Scribd
Upload
5 views13 pages

123

The document is an ASP.NET application configuration script written in VB.NET, which includes event handlers for application lifecycle events such as startup, session management, and error handling. It initializes application-level variables for tracking online visitors and file attachment requirements, while also managing user authentication and permissions for various URLs. Additionally, it contains commented-out sections for database connection setup and error logging functionality.

Uploaded by

Tran Minh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
5 views13 pages

123

The document is an ASP.NET application configuration script written in VB.NET, which includes event handlers for application lifecycle events such as startup, session management, and error handling. It initializes application-level variables for tracking online visitors and file attachment requirements, while also managing user authentication and permissions for various URLs. Additionally, it contains commented-out sections for database connection setup and error logging functionality.

Uploaded by

Tran Minh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 13

<%@ Application Language="VB" %>

<%@ Import Namespace="System.IO" %>


<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Security.Principal" %>
<script runat="server">
Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
'BasePage.EnsureRequestValidationMode()
'If DemoSettings.IsSiteMode Then
' Dim conn As ConnectionStringSettings =
ConfigurationManager.ConnectionStrings("XPOServerMode")
' If conn IsNot Nothing Then
' ' Code that runs on application startup
' Dim dict As DevExpress.Xpo.Metadata.XPDictionary = New
DevExpress.Xpo.Metadata.ReflectionDictionary()
' dict.GetDataStoreSchema(GetType(ServerSideGridTest).Assembly)
' Dim store As DevExpress.Xpo.DB.IDataStore =
DevExpress.Xpo.XpoDefault.GetConnectionProvider(conn.ConnectionString,
DevExpress.Xpo.DB.AutoCreateOption.SchemaAlreadyExists)
' DevExpress.Xpo.XpoDefault.DataLayer = New
DevExpress.Xpo.ThreadSafeDataLayer(dict, store)
' End If
' End If

'bo dem nguoi truy cap


Application("visitors_online") = 0
Application("HomNay") = 0
Application("HomQua") = 0
Application("TuanNay") = 0
Application("TuanTruoc") = 0
Application("ThangNay") = 0
Application("ThangTruoc") = 0
Application("TatCa") = 0
'NBH.Thainh 09/08/2016.Tham so dieu khien viec co yeu cau nhap File dinh
kem khi nhap luu CV di va den
Application("IS_REQ_ATTACH_FILE") =
ConfigurationManager.AppSettings("IS_REQ_ATTACH_FILE")
End Sub

Sub Application_End(ByVal sender As Object, ByVal e As EventArgs)


' Code that runs on application shutdown

End Sub

Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)


' Code that runs when an unhandled error occurs
Dim ex As Exception = Server.GetLastError()

Dim strurl As String = HttpContext.Current.Request.Url.ToString()

' filter out 404 responses


Dim httpException = TryCast(ex, HttpException)
If httpException IsNot Nothing AndAlso httpException.GetHttpCode() = 404
Then
Return
End If

If TypeOf ex Is HttpUnhandledException AndAlso ex.InnerException IsNot


Nothing Then
ex = ex.InnerException
End If

Dim msgError As String = ex.Message & " - " & Session("VAN_BAN_TAI_KHOAN")


& " - " & strurl

If (ex IsNot Nothing) Then


Dim myAPI As New vanban.clsAPI
myAPI.UpdateLoi(1, 9, msgError)
End If
End Sub

Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)


' Code that runs when a new session is started
Dim myVanBanNBH As New vanban.clsVanBanNBH
Session.Timeout = 150
Application.Lock()
Application("visitors_online") =
Convert.ToInt32(Application("visitors_online")) + 1
Application("IS_REQ_ATTACH_FILE") =
myVanBanNBH.SELECT_GIA_TRI_THAM_SO("IS_REQ_ATTACH_FILE").ToString()
Application.UnLock()
' Try
' Dim myTrangchu As New LibTrangChu.clsTrangchu
' Dim dtb As DataSet
' dtb = myTrangchu.count_member(vanban.clsConnectQuantri.pathOrclQuantri())
' 'NBH 09/01/2017: Lấy tiêu đề tin nhắn trong DB
' 'Session("HEAD_SMS") =
myVanBanNBH.SELECT_GIA_TRI_THAM_SO("HEAD_SMS").ToString()
' 'Application.Lock()
' 'Application("IS_REQ_ATTACH_FILE") =
myVanBanNBH.SELECT_GIA_TRI_THAM_SO("IS_REQ_ATTACH_FILE").ToString()
' 'Application.UnLock()
' '------------------------------------
' If (dtb.Tables(0).Rows.Count > 0) Then
' Application("HomNay") = Long.Parse("0" + dtb.Tables(0).Rows(0)
("HomNay")).ToString("#,###")
' Application("HomQua") = Long.Parse("0" + dtb.Tables(0).Rows(0)
("HomQua")).ToString("#,###")
' Application("TuanNay") = Long.Parse("0" + dtb.Tables(0).Rows(0)
("TuanNay")).ToString("#,###")
' Application("TuanTruoc") = Long.Parse("0" + dtb.Tables(0).Rows(0)
("TuanTruoc")).ToString("#,###")
' Application("ThangNay") = Long.Parse("0" + dtb.Tables(0).Rows(0)
("ThangNay")).ToString("#,###")
' Application("ThangTruoc") = Long.Parse("0" + dtb.Tables(0).Rows(0)
("ThangTruoc")).ToString("#,###")
' Application("TatCa") = Long.Parse("0" + dtb.Tables(0).Rows(0)
("TatCa")).ToString("#,###")
' End If
' dtb.Dispose()
' Catch ex As Exception
' Session("HEAD_SMS") = "VPDT"
' End Try

