权限控制url的一些非法操作的处理
时间:2011-06-07 来源:卑鄙De小贝
MyService.S_PersonnelInfo myspif = new ZSAJGUNweb.MyService.S_PersonnelInfo();
myspif = MyServer.PersonnelInfo_PID(int.Parse(Request.Cookies["PID"].Value.ToString()));
string url_str_ = Request.Url.ToString();
string[] url_str_arr_ = url_str_.Split('/');
url_str_ = url_str_arr_[url_str_arr_.Length - 1].ToString();
DataTable mydt_did = MyServer.Permissions_where("'or'='or'").Mydt;
string url__ = "";
for (int i = 0; i != mydt_did.Rows.Count; i++) {
if (mydt_did.Rows[i]["url"].ToString() == "") {
url__ = "1";
}
else {
url__ = mydt_did.Rows[i]["url"].ToString();
}
if (url_str_.Contains(url__)) {
url_str_ = mydt_did.Rows[i]["url"].ToString();
string Divided = MyServer.Permissions_where("url = '" + url_str_ + "'").Divided;
if (Divided != myspif.Limit.ToString()) {
Response.Write("你木有该权限");
}
break;
}
}
防止恶性修改url非法访问 相关阅读 更多 +
