Abstract Network office has become the general trend of modern enterprise development. This article mainly explains the functional modules of the sending and receiving document management system based on B/S structure and how to use ASP and SQL Server to solve some related technologies, including system security issues.
Introduction
The traditional manual office method can no longer meet the needs of modern office. The sending and receiving document management system can improve work efficiency, standardize office systems, enhance office transparency, realize unified management of information and document resources, facilitate leadership decision-making, and gradually realize paperless As an important tool for modern office work, people are paying more and more attention to it.
We chose a B/S three-tier structure. The backend database uses SQL Server, the WEB server runs Microsoft's IIS, ASP (Active Server Pages) is used as the development tool, and the client uses IE browser.
B/S mode architecture overview
B/S mode refers to the technology and architecture of using HTTP as the transmission protocol with the support of TCP/IP, and the client accesses the Web server and the background database connected to it through Browser. It consists of a browser, Web server, application server and database server (Figure 1). The B/S mode breaks through the limitations of traditional file sharing and C/S mode, and achieves a greater degree of information sharing. Any user can access the database through a browser, thus overcoming the limitations of time and space.
The working principle of the B/S mode is: the client's browser accesses the Web server through the URL, the Web server requests the database server, and returns the obtained results to the client browser in HTML form.
Function module
Based on the implementation mechanism of integrating sending and receiving documents, the system can be divided into the following sub-modules.
(1) System management
As a system administrator, he can maintain the entire system, including personnel maintenance, department maintenance, module maintenance, personnel function maintenance, personnel job maintenance, user rights maintenance, user password maintenance, and system configuration item maintenance. In addition, he can also make global announcements. Column categories are maintained.
(2) Posting management
Documentation management is a unit’s management of the document formation process with binding capabilities. Such as executing document drafting, draft verification, joint review, countersigning, issuance, document printing, review and circulation, archiving and other management work. Document submission and approval are completely completed on the computer network. All work processes can be customized by users. All traces of submission for approval, modification traces, operation time and operators are retained in detail. At the same time, the publishing system also provides full-text search, conditional search and other functions.
It is mainly used for the formation of company rules and regulations, the formation of archives room systems, the formation of financial room systems, the formation of cadre appointment and dismissal documents, the formation of employee reward and punishment regulations, the formation of inventory management systems, the formation of safety production systems, and The process of formation of other documents that are binding on everyone.
Figure (2) is a flow chart of the entire posting. Users can select certain steps according to their needs to complete the management of posting.
Figure 2
(3) Document collection management
Document collection management mainly registers and processes incoming official documents. It is mainly used to register documents sent by the tax bureau, documents sent by the public security department, documents sent by the head office, processing of documents sent by industry authorities, documents sent by cooperating units, and documents sent by brother units. process, and the processing of other external official documents.
The main processing processes include: receipt and registration, director's preparation, leadership instructions, department handling, circulation, filing and other functions. In the leadership approval interface, the document can be sent to a higher-level leader for approval. Which departments will handle it and which departments will be sent to are decided by the top leader. Managers can track and supervise the entire process of receiving documents through the "Receipt Query Operation".
The system also provides full-text retrieval, conditional retrieval, statistics and other functions for the completed collection of documents.
Figure (3) is a flow chart of the entire collection of documents. Users can select certain steps according to their needs to complete the management of the collection of documents.
Figure 3
(4) File management
receives documents sent by this department or other departments, and then groups the files (groups the files into a certain case file), transfers the files (moves the files in a certain case file to other case files), Remove (move documents from a file out of the file). For incoming and outgoing documents that have not been archived, they can be archived. Files can be sealed, unsealed, and destroyed. Sealed or unsealed case files can be borrowed and queried. You can borrow and return files here. You can also effectively assign and manage file reading permissions.
Related implementation technologies
1. Design of typical data tables
In the sending and receiving document management system, any received or sent document corresponds to a default process (which has been defined in advance), and the files flow downward one by one according to the steps specified in the process. Taking a certain document collection process as an example, it includes: document receipt registration—>Director’s preparation—>Leader’s approval—>Department handling—>Submission for filing. In order to track the file in real time, supervise its flow process in a timely manner or examine the details of processing at certain stages, this requires us to provide two important data tables, in this system they are the data table gw_mrlc and the data table gw_cllc.
Among them, gw_mrlc (wdlx, lcmc, ry, xh, clm, clr) records the information of each default process used in the system. Wdlx refers to the document type, receiving or sending documents; lcmc refers to the process name; ry refers to the person who defines the default process; Execute first; clm corresponds to the name of each step in the default process; clr corresponds to the handler of each step in the default process.
