archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/sdktools/debuggers/oca/dbgportal/privacy/userlevels.asp

515 lines
14 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. <%@ Language=VBScript %>
  2. <% Option Explicit
  3. Response.Buffer = true
  5. %>
  7. <!-- #include file="AuthorizedUtil.asp"-->
  8. <!-- #include file="MailUtil.asp"-->
  9. <%
  10. dim szSQL
  12. dim rgLevelID(), rgLevelDesc(), cElement, rgUserLevelDesc()
  13. dim objConn, objRec, objCmd
  14. dim UserID, AccessLevelID
  15. dim fFirst, dwUserID, iElement
  16. dim szReason, szApproverAlias, szApproverDomain, szDateApproved
  17. dim szHasApprovals, szSortType
  18. dim ApprovalTypeID
  20. Function GetUserIDFromLogon()
  21. dim szEmail, szDomain
  22. dim objConnT, objRecT, objCmdT
  23. dim dwResult
  25. EmailDomainFromLogon szEmail, szDomain
  27. set objConnT = Server.CreateObject("ADODB.CONNECTION")
  28. 'objConnT.Open szConnectionAuthorization, OCA_RO_UID, OCA_RO_PWD
  29. objConnT.Open szConnectionAuthorization
  30. set objCmdT = Server.CreateObject("ADODB.COMMAND")
  31. objCmdT.ActiveConnection = objConnT
  32. objCmdT.CommandType = &H0004
  34. objCmdT.CommandText = "OcaGetUserID"
  36. objCmdT.Parameters.Append objCmdT.CreateParameter ("RETURN_VALUE", 3, &H0004)
  38. objCmdT.Parameters.Append objCmdT.CreateParameter ("@User",200,&H0001,50,szEmail)
  39. objCmdT.Parameters.Append objCmdT.CreateParameter ("@Domain",200,&H0001,50,szDomain)
  41. objCmdT.Execute
  43. dwResult = CLng(objCmdT.Parameters("RETURN_VALUE"))
  45. set objCmdT = nothing
  47. objConnT.Close
  49. set objConnT = nothing
  51. GetUserIDFromLogon = dwResult
  53. End Function
  55. Function ArrayPosFromAccessLevelID(AccessLevelID, rgArray, cArray)
  56. dim iPos
  58. for iPos = 0 to cArray - 1
  59. if rgArray(iPos) = AccessLevelID then
  60. ArrayPosFromAccessLevelID = iPos
  61. exit function
  63. end if
  64. next
  66. ArrayPosFromAccessLevelID = -1
  68. End Function
  70. Sub ProcessApprovals(objConnIn, UserID)
  71. dim objRecApprovals
  72. dim szSQL
  73. dim fFirstRec, fFirstOverall
  75. set objRecApprovals = Server.CreateObject("ADODB.RECORDSET")
  77. szSQL = "select * from OcaApprovalList WHERE UserID = " & UserID & " ORDER BY dateapproved DESC, approvaltypeid ASC"
  79. set objRecApprovals = objConn.Execute (szSQL)
  81. if objRecApprovals.EOF then
  82. objRecApprovals.Close
  83. set objRecApprovals = nothing
  84. exit sub
  85. end if
  87. fFirstRec = True
  88. fFirstOverall = True
  90. do until objRecApprovals.EOF
  92. if IsNull(objRecApprovals("DateApproved")) then
  94. if FIsAuthenticated(CLng(objRecApprovals("ApproverAccessLevelID"))) or FIsAuthenticated(constAccessAdministrator) then
  96. if fFirstOverall then
  97. Response.Write "<br><br>"
  98. fFirstOverall = False
  99. end if
  101. if not fFirstRec then
  102. Response.Write "<hr>"
  103. end if
  105. %>
  108. <span style="color:red"><b><% =objRecApprovals("ApprovalDescription") %> request</b></span><br>
  109. <table><tr><td><b>Reason:</b></td><td><% =objRecApprovals("Reason") %></td></tr>
  110. <tr><td colspan=2>
  111. <a href="UserLevels.asp?UserID=<% =UserID %>&ApprovalTypeID=<% =objRecApprovals("ApprovalTypeID") %>&cmd=GrantAccess">Grant Access</a> (User will be notified via E-mail.)
