public JsonResult AddBanner(Banner model)
{
if (model == null)
{
return(ResponseResult(1, "参数不正确"));
}
model = model.DecodeModel() as Banner;
string errorMsg = bannerApplication.ValidateAndCorrectSubmit(model, imageApplication);
if (!string.IsNullOrEmpty(errorMsg))
{
return(ResponseResult(1, errorMsg));
}
model.HTML = UrlCommon.Decode(model.HTML);
model.BannerId = SaidCommon.GUID;
model.Date = DateTime.Now;
bannerApplication.Add(model);
imageApplication.AddReferenceCount(model.ImageId);
if (bannerApplication.Commit())
{
return(ResponseResult(model));
}
else
{
return(ResponseResult(6, "添加到数据库异常"));
}
}
public ActionResult MySeat(string param)
{
ViewBag.User = Session["User"] as tb_User;
string msg;
if (param != null && param != "")
{
param = SeatManage.SeatManageComm.AESAlgorithm.AESDecrypt(param.Replace(" ", "+"));
}
string besappsekLog;
List <J_GetBesapsekLog> list = new List <J_GetBesapsekLog>();
AppWebService.BasicAPI.GetBesapsekLog(ViewBag.User.SchoolNo, ViewBag.User.StudentNo, 0, 100, out besappsekLog);
//SeatManage.SeatManageComm.WriteLog.Write("33");
//SeatManage.SeatManageComm.WriteLog.Write("ViewBag.User.SchoolNo:"+ ViewBag.User.SchoolNo+ "ViewBag.User.StudentNo:"+ ViewBag.User.StudentNo+ "besappsekLog:"+besappsekLog);
foreach (J_GetBesapsekLog item in JSONSerializer.JSONStringToList <J_GetBesapsekLog>(besappsekLog))
{
if (item.IsValid)
{
list.Add(item);
}
}
ViewBag.List = list;
ViewBag.Count = list.Count;
if (param != null && param != "")
{
SeatManage.SeatManageComm.WriteLog.Write("44");
NameValueCollection paramlist = UrlCommon.GetQueryString(param);
//schoolNo=2014101603&clientNo=201410160302&codeTime=2016-02-23 11:20:15
DateTime CodeTime = Convert.ToDateTime(paramlist["codeTime"].ToString());
string SchoolNo = paramlist["schoolNo"].ToString();
if (CodeTime > DateTime.Now.AddMinutes(-5))
{
SeatManage.SeatManageComm.WriteLog.Write("1");
AppWebService.BasicAPI.GetUserNowState(ViewBag.User.SchoolNo, ViewBag.User.StudentNo, true, out msg);
SeatManage.SeatManageComm.WriteLog.Write(msg);
ViewBag.UserNowState = JSONSerializer.Deserialize <J_GetUserNowState>(msg);
//return Content("1 " + CodeTime.ToString("yyyy-MM-dd HH:mm:ss") + " " + DateTime.Now.AddMinutes(-5).ToString("yyyy-MM-dd HH:mm:ss"));
return(View());
}
else
{
SeatManage.SeatManageComm.WriteLog.Write("2");
AppWebService.BasicAPI.GetUserNowState(ViewBag.User.SchoolNo, ViewBag.User.StudentNo, false, out msg);
SeatManage.SeatManageComm.WriteLog.Write(msg);
ViewBag.UserNowState = JSONSerializer.Deserialize <J_GetUserNowState>(msg);
//return Content("2 " + CodeTime.ToString("yyyy-MM-dd HH:mm:ss") + " " + DateTime.Now.AddMinutes(-5).ToString("yyyy-MM-dd HH:mm:ss"));
return(View());
}
}
else
{
AppWebService.BasicAPI.GetUserNowState(ViewBag.User.SchoolNo, ViewBag.User.StudentNo, false, out msg);
// SeatManage.SeatManageComm.WriteLog.Write("msg:" + msg);
ViewBag.UserNowState = JSONSerializer.Deserialize <J_GetUserNowState>(msg);
return(View());
}
}
/// <summary>
/// 检测用户站点是否正确(注意,站点允许为空)(要求value不为null)
/// </summary>
/// <param name="value"></param>
/// <returns></returns>
public static string CheckSite(string value)
{
if (value.Trim().Length > 60 || !UrlCommon.CheckUri(value))
{
return("用户站点不正确,不允许携带参数和超过60个字符");