End Sub

Sub Session_End(ByVal sender As Object, ByVal e As EventArgs)


' Code that runs when a session ends.
' Note: The Session_End event is raised only when the sessionstate mode
' is set to InProc in the Web.config file. If session mode is set to
StateServer
' or SQLServer, the event is not raised.
Application.Lock()
Application("visitors_online") =
Convert.ToUInt32(Application("visitors_online")) - 1
Application.UnLock()

End Sub

Protected Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e


As System.EventArgs)
If Not (HttpContext.Current.User Is Nothing) Then
If HttpContext.Current.User.Identity.IsAuthenticated Then
Dim id As FormsIdentity = HttpContext.Current.User.Identity
Dim ticket As FormsAuthenticationTicket = id.Ticket

' Get the stored user-data, in this case, our roles


Dim userData As String = ticket.UserData
Dim roles() As String = userData.Split(",")
HttpContext.Current.User = New GenericPrincipal(id, roles)
End If
End If
End Sub

Public Shared Function checkQuyen(ByVal idQuyen As Integer) As Boolean


Dim context As HttpContext = HttpContext.Current
If context.Session IsNot Nothing AndAlso context.Session("VAN_BAN_LOGIN")
IsNot Nothing Then
If context.Session("VAN_BAN_LOGIN") = 1 Then
Dim quyenId As New ArrayList
quyenId = context.Session("VAN_BAN_QUYEN")

Dim i As Integer
Dim quyen As Boolean
quyen = False
For i = 0 To quyenId.Count - 1
If (quyenId(i) = idQuyen) Then
quyen = True
End If
Next

Return quyen
End If

End If

Return False

End Function

Sub Application_AcquireRequestState(ByVal sender As Object, ByVal e As


EventArgs)
Dim context As HttpContext = HttpContext.Current
' Lấy URL của yêu cầu hiện tại
Dim url As String = HttpContext.Current.Request.Url.AbsolutePath.ToLower
If Not url.Contains("myajax.js") Then
If url.Contains("ajax") And Not
url.Contains("fileuploadcasimhandler.ashx") Then
If context.Session IsNot Nothing AndAlso
context.Session("VAN_BAN_LOGIN") IsNot Nothing Then

