line 1788: XMLDate.Month.ToString() : XMLDate.Month.ToString()) +
Line 1789: "-" +
Line 1790: (XMLDate.Day < 10 ? "0" +
Line 1791: XMLDate.Day.ToString() : XMLDate.Day.ToString()) +
Line 1792: "T" +
Line 1793: (XMLDate.Hour < 10 ? "0" +
Line 1794: XMLDate.Hour.ToString() : XMLDate.Hour.ToString()) +
Line 1795: ":" +
Line 1796: (XMLDate.Minute < 10 ? "0" +
Line 1797: XMLDate.Minute.ToString() : XMLDate.Minute.ToString()) +
Line 1798: ":" +
Line 1799: (XMLDate.Second < 10 ? "0" +
Line 1800: XMLDate.Second.ToString() : XMLDate.Second.ToString()) +
Line 1801: ".000";
Line 1802: excelDoc.Write("<Cell ss:StyleID=\"DateLiteral\">" +
Line 1803: "<Data ss:Type=\"DateTime\">");
Line 1804: excelDoc.Write(XMLDatetoString);
Line 1805: excelDoc.Write("</Data></Cell>");
Line 1806: break;
Line 1807: case "System.Boolean":
Line 1808: excelDoc.Write("<Cell ss:StyleID=\"StringLiteral\">" +
Line 1809: "<Data ss:Type=\"String\">");
Line 1810: excelDoc.Write(x[y].ToString());
Line 1811: excelDoc.Write("</Data></Cell>");
Line 1812: break;
Line 1813: case "System.Int16":
Line 1814: case "System.Int32":
Line 1815: case "System.Int64":
Line 1816: case "System.Byte":
Line 1817: excelDoc.Write("<Cell ss:StyleID=\"Integer\">" +
Line 1818: "<Data ss:Type=\"Number\">");
Line 1819: excelDoc.Write(x[y].ToString());
Line 1820: excelDoc.Write("</Data></Cell>");
Line 1821: break;
Line 1822: case "System.Decimal":
Line 1823: case "System.Double":
Line 1824: excelDoc.Write("<Cell ss:StyleID=\"Decimal\">" +
Line 1825: "<Data ss:Type=\"Number\">");
Line 1826: excelDoc.Write(x[y].ToString());
Line 1827: excelDoc.Write("</Data></Cell>");
Line 1828: break;
Line 1829: case "System.DBNull":
Line 1830: excelDoc.Write("<Cell ss:StyleID=\"StringLiteral\">" +
Line 1831: "<Data ss:Type=\"String\">");
Line 1832: excelDoc.Write("");
Line 1833: excelDoc.Write("</Data></Cell>");
Line 1834: break;
Line 1835: default:
Line 1836: throw(new Exception(rowType.ToString() + " not handled."));
Line 1837: }
Line 1838: }
Line 1839: excelDoc.Write("</Row>");
Line 1840: }
Line 1841: excelDoc.Write("</Table>");
Line 1842: excelDoc.Write(" </Worksheet>");
Line 1843: excelDoc.Write(endExcelXML);
Line 1844: excelDoc.Close();
Line 1845: return true;
Line 1846: }
Line 1847: bool GetUseAccessLevel()
Line 1848: {
Line 1849: DataTable dt = new DataTable();
Line 1850: string sc = " SELECT access_level FROM card WHERE id = " + Session["card_id"].ToString();
Line 1851: try
Line 1852: {
Line 1853: SqlDataAdapter myCommand = new SqlDataAdapter(sc, myConnection);
Line 1854: if(myCommand.Fill(dt) == 0)
Line 1855: return false;
Line 1856: }
Line 1857: catch(Exception e)
Line 1858: {
Line 1859: ShowExp(sc, e);
Line 1860: return false;
Line 1861: }
Line 1862: int iAccess = MyIntParse(dt.Rows[0][0].ToString());
Line 1863: return iAccess >= 10 ? true : false;
Line 1864: }
Line 1865: void ErrMsgAdmin(string msg)
Line 1866: {
Line 1867: PrintBasicHeader();
Line 1868: Response.Write("<br><br><br><center><h4>Error, " + msg);
Line 1869: Response.Write("</h4><br>");
Line 1870: Response.Write("<input type=button value='<< Back' class=b onclick=history.go(-1)>");
Line 1871: }
Line 1872: void resizeImage(string imageFileWithPath, string sPath, System.IO.FileStream newFile)
Line 1873: {
Line 1874: int maxWidth = 90;
Line 1875: int maxHeight = 80;
Line 1876: resizeImage(imageFileWithPath, sPath, newFile, maxWidth, maxWidth);
Line 1877: }
Line 1878: void resizeImage(string imageFileWithPath, string sPath, System.IO.FileStream newFile, int iWidth, int iHeight)
Line 1879: {
Line 1880: FileInfo FileProps =new FileInfo(imageFileWithPath);
Line 1881: string filename = FileProps.Name;
Line 1882: string fileextension = FileProps.Extension;
Line 1883: string [] Split = filename.Split(new Char [] {'.'}); //removes all character after and including (.)