}
return(null);
}
/// <summary>
/// 轮播图
/// </summary>
public IActionResult Slideshow()
{
var gateway = Config.OtherService.Gateway;
var data = pageMngService.GetNavigationImgPlays(gateway);
data.UploadUrl = UrlCommon.CreateUrlPath(gateway, Config.OtherService.Api.Upload.Url);
return(View(data));
}
public IActionResult SlideshowSave(ImgPlayDto input)
{
if (!ModelState.IsValid)
{
return(ShowError(GetModelError(ModelState)));
}
input.ImgUrl = UrlCommon.GetUrlPath(Config.OtherService.Gateway, input.ImgUrl);
var res = pageMngService.SaveNavigationImgPlays(input);
return(new JsonResult(res));
}
public virtual async Task <IActionResult> Upload([FromServices] IHostingEnvironment env)
{
UploadFileModel upload = new UploadFileModel();
var files = Request.Form.Files;
if (files.Count > 0)
{
var file = files[0];
string md5code = string.Empty;
using (var inputStream = file.OpenReadStream())
{
using (var md5 = System.Security.Cryptography.MD5.Create())
{
byte[] retVal = md5.ComputeHash(inputStream);
StringBuilder md5sb = new StringBuilder();
for (int i = 0; i < retVal.Length; i++)
{
md5sb.Append(retVal[i].ToString("x2"));
}
md5code = md5sb.ToString();
}
}
// 文件名完整路径
upload.extension = Path.GetExtension(file.FileName);
upload.fileName = md5code + upload.extension;
var path = string.Format(@"\images\Upload\{0}\{1}", DateTime.Today.Year.ToString(), DateTime.Today.Month.ToString().PadLeft(2, '0'));
upload.path = string.Format(@"{0}\{1}", path, upload.fileName);
upload.fullPath = UrlCommon.CreateUrlPath(Request.GetSiteUri(), upload.path);
var savedFilePath = env.WebRootPath + path;
if (!Directory.Exists(savedFilePath))
{
Directory.CreateDirectory(savedFilePath);
}
var fullFileNamePath = Path.Combine(savedFilePath, upload.fileName);
if (!System.IO.File.Exists(fullFileNamePath))
{
try
{
using (var fileStream = new FileStream(fullFileNamePath, FileMode.Create))
{
await file.CopyToAsync(fileStream);
}
}
catch (Exception ex)
{
}
}
return(new JsonResult(VRequestInfo.SuccessResult("上传成功", upload)));
}
return(new JsonResult(VRequestInfo.ErrorResult("上传失败")));
}
public ActionResult Cl(string url, string referrer = null)
{
//收集统计信息
string key = Request[SaidRecordCommon.KEY];
//修正
if (string.IsNullOrWhiteSpace(key))
{
key = string.Empty;
}
//请求来源
Uri urlReferrer = null;
//请求的url
Uri requestUrl = null;
//检测并修正来源
if (string.IsNullOrWhiteSpace(referrer) || !Uri.TryCreate(referrer, UriKind.RelativeOrAbsolute, out urlReferrer))
{
urlReferrer = Request.UrlReferrer;
}
try
{
//检测请求的url是否合法
if (!Uri.TryCreate(url, UriKind.RelativeOrAbsolute, out requestUrl))
{
SaidRecordCommon.AddFail(key, url, urlReferrer == null ? null : urlReferrer.OriginalString);
return(Redirect(url));
}
url = UrlCommon.ResolveHTTPUri(url); //修正uri
//检测通过
if (urlReferrer == null)
{
SaidRecordCommon.Add(key, url);
}
else
{
SaidRecordCommon.Add(key, url, urlReferrer);
}
}
catch (Exception e)
{
logManager.Error(string.Format("跳转Error{0}【请求url】{1}", Environment.NewLine, url), e);
}
return(Redirect(url));
}
public ActionResult Index(string msg)
{
msg = AESAlgorithm.AESDecrypt(msg.Replace(" ", "+"));//解密参数
//string path = Server.MapPath("/App_Data/" + Guid.NewGuid().ToString() + ".txt");//将参数写入文件
//StreamWriter sw = new StreamWriter(path);