Else
context.Response.Redirect("~/Default.aspx")
context.Response.End()
End If
End If
End If
Dim urlToPermissions As New Dictionary(Of String, List(Of Integer))() From
{
{"/baocaodonviguidenubndt.aspx", New List(Of Integer)() From {554}},
{"/baocaodonvinhantuubndt.aspx", New List(Of Integer)() From {555}},
{"/baocaoguinhanvbdt.aspx", New List(Of Integer)() From {1014}},
{"/baocaothvbdenphongban.aspx", New List(Of Integer)() From {146}},
{"/baocaothvbdenphongbanchitiet.aspx", New List(Of Integer)() From
{146}},
{"/baocaotong.aspx", New List(Of Integer)() From {126}},
{"/baocaovbdenphongban.aspx", New List(Of Integer)() From {146}},
{"/baocaovbdenphongbanchitiet.aspx", New List(Of Integer)() From
{146}},
{"/baocaovbdiphongban.aspx", New List(Of Integer)() From {146}},
{"/baocaovbdiphongbanchitiet.aspx", New List(Of Integer)() From {146}},
{"/baocaovpdt.aspx", New List(Of Integer)() From {137}},
{"/baocaovpdtchitiet.aspx", New List(Of Integer)() From {146}},
{"/dangnhap.aspx", New List(Of Integer)() From {56}},
{"/duyetvanban.aspx", New List(Of Integer)() From {57}},
{"/sovanbanden.aspx", New List(Of Integer)() From {67}},
{"/sovanbandi.aspx", New List(Of Integer)() From {67}},
{"/thongdiep.aspx", New List(Of Integer)() From {129}},
{"/thongdiepchitiet.aspx", New List(Of Integer)() From {129}},
{"/udfilesize.aspx", New List(Of Integer)() From {57}},
{"/xemvanban.aspx", New List(Of Integer)() From {57}},
{"/xemvanban_n.aspx", New List(Of Integer)() From {57}},
{"/chitiettinhhinhxulyvbden_4089cp.aspx", New List(Of Integer)() From
{1035}},
{"/insoden_4089cp.aspx", New List(Of Integer)() From {1030}},
{"/insodi_4089cp.aspx", New List(Of Integer)() From {1031}},
{"/tonghoptinhhinhxulyvbdencb_4089cp.aspx", New List(Of Integer)() From
{1034}},
{"/tonghoptinhhinhxulyvbdendv_4089cp.aspx", New List(Of Integer)() From
{1032}},
{"/tonghopvanbanden_4089cp.aspx", New List(Of Integer)() From {1033}},
{"/tonghopvbdi_4089cp.aspx", New List(Of Integer)() From {1036}},
{"/capnhatcongviec.aspx", New List(Of Integer)() From {47}},
{"/chitietcongviec.aspx", New List(Of Integer)() From {46}},
{"/loaicongviec.aspx", New List(Of Integer)() From {30}},
{"/taocongviec.aspx", New List(Of Integer)() From {47}},
{"/butphe.aspx", New List(Of Integer)() From {999}},
{"/canbo.aspx", New List(Of Integer)() From {16}},
{"/chucvu.aspx", New List(Of Integer)() From {9}},
{"/danhmucchucvuhop.aspx", New List(Of Integer)() From {86}},
{"/danhmuchinhthuc.aspx", New List(Of Integer)() From {82}},
{"/danhmuclinhvuc.aspx", New List(Of Integer)() From {83}},
{"/danhmucloaihinh.aspx", New List(Of Integer)() From {81}},
{"/danhmucloaithietbi.aspx", New List(Of Integer)() From {84}},
{"/danhmucphonghop.aspx", New List(Of Integer)() From {87}},
{"/danhmucthietbi.aspx", New List(Of Integer)() From {85}},
{"/dantoc.aspx", New List(Of Integer)() From {6}},
{"/donvi.aspx", New List(Of Integer)() From {31}},
{"/linhvuc.aspx", New List(Of Integer)() From {10}},
{"/linhvuccv.aspx", New List(Of Integer)() From {10, 1251}},
{"/loai.aspx", New List(Of Integer)() From {11}},
{"/loaisovanban.aspx", New List(Of Integer)() From {65}},
{"/loaisovbdi.aspx", New List(Of Integer)() From {66}},
{"/loaithongdiep.aspx", New List(Of Integer)() From {59}},
{"/menu.aspx", New List(Of Integer)() From {15}},
{"/nhomquyen.aspx", New List(Of Integer)() From {17}},