Line 1884: filename = Split[0].ToString();
Line 1885: if (fileextension.ToLower() == ".jpg" || fileextension.ToLower() == ".gif" || fileextension.ToLower() == ".bmp")
Line 1886: {
Line 1887: System.Drawing.Image OriginalImage;
Line 1888: OriginalImage = System.Drawing.Image.FromStream(newFile);
Line 1889: //resize image value;
Line 1890: float ratio;
Line 1891: int maxWidth = iWidth;
Line 1892: int maxHeight = iHeight;
Line 1893:
Line 1894: //Get height and width of current image
Line 1895: int width = (int)OriginalImage.Width;
Line 1896: int height = (int)OriginalImage.Height;
Line 1897:
Line 1898: //Ratio and conversion for new size
Line 1899: if (width > maxWidth)
Line 1900: {
Line 1901: ratio = (float)width / (float)maxWidth;
Line 1902: width = (int)(width / ratio);
Line 1903: height = (int)(height / ratio);
Line 1904: }
Line 1905:
Line 1906: //Ratio and conversion for new size
Line 1907: if (height > maxHeight)
Line 1908: {
Line 1909: ratio = (float)height / (float)maxHeight;
Line 1910: height = (int)(height / ratio);
Line 1911: width = (int)(width / ratio);
Line 1912: }
Line 1913:
Line 1914: System.Drawing.Image thumbnailImage;
Line 1915: thumbnailImage = OriginalImage.GetThumbnailImage(width, height, new System.Drawing.Image.GetThumbnailImageAbort(MyResizeCallBack), IntPtr.Zero);
Line 1916: sPath += filename + "_t.jpg";
Line 1917: System.Drawing.Image newImg = new Bitmap(thumbnailImage.Width, thumbnailImage.Height);
Line 1918: Graphics g = Graphics.FromImage(newImg);
Line 1919: g.Clear(Color.White);
Line 1920: g.DrawImage(thumbnailImage, 0, 0, thumbnailImage.Width, thumbnailImage.Height);
Line 1921: newImg.Save(sPath, System.Drawing.Imaging.ImageFormat.Jpeg);
Line 1922: // thumbnailImage.Save(sPath);
Line 1923: thumbnailImage.Dispose();
Line 1924: newFile.Close();
Line 1925: }
Line 1926: }
Line 1927: bool MyResizeCallBack()
Line 1928: {
Line 1929: return true;
Line 1930: }
Line 1931: bool IsAdmin()
Line 1932: {//return false;
Line 1933: if(MyIntParse(Session["employee_access_level"].ToString()) >= 10)
Line 1934: return true;
Line 1935: return false;
Line 1936: }
Line 1937: string GetBranchNameById(string id)
Line 1938: {
Line 1939: if (Session["branch_name" + id] != null)
Line 1940: return Session["branch_name" + id].ToString();
Line 1941: if(id == "")
Line 1942: return "";
Line 1943: DataSet dsBranch = new DataSet();
Line 1944: string sc = "SELECT name FROM branch WHERE id = " + id;
Line 1945: try
Line 1946: {
Line 1947: SqlDataAdapter myCommand = new SqlDataAdapter(sc, myConnection);
Line 1948: if (myCommand.Fill(dsBranch, "branch") > 0)
Line 1949: {
Line 1950: string s = dsBranch.Tables["branch"].Rows[0]["name"].ToString();
Line 1951: Session["branch_name" + id] = s;
Line 1952: return s;
Line 1953: }
Line 1954: }
Line 1955: catch(Exception e)
Line 1956: {
Line 1957: ShowExp(sc, e);
Line 1958: return "";
Line 1959: }
Line 1960: return "";
Line 1961: }
Line 1962: string GetPostionNameByPath(string sPath)
Line 1963: {
Line 1964: if(dstcom.Tables["gpnbp"] != null)
Line 1965: dstcom.Tables["gpnbp"].Clear();
Line 1966: string sc = " SELECT name FROM menu_area WHERE path LIKE '%" + sPath + "%' ";
Line 1967: try
Line 1968: {
Line 1969: SqlDataAdapter myCommand = new SqlDataAdapter(sc, myConnection);
Line 1970: if(myCommand.Fill(dstcom, "gpnbp") > 0)
Line 1971: return dstcom.Tables["gpnbp"].Rows[0]["name"].ToString();
Line 1972: }
Line 1973: catch(Exception e)
Line 1974: {
Line 1975: ShowExp(sc, e);
Line 1976: return "";
Line 1977: }
Line 1978: return "";
Line 1979: }
Line 1980: string PrintBranchOptions(string current_id)
Line 1981: {
Line 1982: int nRows = 0;
Line 1983: if(dstcom.Tables["branch"] != null)
Line 1984: dstcom.Tables["branch"].Clear();
Line 1985: string sc = " SELECT id, name FROM branch WHERE activated = 1 ORDER BY id ";
Line 1986: try
Line 1987: {
Line 1988: SqlDataAdapter myCommand = new SqlDataAdapter(sc, myConnection);
Line 1989: nRows = myCommand.Fill(dstcom, "branch");
Line 1990: }
Line 1991: catch(Exception e)
Line 1992: {
Line 1993: ShowExp(sc, e);
Line 1994: return "";
Line 1995: }
Line 1996: string s = "";
Line 1997: for(int i=0; i<nRows; i++)
Line 1998: {
Line 1999: DataRow dr = dstcom.Tables["branch"].Rows[i];
Line 2000: string id = dr["id"].ToString();