  112. </td></tr>
  113. </table>
  114. <%
  115. fFirstRec = false
  116. end if
  118. else
  120. if fFirstOverall then
  121. Response.Write "<br><br>"
  122. fFirstOverall = False
  123. end if
  125. %>
  126. <i><% =objRecApprovals("ApprovalDescription") %> approved on <% =objRecApprovals("DateApproved") %> by <% =objRecApprovals("ApproverDomain") %>\<% =objRecApprovals("ApproverAlias") %></i><br>
  128. <%
  129. fFirstRec = false
  130. end if
  132. objRecApprovals.MoveNext
  133. Loop
  135. objRecApprovals.Close
  136. set objRecApprovals = nothing
  138. End Sub
  140. Sub DumpUnusedLevels(objConnIn, iElement, cElement, UserID)
  141. dim fFirstDesc
  143. fFirstDesc = True
  145. if szHasApprovals = "Yes" then
  146. ProcessApprovals objConnIn, UserID
  147. end if
  149. Response.Write "</td><td><td class=toprightleft>"
  151. for iElement = 0 to cElement - 1
  152. if rgUserLevelDesc(iElement) = "" then
  153. if fFirstDesc then
  154. Response.Write "<form action='UserLevels.asp' method=get style='margin:0pt'>"
  155. Response.Write "<input type=hidden name=cmd value=Add>"
  156. Response.Write "<input type=hidden name=UserID value=" & UserID & ">"
  157. Response.Write "<select name=AccessLevelID style='width:150px'>"
  158. fFirstDesc = false
  159. end if
  161. Response.Write "<option value=" & rgLevelID(iElement) & ">" & rgLevelDesc(iElement) & "</option>"
  163. end if
  164. next
  165. if not fFirstDesc then
  166. Response.Write "</select><input type=submit name=start value='Add'></form>"
  167. end if
  169. Response.Write "</td></tr>"
  171. End Sub
  172. %>
  173. <%
  174. dim szLogon, fValid, cUsers, UserIDParam
  175. dim fFirstDesc
  177. szSortType = CStr(Request("SortType"))
  179. if Len(CStr(Request("UserID"))) > 0 then
  180. UserIDParam = CLng(Request("UserID"))
  181. else
  182. UserIDParam = -1
  183. end if
  185. cUsers = 0
  186. szLogon = Request.ServerVariables("LOGON_USER")
  188. fValid = FIsAuthenticated(constAccessAdministrator)
  190. if szLogon = "REDMOND\solson" or szLogon = "REDMOND\derekmo" or szLogon = "REDMOND\erikt" or szLogon = "REDMOND\gabea" then
  191. fValid = True
  192. end if
  193. if Not fValid then
  194. Response.Write "You are not authorized to view this page . . .sorry<BR>"
  195. Response.End
  196. end if
  198. %>
  200. <html>
  201. <head><title>User Level Maintenance</title>
  202. <style>
  203. td { font-family: Verdana, sans-serif; color:black; font-size:10pt;
  204. padding-top:1px;
  205. padding-left:1px;
  206. padding-right:1px;
  207. font-size:8pt;
  209. }
  210. input { font-family: verdana; font-size: 8pt; margin: 0pt }
  211. select { font-family: verdana; font-size: 8pt; margin: 0pt }
  212. th { background-color:CFD5E5;
  213. font-size:11pt;
