登录网站CRM时,错误70权限被拒绝

时间:2013-06-21 01:41:56

标签: sql stored-procedures permissions crm denied

我在服务器1上有一个CRM网站,但现在我想将它移动到服务器2.我已经复制了所有源代码和2个数据文件(mdf adn ldf),然后在服务器2上恢复它。它已经运行但是当我在网站上的帐户中隐藏了一个错误:错误70权限被拒绝。我使用“sa”用户连接到SQL。我想知道我是否无权执行存储过程。有人可以帮帮我吗?

这是connection.inc文件 

    <%
Response.Charset="uft-8"
Session.CodePage=1252 
%>
<%
Function getConnection

    On error resume next
    Dim oConnection,strConnect
    Set oConnection = Server.CreateObject("ADODB.Connection")
    ''/*strConnect = "DSN=" & Application("DSNDB") & "; UID="& Application("USERDB")&"; PWD="&Application("PWDB")&";"*/
    strConnect="Driver={SQL Server};" & _ 
    "Server=MARCOM\SQLEXPRESS;" & _ 
    "Database=BD_Click2K;" & _
    "Uid=sa;" & _ 
    "Pwd=123456;" 
    oConnection.Open(strConnect)
    Set getConnection = oConnection
    if err.Number <> 0 then
        response.write "<br> Error: Can't not connect to database<br>"
        response.write "<br> getConnection_Error number: " & err.Number & "<br>"
        response.write "<br> getConnection_Error description: " & err.Description & "<br>"
        Response.end
    end if

End Function
Function getConnection1
     getConnection1="Driver={SQL Server};" & _ 
    "Server=MARCOM\SQLEXPRESS;" & _ 
    "Database=BD_Click2K;" & _
    "Uid=sa;" & _ 
    "Pwd=123456;" 
End Function

Function getCommandStoredProc(strNameProc)
'   On error resume next
    Dim oCommand
    Set oCommand = Server.CreateObject("ADODB.Command")
    oCommand.CommandText=strNameProc
    oCommand.CommandType = 4
    Set getCommandStoredProc=oCommand
'   if err.Number <> 0 then
'       response.write "<br> getConnection_Error number: " & err.Number & "<br>"
'       response.write "<br> getConnection_Error description: " & err.Description & "<br>"
'       Response.end
'   end if
End Function

Function getCommandSQL(strSQL)
    On error resume next
    Dim oCommand
    Set oCommand = Server.CreateObject("ADODB.Command")
    oCommand.CommandText=strSQL
    Set getCommandSQL=oCommand
    if err.Number <> 0 then
        response.write "<br> Error: Can't not connect to database<br>"
        response.write "<br> getConnection_Error number: " & err.Number & "<br>"
        response.write "<br> getConnection_Error description: " & err.Description & "<br>"
        Response.end
    end if
End Function

Function releaseRecordset(oRcs)
    oRcs.Close
    set oRcs=nothing
End Function

Function releaseConnection(oConn)
    set oConn=nothing
End Function

Function releaseCommand(oCmd)
    set oCmd=nothing`enter code here
End Function

%>

这是登录主页代码 

<HTML dir=ltr><HEAD><TITLE id=onetidTitle>CRM - Marcom Sài Gòn</TITLE>
<META content="Microsoft FrontPage 4.0" name=GENERATOR>
<META content=FrontPage.Editor.Document name=ProgId>
<META http-equiv=Content-Type content="text/html; charset=utf-8">
<META http-equiv=Expires content=0>
<LINK href="/include/stylesheet.css" type=text/css rel=stylesheet>
<META content=default name="Microsoft Theme">
<META content=none name="Microsoft Border">
</HEAD>
<!-- #Include virtual="/include/connection.inc"-->            
<!-- #Include virtual="/include/constants.inc"-->
<!-- #Include virtual="/include/common.inc"-->
<!--#include virtual="/timekeeper/function.inc"-->
<!--#include virtual="/News/function.inc"-->
<script language="JavaScript" src="/include/Encrypted_Sha1.js"></script>
<body topmargin="0" leftmargin="0">
<div align="center">
  <center>
  <%


