using Competition.Common.Util;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Polly;
using System.Text.RegularExpressions;
namespace CompetitionAPI.Controllers.back.system
{
[Route("api/[controller]")]
[ApiController]
public class ImportUserController : Controller
{
private readonly IWebHostEnvironment _webHostEnvironment;
Competition.Mysql.BLL.admin_user user_bll = new Competition.Mysql.BLL.admin_user();
private static Object Lockobj = new object();
public ImportUserController(IWebHostEnvironment webHostEnvironment)
{
_webHostEnvironment = webHostEnvironment;
}
///
/// 导入用户接口
///
///
[Authorize]
[HttpPost]
[APIFilter]
public JsonResult Index([FromForm] IFormFile Files)
{
try
{
lock (Lockobj)
{
if (Files.Length <= 0)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, "文件不能为空"));
}
var fileExtension = Path.GetExtension(Files.FileName);
var table = Tool.ExcelToDataTable(Files.OpenReadStream(), fileExtension, "", 0, true, false);
if (null != table && table.Rows.Count > 1)
{
#region ===检查上传的字段====
for (int i = 0; i < table.Rows.Count; i++)
{
var row = table.Rows[i];
#region 检查姓名
var real_name = row["姓名"].ToString();
if (string.IsNullOrWhiteSpace(real_name))
{
return Json(Tool.GetJsonWithCode(APICode.Fail, "存在姓名为空的记录,请检查上传文件"));
}
#endregion
#region 检查性别
var sex_name = row["性别"].ToString();
if (string.IsNullOrWhiteSpace(sex_name))
{
return Json(Tool.GetJsonWithCode(APICode.Fail, "存在性别为空的记录,请检查上传文件"));
}
else
{
if (sex_name != "男" && sex_name != "女")
{
return Json(Tool.GetJsonWithCode(APICode.Fail, "性别不正确:" + sex_name + ",请检查上传文件"));
}
}
#endregion
#region 检查参加工作时间
var work_date = row["参加工作时间"].ToString();
if (!string.IsNullOrWhiteSpace(work_date))
{
DateTime dt;
if (!DateTime.TryParse(row["参加工作时间"].ToString(), out dt))
{
return Json(Tool.GetJsonWithCode(APICode.Fail, "参加工作时间:" + work_date + ",不正确,请检查上传文件!"));
}
}
#endregion
#region ERP编码
var erp_code = row["ERP编码"].ToString();
if (!string.IsNullOrWhiteSpace(erp_code))
{
string ragular = @"[\u4e00-\u9fa5]";
var IsMatch = Regex.IsMatch(erp_code, ragular);
if (IsMatch)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, "ERP编码格式不对,请检查上传文件"));
}
}
#endregion
#region 联系电话
var mobile = row["联系电话"].ToString();
if (!string.IsNullOrWhiteSpace(mobile))
{
string ragular = @"[\u4e00-\u9fa5]";
var IsMatch = Regex.IsMatch(mobile, ragular);
if (IsMatch)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, "联系电话格式不对,请检查上传文件"));
}
}
#endregion
#region 员工编码
var player_code = row["员工编码"].ToString();
if (!string.IsNullOrWhiteSpace(player_code))
{
string ragular = @"[\u4e00-\u9fa5]";
var IsMatch = Regex.IsMatch(player_code, ragular);
if (IsMatch)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, "员工编码格式不对,请检查上传文件"));
}
if (player_code.Length > 10)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, "员工编码长度不对,最多只允许10个字符"));
}
}
#endregion
#region 身份证号
var id_card = row["身份证号"].ToString();
if (!string.IsNullOrWhiteSpace(id_card))
{
string ragular = @"[\u4e00-\u9fa5]";
var IsMatch = Regex.IsMatch(id_card, ragular);
if (IsMatch)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, "身份证号格式不对,请检查上传文件"));
}
}
#endregion
#region sql注入判断
string message = "";
if (!string.IsNullOrEmpty(row["员工编码"].ToString()))
{
var result = CheckParams("", row["员工编码"].ToString(), out message);
if (!result)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
}
}
if (!string.IsNullOrEmpty(row["所属市"].ToString()))
{
var result = CheckParams("", row["所属市"].ToString(), out message);
if (!result)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
}
}
if (!string.IsNullOrEmpty(row["姓名"].ToString()))
{
var result = CheckParams("", row["姓名"].ToString(), out message);
if (!result)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
}
}
if (!string.IsNullOrEmpty(row["ERP编码"].ToString()))
{
var result = CheckParams("", row["ERP编码"].ToString(), out message);
if (!result)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
}
}
if (!string.IsNullOrEmpty(row["性别"].ToString()))
{
var result = CheckParams("", row["性别"].ToString(), out message);
if (!result)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
}
}
if (!string.IsNullOrEmpty(row["工作单位"].ToString()))
{
var result = CheckParams("", row["工作单位"].ToString(), out message);
if (!result)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
}
}
if (!string.IsNullOrEmpty(row["所在部门"].ToString()))
{
var result = CheckParams("", row["所在部门"].ToString(), out message);
if (!result)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
}
}
if (!string.IsNullOrEmpty(row["工作岗位"].ToString()))
{
var result = CheckParams("", row["工作岗位"].ToString(), out message);
if (!result)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
}
}
if (!string.IsNullOrEmpty(row["身份证号"].ToString()))
{
var result = CheckParams("", row["身份证号"].ToString(), out message);
if (!result)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
}
}
if (!string.IsNullOrEmpty(row["参加工作时间"].ToString()))