Line 2001: string name = dr["name"].ToString();
Line 2002: s += "<option value='" + id + "'";
Line 2003: if(id == current_id)
Line 2004: s += " selected";
Line 2005: s += ">" + name + "</option>";
Line 2006: }
Line 2007: return s;
Line 2008: }
Line 2009: string GetTemplateByTag(string sTagName, ref string s)
Line 2010: {
Line 2011: string sTagBegin = "<!--" + sTagName + "_BEGIN-->";
Line 2012: string st = "";
Line 2013: int p = s.IndexOf(sTagBegin);
Line 2014: int p1 = 0;
Line 2015: if(p > 0)
Line 2016: {
Line 2017: string sTagEnd = "<!--" + sTagName + "_END-->";
Line 2018: p1 = s.IndexOf(sTagEnd, p);
Line 2019: if(p1 > p)
Line 2020: {
Line 2021: st = s.Substring(p + sTagBegin.Length, p1 - p - sTagBegin.Length);
Line 2022: s = s.Substring(0, p) + s.Substring(p1 + sTagEnd.Length, s.Length - p1 - sTagEnd.Length);
Line 2023: }
Line 2024: }
Line 2025: return st;
Line 2026: }
Line 2027: bool CheckUsbKey()
Line 2028: {
Line 2029: if(!g_bUsbKey)
Line 2030: return true;
Line 2031: bool bKeyOK = false;
Line 2032: string sKeyOK = "0";
Line 2033: if(Session["usb_key_ok"] != null)
Line 2034: {
Line 2035: bKeyOK = true;
Line 2036: sKeyOK = "1";
Line 2037: }
Line 2038: string name = "";
Line 2039: string pass = "";
Line 2040: /* string ry2_pass = p("ry2_pass");
Line 2041: if(ry2_pass != "")
Line 2042: {
Line 2043: // if(FormsAuthentication.HashPasswordForStoringInConfigFile(ry2key, "md5") == mkey)
Line 2044: Session["usb_key_pass"] = ry2_pass;
Line 2045: // else
Line 2046: // Session["eds_key"] = null;
Line 2047: Session["usb_key_name"] = p("ry2_name");
Line 2048: return true;
Line 2049: }
Line 2050: */
Line 2051: if(Session["usb_key_name"] != null)
Line 2052: name = Session["usb_key_name"].ToString();
Line 2053: if(Session["usb_key_pass"] != null)
Line 2054: pass = Session["usb_key_pass"].ToString();
Line 2055: string url = Request.ServerVariables["URL"];
Line 2056:
Line 2057: // Response.Write("\r\n<object classid=\"clsid:121D2D2D-2886-4C47-A49A-0FF71BB5D78D\" ");
Line 2058: Response.Write("\r\n<object classid=\"clsid:59616956-B515-49B2-BEF0-B716C8476B43\" ");
Line 2059: Response.Write(" CODEBASE=\"ftrockey2control.ocx\" id=\"rk\"></object>\r\n");
Line 2060: Response.Write("<form name=fry2 action=?uk=1 method=post>");
Line 2061: Response.Write("<input type=hidden name=ry2_url value='" + url + "'>");
Line 2062: Response.Write("<input type=hidden name=ry2_key_ok value='" + sKeyOK + "'>");
Line 2063: Response.Write("<input type=hidden name=ry2_pass value='" + pass + "'>");
Line 2064: Response.Write("<input type=hidden name=ry2_name value='" + name + "'>");
Line 2065: Response.Write("</form>");
Line 2066:
Line 2067: string sj = @"
Line 2068: <script language=javascript>
Line 2069: //window.setTimeout('EDSGetKey()', 100);
Line 2070: EDSGetKey();
Line 2071: Request =
Line 2072: {
Line 2073: QueryString : function(item)
Line 2074: {
Line 2075: ";
Line 2076: sj += " var svalue = location.search.match(new RegExp(\"[\\?\\&]\" + item + \"=([^\\&]*)(\\&?)\",\"i\")); \r\n";
Line 2077: sj += @"
Line 2078: return svalue ? svalue[1] : svalue;
Line 2079: }
Line 2080: }
Line 2081: function EDSGetKey()
Line 2082: {
Line 2083: var rk = document.getElementById('rk');
Line 2084: rk.OpenMode = 0;
Line 2085: rk.UID = 247912870;
Line 2086: rk.BlockIndex = 0;
Line 2087: var nRet = rk.RY2Find();
Line 2088: if(nRet <= 0)
Line 2089: {
Line 2090: if(document.fry2.ry2_key_ok.value != '0')
Line 2091: {
Line 2092: updateUsbKeyInfo('', '');
Line 2093: document.location.reload();
Line 2094: }
Line 2095: return;
Line 2096: }
Line 2097:
Line 2098: nRet = rk.RY2Open();
Line 2099: if(nRet < 0)
Line 2100: {
Line 2101: updateUsbKeyInfo('', '');
Line 2102: return;
Line 2103: }
Line 2104: nRet = rk.RY2Read();
Line 2105: if(nRet == 0)
Line 2106: {
Line 2107: var pass = rk.Buffer;
Line 2108: rk.BlockIndex = 1;
Line 2109: nRet = rk.RY2Read();
Line 2110: if(nRet == 0)
Line 2111: {
Line 2112: var name = rk.Buffer;
Line 2113: nRet = rk.RY2Close();
Line 2114: if(document.fry2.ry2_key_ok.value == '0')
Line 2115: {
Line 2116: updateUsbKeyInfo(name, pass);
Line 2117: document.location.reload();
Line 2118: return;
Line 2119: }
Line 2120: if(name != document.fry2.ry2_name.value)
Line 2121: {