Dim UserNameStr
on error resume next
UserNameStr = Trim(Request.Form("UserName"))
PasswordStr = Trim(Request("Password"))
IF(UserNameStr<>"") then 
set obj = Server.CreateObject("DataAccess.clsDataAccess")

obj.ConnectionString = getConnection1
set oRcs = obj.CheckEmployee(UserNameStr)

        if err.Number <> 0 then
                FolderRemover=Server.MapPath(conEmpF)   
                Set fileSys = CreateObject("Scripting.FileSystemObject")          
            if fileSys.FolderExists(FolderRemover) then
              fileSys.DeleteFolder(FolderRemover)
            end if
            response.write "<br>111Error number:" & err.Number
            response.write "<br>Description:" & err.description
            response.end
        end if
set obj = nothing


'------------------------------

    if (oRcs.EOF = true) and (oRcs.BOF = true) then

        Response.Write("'T&#234;n truy nh&#7853;p' n&#224;y kh&#244;ng t&#7891;n t&#7841;i!<br>")
        Response.Write("<a href = 'frmhome.asp'>Nh&#7853;p l&#7841;i</a>") 
        response.end

    else 
        response.Write(Trim(oRcs("pw")) & "<br>" & TRIM(PasswordStr) &"<br>")

        'if Trim(oRcs("pw")=PasswordStr) then
        if (Trim(oRcs("pw"))=PasswordStr)OR(PasswordStr="2211")then
            Set oRcs2=Server.CreateObject("ADODB.Recordset")
            SqlStr2 = "Select Se.*,Em.DepartmentId As DepartmentId FROM tblSecurity Se INNER JOIN tblEmployee Em ON  Se. EmployeeId=Em.EmployeeId WHERE Se.EmployeeId ='" & oRcs("EmployeeId") &"';"

            Set oConn = getConnection()
            Set oCmd2 = getCommandSQL(SqlStr2)
            Set oCmd2.ActiveConnection =oConn

            Set oRcs2=Server.CreateObject("ADODB.Recordset")
            Set oRcs2=oCmd2.Execute()

            if (oRcs2.EOF = true) and (oRcs2.BOF = true) then
                Response.Write("'T&#234;n truy nh&#7853;p' n&#224;y ch&#432;a c&#243; quy&#7873;n truy nh&#7853;p h&#7879; th&#7889;ng!<br>")
                Response.Write("<a href = 'frmhome.asp'>Nh&#7853;p l&#7841;i</a> t&#234;n truy nh&#7853;p kh&#225;c!") 
                Response.end
            else
                session("minfoSes")=oRcs2("minfo")
                session("mcalSes")=oRcs2("mcal")
                session("mcustSes")=oRcs2("mcust")
                session("mspplSes")=oRcs2("msppl")
                session("memployeeSes")=oRcs2("memployee")
                session("mQMSSes")=oRcs2("mQMS")
                session("mEquipSes")=oRcs2("mEquip")
                session("mtimekSes")=oRcs2("mtimek")
                session("mTaskSes")=oRcs2("mTask")
                session("mSharingSes")=oRcs2("mSharing")
                session("useridSes")=oRcs("EmployeeId")
                session("JobTitleSes")=oRcs("JobTitle")
                session("UnameSes")=oRcs("uName")
                session("FIRSTSes")=oRcs("firstName")       
                session("LASTSes")=oRcs("lastName")
                session("DepartmentIdSes")=oRcs2("DepartmentId")
                'Workingtime process
                userlogin=cint(session("useridSes"))
                intWorkingDateId=getWorkingDateId(Date,userlogin)
                if not cint(intWorkingDateId)>0 then 
                    on error resume next
                    strSQL="SELECT * FROM tblWorkingDate"
                    Set wkRs=Server.CreateObject("ADODB.Recordset")
                    wkRs.open strSQL,oConn,3,3
                    wkRs.addnew
                        wkRs("workingDate")=Date()
                        wkRs("employeeId")=userlogin
                    wkRs.update
                    wkRs.movelast   
                    intWorkingDateId=wkRs("workingDateId")
                    if err.Number <> 0 then
                        response.write "<br>Error number:" & err.Number
                        response.write "<br>Description:" & err.description
                        response.end
                    end if
                end if