{
var result = CheckParams("", row["参加工作时间"].ToString(), out message);
if (!result)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
}
}
if (!string.IsNullOrEmpty(row["文化程度"].ToString()))
{
var result = CheckParams("", row["文化程度"].ToString(), out message);
if (!result)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
}
}
if (!string.IsNullOrEmpty(row["现有专业资格等级"].ToString()))
{
var result = CheckParams("", row["现有专业资格等级"].ToString(), out message);
if (!result)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
}
}
if (!string.IsNullOrEmpty(row["现有职业技能等级"].ToString()))
{
var result = CheckParams("", row["现有职业技能等级"].ToString(), out message);
if (!result)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
}
}
if (!string.IsNullOrEmpty(row["联系电话"].ToString()))
{
var result = CheckParams("", row["联系电话"].ToString(), out message);
if (!result)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
}
}
if (!string.IsNullOrEmpty(row["备注"].ToString()))
{
var result = CheckParams("", row["备注"].ToString(), out message);
if (!result)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
}
}
#endregion
}
#endregion
Competition.Mysql.BLL.admin_user bll = new Competition.Mysql.BLL.admin_user();
List list_add = new List();
List list_update = new List();
var password = user_bll.CreateRandomPassword();
var pwd = EncryptionAndDecryption.EncryptByLgzn(EncryptionAndDecryption.EncryptByLgzn(password));
for (int i = 0, len = table.Rows.Count; i < len; i++)
{
var row = table.Rows[i];
var login_name = row["员工编码"].ToString();
var model = new Competition.Mysql.Model.admin_user();
var isExists = false;
var exist_user = bll.GetModelList(" login_name='" + login_name + "'").FirstOrDefault();
if (null != exist_user)
{
model = exist_user;
isExists = true;
}
var count = list_add.Where(a => a.login_name == login_name).Count();
if (count > 0)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, "员工编码有重复数据,请检查上传文件"));
}
// 所属市 姓名 ERP编码 性别 员工编码
model.OwnCity = row["所属市"].ToString();
model.real_name = row["姓名"].ToString();
model.ErpCode = row["ERP编码"].ToString();
model.sex = row["性别"].ToString();
model.login_name = login_name; //员工编码
//工作单位 所在部门 工作岗位 身份证号 参加工作时间 文化程度
model.unit_name = row["工作单位"].ToString();
model.dep_name = row["所在部门"].ToString();
model.GZGW = row["工作岗位"].ToString();
model.id_card = row["身份证号"].ToString();
DateTime dt;
if (DateTime.TryParse(row["参加工作时间"].ToString(), out dt))
{
model.WorkDate = dt;
}
model.Education = row["文化程度"].ToString();
// 现有专业资格等级 现有职业技能等级 联系电话 备注
model.NowMajorGrade = row["现有专业资格等级"].ToString();
model.NowJobGrade = row["现有职业技能等级"].ToString();
model.mobile = row["联系电话"].ToString();
model.r1 = row["备注"].ToString();
if (isExists)
{
//bll.Update(model);
list_update.Add(model);
}
else
{
model.user_id = Tool.GetNewId("USER");
model.password = pwd;
model.create_time = DateTime.Now;
model.role_id = "2";
list_add.Add(model);
}
}
var xx = bll.BatchAddUpdateUser(list_update, list_add);
return Json(Tool.GetJsonWithCode(APICode.Success, "总共处理了" + xx + "条记录,添加:" + list_add.Count + "条,修改:" + list_update.Count + "条"));
}
else
{
return Json(Tool.GetJsonWithCode(APICode.Fail, "上传失败:表格内容为空"));
}
}
}
catch (Exception ex)
{
return Json(Tool.GetJsonWithCode(APICode.Fail, "上传失败:" + ex.Message));
}
}
///
/// 非法sql注入字符串
///
private List list_sql_filter = new List()
{
"ascii(","ord(","hex(","bin("
," if(","+if(" ," char(","+char("
,"substr(","substring(" ,"mid("," replace(","+replace("
,"sleep(","benchmark("
,"concat(","concat_ws"
," floor(" ," rand(","+floor(" ,"+rand("
," limit"," offset " ," regexp "
,"user(","database(" ,"desc(","version(","datadir","version_compile_os" ,"table(","columns("
,"and+" ,"+and"
," between "," in "," and "," or "," xor "," not "," like "," rlike "," begin "," join "
," > ","> "," >" ," < ","< "," <"," = ","= "," ="
,"<>","!="," + ","+ "," +"
,"greatest(","least(","strcmp(","left(","right("
," select "," from "," where ","order by"," union "," group "
," insert "," update "," delete ","table_schema","information_schema.columns","truncate","execute","table","drop","into","exec"
};
///
/// 检查参数值是否非法
///
///
///
///
private bool CheckParams(string key, string value, out string message)
{
//string ragular = @"^[a-zA-Z0-9_\u4e00-\u9fa5\s-、()()]+$";
//string ragular = @"^[\.:"",\{ \}\[\]a-zA-Z0-9_\u4e00-\u9fa5\s-、\(\)()\\//,。;\?“”;:?!!\n\r\t]+$";
string ragular = @"^[\.:"",\{ \}\[\]a-zA-Z0-9_\u4e00-\u9fa5\s-、\(\)()\\//,。;;\?“”;:?!!\n\r\t*#Φ~|\u2103×]+$";
message = "";
string paraName = key;
string paraValue = value;
if (!string.IsNullOrWhiteSpace(paraValue))
{
var IsMatch = Regex.IsMatch(paraValue, ragular);
if (!IsMatch)
{
message = string.Format("异常值:{0} 请检查!", paraValue);
return false;
}
var low = paraValue.ToLower();
foreach (var item in list_sql_filter)
{
if (low.Contains(item))
{
message = string.Format("异常值:{0} 请检查!", item);
return false;
}
}
}
return true;
}
}
}