{"/noigui.aspx", New List(Of Integer)() From {53}},
{"/noinhan.aspx", New List(Of Integer)() From {42}},
{"/phuongxa.aspx", New List(Of Integer)() From {5}},
{"/quanhuyen.aspx", New List(Of Integer)() From {4}},
{"/to.aspx", New List(Of Integer)() From {15}},
{"/tongiao.aspx", New List(Of Integer)() From {7}},
{"/trinhdo.aspx", New List(Of Integer)() From {8}},
{"/ykienchidaoxuly.aspx", New List(Of Integer)() From {160}},
{"/baocaoqlcvchitietdonvi.aspx", New List(Of Integer)() From {146}},
{"/baocaoqlcvtheocanhan.aspx", New List(Of Integer)() From {146}},
{"/baocaoqlcvtonghopdonvi.aspx", New List(Of Integer)() From {146}},
{"/baocaoqlcvtonghoptheotrangthai.aspx", New List(Of Integer)() From
{146}},
{"/capnhatgiaoviec.aspx", New List(Of Integer)() From {1251}},
{"/dashboardqlcv.aspx", New List(Of Integer)() From {1251, 701}},
{"/quanlycongviec.aspx", New List(Of Integer)() From {1251}},
{"/taogiaoviec.aspx", New List(Of Integer)() From {1251}},
{"/thongtincongviec.aspx", New List(Of Integer)() From {1251}},
{"/capnhatsdtdonvi.aspx", New List(Of Integer)() From {1006}},
{"/capnhattaikhoan.aspx", New List(Of Integer)() From {17}},
{"/cauhinhbrandname.aspx", New List(Of Integer)() From {26}},
{"/dangkyotp.aspx", New List(Of Integer)() From {13}},
{"/danhba.aspx", New List(Of Integer)() From {128}},
{"/danhsachdonvitructhuoc.aspx", New List(Of Integer)() From {90}},
{"/dinhnghiachutrinhvb.aspx", New List(Of Integer)() From {136}},
{"/doimatkhau.aspx", New List(Of Integer)() From {12}},
{"/importcb.aspx", New List(Of Integer)() From {42}},
{"/lienhe.aspx", New List(Of Integer)() From {29}},
{"/nhatky.aspx", New List(Of Integer)() From {14}},
{"/phanquyen.aspx", New List(Of Integer)() From {17}},
{"/phantocb.aspx", New List(Of Integer)() From {42}},
{"/thongbao.aspx", New List(Of Integer)() From {18}},
{"/thongtin.aspx", New List(Of Integer)() From {20}},
{"/capnhatchude.aspx", New List(Of Integer)() From {47}},
{"/chitietchude.aspx", New List(Of Integer)() From {46}},
{"/loaichude.aspx", New List(Of Integer)() From {30}},
{"/taochude.aspx", New List(Of Integer)() From {47}},
{"/capquyendangkylct.aspx", New List(Of Integer)() From {42}},
{"/dangkychitietlich.aspx", New List(Of Integer)() From {50}},
{"/dangkytuancanhan.aspx", New List(Of Integer)() From {50}},
{"/dangkytuandonvi.aspx", New List(Of Integer)() From {50}},
{"/dangkytuantocm.aspx", New List(Of Integer)() From {52}},
{"/phanquyenlcttocm.aspx", New List(Of Integer)() From {42}},
{"/xembaocaocn.aspx", New List(Of Integer)() From {49}},
{"/xembaocaodv.aspx", New List(Of Integer)() From {49}},
{"/xembaocaodv_all.aspx", New List(Of Integer)() From {49}},
{"/xembaocaotocm.aspx", New List(Of Integer)() From {49}},
{"/xemlctcn.aspx", New List(Of Integer)() From {49}},
{"/xemlichcanhan.aspx", New List(Of Integer)() From {49}},
{"/xemlichcongtac.aspx", New List(Of Integer)() From {49}},
{"/xemlichdonvi.aspx", New List(Of Integer)() From {49}},
{"/xemlichphong.aspx", New List(Of Integer)() From {49}},
{"/capnhatcuochop.aspx", New List(Of Integer)() From {88}},
{"/chitietcuochop.aspx", New List(Of Integer)() From {88}},
{"/diemdanhthanhphanhop.aspx", New List(Of Integer)() From {88}},
{"/lichhop.aspx", New List(Of Integer)() From {88}},
{"/moihop.aspx", New List(Of Integer)() From {89}},
{"/chiase.aspx", New List(Of Integer)() From {134}},
{"/tailieu.aspx", New List(Of Integer)() From {133}},