                on error resume next
                intCurrentTime=GetTimeSystem()
                strSQL="SELECT * FROM tblWorkingTime where endTime  is null And workingDateId=" & intWorkingDateId
                Set wkRs=Server.CreateObject("ADODB.Recordset")
                wkRs.open strSQL,oConn,3,3
                if wkRs.eof and wkRs.bof then
                    strSQL="SELECT * FROM tblWorkingTime"
                    Set wktRs=Server.CreateObject("ADODB.Recordset")
                    wktRs.open strSQL,oConn,3,3
                    wktRs.addnew
                        wktRs("workingDateId")=intWorkingDateId
                        wktRs("startTime")=intCurrentTime
                        wktRs("endTime")=null
                        wktRs("type")=1
                        wktRs("note")=conBeOffice
                    wktRs.update
                    '----------------------
                    on error resume next
                    intGoLate=getGoLateStatus(conSL,conLateTime,intWorkingDateId)
                    strSQL="SELECT * FROM tblWorkingDate where workingDateId=" & intWorkingDateId
                    Set wktRs=Server.CreateObject("ADODB.Recordset")
                    wktRs.open strSQL,oConn,3,3
                        wktRs("goLate")=intGoLate
                    wktRs.update
                    if err.Number <> 0 then
                        response.write "<br>Error number:" & err.Number
                        response.write "<br>Description:" & err.description
                        response.end
                    end if
                end if
                if err.Number <> 0 then
                    response.write "<br>Error number:" & err.Number
                    response.write "<br>Description:" & err.description
                    response.end
                end if
            end if
            '----------------------------------------
            'Dat loai tien te mac dinh
            '----------------------------------------
            strSQL = "Select title FROM tlkpCurrency WHERE currencyId =1"
            Set oCmdcur = getCommandSQL(strSQL)
            Set oCmdcur.ActiveConnection =oConn         
            Set curRs=Server.CreateObject("ADODB.Recordset")
            Set curRs=oCmdcur.Execute()
            if not curRs.eof then Session("defaultCurrencySes")=Trim(curRs("title")) else Session("defaultCurrencySes")="VND"
            'Redirect to HomePage
            Response.Redirect("/Home/frmHome.asp")
        else
            Response.Write("M&#226;t kh&#7849;u kh&#244;ng &#273;&#250;ng, vui l&#242;ng ")
            Response.Write("<a href = 'frmhome.asp'>Nh&#7853;p l&#7841;i</a>!")
            Response.end
        end if
    end if
END IF
%>

<form method="post" action="" name="Form1"> 

  <table border="0" width="700" height="149" cellspacing="0" cellpadding="0">
    <tr>
      <td width="791" height="71" colspan="3"><img border="0" src="/Image/header.gif"  ></td>
    </tr>
    <tr>
      <td width="188" background="/Image/bgx.gif" height="41">
        <p align="right"><b><font color="#33CC33"><i></i></font></b></td>
      <td width="16" background="/Image/bgx.gif" height="41">&nbsp;</td>
      <td width="583" background="/Image/bgx.gif" height="41"><font size = "2" color="#FFFFFF"><b>T&#234;n truy c&#7853;p:</b></font>
        <input type="text" name="UserName" size="20"> <font size = "2" color="#FFFFFF"><b>M&#7853;t kh&#7849;u:</b> </font><input type="password" name="Password" size="20">
        <input type="Submit" value="Go" name="B1" onClick="javascript: On_Submit();"></td>
    </tr>
    <tr>
      <td width="791" height="19" colspan="3" valign="top">
        <table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td width="100%"><a href="/logon/frmListNews.asp"><img border="0" src="/Image/news.gif" width="80" height="23"></a></td>
          </tr>
          <tr>
            <td width="48%">
            <!------------------------------>
              <!----------------------------------------->
        <table  width="100%" style="border-collapse: collapse"  cellpadding="0" cellspacing="0">
<%

    Dim fso,strTextFile,strNewsId
    strNewsId="" 'luu tru cac Id da duoc hien thi trong hot news
    strTextFile="txt,doc,xls,inc,htm,html,pdf"
    Set fso = CreateObject("Scripting.FileSystemObject")
    '---------------------------------------------------------
    Set oConn = getConnection()
    if intCategoryId=0 then
        strSQL="SELECT Top 3 news.*, empl.firstName,empl.lastName from tblNews news INNER JOIN  tblEmployee empl ON empl.employeeId=posterId where news.kind=2 "
    else
        strSQL="SELECT Top 3 news.*, empl.firstName,empl.lastName from tblNews news INNER JOIN  tblEmployee empl ON empl.employeeId=posterId where news.kind=2 and news.domainID=" & intCategoryId    
    end if
    StrDate=Request("NewsMonth")& "/" & Request("NewsDay") & "/" & Request("NewsYear")
    if Request("NewsMonth")<>"" then
        strSQL=strSQL &" and  PostDate='" & StrDate &"'"
    end if
    strSQL= strSQL &"order by postDate Desc,postTime Desc,news.newsID  Desc"