  214. padding-top:1px;
  215. padding-left:1px;
  216. padding-right:1px;
  218. }
  220. .no1 { font-family: Verdana, sans-serif; color:black;
  221. }
  222. .top {
  223. border-top: .5pt solid windowtext;
  224. }
  225. .left {
  226. border-left: .5pt solid windowtext;
  227. }
  228. .topleft {
  229. border-top: .5pt solid windowtext;
  231. border-left: .5pt solid windowtext;
  233. }
  234. .topright {
  235. border-top: .5pt solid windowtext;
  237. border-right: .5pt solid windowtext;
  239. }
  240. .toprightleft {
  241. border-top: .5pt solid windowtext;
  243. border-left: .5pt solid windowtext;
  244. border-right: .5pt solid windowtext;
  245. }
  246. .box {
  247. border-top: .5pt solid windowtext;
  248. border-bottom: .5pt solid windowtext;
  249. border-left: .5pt solid windowtext;
  250. border-right: .5pt solid windowtext;
  252. }
  254. </style>
  256. </head>
  257. <body style="font-family:Verdana, sans-serif;color:black; font-size:10pt">
  259. <%
  261. set objConn = Server.CreateObject("ADODB.CONNECTION")
  262. set objRec = Server.CreateObject("ADODB.RECORDSET")
  264. 'objConn.Open szConnectionAuthorization, OCA_RO_UID, OCA_RO_PWD
  265. 'objConn.Open "Driver=SQL Server;Server=TKOffDWSql02;DATABASE=Authorization;uid=ocasqlrw;pwd=FT126USW"
  266. objConn.Open szConnectionAuthorization
  267. objConn.CommandTimeout = 600
  269. szSQL = "select * from OcaAccessLevels"
  271. set objRec = objConn.Execute (szSQL)
  272. cElement = 0
  274. if not objRec.EOF then
  275. do until objRec.EOF
  276. cElement = cElement + 1
  277. Redim Preserve rgLevelID(cElement)
  278. Redim Preserve rgLevelDesc(cElement)
  280. rgLevelID(cElement - 1) = objRec("AccessLevelID")
  281. rgLevelDesc(cElement - 1) = objRec("AccessDescription")
  283. objRec.MoveNext
  284. Loop
  285. end if
  287. objRec.Close
  288. set objRec = nothing
  290. objConn.Close
  291. set objConn = nothing
  293. Redim rgUserLevelDesc(cElement)
  295. if Request("cmd") = "Add" or Request("cmd") = "Remove" then
  296. UserID = -1
  297. AccessLevelID = -1
  299. if Request("UserID") <> "" then
  300. UserID = CLng(Request("UserID"))
  301. end if
  302. if Request("AccessLevelID") <> "" then
  303. AccessLevelID = CLng(Request("AccessLevelID"))
  304. end if
  306. if UserID <> -1 and AccessLevelID <> -1 then
  307. set objConn = Server.CreateObject("ADODB.CONNECTION")
  308. 'objConn.Open szConnectionAuthorization, OCA_RW_UID, OCA_RW_PWD
  309. objConn.Open szConnectionAuthorization
  310. set objCmd = Server.CreateObject("ADODB.COMMAND")
  311. objCmd.ActiveConnection = objConn
  312. objCmd.CommandType = &H0004
  313. if Request("cmd") = "Remove" then
  314. objCmd.CommandText = "OcaRemoveUserLevel"
  315. else
  316. objCmd.CommandText = "OcaAddUserLevel"