{"/tailieuchiase.aspx", New List(Of Integer)() From {133}},
{"/thungrac.aspx", New List(Of Integer)() From {135}},
{"/chitietgui.aspx", New List(Of Integer)() From {43}},
{"/chitietnhan.aspx", New List(Of Integer)() From {41}},
{"/chuyentiep.aspx", New List(Of Integer)() From {41, 43}},
{"/danhan.aspx", New List(Of Integer)() From {41, 41}},
{"/gui.aspx", New List(Of Integer)() From {42}},
{"/taonhom.aspx", New List(Of Integer)() From {44}},
{"/chuyenthumoi.aspx", New List(Of Integer)() From {121}},
{"/danhsachthumoi.aspx", New List(Of Integer)() From {121}},
{"/duyetthumoi.aspx", New List(Of Integer)() From {121}},
{"/sothumoi.aspx", New List(Of Integer)() From {123}},
{"/taothumoi.aspx", New List(Of Integer)() From {122}},
{"/xemchitietthumoi.aspx", New List(Of Integer)() From {121}},
{"/guitinnhan.aspx", New List(Of Integer)() From {62}},
{"/guitinnhantufile.aspx", New List(Of Integer)() From {62}},
{"/taonhomtinnhan.aspx", New List(Of Integer)() From {63}},
{"/capnhatchitiet.aspx", New List(Of Integer)() From {42}},
{"/chitiettintuc.aspx", New List(Of Integer)() From {42}},
{"/danhmuctintuc.aspx", New List(Of Integer)() From {42}},
{"/xemchitiettin1.aspx", New List(Of Integer)() From {42}},
{"/xemtintuc.aspx", New List(Of Integer)() From {42}},
{"/baocaogiaiquyetnhiemvu.aspx", New List(Of Integer)() From {42}},
{"/baocaophancongcv.aspx", New List(Of Integer)() From {42, 42}},
{"/baocaotonghop.aspx", New List(Of Integer)() From {124}},
{"/baocaoxulyvb.aspx", New List(Of Integer)() From {42}},
{"/capnhatvanban.aspx", New List(Of Integer)() From {21}},
{"/capnhatvbden.aspx", New List(Of Integer)() From {21}},
{"/capnhatvbdenchuyen.aspx", New List(Of Integer)() From {21}},
{"/capnhatvbdenkp.aspx", New List(Of Integer)() From {21}},
{"/capnhatvbdi.aspx", New List(Of Integer)() From {27}},
{"/chovaoso.aspx", New List(Of Integer)() From {21}},
{"/duyetden.aspx", New List(Of Integer)() From {24}},
{"/duyetden_chitiet.aspx", New List(Of Integer)() From {24}},
{"/duyetden_duyet.aspx", New List(Of Integer)() From {24}},
{"/duyetdi.aspx", New List(Of Integer)() From {25}},
{"/duyetdi_chitiet.aspx", New List(Of Integer)() From {25}},
{"/duyetdi_chuyen.aspx", New List(Of Integer)() From {25}},
{"/duyetphathanh.aspx", New List(Of Integer)() From {27}},
{"/inphieutrinh.aspx", New List(Of Integer)() From {49}},
{"/luuden.aspx", New List(Of Integer)() From {21}},
{"/luudicv.aspx", New List(Of Integer)() From {27}},
{"/phathanhvanbandi.aspx", New List(Of Integer)() From {22}},
{"/phathanhvanbandicapnhatvb.aspx", New List(Of Integer)() From {22}},
{"/quatrinh_xuly.aspx", New List(Of Integer)() From {21, 22, 24, 25,
28, 19}},
{"/quatrinh_xulydi.aspx", New List(Of Integer)() From {21, 22, 24, 25,
28}},
{"/searchvanbanden.aspx", New List(Of Integer)() From {23}},
{"/searchvanbandenv2.aspx", New List(Of Integer)() From {23}},
{"/searchvanbandi.aspx", New List(Of Integer)() From {26}},
{"/searchvanbandiv2.aspx", New List(Of Integer)() From {26}},
{"/taonhomlienthong.aspx", New List(Of Integer)() From {34}},
{"/taonhomnn_ngoaidv.aspx", New List(Of Integer)() From {33}},
{"/taonhomnn_vanban.aspx", New List(Of Integer)() From {33}},
{"/timkiemvanban.aspx", New List(Of Integer)() From {127}},
{"/uyquyen.aspx", New List(Of Integer)() From {32}},
{"/xemchitiettonghop.aspx", New List(Of Integer)() From {124}},
