Network Office has become the trend of modern enterprise development. This paper mainly expounds the function module of the transceiver management system based on B/s structure and how to use ASP and SQL Server to solve some related technologies, including the security of the system.
Traditional manual Office is unable to meet the needs of modern office, transceiver management system as to improve work efficiency, standardize Office system, enhance the transparency of office, realize the unified management of information and document resources, facilitate leadership decision-making, and gradually realize the paperless office of important tools, more and more people pay attention to.
We choose b/s three-tier structure, the background database using SQL Server,web server running Microsoft IIS, to ASP (Active Server Pages) as a development tool, the client with IE browser.
An overview of B/S mode architecture
b/s mode refers to the support of TCP/IP, with HTTP as the transmission protocol, the client accesses the Web server through browser and the technology and architecture of the backend database connected with it. It consists of a browser, a Web server, an application server, and a database server (Figure 1). The b/S mode breaks through the traditional file sharing and the C/S mode limit, realizes the greater degree information sharing, any user can access the database through the browser, thus overcomes the time and the space limit.
b/S Mode works: The client browser accesses the Web server through the URL, the Web server requests the database server, and returns the resulting results to the client browser in HTML form.
The system can be divided into several sub modules based on the integration of receiving and sending documents.
(1) System Management
As a system administrator, he can maintain the whole system, including personnel maintenance, Department maintenance, module maintenance, personnel function maintenance, personnel job maintenance, user rights maintenance, user password maintenance, System configuration Item maintenance can also maintain the category of global bulletin boards.
(2) Dispatch management
The dispatch management is a unit to have the restraint ability document formation process one kind of management. such as the implementation of the draft, nuclear manuscript, triage, countersigned, issued, document printing, marking the circulation, filing and other management work. The file is read and approved completely on the computer network completed, all the workflow can be customized by the user, all the sent to mark traces, modify traces, operating time and operators are detailed reservations. At the same time, the system also provides full-text search, conditional search and other functions.
It is mainly used for the formation of the company's rules and regulations, the formation of the archives system, the formation of the financial Room system, the formation of the cadres ' appointment and dismissal documents, the formation of the employees ' rewards and punishments, the formation of the inventory management system, the formation of safety production system, and the forming process of
Figure (2) is the entire dispatch flow chart, the user may choose some of these steps according to the need to complete the dispatch management.
(3) in-Receipt management
The receiving management mainly registers and deals with the foreign documents. It is mainly used to register the documents issued by the Tax Bureau, the documents issued by the Public Security Department, the documents issued by the head office, the processing of the communication from the competent department, the document processing process sent by the cooperating units, the document processing process from the brothers units, and the processing of other foreign documents.
The main processing processes are: in-place registration, director proposed, leadership instructions, the Office of the contractor, circulation, to file and other functions. In the leadership of the 批办 interface can be sent to a higher level of leadership for approval, in the end by which office, sent to which room by the highest leadership decision. The management can track and supervise the whole process of receiving processing through "in-query operation".
The completed in-receipt system also provides full-text search, conditional search, statistics and other functions.
Figure (3) is the flow chart of the entire Inbox, and the user can select some of these steps to complete the management of the receiving.
(4) File management
Receive the files sent by the department or other department, then group the files (group into a file), move the volume (move the files in a file to other files), and remove (remove the files from a file). For unregistered transceiver files, you can group volumes. For files can be sealed, torn, destroyed files, the volume of files or unpublished files can be borrowed and query management, you can do in this file loan, return. You can also effectively assign and manage the reading rights of files.
Related implementation Technology
1, the design of the typical data table
In the receiving document management system, any in-receipt or dispatch file corresponds to a default process (already defined beforehand), the file follows the steps specified in the process to flow down successively. Take a process as an example: in-place registration-〉 director proposed-〉 led the 批办-〉 Office of the contractor-〉 filed. In order to track the file in real time, monitor its flow in time, or examine the details of the processing at some stages, this requires us to provide two important data tables, GW_MRLC and datasheets in the system for GW_CLLC data tables.
Among them, GW_MRLC (WDLX,LCMC,RY,XH,CLM,CLR) records the information of each default process used in the system. WDLX refers to the document type, in receipt or dispatch; LCMC refers to the process name; Ry refers to the person who defines the default process; XH the sequence number of each step in the default process, it has a size, and a small one indicates that the step is preceded by the system; CLM the names of the steps in the default process The CLR corresponds to the handlers for the steps in the default process.
