短信

CallCenterApi/CallCenterApi.Interface/CallCenterApi.Interface/Controllers/UserAccountController.cs

@@ -626,12 +626,12 @@ namespace CallCenterApi.Interface.Controllers
             {
                 return Error("请输入将要发送的号码");
             }
-            int codes = new Random().Next(1000, 9999);
+            int codes = new Random().Next(100000, 999999);
            // string msg = codes.ToString ();
            // bool n = SMSController.AddSmS(0, msg, "你的验证码是"+ codes+".十分钟有效.", mobile, "168411", "");
 
             string mag = "[\"" + codes.ToString() + "\"]";
-            string v = SmsNewController.AddSmS(0, "你的验证码是" + codes + ".十分钟有效.", mobile, "681240638956277760", mag,
+            string v = SmsNewController.AddSmS(0, "您本次登录的验证码是"+ codes.ToString() + "，10分钟内有效。", mobile, "1053396176871632896", mag,
           "");
             if (v=="")
             {

CallCenterApi/CallCenterApi.Interface/CallCenterApi.Interface/Controllers/weixin/WxLoginController.cs

@@ -144,10 +144,10 @@ namespace CallCenterApi.Interface.Controllers.weixin
         public ActionResult SendCode(string mobile)
         {
 
-            int codes = new Random().Next(1000, 9999);
+            int codes = new Random().Next(100000, 999999);
             string mag = "[\"" + codes.ToString() + "\"]";
-            string v = SmsNewController.AddSmS(0, "您的验证码是" + codes + "，10分钟内有效。", mobile, "681240638956277760", mag,
-          "");
+            string v = SmsNewController.AddSmS(0, "您本次登录的验证码是" + codes.ToString() + "，10分钟内有效。", mobile, "1053396176871632896", mag,
+           "");
             if (v == "")
             {
                 return Error("发送成功");

CallCenterApi/CallCenterApi.Interface/CallCenterApi.Interface/Controllers/workorder/hb_affairsController.cs

@@ -558,6 +558,7 @@ namespace CallCenterApi.Interface.Controllers.workorder
 
                             }
                         }
+                        new BLL.T_Sys_Affairs().Update(affairs.FirstOrDefault());
                         #region 插入操作记录
                         Model.T_Bus_Operation oper = new Model.T_Bus_Operation();
                         oper.F_WorkOrderId = modelT_Bus_WorkOrder.F_WorkOrderId;

CallCenterApi/CallCenterApi.Interface/CallCenterApi.Interface/Global.asax.cs

@@ -33,18 +33,23 @@ namespace CallCenterApi.Interface
                 {
                     _worker = new QuartzWorker(port);
                     _worker.AddWork(new PushWorkorder());
+                   
                     if (ISfiring=="1")
                     {
                         _worker.AddWork(new ZhengWuDuiJie());
-                        _worker.AddWork(new Peoplewebsite());
+                      
                     }
-                   
+                    else if (ISfiring == "2")
+                    {
+                        _worker.AddWork(new SatisfactionClose());
+                    }
+
                     _worker.Start();
                 }
 
             }).ContinueWith(p =>
             {
-                System.Diagnostics.Debug.WriteLine(DateTime.Now);
+                //System.Diagnostics.Debug.WriteLine(DateTime.Now);
             });
         }
 
@@ -59,6 +64,8 @@ namespace CallCenterApi.Interface
 
         protected void Application_AuthenticateRequest(object sender, EventArgs e)
         {
+            SqlChecker SqlChecker = new SqlChecker(this.Request, this.Response);
+            SqlChecker.Check();
             HttpApplication app = (HttpApplication)sender;
             var context = app.Context;
             if (context == null) throw new ArgumentNullException("context");

CallCenterApi/CallCenterApi.Interface/CallCenterApi.Interface/Models/Common/ButtonGroup.cs