{"/xemden.aspx", New List(Of Integer)() From {19}},
{"/xemden_chuahoantat.aspx", New List(Of Integer)() From {19}},
{"/xemden_chualuu.aspx", New List(Of Integer)() From {1020}},
{"/xemden_chuyen.aspx", New List(Of Integer)() From {19}},
{"/xemden_vbhanxl.aspx", New List(Of Integer)() From {19}},
{"/xemdi.aspx", New List(Of Integer)() From {27}},
{"/xemvb_phathanh.aspx", New List(Of Integer)() From {27}},
{"/xem_chitiet.aspx", New List(Of Integer)() From {19}},
{"/xulyden.aspx", New List(Of Integer)() From {21}},
{"/xulydenedoc_luu.aspx", New List(Of Integer)() From {21}},
{"/xulyden_capnhat.aspx", New List(Of Integer)() From {21}},
{"/xulyden_chitiet.aspx", New List(Of Integer)() From {21}},
{"/xulyden_chuyen.aspx", New List(Of Integer)() From {21}},
{"/xulyden_luu.aspx", New List(Of Integer)() From {21}},
{"/xulydi.aspx", New List(Of Integer)() From {22}},
{"/xulydicv.aspx", New List(Of Integer)() From {27}},
{"/xulydicv_chitiet.aspx", New List(Of Integer)() From {28}},
{"/xulydi_capnhat.aspx", New List(Of Integer)() From {22}},
{"/xulydi_capnhatvb.aspx", New List(Of Integer)() From {22}},
{"/xulydi_capnhat_.aspx", New List(Of Integer)() From {22}},
{"/xulydi_chitiet.aspx", New List(Of Integer)() From {22}},
{"/capnhat_vbnb.aspx", New List(Of Integer)() From {42}},
{"/guivanbannoibo.aspx", New List(Of Integer)() From {42}},
{"/quatrinhxuly_vbnb.aspx", New List(Of Integer)() From {42}},
{"/taonhomvanbannoibo.aspx", New List(Of Integer)() From {44}},
{"/vanbannoibo_chocapso.aspx", New List(Of Integer)() From {69}},
{"/vanbannoibo_gui.aspx", New List(Of Integer)() From {42}},
{"/vanbannoibo_nhan.aspx", New List(Of Integer)() From {42}},
{"/xemchitiet_vbnb.aspx", New List(Of Integer)() From {42}},
{"/baocaoplvb473.aspx", New List(Of Integer)() From {146}},
{"/baocaovbcdtonghop.aspx", New List(Of Integer)() From {1001}},
{"/baocaovbcdtonghopnhanvien.aspx", New List(Of Integer)() From
{1001}},
{"/baocaovbcdtonghop_n.aspx", New List(Of Integer)() From {1001}},
{"/vbcdduyetden.aspx", New List(Of Integer)() From {24}},
{"/vbcdduyetden_chitiet.aspx", New List(Of Integer)() From {24}},
{"/vbcdduyetden_duyet.aspx", New List(Of Integer)() From {24}},
{"/vbcdduyetdi.aspx", New List(Of Integer)() From {25}},
{"/vbcdduyetdi_chitiet.aspx", New List(Of Integer)() From {25}},
{"/vbcdduyetdi_chuyen.aspx", New List(Of Integer)() From {25}},
{"/vbcdluudicv.aspx", New List(Of Integer)() From {27}},
{"/vbcdphathanhvanbandi.aspx", New List(Of Integer)() From {22}},
{"/vbcdtheodoi.aspx", New List(Of Integer)() From {21}},
{"/vbcdtheodoidinhky.aspx", New List(Of Integer)() From {21}},
{"/vbcdxemden.aspx", New List(Of Integer)() From {19}},
{"/vbcdxemden_chuyen.aspx", New List(Of Integer)() From {19}},
{"/vbcdxem_chitiet.aspx", New List(Of Integer)() From {19}},
{"/vbcdxulyden_capnhat.aspx", New List(Of Integer)() From {21}},
{"/vbcdxulyden_chitiet.aspx", New List(Of Integer)() From {21}},
{"/vbcdxulyden_chuyen.aspx", New List(Of Integer)() From {21}},
{"/vbcdxulyden_luu.aspx", New List(Of Integer)() From {21}},
{"/vbcdxulydi.aspx", New List(Of Integer)() From {22}},
{"/vbcdxulydicv.aspx", New List(Of Integer)() From {27}},
{"/vbcdxulydicv_chitiet.aspx", New List(Of Integer)() From {28}},
{"/vbcdxulydi_capnhat.aspx", New List(Of Integer)() From {22}},
{"/vbcdxulydi_chitiet.aspx", New List(Of Integer)() From {22}}
}