Line 2122: updateUsbKeyInfo(name, pass);
Line 2123: document.location = '?t=changekey';
Line 2124: }
Line 2125: //alert('key info updated');
Line 2126: return;
Line 2127: }
Line 2128: }
Line 2129: nRet = rk.RY2Close();
Line 2130: updateUsbKeyInfo('', '');
Line 2131: }
Line 2132:
Line 2133: var moz = (typeof document.implementation != 'undefined') && (typeof document.implementation.createDocument != 'undefined');
Line 2134: var ie = (typeof window.ActiveXObject != 'undefined');
Line 2135: var xmlHttp;
Line 2136: function createXMLHttpRequest()
Line 2137: {
Line 2138: var x;
Line 2139: if(window.ActiveXObject)
Line 2140: x = new ActiveXObject('Microsoft.XMLHTTP');
Line 2141: else if(window.XMLHttpRequest)
Line 2142: x = new XMLHttpRequest();
Line 2143: if(!x)
Line 2144: {
Line 2145: alert('Giving up :( Cannot create an XMLHTTP instance');
Line 2146: return null;
Line 2147: }
Line 2148: return x;
Line 2149: }
Line 2150: function updateUsbKeyInfo(name, pass)
Line 2151: {
Line 2152: xmlHttp = createXMLHttpRequest();
Line 2153: if(!xmlHttp)
Line 2154: return;
Line 2155: var formdata = 'name=' + name + '&pass=' + pass;
Line 2156: var url = document.fry2.ry2_url.value + '?t=usbkeyinfo';
Line 2157: xmlHttp.onreadystatechange = handleUsbKeyInfoResult;
Line 2158: xmlHttp.open('POST', url, false);
Line 2159: xmlHttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
Line 2160: xmlHttp.send(formdata);
Line 2161: }
Line 2162: function handleUsbKeyInfoResult()
Line 2163: {
Line 2164: if(xmlHttp.readyState == 4)
Line 2165: {
Line 2166: if(xmlHttp.status == 200)
Line 2167: {
Line 2168: var tx = xmlHttp.responseText;
Line 2169: //alert('ajax response=' + tx);
Line 2170: }
Line 2171: else
Line 2172: {
Line 2173: // alert(xmlHttp.status);
Line 2174: // alert('There was a problem with the request.');
Line 2175: }
Line 2176: }
Line 2177: }
Line 2178:
Line 2179: </script";
Line 2180: sj += ">";
Line 2181: Response.Write(sj);
Line 2182: return false;
Line 2183: }
Line 2184: string PrintShelfAreaOptions(string sCurrent, bool bAll)
Line 2185: {
Line 2186: int nRows = 0;
Line 2187: if(dstcom.Tables["pso"] != null)
Line 2188: dstcom.Tables["pso"].Clear();
Line 2189: string sc = " SELECT DISTINCT area FROM shelf WHERE area <> '' ORDER BY area ";
Line 2190: try
Line 2191: {
Line 2192: myAdapter = new SqlDataAdapter(sc, myConnection);
Line 2193: nRows = myAdapter.Fill(dstcom, "pso");
Line 2194: }
Line 2195: catch(Exception e)
Line 2196: {
Line 2197: ShowExp(sc, e);
Line 2198: return "";
Line 2199: }
Line 2200: string s = "";
Line 2201: if(bAll)
Line 2202: s += "<option value=''>" + Lang("All") + "</option>";
Line 2203: for(int i=0; i<nRows; i++)
Line 2204: {
Line 2205: string v = dstcom.Tables["pso"].Rows[i]["area"].ToString();
Line 2206: s += "<option value='" + v + "' ";
Line 2207: if(v == sCurrent)
Line 2208: s += " selected";
Line 2209: s += ">" + v + "</option>";
Line 2210: }
Line 2211: return s;
Line 2212: }
Line 2213: string PrintShelfLocationOptions(string area, string sCurrent, bool bAll)
Line 2214: {
Line 2215: int nRows = 0;
Line 2216: if(dstcom.Tables["pso"] != null)
Line 2217: dstcom.Tables["pso"].Clear();
Line 2218: string sc = " SELECT DISTINCT location FROM shelf WHERE area = N'" + EncodeQuote(area) + "' AND location <> '' ORDER BY location ";
Line 2219: try
Line 2220: {
Line 2221: myAdapter = new SqlDataAdapter(sc, myConnection);
Line 2222: nRows = myAdapter.Fill(dstcom, "pso");
Line 2223: }
Line 2224: catch(Exception e)
Line 2225: {
Line 2226: ShowExp(sc, e);
Line 2227: return "";
Line 2228: }
Line 2229: string s = "";
Line 2230: if(bAll)
Line 2231: s += "<option value=''>" + Lang("All") + "</option>";
Line 2232: for(int i=0; i<nRows; i++)
Line 2233: {
Line 2234: string location = dstcom.Tables["pso"].Rows[i]["location"].ToString();
Line 2235: s += "<option value='" + location + "' ";
Line 2236: if(location == sCurrent)
Line 2237: s += " selected";
Line 2238: s += ">" + location + "</option>";
Line 2239: }
Line 2240: return s;
Line 2241: }
Line 2242: string PrintShelfSectionOptions(string area, string location, string sCurrent, bool bAll)
Line 2243: {
Line 2244: int nRows = 0;
Line 2245: if(dstcom.Tables["pso"] != null)
Line 2246: dstcom.Tables["pso"].Clear();
Line 2247: string sc = " SELECT DISTINCT section FROM shelf ";