  317. end if
  318. objCmd.Parameters.Append objCmd.CreateParameter ("@UserID",3,&H0001,,UserID)
  319. objCmd.Parameters.Append objCmd.CreateParameter ("@Level",3,&H0001,,AccessLevelID)
  321. objCmd.Execute
  323. set objCmd = nothing
  324. objConn.Close
  326. set objConn = nothing
  328. end if
  329. Response.Redirect "UserLevels.asp"
  330. end if
  332. if Request("cmd") = "GrantAccess" then
  333. UserID = -1
  334. ApprovalTypeID = -1
  336. if Request("UserID") <> "" then
  337. UserID = CLng(Request("UserID"))
  338. end if
  339. if Request("ApprovalTypeID") <> "" then
  340. ApprovalTypeID = CLng(Request("ApprovalTypeID"))
  341. end if
  343. if UserID <> -1 and ApprovalTypeID <> -1 then
  344. dim szServerEmail, szServerDomain, szToAlias, szBody
  345. dim ApproverUserID
  347. ApproverUserID = GetUserIDFromLogon()
  349. EmailDomainFromLogon szServerEmail, szServerDomain
  351. set objConn = Server.CreateObject("ADODB.CONNECTION")
  352. 'objConn.Open szConnectionAuthorization, OCA_RW_UID, OCA_RW_PWD
  353. objConn.Open szConnectionAuthorization
  354. set objCmd = Server.CreateObject("ADODB.COMMAND")
  355. objCmd.ActiveConnection = objConn
  356. objCmd.CommandType = &H0004
  358. objCmd.CommandText = "OcaApproveUser"
  360. objCmd.Parameters.Append objCmd.CreateParameter ("@UserID",3,&H0001,,UserID)
  361. objCmd.Parameters.Append objCmd.CreateParameter ("@ApprovalTypeID",3,&H0001,,ApprovalTypeID)
  362. objCmd.Parameters.Append objCmd.CreateParameter ("@ApproverUserID",3,&H0001,,ApproverUserID)
  363. objCmd.Parameters.Append objCmd.CreateParameter ("@DateApproved",200,&H0001,50,CStr(Now()))
  365. objCmd.Execute
  367. set objCmd = nothing
  369. set objRec = Server.CreateObject("ADODB.RECORDSET")
  371. szSQL = "SELECT UserAlias FROM OcaAuthorizedUsers WHERE UserID = " & UserID
  373. set objRec = objConn.Execute (szSQL)
  375. if not objRec.EOF then
  376. szToAlias = CStr(objRec("UserAlias")) & "@microsoft.com"
  377. else
  378. szToAlias = ""
  379. end if
  381. objRec.Close
  382. set objRec = nothing
  384. objConn.Close
  386. set objConn = nothing
  388. if szToAlias <> "" then
  389. Const ForReading = 1, ForWriting = 2, ForAppending = 3
  390. Dim fs, f, szFilename
  392. 'szFilename = Server.MapPath("\") & "\privacy\RequesterEmail.htm"
  393. 'Set fs = CreateObject("Scripting.FileSystemObject")
  394. 'Set f = fs.OpenTextFile(szFilename, ForReading,False,0)
  395. 'szBody = f.ReadAll
  396. szBody=""
  397. 'f.Close
  398. 'set f=nothing
  399. 'set fs = nothing
  401. 'if Not FSendMail("[email protected]", szToAlias, "OCA Debug Portal access granted", szBody, 10) then
  402. 'Response.Write "<html><body>"
  403. 'Response.Write "An error has occured while processing your request."