//sw.Write(msg.Replace("&", "\r\n"));//TextBox2中的文本是可以编辑后的。
//sw.Close();
//sw.Dispose();
NameValueCollection param = UrlCommon.GetQueryString(msg);//获取参数
string SchoolNum = param["SchoolNum"].ToString();
string StudentNo = param["StudentNo"].ToString();
tb_User user = DbSession.Default.From <tb_User>().Where(tb_User._.SchoolNo == SchoolNum && tb_User._.StudentNo == StudentNo).ToFirst();
string MsgType = param["MsgType"].ToString();
switch (MsgType)
{
case "UserOperation":
var UserOperation = new UserOperation()
{
first = new TemplateDataItem(user.Name + " 您好"),
keyword1 = new TemplateDataItem(param["Room"].ToString()),
keyword2 = new TemplateDataItem(param["SeatNo"].ToString()),
keyword3 = new TemplateDataItem(param["AddTime"].ToString()),
remark = new TemplateDataItem(param["Msg"].ToString())
};
TemplateApi.SendTemplateMessage(WeiXinApi.GetToken(), user.OpenId, "At7HOxsJ5CW81OV81hipLglDV21O46UVU9Gm_nToXGQ", "#7B68EE", GetAppSettings.SysURL + "/User/SeatState", UserOperation);
break;
default:
var UserOperation1 = new UserOperation()
{
first = new TemplateDataItem(user.Name + " 您好"),
keyword1 = new TemplateDataItem(param["Room"].ToString()),
keyword2 = new TemplateDataItem(param["SeatNo"].ToString()),
keyword3 = new TemplateDataItem(param["AddTime"].ToString()),
remark = new TemplateDataItem(param["Msg"].ToString())
};
TemplateApi.SendTemplateMessage(WeiXinApi.GetToken(), user.OpenId, "At7HOxsJ5CW81OV81hipLglDV21O46UVU9Gm_nToXGQ", "#7B68EE", GetAppSettings.SysURL + "/User/SeatState", UserOperation1);
break;
}
return(Content("0"));
}
public JsonResult Edit(Blog newModel)
{
newModel = UrlCommon.DecodeModel(newModel);
if (string.IsNullOrWhiteSpace(newModel.BlogId))
{
return(ResponseResult(-1, "要编辑的文章ID不正确(无法获取)"));
}
var model = blogApplication.FindById(newModel.BlogId);
IList <Tag> tags = null;
if (!string.IsNullOrWhiteSpace(Request["Tags"]))
{
//反序列化tag
tags = JavaScriptCommon.DeSerialize <IList <Tag> >(UrlCommon.Decode(Request["Tags"]));
}
else
{
return(ResponseResult(1, new { msg = "标签不允许为空" }));
}
//TODO 应该先对两个blog进行修改,如果发现是一样的就不修改blog了
string validateResult = blogApplication.ValidateAndCorrectSubmit(newModel, classifyApplication);
if (validateResult == null)
{
return(SaidCommon.Transaction(() =>
{
blogApplication.EditBlog(newModel, model, tags, tagApplication, blogTagsApplication);
if (blogTagsApplication.Commit())
{
// 清理 cache,因为前台读取的时候引用了 cache
if (CacheHelper.GetCache(model.BlogId) != null)
{
CacheHelper.RemoveAllCache(model.BlogId);
}
return ResponseResult(new { id = newModel.BlogId });
}
return ResponseResult(2, "修改Blog失败");
}));
}
else
{
return(ResponseResult(1, new { msg = validateResult }));
}
}
public JsonResult AddBlog(Blog model)
{
//if (string.IsNullOrWhiteSpace(model.ClassifyId))
// return ResponseResult(1, "没有填写分类信息");
//修正编码数据
model = UrlCommon.DecodeModel(model);
IList <Tag> tags = null;
if (!String.IsNullOrWhiteSpace(Request["Tags"]))
{
//反序列化tag
tags = JavaScriptCommon.DeSerialize <IList <Tag> >(UrlCommon.Decode(Request["Tags"]));
}
else
{
return(ResponseResult(1, new { msg = "标签不允许为空" }));
}
string validateResult = blogApplication.ValidateAndCorrectSubmit(model, classifyApplication);
if (validateResult == null)
{
return(SaidCommon.Transaction(() =>