Line 2248: sc += " WHERE area = N'" + EncodeQuote(area) + "' ";
Line 2249: sc += " AND location = N'" + EncodeQuote(location) + "' ";
Line 2250: sc += " AND section <> '' ORDER BY section ";
Line 2251: try
Line 2252: {
Line 2253: myAdapter = new SqlDataAdapter(sc, myConnection);
Line 2254: nRows = myAdapter.Fill(dstcom, "pso");
Line 2255: }
Line 2256: catch(Exception e)
Line 2257: {
Line 2258: ShowExp(sc, e);
Line 2259: return "";
Line 2260: }
Line 2261: string s = "";
Line 2262: if(bAll)
Line 2263: s += "<option value=''>" + Lang("All") + "</option>";
Line 2264: for(int i=0; i<nRows; i++)
Line 2265: {
Line 2266: string section = dstcom.Tables["pso"].Rows[i]["section"].ToString();
Line 2267: s += "<option value='" + section + "' ";
Line 2268: if(section == sCurrent)
Line 2269: s += " selected";
Line 2270: s += ">" + section + "</option>";
Line 2271: }
Line 2272: return s;
Line 2273: }
Line 2274: string PrintShelfLevelOptions(string sCurrent, bool bAll)
Line 2275: {
Line 2276: int nLevels = MyIntParse(GetSiteSettings("shelf_levels", "30"));
Line 2277: string s = "";
Line 2278: if(bAll)
Line 2279: s += "<option value=''>" + Lang("All") + "</option>";
Line 2280: for(int i=1; i<nLevels; i++)
Line 2281: {
Line 2282: s += "<option value='" + i.ToString() + "' ";
Line 2283: if(i.ToString() == sCurrent)
Line 2284: s += " selected";
Line 2285: s += ">" + i.ToString() + "</option>";
Line 2286: }
Line 2287: return s;
Line 2288: }
Line 2289: string PrintShelfLevelOptionsBySection(string area, string location, string section, string sCurrent, bool bAll)
Line 2290: {
Line 2291: int nRows = 0;
Line 2292: if(dstcom.Tables["pso"] != null)
Line 2293: dstcom.Tables["pso"].Clear();
Line 2294: string sc = " SELECT DISTINCT level FROM shelf ";
Line 2295: sc += " WHERE area = N'" + EncodeQuote(area) + "' ";
Line 2296: sc += " AND location = N'" + EncodeQuote(location) + "' ";
Line 2297: sc += " AND section = N'" + EncodeQuote(section) + "' ORDER BY level ";
Line 2298: try
Line 2299: {
Line 2300: myAdapter = new SqlDataAdapter(sc, myConnection);
Line 2301: nRows = myAdapter.Fill(dstcom, "pso");
Line 2302: }
Line 2303: catch(Exception e)
Line 2304: {
Line 2305: ShowExp(sc, e);
Line 2306: return "";
Line 2307: }
Line 2308: string s = "";
Line 2309: if(bAll)
Line 2310: s += "<option value=''>" + Lang("All") + "</option>";
Line 2311: for(int i=0; i<nRows; i++)
Line 2312: {
Line 2313: string sLevel = dstcom.Tables["pso"].Rows[i]["level"].ToString();
Line 2314: s += "<option value='" + sLevel + "' ";
Line 2315: if(sLevel == sCurrent)
Line 2316: s += " selected";
Line 2317: s += ">" + sLevel + "</option>";
Line 2318: }
Line 2319: return s;
Line 2320: }
Line 2321: string GetItemLocation(string material_id, string branch_id)
Line 2322: {
Line 2323: if(material_id == null || material_id == "")
Line 2324: return "";
Line 2325: if(branch_id == null || branch_id == "")
Line 2326: branch_id = Session["branch_id"].ToString();
Line 2327: DataSet dst = new DataSet();
Line 2328: if(dst.Tables["itemlocation"] != null)
Line 2329: dst.Tables["itemlocation"].Clear();
Line 2330: string sc = " SELECT si.*, s.*, s.name AS shelf_name ";
Line 2331: sc += " FROM shelf_item si Join shelf s ON s.id = si.shelf_id ";
Line 2332: sc += " WHERE si.material_id =" + material_id + " AND s.branch_id = " + branch_id;
Line 2333: sc += " ORDER BY si.qty ";
Line 2334: try
Line 2335: {
Line 2336: myAdapter = new SqlDataAdapter(sc, myConnection);
Line 2337: if(myAdapter.Fill(dst, "itemlocation") <= 0)
Line 2338: return "";
Line 2339: }
Line 2340: catch(Exception ex)
Line 2341: {
Line 2342: ShowExp(sc,ex);
Line 2343: return "";
Line 2344: }
Line 2345: string s = "";
Line 2346: for(int i=0; i<dst.Tables["itemlocation"].Rows.Count; i++)
Line 2347: {
Line 2348: bool bAdd = true;
Line 2349: DataRow dr = dst.Tables["itemlocation"].Rows[i];
Line 2350: string name = dr["shelf_name"].ToString();
Line 2351: string itemQty = dr["qty"].ToString();
Line 2352: double dQty = MyDoubleParse(itemQty);
Line 2353: if(name[0] == 'S' && dQty <= 0)
Line 2354: bAdd = false;
Line 2355: if(bAdd)
Line 2356: s += name + "(" + itemQty + ") ";
Line 2357: }
Line 2358: return s;
Line 2359: }
Line 2360: string GetSqlFore()
Line 2361: {