  405. 'Response.End
  407. 'end if
  408. end if
  410. end if
  411. Response.Redirect "UserLevels.asp"
  413. end if
  415. %>
  417. <center><form method=get action="UserLevels.asp"><b>Sort users by:</b>
  418. &nbsp;<input type=radio name="SortType" value="ByUserAlias"
  419. <% if szSortType<>"ByUserID" and szSortType<>"ByDateSigned" then %> checked <% end if %>
  420. >User alias
  421. &nbsp;<input type=radio name="SortType" value="ByUserID"
  422. <% if szSortType="ByUserID" then %> checked <% end if %>
  423. >First site access date
  424. &nbsp;<input type=radio name="SortType" value="ByDateSigned"
  425. <% if szSortType="ByDateSigned" then %> checked <% end if %>
  426. >Date signed DCP
  427. &nbsp;<input type=submit name="SortText" value="Change Sort">
  428. </form>
  429. </center>
  431. <table border=0 cellpadding=0 cellspacing=0 style="font-family:Verdana">
  432. <tr >
  433. <th class=topleft>Logon Domain/Alias<th class=topleft>Date DCP Signed<th class=toprightleft width=50%>User Level<td width=25>&nbsp;<th class=toprightleft>Actions
  435. <%
  437. set objConn = Server.CreateObject("ADODB.CONNECTION")
  438. set objRec = Server.CreateObject("ADODB.RECORDSET")
  440. 'objConn.Open szConnectionAuthorization, OCA_RO_UID, OCA_RO_PWD
  441. 'objConn.Open "Driver=SQL Server;Server=TKOffDWSql02;DATABASE=Authorization;uid=ocasqlrw;pwd=FT126USW"
  442. objConn.Open szConnectionAuthorization
  444. szSQL = "SELECT * FROM OcaUserList "
  446. if UserIDParam <> -1 then
  447. szSQL = szSQL & " WHERE UserID = " & UserIDParam
  448. end if
  449. if szSortType="ByUserID" then
  450. szSQL = szSQL & " ORDER BY NeedsApproval DESC, UserID ASC, AccessLevelID ASC"
  451. elseif szSortType="ByDateSigned" then
  452. szSQL = szSQL & " ORDER BY NeedsApproval DESC, DateSignedDCP ASC, AccessLevelID ASC"
  453. else
  454. szSQL = szSQL & " ORDER BY NeedsApproval DESC, UserAlias ASC, AccessLevelID ASC"
  455. end if
  457. set objRec = objConn.Execute (szSQL)
  459. if not objRec.EOF then
  461. fFirst = True
  462. do until objRec.EOF
  464. if Not fFirst then
  465. if CLng(objRec("UserID")) <> dwUserID then
  466. DumpUnusedLevels objConn,iElement, cElement, dwUserID
  467. fFirst = True
  468. else
  469. Response.Write ", " & objRec("AccessDescription") & " (<a href='UserLevels.asp?cmd=Remove&UserID=" & objRec("UserID") & "&AccessLevelID=" & objRec("AccessLevelID") & "'>Remove</a>)"
  471. rgUserLevelDesc(ArrayPosFromAccessLevelID(CLng(objRec("AccessLevelID")), rgLevelID, cElement)) = "Seen"
  472. end if
  474. end if
  475. if fFirst then
  476. for iElement = 0 to cElement - 1
  477. rgUserLevelDesc(iElement) = ""
  478. next
  480. cUsers = cUsers + 1
  481. rgUserLevelDesc(ArrayPosFromAccessLevelID(CLng(objRec("AccessLevelID")), rgLevelID, cElement)) = "Seen"
  482. Response.Write "<tr>"
  483. Response.Write "<td class=topleft>" & objRec("UserDomain") & "\" & objRec("UserAlias") & "</td>"
  484. Response.Write "<td class=topleft>" & objRec("DateSignedDCP") & "</td>"
  485. Response.Write "<td class=toprightleft>" & objRec("AccessDescription") & " (<a href='UserLevels.asp?cmd=Remove&UserID=" & objRec("UserID") & "&AccessLevelID=" & objRec("AccessLevelID") & "'>Remove</a>)"
  486. dwUserID = CLng(objRec("UserID"))
  487. szHasApprovals = objRec("HasApprovals")
  489. fFirst = False
  491. end if
  493. objRec.MoveNext
  494. Loop
  496. DumpUnusedLevels objConn,iElement, cElement, dwUserID
  498. Response.Write "<tr><td colspan=3 class=top>&nbsp;</td><td>&nbsp;</td><td class=top>&nbsp;</td></tr>"
  500. end if
  502. objRec.Close
  503. set objRec = nothing
  505. objConn.Close
  506. set objConn = nothing
  508. %>
  509. </table>
  510. <br>
  511. <% =cUsers %> users
  512. <p><b>Notes:</b></p>
  513. Adding the "No Access" level will prevent users from using the website. It takes precedence over all other levels. They will be denied access and directed to E-mail dwcore with questions.<br>
  514. Removing the "Authorized" level will cause the user to see the authorization sign-in page again.