For Each item In urlToPermissions


If url.Contains(item.Key) Then
Dim quyens As List(Of Integer) = item.Value
Dim canAccess As Boolean = False
For Each quyen In quyens
If checkQuyen(quyen) Then
canAccess = True
Exit For
End If
Next
If Not canAccess Then
context.Response.Redirect("~/Default.aspx")
context.Response.End()
End If
Exit For ' Dừng việc kiểm tra sau khi tìm thấy URL tương ứng
End If
Next
End Sub

Private Shared ReadOnly StartingChars As Char() = {"<", "&"}

Private Shared Function IsAtoZ(c As Char) As Boolean


Return (c >= "a"c AndAlso c <= "z"c) OrElse (c >= "A"c AndAlso c <= "Z"c)
End Function

Public Shared Function IsDangerousString(content As String, ByRef matchIndex As


Integer) As Boolean
Dim s As String = HttpUtility.UrlDecode(content)
matchIndex = 0

For i As Integer = 0 To s.Length - 1


' Look for the start of one of our patterns
Dim n As Integer = s.IndexOfAny(StartingChars, i)

' If not found, the string is safe


If n < 0 Then Return False

' If it's the last char, it's safe


If n = s.Length - 1 Then Return False

matchIndex = n

Select Case s(n)


Case "<"c
' If the < is followed by a letter or '!', it's unsafe (looks
like a tag or HTML comment)
If IsAtoZ(s(n + 1)) OrElse s(n + 1) = "!"c OrElse s(n + 1) =
"/"c OrElse s(n + 1) = "?"c Then
Return True
End If
Case "&"c
' If the & is followed by a #, it's unsafe (e.g. S)
If s(n + 1) = "#"c Then
Return True
End If
End Select

' Continue searching


i = n + 1
Next

Return False
End Function

Protected Sub Application_BeginRequest(ByVal sender As Object, ByVal e As


EventArgs)
If (Request.Headers.AllKeys.Contains("origin") Or
Request.Headers.AllKeys.Contains("Origin")) AndAlso Request.HttpMethod = "OPTIONS"
Then
Response.Flush()
End If
If (Request.ContentType.ToLower().Contains("json")) Then
'CHECK SQL INJECTION
Dim buffer1(1024) As Byte
Dim requestBody As List(Of Byte) = New List(Of Byte)

Do While True
Dim bytesRead As Integer = Request.InputStream.Read(buffer1, 0,
1024)
If bytesRead = 0 Then Exit Do
requestBody.AddRange(buffer1.Take(bytesRead)) ' Thêm dữ liệu vào
danh sách
Loop

Dim requestBodyString As String =


Encoding.UTF8.GetString(requestBody.ToArray()) ' Chuyển đổi byte sang chuỗi
If checkSQL_Injection(requestBodyString) = False Then
Response.Write("loi param 0")
Response.End()
Return
End If

Request.InputStream.Position = 0
End If
For Each key In Request.Form.AllKeys
If (key IsNot Nothing) Then
If (key.ToUpper() <> "__EVENTTARGET" And key.ToUpper() <>
"__EVENTARGUMENT" And key.ToUpper() <> "__VIEWSTATEGENERATOR" And key.ToUpper() <>
"__VIEWSTATE" And key.ToUpper() <> "__EVENTVALIDATION" And key.ToUpper() <>
"__LASTFOCUS") Then
Dim value As String = Request.Form(key)
If (key.ToUpper() <> "__CALLBACKPARAM" And key.ToUpper() <>
"__CALLBACKID" And checkSQL_Injection(value) = False) Then
Response.Write("loi param 1")
Response.End()
Return
End If
If
(Request.Url.AbsolutePath.ToLower().Contains("thongdiep/gui.aspx")) Then
If IsDangerousString(value, 0) = True Then
Response.Write("loi param 2")
Response.End()
Return
End If
End If
End If
End If
Next

If Request.QueryString.Count > 0 Then


For Each key In Request.QueryString.AllKeys
Dim value As String = Request.QueryString(key)
If checkSQL_Injection(value) = False Then
Response.Write("loi param 3")
Response.End()
Return
End If
If IsDangerousString(value, 0) = True Then
Response.Write("loi param 4")
Response.End()
Return
End If
'' Quuyet update check kyso
If (Not
Request.Url.AbsolutePath.ToLower().Contains("plugins/pdfkyso/index.html")) And
(value.Contains("/") OrElse value.Contains("\") OrElse value.Contains("..") OrElse
value.Contains(" % ")) Then
Response.Write("loi param 5")
Response.End()
End If
Next
End If
' Kiểm tra xem request là một multipart request và nó chứa files
If Request.Files.Count > 0 Then
For i As Integer = 0 To Request.Files.Count - 1
Dim file As HttpPostedFile = Request.Files(i)
Dim filePath = file.FileName
If filePath.Contains("/") OrElse filePath.Contains("\") OrElse
filePath.Contains("..") OrElse filePath.Contains(" % ") Then
Response.Write("Khong hop le")
Response.End()
End If
' Lấy tên file
Dim fileName As String = Path.GetFileName(file.FileName)
' Lấy phần mở rộng của file
Dim fileExtension As String = Path.GetExtension(fileName)
' Kiểm tra phần mở rộng của file
If Not String.IsNullOrEmpty(fileExtension) Then
' Ví dụ: Kiểm tra nếu file có phần mở rộng là .jpg hoặc .png
Dim extensions As String() = {".png", ".jpg", ".doc", ".docx",
".xls", ".xlsx", ".ppt", ".pptx", ".rar", ".zip", ".pdf"}
If extensions.Contains(fileExtension.ToLower()) Then
If (fileExtension.ToLower() = ".pdf") Then
Dim fileContent As String
Dim fileBuffer(1024) As Byte
Dim fileBody As List(Of Byte) = New List(Of Byte)