Line 2362: return " SELECT * FROM( ";
Line 2363: }
Line 2364: string GetSqlBack()
Line 2365: {
Line 2366: return " ) t WHERE 1 = 1 ";
Line 2367: }
Line 2368: string GetSeachFieldByLevel(int level,int cCount)
Line 2369: {
Line 2370: if(cCount < 1)
Line 2371: return "";
Line 2372: string s = "";
Line 2373: if(level > 1)
Line 2374: s += " UNION ALL ";
Line 2375: s += "SELECT c" + level.ToString() + ".id ";
Line 2376: for(int i = 1; i <= cCount; i++)
Line 2377: {
Line 2378: if(i <= level)
Line 2379: s += ",c" + i.ToString() + ".name AS name" + i.ToString();
Line 2380: else
Line 2381: s += ",'' AS name" + i.ToString();
Line 2382: }
Line 2383: s += ",c" + level.ToString() + ".level FROM category c" + level.ToString();
Line 2384: return s;
Line 2385: }
Line 2386: string GetSearchJoinByLevel(int level)
Line 2387: {
Line 2388: string s = "";
Line 2389: if(level == 1)
Line 2390: return "";
Line 2391: for(int i = level - 1; i >= 1; i--)
Line 2392: {
Line 2393: s += " LEFT JOIN category c" + i.ToString() + " ON ";
Line 2394: s += "c" + (i + 1).ToString() + ".parent_id = " + " c" + i.ToString() + ".id ";
Line 2395: }
Line 2396: return s;
Line 2397: }
Line 2398: string GetSearchFilterByLevel(int level)
Line 2399: {
Line 2400: string s = "";
Line 2401: for(int i = level; i >= 1; i--)
Line 2402: {
Line 2403: if(i == level)
Line 2404: s += " WHERE ";
Line 2405: else
Line 2406: s += " AND ";
Line 2407: s += " c" + i.ToString() + ".level = " + i.ToString();
Line 2408: }
Line 2409: return s;
Line 2410: }
Line 2411: string GetSearchOrderBy(int levelCount)
Line 2412: {
Line 2413: string s = "";
Line 2414: for(int i = 1; i <= levelCount; i++)
Line 2415: {
Line 2416: if(i == 1)
Line 2417: s += " ORDER BY t.name" + i.ToString();
Line 2418: else
Line 2419: s += ",t.name" + i.ToString();
Line 2420: }
Line 2421: return s;
Line 2422: }
Line 2423: string GetSqlString(int levelCount)
Line 2424: {
Line 2425: string s = "";
Line 2426: s += GetSqlFore();
Line 2427: for(int i = 1; i <= levelCount; i++)
Line 2428: {
Line 2429: s += GetSeachFieldByLevel(i,levelCount) + GetSearchJoinByLevel(i) + GetSearchFilterByLevel(i);
Line 2430: }
Line 2431: s += GetSqlBack();
Line 2432: return s;
Line 2433: }
Line 2434: string GetSearchWhereFilter(int m_lc,string m_kw)
Line 2435: {
Line 2436: if(m_kw.Length <= 0)
Line 2437: return "";
Line 2438: string s = "";
Line 2439: bool isNumber = true;
Line 2440: char[] chs = m_kw.ToCharArray();
Line 2441: for(int i = 0; i < chs.Length; i++)
Line 2442: {
Line 2443: if(!Char.IsDigit(chs[i]))
Line 2444: {
Line 2445: isNumber = false;
Line 2446: break;
Line 2447: }
Line 2448: }
Line 2449: if(isNumber)
Line 2450: {
Line 2451: s += " AND (t.level = " + m_kw;
Line 2452: }
Line 2453: else
Line 2454: {
Line 2455: for(int i = 1; i <= m_lc; i++)
Line 2456: {
Line 2457: if(i == 1)
Line 2458: s += " AND (t.name" + i.ToString() + " LIKE '%" + m_kw + "%' ";
Line 2459: else
Line 2460: s += " OR t.name" + i.ToString() + " LIKE '%" + m_kw + "%' ";
Line 2461: }
Line 2462: }
Line 2463: s += " ) ";
Line 2464: return s;
Line 2465: }
Line 2466: int GetNodeAccess(string name)
Line 2467: {
Line 2468: if(IsAdmin())
Line 2469: return 2;
Line 2470: if(dstcom.Tables["nodeAccess"] != null)
Line 2471: dstcom.Tables["nodeAccess"].Clear();
Line 2472: string sc = " SELECT d.readonly ";
Line 2473: sc += " FROM menu_access_node n ";
Line 2474: sc += " JOIN menu_access_node_data d ON d.node_id = n.id ";
Line 2475: sc += " WHERE 1 = 1 ";
Line 2476: sc += " AND n.name = '" + name + "' ";
Line 2477: sc += " AND (d.card_id = " + Session["card_id"].ToString() + " OR d.access_class_id = " + Session[m_sCompanyName + "AccessLevel"].ToString() + ")";
Line 2478: sc += " ORDER BY d.card_id DESC "; //card auth prior group(accesslevel)
Line 2479: try
Line 2480: {
Line 2481: SqlDataAdapter myCommand = new SqlDataAdapter(sc, myConnection);
Line 2482: if(myCommand.Fill(dstcom, "nodeAccess") <= 0)
Line 2483: return 0; // no access
Line 2484: }
Line 2485: catch(Exception e)
Line 2486: {
Line 2487: ShowExp(sc, e);
Line 2488: }
Line 2489: DataRow dr = dstcom.Tables["nodeAccess"].Rows[0]; //we only care the first row, if auth specified on this card then it must appeared before group
Line 2490: bool bReadOnly = MyBooleanParse(dr["readonly"].ToString());