@@ -257,7 +257,22 @@ namespace CallCenterApi.Interface.Models.Common
         {
             return new button(69, "呼叫");
         }
-       
+        public static button Contentment()
+        {
+            return new button(70, "插入");
+        }
+        public static button BackVisit()
+        {
+            return new button(71, "回退");
+        }
+        public static button RemoveContentment()
+        {
+            return new button(72, "移除");
+        }
+        public static button TransferOut()
+        {
+            return new button(73, "转出");
+        }
         /// <summary>
         /// 已办未果通过
         /// </summary>
@@ -769,12 +784,13 @@ namespace CallCenterApi.Interface.Models.Common
                     if ((code == "ZXLD" || code == "ZXLDGLYGLY" || code == "GLY" || code == "DDZG" || code == "ZXHWY" || code == "SPZ" || code == "SPZJZ") && iszb == "0")
                     {
                         buttons.Add(statistics());
-                        
+                      
                         // buttons.Add(back());
                     }
                     if (code == "ZXLD" || code == "YSZY" || code == "ZXLDGLYGLY" || code == "GLY" || code == "DDZG"  || code == "SPZ" || code == "SPZJZ")
                     {
                         buttons.Add(modify());
+                        
                     }
                     break;
                 case "10":

CallCenterCommon/CallCenter.Utility/CallCenter.Utility.csproj

@@ -105,6 +105,7 @@
     <Compile Include="SM2CryptoUtil.cs" />
     <Compile Include="Sms\SmsNewHelper.cs" />
     <Compile Include="Sms\SmsHelper.cs" />
+    <Compile Include="SqlChecker.cs" />
     <Compile Include="SysInformationHelper.cs" />
     <Compile Include="Time\DateTimeConvert.cs" />
     <Compile Include="Time\DateTools.cs" />