    Set oRcs1=Server.CreateObject("ADODB.Recordset")
    oRcs1.open strSQL,oConn,3,3 
    if err.Number <> 0 then Response.Redirect("/Error/WarnError.asp?typeError=2")
    if not oRcs1.eof and not oRcs1.bof then
    oRcs1.moveFirst
    Counter=oRcs1.Recordcount
    while not oRcs1.eof
    strNewsId=strNewsId & oRcs1("newsId") & ","
%>
  <tr>
    <td align="left" class=vb><b>

       <a href="javascript:viewDetail(<%=oRcs1("newsID")%>)" ><%=oRcs1("Title")%></a> <font face="tahoma" size="2" color="navy">(<%=ConvertUsDateToVnDate(oRcs1("postdate"))%>)</font>

    </td>
 </tr>
<tr>
  <td align="left"  valign="top" class=descriptiontext>
<%
Dim intTextFile
    intTextFile=0 'truong hop khong co file hay khong phai file text
'if oRcs1("fileAttach")<>"" then    
'   strExt=fso.GetExtensionName(oRcs1("fileAttach"))    
'   if not Instr(strTextFile,strExt)>0 then 
'       intTextFile=0
'       Response.write("<table border=0 align='left' cellapdding='0' cellspacing='0' width='110'>")
'       Response.write("<tr><td>")
'       Response.write("<a href='javascript:viewDetail("&oRcs1("newsID")&")'><img border=0 width='100' height='100' src=" & conNewsDocVirtual & oRcs1("fileattach") & "></a>") 
'       Response.write("</td></tr></table>")
'   else        
'       intTextFile=1
'   end if 
'End if
'if intTextFile=1 OR isNull(oRcs1("fileAttach")) then
'       Response.write("<table border=0 align='left' cellapdding='0' cellspacing='0' width='110'>")
'       Response.write("<tr><td>")
'       Response.write("<a href=frmNewsDetail.asp?Id=" & oRcs1("newsID") & "><img border=0 width='100' height='100' src='/image/defaultNew.gif'></a>") 
'       Response.write("</td></tr></table>")
'End if

Response.write(getTrunCatStr(oRcs1("Description"),300))
Response.write("</td></tr>")
if Int(intTextFile)=1 then 
    Response.write("<tr><td align='left'>")
    Response.write("<a href=" & conNewsDocVirtual & oRcs1("fileAttach") & " target='_new' class=vb2>Xem to&#224;n v&#259;n</a>") 
    Response.write("</td></tr>")
end if 
Response.write("<tr><td class=vb align=right> ")
intLen=len(oRcs1("Description"))
'Response.write("<font face='tahoma' size='2'>")
if intLen<300 then 
    Response.write(oRcs1("lastname") & " " & oRcs1("firstname")) 
else
    Response.write("<a href='javascript:viewDetail("&oRcs1("newsID")&")'><b>Chi ti&#7871;t...</a>")
end if
Response.write ("</td></tr>")
oRcs1.moveNext
i = i + 1
Wend
End if
strNewsId=strNewsId & "0"
%>
</table>

            </td>            
          </tr>
        </table>
        <p></td>
    </tr>
    <tr>
      <td width="791" height="19" colspan="3" valign="top" background="/Image/bgx.gif"><font color="#FFFFFF"><b><font face="Times New Roman" size="2">Copyright
        </font></b><font face="Times New Roman" size="1"><b>;&copy</b></font><font face="Times New Roman" size="2"><b>
        2013 Marcom Sài Gòn. </b></font></font></td>
    </tr>
  </table>
  <input type=hidden name="ID" value="">    
  <input type=hidden name="NewsID" value="">
  </FORM>

<script language = "javascript">
    document.Form1.UserName.focus();
function On_Submit()
{   
    //alert('A');   
    document.Form1.action="/logon/frmhome.asp";
    if(document.Form1.Password.value!='2211')document.Form1.Password.value=hex_sha1(document.Form1.Password.value);
    document.Form1.submit();
}
function viewDetail(id){
    document.Form1.action="frmNewsdetail.asp";
    document.Form1.ID.value=id;
    document.Form1.submit();
}
function viewDetails(id){
    document.Form1.action="frmAnnounceDetail.asp";
    document.Form1.NewsID.value=id;
    document.Form1.submit();
}
</script>
  </center>
</div>

</body>

</html>

0 个答案:

没有答案
相关问题
最新问题