Line 2491: if(bReadOnly)
Line 2492: return 1; //read only
Line 2493: return 2; //full access
Line 2494: }
Line 2495: void PrintCaptionAndTitle(string curWidth,string caption,string title)
Line 2496: {
Line 2497: Response.Write("<br/><table width=" + curWidth + " align=center cellspacing=0 cellpadding=0 border=0 class=t>");
Line 2498: Response.Write("<tr><td align=center><font size=4><b>" + caption + "</b></font>" + title + "</td></tr>");
Line 2499: Response.Write("</table><br/>");
Line 2500: }
Line 2501: string GetProductImage(string product_id)
Line 2502: {
Line 2503: if(product_id == null || product_id == "")
Line 2504: return "";
Line 2505: if(dstcom.Tables["gpi"] != null)
Line 2506: dstcom.Tables["gpi"].Clear();
Line 2507: string sc = " SELECT i.material_id ";
Line 2508: sc += " FROM product p ";
Line 2509: sc += " JOIN product_item i ON i.product_id = p.id ";
Line 2510: sc += " WHERE p.id = " + product_id;
Line 2511: try
Line 2512: {
Line 2513: SqlDataAdapter myCommand = new SqlDataAdapter(sc, myConnection);
Line 2514: if(myCommand.Fill(dstcom, "gpi") <= 0)
Line 2515: return "";
Line 2516: }
Line 2517: catch(Exception e)
Line 2518: {
Line 2519: ShowExp(sc, e);
Line 2520: }
Line 2521: DataRow dr = dstcom.Tables["gpi"].Rows[0];
Line 2522: string mid = dr["material_id"].ToString();
Line 2523: string sImage = "../mi/" + mid + "/" + mid + "_001_t.jpg";
Line 2524: return sImage;
Line 2525: }
Line 2526: bool UpdateSessionLog()
Line 2527: {
Line 2528: if(Session["session_log_id"] == null || Session["session_log_id"].ToString() == "")
Line 2529: return true;
Line 2530:
Line 2531: string sc = " UPDATE web_session SET card_id = " + Session["card_id"].ToString() + " ";
Line 2532: sc += " WHERE id = " + Session["session_log_id"].ToString();
Line 2533: try
Line 2534: {
Line 2535: myCommand = new SqlCommand(sc);
Line 2536: myCommand.Connection = myConnection;
Line 2537: myConnection.Open();
Line 2538: myCommand.ExecuteNonQuery();
Line 2539: myCommand.Connection.Close();
Line 2540: }
Line 2541: catch(Exception e)
Line 2542: {
Line 2543: ShowExp(sc, e);
Line 2544: return false;
Line 2545: }
Line 2546: return true;
Line 2547: }
Line 2548: string PrintBranchStockOptions(string branch_id, string stock_id)
Line 2549: {
Line 2550: if(branch_id == "")
Line 2551: return "";
Line 2552: int nRows = 0;
Line 2553: if(dstcom.Tables["pso"] != null)
Line 2554: dstcom.Tables["pso"].Clear();
Line 2555: string sc = " SELECT id, name FROM branch_stock ";
Line 2556: sc += " WHERE branch_id = " + branch_id + " ";
Line 2557: sc += " ORDER BY id ";
Line 2558: try
Line 2559: {
Line 2560: myAdapter = new SqlDataAdapter(sc, myConnection);
Line 2561: nRows = myAdapter.Fill(dstcom, "pso");
Line 2562: }
Line 2563: catch(Exception e)
Line 2564: {
Line 2565: ShowExp(sc, e);
Line 2566: return "";
Line 2567: }
Line 2568: string s = "";
Line 2569: for(int i=0; i<nRows; i++)
Line 2570: {
Line 2571: string id = dstcom.Tables["pso"].Rows[i]["id"].ToString();
Line 2572: string name = dstcom.Tables["pso"].Rows[i]["name"].ToString();
Line 2573: s += "<option value='" + id + "' ";
Line 2574: if(id == stock_id)
Line 2575: s += " selected";
Line 2576: s += ">" + name + "</option>";
Line 2577: }
Line 2578: return s;
Line 2579: }
Line 2580: string GetProductRateAndQtyBasicSql(bool isQueryPaid)
Line 2581: {
Line 2582: string s = " SELECT MAX(p.id) AS product_id,MAX(p.name) AS product_name ";
Line 2583: if(isQueryPaid)
Line 2584: {
Line 2585: s += ",MAX(pl.shipping_cost_hours) AS cost_hour ";
Line 2586: s += ",MAX(sr.shipping_hourly_rate) AS labor_rate ";
Line 2587: }
Line 2588: s += ", MAX(oi.qty) AS order_qty ";
Line 2589: s += ",MAX(si.qty) AS sku_qty, c.name AS staff_name, b.id AS branch_id ";
Line 2590: s += ", b.name AS branch_name, c.id AS card_id FROM product p ";
Line 2591: s += " INNER JOIN product_labor pl ON pl.product_id = p.id ";
Line 2592: s += " INNER JOIN sku_item si ON si.product_id = pl.product_id ";
Line 2593: s += " INNER JOIN order_item oi ON oi.sku_id = si.sku_id ";
Line 2594: s += " INNER JOIN orders o ON o.id = oi.order_id ";
Line 2595: s += " INNER JOIN order_log ol ON ol.order_id = o.id ";
Line 2596: s += " INNER JOIN card c ON c.id = ol.card_id ";