Do While True
Dim bytesRead As Integer =
file.InputStream.Read(fileBuffer, 0, 1024)
If bytesRead = 0 Then Exit Do
fileBody.AddRange(fileBuffer.Take(bytesRead)) '
Thêm dữ liệu vào danh sách
Loop

fileContent =
Encoding.UTF8.GetString(fileBody.ToArray()) ' Chuyển đổi byte sang chuỗi

If fileContent.ToLower().Contains("javascript") Then
Response.Write("File khong hop le 1")
Response.End()
End If
file.InputStream.Position = 0
End If
'Return
' Xử lý logic tại đây nếu file hợp lệ
' Ví dụ: Lưu file vào thư mục hoặc thực hiện xử lý khác
Else
' Xử lý logic nếu file không hợp lệ
' Ví dụ: Hiển thị thông báo lỗi
Response.Write("File khong hop le 2")
Response.End()
End If
End If
Next
End If
'If Request.Url.AbsolutePath.ToLower.Contains(".pdf") And
Request.Url.AbsolutePath.ToLower.Contains("vm01d2rfqxhnak09") Then
' Dim pdfContent As Byte() =
System.IO.File.ReadAllBytes(Server.MapPath(Request.Url.AbsolutePath))
' Dim fileName As String =
Path.GetFileName(Request.Url.AbsolutePath.ToLower)
' Response.Clear()
' Response.AddHeader("Content-Disposition", "inline; filename=" &
fileName & ".pdf")
' Response.AddHeader("Content-Length", pdfContent.Length.ToString())
' Response.ContentType = "application/pdf"
' Response.BinaryWrite(pdfContent)
' Response.End()
' Return
'End If
End Sub

Function checkSQL_Injection(ByVal content As String) As Boolean


'Return True
Dim value As String =
ReplaceSpecialCharacters(HttpUtility.UrlDecode(content))
If String.IsNullOrEmpty(value) Then
Return True
End If

' List of SQL keywords and patterns commonly used in SQL injection attacks
Dim sqlKeywords As String() = {
"SELECT", "INSERT", "UPDATE", "DELETE", "CREATE", "ALTER", "COMMIT",
"ROLLBACK",
"UNION", "JOIN", "WHERE", "INTO", "VALUES", "EXEC", "TRUNCATE",
"DECLARE",
"NVARCHAR", "CAST", "CONVERT", "EXECUTE", "INFORMATION_SCHEMA",
"TABLE_NAME",
"COLUMN_NAME", "CHAR", " AND ", " OR ", "AND ", "OR ", " AND", " OR",
";--", "/*", "*/", "CHAR(",
"NCHAR(", "VARCHAR(", "NVARCHAR(", "ALTER", "BEGIN", "DROP", "EXECUTE",
"FETCH",
"GRANT", "INSERT", "KILL", "MERGE", "OPEN", "SHUTDOWN", "SLEEP",
"SLEEP", "SYSTEM",
"TRUNCATE", "WAITFOR", "GREATEST", "BETWEEN", "SCHEMA", "DATABASE",
"DATATABLE",
"DBMS_NETWORK_ACL_ADMIN",
"UTL_SMTP",
"DBMS_XDB",
"DBMS_SCHEDULER",
"DBMS_XDB_CONFIG",
"DBMS_AQ",
"UTL_MAIL",
"DBMS_AQELM",
"DBMS_NETWORK_ACL_UTILITY",
"DBMS_MGD_ID_UTL",
"UTL_TCP",
"DBMS_MGWADM",
"DBMS_STREAMS_ADM",
"UTL_HTTP",
"DBMS_PIPE.RECEIVE_MESSAGE",
"DBMS_XMLQUERY.GETXML"
}

' Convert the input to uppercase for case-insensitive comparison


value = value.ToUpper()

' Check for SQL keywords


For Each keyword In sqlKeywords
If value.Contains(keyword) Then
Return False
End If
Next

Return True
End Function

Public Function ReplaceSpecialCharacters(inputString As String) As String


Dim result As New System.Text.StringBuilder()

For Each ch As Char In inputString


'If Char.IsLetterOrDigit(ch) Or ch = " " Or ch = " " Or ch = "*"
Or ch = "/" Then
If Char.IsLetterOrDigit(ch) Or ch = " " Or ch = " " Or ch = "*"
Or ch = "/" Or ch = "." Then
result.Append(ch)
End If
Next

Return result.ToString()
End Function

</script>

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy