/// <summary>
/// 用户ajax登录验证
/// </summary>
/// <param name="user"></param>
/// <param name="pwd"></param>
/// <param name="vcode">vcode:验证码</param>
/// <param name="zncode">zncode:动态口令</param>
/// <param name="txtadmincode">txtadmincode:管理码</param>
/// <returns></returns>
public string AjaxVaild(string user, string pwd, string vcode, string zncode = "", string txtadmincode = "")
{
user = user.Trim(); pwd = pwd.Trim();
if (getVcount >= 3)
{
if (!ZoomlaSecurityCenter.VCodeCheck(Request.Form["VCode_hid"], vcode))
{
return("验证码不正确");
}
}
if (SiteConfig.SiteOption.EnableSiteManageCode && (txtadmincode.Trim() != SiteConfig.SiteOption.SiteManageCode))
{
getVcount = getVcount + 1;
if (getVcount == 3)
{
return("True"); //刷出验证码
}
return("管理码不正确");
}
M_AdminInfo info = B_Admin.AuthenticateAdmin(user, pwd);
if (info == null || info.AdminId < 1)
{
getVcount = getVcount + 1;
if (getVcount == 3)
{
return("True");
}
else
{
return("用户名或密码错误!");
}
}
else
{
if (info.IsLock)
{
return("你的帐户被锁定,请与超级管理员联系");
}
if (!string.IsNullOrEmpty(SiteConfig.SiteOption.AdminKey))
{
byte[] keys = Base32String.Instance.Decode(SiteConfig.SiteOption.AdminKey);
PasscodeGenerator pass = new PasscodeGenerator(new HMACSHA1(keys));
if (!pass.VerifyTimeoutCode(zncode))
{
return("动态口令不对!");
}
}
getVcount = 0;//清空
}
return("True");
}
protected void Check_B_Click(object sender, EventArgs e)
{
byte[] secretBytes = Base32String.Instance.Decode(SiteConfig.SiteOption.AdminKey);
PasscodeGenerator pcg = new PasscodeGenerator(new HMACSHA1(secretBytes));
if (!pcg.VerifyTimeoutCode(Code_T.Text))
{
function.WriteErrMsg("动态口令不正确!");
}
if (Type_Hid.Value.Equals("1"))
{
ClearAdminKey();
}
Code_Img.Visible = true;
string imgurl = string.Format("otpauth://totp/{0}?secret={1}", StringHelper.ChineseToPY(Call.SiteName) + "Manage", SiteConfig.SiteOption.AdminKey);
Code_Img.ImageUrl = "/Common/Common.ashx?url=" + imgurl;
Keys_L.Visible = true;
Keys_L.Text = SiteConfig.SiteOption.AdminKey;
}
static void Main(string[] args)
{
Console.Write("Two step verification secret: ");
string secret = Console.ReadLine();
//Decode the secret given by Google
byte[] secretBytes = Base32String.Instance.Decode(secret);
PasscodeGenerator passGenenerator = new PasscodeGenerator(new HMACSHA1(secretBytes));
string timeoutCode = passGenenerator.GenerateTimeoutCode();
if (!passGenenerator.VerifyTimeoutCode(timeoutCode))
{
Console.WriteLine("Timeout code couldn't be verified!");
}
else
{
Console.WriteLine("Timeout code: {0}", timeoutCode);
}
Console.ReadLine();
}
