Beispiel #1
0
        public ActionResult Login()
        {
            string code = string.Empty;
            string challenge_id = string.Empty;
            string challenge_key = string.Empty;
          
            object notice = new object();
            if (string.IsNullOrEmpty(Request.Params["txtEmail"]))
            {
                notice = "{result:'Notice',msg:'" + Resources.Login.NOTICE_NO_EMAIL + "'}";
                ViewBag.notice = notice;
                return View("Index");
            }

            string IsRemember = Request.Params["chkRememberEmail"] != null ? Request.Params["chkRememberEmail"] : "false";
            string email = Request.Params["txtEmail"].Trim();
            string passwd = Request.Params["passwd"].Trim();
            int CookieExpireTime = 10;
            ViewBag.LoginEmail = null;
            _vendorImp = new VendorMgr(connectionString);
            //Caller caller = null;
            BLL.gigade.Model.Vendor vendor = null;
            //記錄/清空cookie

            BLL.gigade.Common.CommonFunction.Cookie_Set("vendor", "email", email, IsRemember, CookieExpireTime);

            UserLoginAttemptsMgr ulaMgr = new UserLoginAttemptsMgr(connectionString);

            //if (!Regex.IsMatch(email, @"^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$"))
            if (!Regex.IsMatch(email, @"[\w|-]+@[-|\w]*[-|\.|\w]*\.\w"))
            {
                notice = "{result:'Notice',msg:'" + Resources.Login.NOTICE_EMAIL_FORMAT_ERROR + "'}";
                ViewBag.notice = notice;
                if (IsRemember == "true")
                {
                    ViewBag.LoginEmail = email;
                }
                return View("Index");
            }

            if (passwd == "")
            {
                notice = "{result:'Notice',msg:'" + Resources.Login.NOTICE_NO_PASSWD + "'}";
                ViewBag.notice = notice;
                if (IsRemember == "true")
                {
                    ViewBag.LoginEmail = email;
                }
                return View("Index");
            }
            if (!string.IsNullOrEmpty(Request.Params["CheckCode"]))
            {
                code = Request.Params["CheckCode"].ToString().Trim();
            }
            if (Session["code"] != null)
            {
                if (Session["code"].ToString() != code)
                {
                    string message = "{result:'Notice',msg:'驗證碼輸入錯誤'}";
                    ViewBag.notice = message;
                    ViewBag.Email = Request.Params["txtEmail"];
                    ViewBag.Password = Request.Params["passwd"];
                    return View("Index");
                }
            }
            try
            {
                BLL.gigade.Model.Vendor query = new BLL.gigade.Model.Vendor();
                query.vendor_email = email;
                vendor = _vendorImp.Login(query);
            }
            catch (Exception ex)
            {
                Log4NetCustom.LogMessage logMessage = new Log4NetCustom.LogMessage();
                logMessage.Content = string.Format("TargetSite:{0},Source:{1},Message:{2}", ex.TargetSite.Name, ex.Source, ex.Message);
                logMessage.MethodName = System.Reflection.MethodBase.GetCurrentMethod().Name;
                log.Error(logMessage);
            }


            if (vendor == null)
            {
                notice = "{result:'Error',msg:'" + Resources.Login.ERROR_EMAIL_PASSWD_ERROR + "'}";
                ViewBag.notice = notice;
                if (IsRemember == "true")
                {
                    ViewBag.LoginEmail = email;
                }
                UserLoginAttempts ula = new UserLoginAttempts();
                ula.login_mail = email;
                ula.login_ipfrom = CommonFunction.GetIP4Address(Request.UserHostAddress.ToString());
                ula.login_type = 5;
                ulaMgr.Insert(ula);
                return View("Index");
            }
            else
            {
                if (vendor.vendor_status == 2)
                {
                    notice = "{result:'Error',msg:'" + Resources.Login.NOTICE_EMAIL_STOP + "'}";
                    ViewBag.notice = notice;
                    if (IsRemember == "true")
                    {
                        ViewBag.LoginEmail = email;
                    }
                    UserLoginAttempts ula = new UserLoginAttempts();
                    ula.login_mail = email;
                    ula.login_ipfrom = CommonFunction.GetIP4Address(Request.UserHostAddress.ToString());
                    ula.login_type = 5;
                    ulaMgr.Insert(ula);
                    ViewBag.Email = Request.Params["txtEmail"];
                    return View("Index");
                }

                //if (caller.user_status == 3)
                //{
                //    notice = "{result:'Error',msg:'" + Resources.Login.NOTICE_EMAIL_DELETE + "'}";
                //    ViewBag.notice = notice;
                //    if (IsRemember == "true")
                //    {
                //        ViewBag.LoginEmail = email;
                //    }
                //    return View("Index");
                //}


                try
                {
                    challenge_id = callerMgr.Add_Challenge();
                    challenge_key = callerMgr.Get_Challenge_Key(challenge_id);
                    callerMgr.Kill_Challenge_Id(challenge_id);
                }
                catch (Exception ex)
                {
                    Log4NetCustom.LogMessage logMessage = new Log4NetCustom.LogMessage();
                    logMessage.Content = string.Format("TargetSite:{0},Source:{1},Message:{2}", ex.TargetSite.Name, ex.Source, ex.Message);
                    logMessage.MethodName = System.Reflection.MethodBase.GetCurrentMethod().Name;
                    log.Error(logMessage);
                }
               
                BLL.gigade.Common.HashEncrypt hash = new BLL.gigade.Common.HashEncrypt();
                string inputpasswd = hash.SHA256Encrypt(hash.SHA256Encrypt(passwd) + challenge_key);
                string newpasswd = hash.SHA256Encrypt(vendor.vendor_password+ challenge_key);

                if (inputpasswd != newpasswd)
                {
                    try
                    {
                        _vendorImp.Add_Login_Attempts(Convert.ToInt32(vendor.vendor_id));
                        //callerMgr.Add_Login_Attempts(caller.user_id);
                    }
                    catch (Exception ex)
                    {
                        Log4NetCustom.LogMessage logMessage = new Log4NetCustom.LogMessage();
                        logMessage.Content = string.Format("TargetSite:{0},Source:{1},Message:{2}", ex.TargetSite.Name, ex.Source, ex.Message);
                        logMessage.MethodName = System.Reflection.MethodBase.GetCurrentMethod().Name;
                        log.Error(logMessage);
                    }

                    vendor.vendor_login_attempts++;
                    string tempStr = string.Format(Resources.Login.ERROR_PASSWD_ERROR_TIMES, vendor.vendor_login_attempts, 6);
                    notice = "{result:'Error',msg:'" + tempStr + "'}";
                    UserLoginAttempts ula = new UserLoginAttempts();
                    ula.login_mail = email;
                    ula.login_ipfrom = CommonFunction.GetIP4Address(Request.UserHostAddress.ToString());
                    ula.login_type = 5;
                    ulaMgr.Insert(ula);
                    ViewBag.notice = notice;
                    ViewBag.Email = Request.Params["txtEmail"];
                    ViewBag.challenge_id = callerMgr.Add_Challenge();
                    ViewBag.challenge_key = callerMgr.Get_Challenge_Key(ViewBag.challenge_id);

                    if (vendor.vendor_login_attempts >= 6)
                    {
                        try
                        {
                            _vendorImp.Modify_Vendor_Status(Convert.ToInt32(vendor.vendor_id), 2);
                        }
                        catch (Exception ex)
                        {
                            Log4NetCustom.LogMessage logMessage = new Log4NetCustom.LogMessage();
                            logMessage.Content = string.Format("TargetSite:{0},Source:{1},Message:{2}", ex.TargetSite.Name, ex.Source, ex.Message);
                            logMessage.MethodName = System.Reflection.MethodBase.GetCurrentMethod().Name;
                            log.Error(logMessage);
                        }

                    }


                    if (IsRemember == "true")
                    {
                        ViewBag.LoginEmail = email;
                    }

                    return View("Index");
                }

                //if (caller.user_status == 0)
                //{
                //    notice = "{result:'Notice',msg:'" + Resources.Login.NOTICE_FIRST_LOGIN + "'}";
                //    ViewBag.notice = notice;
                //    ViewBag.isFirst = 1;
                //    ViewBag.uid = caller.user_id;
                //    ViewBag.email = caller.user_email;
                //    return View("ChangePasswd");
                //}

                //try
                //{
                //    //添加登錄記錄
                //    callerMgr.Add_Manage_Login(caller.user_id);

                //    //修改登入數據
                //    callerMgr.Modify_User_Login_Data(caller.user_id);
                //}
                //catch (Exception ex)
                //{
                //    Log4NetCustom.LogMessage logMessage = new Log4NetCustom.LogMessage();
                //    logMessage.Content = string.Format("TargetSite:{0},Source:{1},Message:{2}", ex.TargetSite.Name, ex.Source, ex.Message);
                //    logMessage.MethodName = System.Reflection.MethodBase.GetCurrentMethod().Name;
                //    log.Error(logMessage);
                //}

                //caller.user_password = "";

                //Session["caller"] = caller;
                vendor.vendor_password = "";
                Session["vendor"] = vendor;
                Session["lgnName"] = vendor.vendor_name_simple;
                return Redirect("../home");

            }

        }