Line 2597: s += " INNER JOIN branch b ON b.id = o.branch_id ";
Line 2598: s += " INNER JOIN shipping_rate sr ON b.id = sr.branch_id ";
Line 2599: s += " WHERE 1 = 1 ";
Line 2600: return s;
Line 2601: }
Line 2602: string GetOrderRateAndQtyBasicSql()
Line 2603: {
Line 2604: string s = " SELECT MAX(o.id) AS order_id, MAX(p.id) AS product_id,MAX(p.name) AS product_name ";
Line 2605: s += ",MAX(pl.shipping_cost_hours) AS cost_hour ";
Line 2606: s += ",MAX(sr.shipping_hourly_rate) AS labor_rate ";
Line 2607: s += ", MAX(oi.qty) AS order_qty ";
Line 2608: s += ",MAX(si.qty) AS sku_qty, c.name AS staff_name, b.id AS branch_id ";
Line 2609: s += ", b.name AS branch_name, c.id AS card_id ";
Line 2610: s += ", (SUBSTRING(REPLACE((CONVERT(VARCHAR, GETDATE(), 120 )),'-',''),3,6)+'.' + s.abbreviation+'.'+ CONVERT(VARCHAR,o.id)) AS temp_id ";
Line 2611: s += " FROM orders o ";
Line 2612: s += " LEFT JOIN order_item oi ON oi.order_id = o.id ";
Line 2613: s += " LEFT JOIN sku_item si ON si.sku_id = oi.sku_id ";
Line 2614: s += " LEFT JOIN product p ON p.id = si.product_id ";
Line 2615: s += " LEFT JOIN product_labor pl ON pl.product_id = p.id ";
Line 2616: s += " LEFT JOIN store s ON s.id = o.store_id ";
Line 2617: s += " LEFT JOIN order_log ol ON ol.order_id = o.id ";
Line 2618: s += " LEFT JOIN card c ON c.id = ol.card_id ";
Line 2619: s += " LEFT JOIN branch b ON b.id = o.branch_id ";
Line 2620: s += " LEFT JOIN shipping_rate sr ON b.id = sr.branch_id ";
Line 2621: s += " WHERE 1 = 1 ";
Line 2622: return s;
Line 2623: }
Line 2624: string GetSubQuery(int days)
Line 2625: {
Line 2626: DateTime cDate = DateTime.Now;
Line 2627: DateTime beginDate = cDate;
Line 2628: if(days == 0)
Line 2629: beginDate = cDate.AddDays(-cDate.Day + 1);
Line 2630: else
Line 2631: beginDate = cDate.AddDays(-days);
Line 2632: string beginStr = beginDate.ToString("dd-MM-yyyy") + " 00:00:00";
Line 2633: string endStr = cDate.ToString("dd-MM-yyyy HH:mm:ss");
Line 2634: string s = " AND o.id IN (SELECT order_id FROM ";
Line 2635: s += " (SELECT order_id,MAX(card_id) AS card_id,MAX(log_date) AS log_date ";
Line 2636: s += " FROM order_log WHERE msg LIKE '%confirm shipment%' ";
Line 2637: s += " AND log_date BETWEEN CONVERT(DATETIME,'" + beginStr + "') AND CONVERT(DATETIME,'" + endStr + "') ";
Line 2638: s += " GROUP BY order_id) t1) ";
Line 2639: return s;
Line 2640: }
Line 2641: bool IsYPAdmin()
Line 2642: {
Line 2643: if(m_sSite == Lang("admin")) //yellowprice
Line 2644: return true;
Line 2645: return false;
Line 2646: }
Line 2647: bool IsShipping()
Line 2648: {
Line 2649: if(m_sSite == Lang("shipping"))
Line 2650: return true;
Line 2651: return false;
Line 2652: }
Line 2653: bool IsSeller()
Line 2654: {
Line 2655: if(m_sSite == Lang("seller")) //seller
Line 2656: return true;
Line 2657: return false;
Line 2658: }
Line 2659: string GetShippingBOMCodeFilter(string curBranchId)
Line 2660: {
Line 2661: string s = " AND 1 = 0 ";
Line 2662: //if(!IsShipping())
Line 2663: // return s;
Line 2664: if(curBranchId == "1") //Toronto
Line 2665: s = " AND code1 = '902' AND code2 = '103' ";
Line 2666: else if(curBranchId == "2") //Los Angeles
Line 2667: s = " AND code1 = '902' AND code2 = '102' ";
Line 2668: else if(curBranchId == "3") //DongGuan
Line 2669: s = " AND code1 = '902' AND code2 = '101' ";
Line 2670: else if(curBranchId == "4") //Sydney
Line 2671: s = " AND code1 = '902' AND code2 = '104' ";
Line 2672: return s;
Line 2673: }
Line 2674: string GetShippingLaborFilter(string curBranchId)
Line 2675: {
Line 2676: string s = " AND 1 = 0 ";
Line 2677: //if(!IsShipping())
Line 2678: // return s;
Line 2679: if(curBranchId == "1") //Toronto
Line 2680: s = " AND (code1+'.'+code2+'.'+code3) = '904.103.001' ";
Line 2681: else if(curBranchId == "2") //Los Angeles
Line 2682: s = " AND (code1+'.'+code2+'.'+code3) = '904.102.001 ' ";
Line 2683: else if(curBranchId == "3") //DongGuan
Line 2684: s = " AND (code1+'.'+code2+'.'+code3) = '904.101.001 ' ";
Line 2685: else if(curBranchId == "4") //Sydney
Line 2686: s = " AND (code1+'.'+code2+'.'+code3) = '904.104.001' ";
Line 2687: return s;
Line 2688: }
Line 2689: string GetCurrencyString(string s)
Line 2690: {
Line 2691: return g_bCurrency_Symbol + s;
Line 2692: }
Line 2693: </script>
Line 2694:
|