GW_MRLC only records information for each process, and GW_CLLC (LXH,LCMC,XH,CLR,JBRQ,CLRQ,CLYJ,ZT,WJM) is required to track the execution of the file in the process. For arbitrary documents in the system will have their own unique process and the corresponding, Lxh recorded the sequence number of the process; lcmc,xh,clr as defined above, JBRQ,CLRQ,CLYJ,ZT,WJM are for each processing step of the sequence number XH in the process, JBRQ refers to the date at which the previous step was processed and the date at which the current step was processed; Clrq refers to the processing of the current step; ZT refers to the processing state of the current step, processed or not processed, to facilitate real-time tracking of the file WJM records the contents of the document and the changes of the document in the process of circulation, and can be realized through the file uploading function.
2. Use Session for login verification
The ASP code uses the form to implement the interaction, and the corresponding content is reflected in the browser's address bar, if you do not take the appropriate security measures, as long as you write down the content, you can bypass the validation directly into a page. For example, typing "... xx.asp?flag=1" in the browser allows you to go directly to the page that satisfies the "flag=1" condition without the form page.
To prevent unregistered users from bypassing the registration interface directly into the application system, we use the Session object for registration verification. For example, we made the following registration page.
<% ' Read the user login information
Luser=ltrim (Request ("User"))
' Verify that the account number and password are correct
If Luser=rs ("userid") and lpass= rs ("password") then
Session ("Sysuser") =luser ' use Session object for user logon authentication
Response.Write "Your input is not correct!" ”
On other Web pages in the application system, the first step is to validate the session object. If you do not pass the user login interface, then session ("Sysuser") is null value, you will not be able to use the system to provide any function, unless you are legitimate users, so as to a certain extent to ensure the security of the system. The validation code is as follows:
If session ("sysuser") = "" Then
Response.Write ("Sorry, you haven't <a href=".) /login.asp ' target= ' _top ' > Login </a>. ")
3, the ASP page encryption
To effectively prevent the ASP source code leakage, you can encrypt the ASP page. We have used two methods to encrypt an ASP page. One is to encapsulate programming logic into DLLs using component technology, and the other is to encrypt ASP pages using Microsoft's Scriptencoder. The main problem with component technology is that each piece of code needs to be modular, the operation is more cumbersome, the workload is large, and using encoder to encrypt ASP pages, simple operation, good results.
The Scriptencoder Run program is SCRENC.EXE, using the following methods:
Screnc [/s][/f][/xl][/ldeflanguage][/edefextention]inputfile outputfile
Where:/s is screened screen output,/f Specifies whether the output file overwrites the input file with the same name,/XL whether to add the @language directive at the top of the. asp file,/ldeflanguage specify the default scripting language,/edefextention Specify the extension of the file to be encrypted.
4, the use of stored procedures
Using stored procedures can not only improve query speed, but also guarantee the integrity of the transaction. In this system, each file corresponds to a unique serial number, when a new file to be stored in the flow number will automatically add one. As all users are online, then two files at the same time in the storage of the situation may occur, in order to ensure the uniqueness of the serial number, it requires the "water number" and "Flow number plus one" as a business to complete. ASP calling stored procedures is more complex than calling SQL statements, you must use the command objects in the ADO component as follows:
Create an ADO Command object with the CommandText property as the stored procedure name and the CommandType property of 4 to indicate that the command is calling a stored procedure to create parameters for the Command object.
With the command object. The CreateParameter (parameter name, type, direction, length) command creates the input and output parameters corresponding to the stored procedure.
With the command object. Parameters (parameter name). The value= parameter Value command assigns a value to the input parameter.
With the command object. The parameters.append parameter name command adds individual parameters to the Parameters collection of the Command object.
"Command object. Execute executes the stored procedure.
"Variable name = Command object." Parameters (output parameter name). Value "Gets the output parameter value.
The realization of the transceiver management system based on B/S mode will undoubtedly make the traditional manual-oriented office methods and office means to the scientific, standardized, efficient and information transformation. Can be expected, with the increase in office information and information level, electronic office will be the future of office development direction.