CallCenterCommon/CallCenter.Utility/SqlChecker.cs

@@ -0,0 +1,191 @@
+
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Web;
+
+namespace CallCenter.Utility
+{
+    public class SqlChecker
+    { //当前请求对象
+        private HttpRequest request;
+        //当前响应对象
+        private HttpResponse response;
+        //安全Url,当出现Sql注入时,将导向到的安全页面,如果没赋值,则停留在当前页面
+        private string safeUrl = String.Empty;
+
+        //Sql注入时,可能出现的sql关键字,可根据自己的实际情况进行初始化,每个关键字由'|'分隔开来
+        //private const string StrKeyWord = @"select|insert|delete|from|count(|drop table|update|truncate|asc(|mid(|char(|xp_cmdshell|exec master|netlocalgroup administrators|:|net user|""|or|and";
+        private const string StrKeyWord = @"select|insert|delete|from|drop table|update|truncate|exec master|netlocalgroup administrators|net user|or|and|waitfor delay|waitfor|delay";
+        //Sql注入时,可能出现的特殊符号,,可根据自己的实际情况进行初始化,每个符号由'|'分隔开来
+        //  private const string StrRegex = @"@|*";
+        //private const string StrRegex = @"=|!|'";
+        public SqlChecker()
+        {
+            //
+            // TODO: 在此处添加构造函数逻辑
+            //
+        }
+        /// <summary>
+        /// 由此构造函数创建的对象,在验证Sql注入之后将停留在原来页面上
+        /// </summary>
+        /// <param name="_request">当前请求的 Request 对象</param>
+        /// <param name="_response">当前请求的 Response 对象</param>
+        public SqlChecker(HttpRequest _request, HttpResponse _response)
+        {
+            this.request = _request;
+            this.response = _response;
+        }
+        /// <summary>
+        /// 由此构造函数创建的对象,在验证Sql注入之后将请求将导向由 _safeUrl 指定的安全url页面上
+        /// </summary>
+        /// <param name="_request">当前请求的 Request 对象</param>
+        /// <param name="_response">当前请求的 Response 对象</param>
+        /// <param name="_safeUrl">验证Sql注入之后将导向的安全 url</param>
+        public SqlChecker(HttpRequest _request, HttpResponse _response, string _safeUrl)
+        {
+            this.request = _request;
+            this.response = _response;
+            this.safeUrl = _safeUrl;
+        }
+        /// <summary>
+        /// 只读属性 SQL关键字
+        /// </summary>
+        public string KeyWord
+        {
+            get
+            {
+                return StrKeyWord;
+            }
+        }
+        ///// <summary>
+        ///// 只读属性过滤特殊字符
+        ///// </summary>
+        //public string RegexString
+        //{
+        //    get
+        //    {
+        //        return StrRegex;
+        //    }
+        //}
+        /// <summary>
+        /// 当出现Sql注入时需要提示的错误信息(主要是运行一些客户端的脚本)
+        /// </summary>
+        public string Msg
+        {
+            get
+            {
+                string msg = "<script type='text/javascript'> "
+                + " alert('请勿输入非法字符!'); ";
+
+                if (this.safeUrl == String.Empty)
+                    msg += " window.location.href = '" + request.RawUrl + "'";
+                else
+                    msg += " window.location.href = '" + safeUrl + "'";
+
+                msg += "</script>";
+                return msg;
+            }
+        }
+        /// <summary>
+        /// 检查URL参数中是否带有SQL注入的可能关键字。
+        /// </summary>
+        /// <returns>存在SQL注入关键字时返回 true，否则返回 false</returns>
+        public bool CheckRequestQuery()
+        {
+            bool result = false;
+            if (request.QueryString.Count != 0)
+            {
+                //若URL中参数存在，则逐个检验参数。
+                foreach (string queryName in this.request.QueryString)
+                {
+                    //过虑一些特殊的请求状态值,主要是一些有关页面视图状态的参数
+                    if (queryName == "__VIEWSTATE" || queryName == "__EVENTVALIDATION")
+                        continue;
+                    //开始检查请求参数值是否合法
+                    if (CheckKeyWord(request.QueryString[queryName]))
+                    {
+                        //只要存在一个可能出现Sql注入的参数,则直接退出
+                        result = true;
+                        break;
+                    }
+                }
+            }
+            return result;
+        }
+        /// <summary>
+        /// 检查提交表单中是否存在SQL注入的可能关键字
+        /// </summary>
+        /// <returns>存在SQL注入关键字时返回 true，否则返回 false</returns>
+        public bool CheckRequestForm()
+        {
+            bool result = false;
+            if (request.Form.Count > 0)
+            {
+                //若获取提交的表单项个数不为0,则逐个比较参数
+                foreach (string queryName in this.request.Form)
+                {
+                    //过虑一些特殊的请求状态值,主要是一些有关页面视图状态的参数
+                    if (queryName == "__VIEWSTATE" || queryName == "__EVENTVALIDATION")
+                        continue;
+                    //开始检查提交的表单参数值是否合法
+                    if (CheckKeyWord(request.Form[queryName]))
+                    {
+                        //只要存在一个可能出现Sql注入的参数,则直接退出
+                        result = true;
+                        break;
+                    }
+                }
+            }
+            return result;
+        }
+        /// <summary>
+        /// 检查_sword是否包涵SQL关键字
+        /// </summary>
+        /// <param name="_sWord">需要检查的字符串</param>
+        /// <returns>存在SQL注入关键字时返回 true，否则返回 false</returns>
+        public bool CheckKeyWord(string _sWord)
+        {
+            bool result = false;
+            //模式1 : 对应Sql注入的可能关键字
+            string[] patten1 = StrKeyWord.Split('|');
+            //模式2 : 对应Sql注入的可能特殊符号
+            // string[] patten2 = StrRegex.Split('|');
+            //开始检查 模式1:Sql注入的可能关键字 的注入情况
+            foreach (string sqlKey in patten1)
+            {
+                if (_sWord.IndexOf(" " + sqlKey) >= 0 || _sWord.IndexOf(sqlKey + " ") >= 0)
+                {
+                    //只要存在一个可能出现Sql注入的参数,则直接退出
+                    result = true;
+                    break;
+                }
+            }
+            //开始检查 模式1:Sql注入的可能特殊符号 的注入情况
+            //foreach (string sqlKey in patten2)
+            //{
+            //    if (_sWord.IndexOf(sqlKey) >= 0)
+            //    {
+            //        //只要存在一个可能出现Sql注入的参数,则直接退出
+            //        result = true;
+            //        break;
+            //    }
+            //}
+            return result;
+        }
+        /// <summary>
+        /// 执行Sql注入验证
+        /// </summary>
+        public void Check()
+        {
+            if (CheckRequestQuery() || CheckRequestForm())
+            {
+                response.Write(Msg);
+                response.End();
+            }
+        }
+
+    }
+}