Gw_mrlc only records the information of each process, and gw_cllc (lxh, lcmc, xh, clr, jbrq, clrq, clyj, zt, wjm) is also needed to track the execution status of the file in the process. For any sent and received documents, there will be a unique process corresponding to each in the system. lxh records the sequence number of the process; lcmc, xh, clr are defined as above; jbrq, clrq, clyj, zt, wjm are all For each processing step with sequence number xh in the process, jbrq refers to the date when the previous step was completed and submitted; clrq refers to the date when the current step is completed; clyj refers to the processing opinion of the current step; zt refers to the current step The processing status, whether it has been processed or not yet processed, to facilitate real-time tracking of files; wjm records the text content of the file and the modification traces of the file during the circulation process. This can be achieved through the file upload function.
2. Use Session for login verification.
The ASP code uses a form to implement interaction, and the corresponding content will be reflected in the address bar of the browser. If appropriate security measures are not adopted, as long as you write down these contents, you can bypass the verification and enter directly into a certain One page. For example, by typing "...xx.asp?flag=1" in the browser, you can directly enter the page that meets the "flag=1" condition without going through the form page.
In order to prevent unregistered users from bypassing the registration interface and entering the application system directly, we use the Session object for registration verification. For example, we created the registration page below.
<%'Read user login information
Luser=ltrim(Request("User"))
Lpass=Request("Pass")
'Verify whether the account number and password are correct
if Luser=rs(“userid”) and Lpass= rs(“password”) then
Session("sysuser")=Luser 'Use Session object for user login verification...
else
response.write "Your input is incorrect!"
response.end
end if
%>
In other WEB pages of the application system, the Session object must first be verified. If you do not log in through the user interface, then Session("sysuser") will be empty and you will not be able to use any functions provided by the system unless you are a legitimate user. This ensures the security of the system to a certain extent. . The verification code is as follows:
<%
if session("sysuser ")="" then
response.write("Sorry, you haven't <a href='../login.asp' target='_top'>login</a> yet.")
else
…
end if
%>
3. Encrypt the ASP page.
To effectively prevent the leakage of ASP source code, you can encrypt the ASP page. We have used two methods to encrypt ASP pages. One is to use component technology to encapsulate programming logic into a DLL; the other is to use Microsoft's ScriptEncoder to encrypt the ASP page. The main problem with using component technology is that each piece of code needs to be componentized, which makes the operation cumbersome and requires a large workload. However, using Encoder to encrypt ASP pages is easy to operate and has good results.
The running program of ScriptEncoder is SCRENC.EXE. The usage method is:
SCRENC [/s][/f][/xl][/ldefLanguage][/edefExtention]inputfile outputfile
where: /s is to shield the screen output; /f specifies the output file Whether to overwrite the input file with the same name; /xl refers to whether to add the @Language directive at the top of the .asp file; /ldefLanguage specifies the default script language; /edefExtention specifies the extension of the file to be encrypted.
4. Use of stored procedures
Using stored procedures can not only improve query speed, but also ensure the integrity of transactions. In this system, each file corresponds to a unique serial number. When a new file is added to the database, the serial number will automatically increase by one. Since all users are online, it is possible for two files to be entered into the database at the same time. In order to ensure the uniqueness of the serial number, it is required that "getting the serial number" and "adding one to the serial number" are completed as one transaction. ASP calling stored procedures is more complicated than calling SQL statements. You must use the command object in the ADO component. The steps are as follows:
Create an ADO command object, set the Commandtext attribute to the stored procedure name, and the Commandtype attribute to 4, indicating that the command is to call a stored procedure. Create parameters for the command object.
Use the "command object.CreateParameter (parameter name, type, direction, length)" command to create input and output parameters corresponding to the stored procedure.
Use the "command object.Parameters(parameter name).Value=parameter value" command to assign values to the input parameters.
Use the "command object.Parameters.Append parameter name" command to add each parameter to the parameter collection of the command object.
"CommandObject.Execute" executes the stored procedure.
"Variable name = command object.Parameters (output parameter name).Value" gets the output parameter value.
Conclusion
The implementation of the sending and receiving document management system developed based on the B/S model will undoubtedly transform the traditional manual office methods and means into scientific, standardized, efficient and information-based. It can be expected that with the increase in the amount of office information and the improvement of informatization, electronic office will be the development direction of office in the future.