{
blogApplication.AddBlog(model, tags, blogTagsApplication, tagApplication);
if (blogApplication.Commit())
{
return ResponseResult(new { id = model.BlogId });
}
return ResponseResult(2);
}));
}
else
{
return(ResponseResult(1, new { msg = validateResult }));
}
}
/// <summary>
/// 验证昵称、站点、和Email是否正确
/// </summary>
///<param name="user">包含userId的用户信息</param>
///<param name="databaseUser">从数据库中查阅出来,经过修剪处理后的用户信息,如果验证通过,则它是有数据的</param>
/// <returns>没有错误信息则返回null,否则返回错误信息</returns>
public string CheckAndTrimInput(User user, out User databaseUser)
{
databaseUser = null;
string validateResult = null;
if (!string.IsNullOrWhiteSpace(user.Name))
{
validateResult = CheckNickName(user.Name);
if (validateResult != null)
{
return(validateResult);
}
user.Name = user.Name.Trim();
}
else
{
user.Name = null;//标记这次没有数据
}
if (!string.IsNullOrWhiteSpace(user.Site))
{
validateResult = CheckSite(user.Site);
if (validateResult != null)
{
return(validateResult);
}
user.Site = UrlCommon.ResolveHTTPUri(user.Site.Trim());//将URL修正
}
else
{
user.Site = null;
}
if (!string.IsNullOrWhiteSpace(user.EMail))
{
validateResult = CheckEmail(user.EMail);
if (validateResult != null)
{
return(validateResult);
}
user.EMail = user.EMail.Trim();
}
else
{
user.EMail = null;
}
databaseUser = base.FindById(user.UserID);
if (databaseUser == null)
{
return("没有找到当前用户信息");
}
/**
* 当数据库的用户信息没有数据,而这次验证的用户也没有用户数据,则判定当前用户验证失败
* 如果数据库有数据,而这次验证的数据没有数据,则不会影响到数据库的数据,所以判定为验证通过
**/
if (string.IsNullOrEmpty(databaseUser.Name) && user.Name == null)
{
return("用户昵称不允许为空");
}
if (string.IsNullOrEmpty(databaseUser.EMail) && user.EMail == null)//这里只需要判断是不是为null即可,因为前面已经修剪了数据
{
return("用户邮箱不允许为空");
}
//哪个信息有变动,就修改哪个信息,否则采用数据库中默认的信息
if (user.Name != null && databaseUser.Name != user.Name)
{
databaseUser.Name = user.Name;
}
//if (user.Site != null && databaseUser.Site != user.Site)
databaseUser.Site = user.Site == null ? string.Empty : user.Site;//用户站点可以被更新,不能被空的逻辑给占用了,这样会让用户觉得自己修改不了自己的站点
if (user.EMail != null && databaseUser.EMail != user.EMail)
{
databaseUser.EMail = user.EMail;
}
//用户角色改变
if (user.Rule != databaseUser.Rule)
{
databaseUser.Rule = user.Rule;
if (user.SecretKey != null)
{
databaseUser.SecretKey = user.SecretKey;
}
}
return(validateResult);
}
public JsonResult Reply(string blogId, string commentId, string replyId, string nickName, string site, string email, string context)
{
//TODO 这里要防反复提交,刷评论,DDos攻击之类的
nickName = UrlCommon.Decode(nickName);
site = UrlCommon.Decode(site);
email = UrlCommon.Decode(email);
context = UrlCommon.Decode(context);
if (string.IsNullOrWhiteSpace(blogId))
{
return(ResponseResult(1, "文章不正确"));
}
if (string.IsNullOrWhiteSpace(commentId) && string.IsNullOrWhiteSpace(replyId))
{
return(ResponseResult(1, "要回复的评论不正确"));
}
//验证输入的文本
string validateContextResultString = commentApplication.CheckContext(context);
if (validateContextResultString != null)
{
return(ResponseResult(1, validateContextResultString));
}
//事务需要对源进行监听,这里从数据库中获取了Blog,需要让事务监听到
try
{
return(SaidCommon.Transaction(() =>
{
//从数据库检索Blog是否存在
var blog = blogApplication.FindById(blogId.Trim());
if (blog == null)
{
throw new Exception("用户回复:文章不正确");
}
//准备数据
var inputUser = new User
{
UserID = this.UserId,
Name = nickName,
Site = site,
EMail = email
};
Reply toReply = null;
Comment comment = null;
string toUserEmail = string.Empty;
string toUserNickName = string.Empty;
if (!string.IsNullOrWhiteSpace(replyId))//如果有针对回复的ID,则以回复ID为准
{
toReply = replyApplicaiton.Find(replyId);
if (toReply == null)
{
throw new Exception("用户回复:回复的信息不正确");
}
if (toReply.UserId == this.UserId)
{
throw new Exception("用户不允许回复自己的评论");
}
toUserEmail = toReply.User.EMail;
toUserNickName = toReply.User.Name;
}
else //否则以评论ID为准
{
comment = commentApplication.Find(commentId);
if (comment == null)
{
throw new Exception("用户回复:回复的评论不正确");
}
if (comment.UserId == this.UserId)
{
throw new Exception("用户不允许回复自己的评论");
}
toUserEmail = comment.User.EMail;
toUserNickName = comment.User.Name;
}
User user = null;
string validateUserResultString = userApplication.CheckAndTrimInput(inputUser, out user);
if (validateUserResultString != null)
{
return ResponseResult(8, validateUserResultString);
}
blog.BComment++;
blogApplication.Update(blog);
//这里拿到的user是已经修剪处理好的user了
userApplication.Update(user);
Reply reply = new Reply
{
BlogId = blog.BlogId,
ReplyId = SaidCommon.GUID,
CommentId = toReply == null ? comment.CommentId : toReply.CommentId,
Context = context,
SourceContext = context,
Date = DateTime.Now,
UserId = user.UserID,
ReplyType = toReply == null ? 0 : 1,
ToReplyId = toReply == null ? null : toReply.ReplyId
};
replyApplicaiton.Add(reply);
if (!replyApplicaiton.Commit())
{
throw new Exception("用户回复:添加回复对象失败");
}
// 发送邮件
EmailCommon.SendReplyEmailAsync(toUserEmail, string.Format("Said - 您在文章《{0}》的评论中收到新的回复", blog.BTitle), context, toUserNickName, string.Format("{2}://{0}/blog/{1}.html?sgs=email-more#comment", Request.Url.Authority, blog.BlogId, Request.Url.Scheme), blog.BTitle, string.Format("{2}://{0}/blog/{1}.html?sgs=email-more#comment", Request.Url.Authority, blog.BlogId, Request.Url.Scheme));
return ResponseResult(new
{
king = this.AdminId != null,
cid = reply == null ? comment.CommentId : reply.CommentId,
rid = reply == null ? string.Empty : reply.ReplyId
});
}));
}
catch (Exception e)
{
logManager.Error("用户评论失败", e);
return(ResponseResult(3, "评论失败"));
}
}
public JsonResult Comment(string blogId, string nickName, string site, string email, string context)
{
//TODO 这里要防反复提交,刷评论,DDos攻击之类的
nickName = UrlCommon.Decode(nickName);
site = UrlCommon.Decode(site);
email = UrlCommon.Decode(email);
context = UrlCommon.Decode(context);
if (string.IsNullOrWhiteSpace(blogId))
{
return(ResponseResult(1, "用户评论:文章不正确"));
}
//验证输入的文本
string validateContextResultString = commentApplication.CheckContext(context);
if (validateContextResultString != null)
{
return(ResponseResult(1, validateContextResultString));
}
//事务需要对源进行监听,这里从数据库中获取了Blog,需要让事务监听到
try
{
return(SaidCommon.Transaction(() =>
{
//从数据库检索Blog是否存在
var blog = blogApplication.FindById(blogId.Trim());
if (blog == null)
{
throw new Exception("用户评论:文章不正确");
}
//准备数据
var inputUser = new User
{
UserID = this.UserId,
Name = nickName,
Site = site,
EMail = email,
//有可能当前用户本来是普通用户,但是管理员新开了页面登录了后台,这样角色的身份就不一样了,这里需要同步把用户角色,并且把用户key同步过去
Rule = this.AdminId != null ? 1 : 0,
SecretKey = this.AdminId
};
User user = null;
string validateUserResultString = userApplication.CheckAndTrimInput(inputUser, out user);
if (validateUserResultString != null)
{
return ResponseResult(8, validateUserResultString);
}
blog.BComment++;
blogApplication.Update(blog);
//这里拿到的user是已经修剪处理好的user了
userApplication.Update(user);
Comment comment = new Comment
{
BlogId = blog.BlogId,
CommentId = SaidCommon.GUID,
Date = DateTime.Now,
SourceContext = context,
Context = context,
UserId = user.UserID
};
commentApplication.Add(comment);
if (!commentApplication.Commit())
{
throw new Exception("用户评论:评论失败");
}
// 发送邮件
EmailCommon.SendReplyEmailAsync("*****@*****.**", string.Format("Said - 用户评论了文章《{0}》", blog.BTitle), context, "linkFly", string.Format("{2}://{0}/blog/{1}.html?sgs=email-more#comment", Request.Url.Authority, blog.BlogId, Request.Url.Scheme), blog.BTitle, string.Format("{2}://{0}/blog/{1}.html?sgs=email-more#comment", Request.Url.Authority, blog.BlogId, Request.Url.Scheme));
return ResponseResult(new { king = this.AdminId != null, id = comment.CommentId });
}));
}
catch (Exception e)
{
logManager.Error(e);
return(ResponseResult(1, "评论失败"));
}
}
public ActionResult ShowQRCode(string param)
{
tb_User user = Session["User"] as tb_User;
ViewBag.User = Session["User"] as tb_User;
string msg;
if (param != null && param != "")
{
param = SeatManage.SeatManageComm.AESAlgorithm.AESDecrypt(param.Replace(" ", "+"));
}
try
{
string path = Server.MapPath("~/QRCodeImages/" + user.SchoolNo + "_" + user.CardNo + ".jpg");
if (!System.IO.File.Exists(path))
{
string schoolNo = user.SchoolNo;
string cardno = user.CardNo;
string AESCode = string.Format("schoolNo={0}&cardNo={1}", schoolNo, cardno);
AESCode = AESAlgorithm.AESEncrypt(AESCode, "SeatManage_WeiCharCode");
AESCode = AESCode.Replace("+", "%2B");
Bitmap bitmap = QRCode.GetDimensionalCode(AESCode, 6, 8);
bitmap.Save(path, System.Drawing.Imaging.ImageFormat.Jpeg);
bitmap.Dispose();
}
ViewBag.QRCodeImage = "/seatwx/QRCodeImages/" + user.SchoolNo + "_" + user.CardNo + ".jpg";
}
catch (Exception ex)
{
SeatManage.SeatManageComm.WriteLog.Write(ex.ToString());
}
if (param != null && param != "")
{
NameValueCollection paramlist = UrlCommon.GetQueryString(param);
//schoolNo=2014101603&clientNo=201410160302&codeTime=2016-02-23 11:20:15
DateTime CodeTime = Convert.ToDateTime(paramlist["codeTime"].ToString());
string SchoolNo = paramlist["schoolNo"].ToString();
if (CodeTime > DateTime.Now.AddMinutes(-5))
{
AppWebService.BasicAPI.GetUserNowState(ViewBag.User.SchoolNo, ViewBag.User.StudentNo, true, out msg);
ViewBag.UserNowState = JSONSerializer.Deserialize <J_GetUserNowState>(msg);
//return Content("1 " + CodeTime.ToString("yyyy-MM-dd HH:mm:ss") + " " + DateTime.Now.AddMinutes(-5).ToString("yyyy-MM-dd HH:mm:ss"));
return(View());
}
else
{
AppWebService.BasicAPI.GetUserNowState(ViewBag.User.SchoolNo, ViewBag.User.StudentNo, false, out msg);
ViewBag.UserNowState = JSONSerializer.Deserialize <J_GetUserNowState>(msg);
//return Content("2 " + CodeTime.ToString("yyyy-MM-dd HH:mm:ss") + " " + DateTime.Now.AddMinutes(-5).ToString("yyyy-MM-dd HH:mm:ss"));
return(View());
}
}
else
{
AppWebService.BasicAPI.GetUserNowState(ViewBag.User.SchoolNo, ViewBag.User.StudentNo, false, out msg);
ViewBag.UserNowState = JSONSerializer.Deserialize <J_GetUserNowState>(msg);
return(View());
}
}
