public JsonResult AddBanner(Banner model) { if (model == null) { return(ResponseResult(1, "参数不正确")); } model = model.DecodeModel() as Banner; string errorMsg = bannerApplication.ValidateAndCorrectSubmit(model, imageApplication); if (!string.IsNullOrEmpty(errorMsg)) { return(ResponseResult(1, errorMsg)); } model.HTML = UrlCommon.Decode(model.HTML); model.BannerId = SaidCommon.GUID; model.Date = DateTime.Now; bannerApplication.Add(model); imageApplication.AddReferenceCount(model.ImageId); if (bannerApplication.Commit()) { return(ResponseResult(model)); } else { return(ResponseResult(6, "添加到数据库异常")); } }
public ActionResult MySeat(string param) { ViewBag.User = Session["User"] as tb_User; string msg; if (param != null && param != "") { param = SeatManage.SeatManageComm.AESAlgorithm.AESDecrypt(param.Replace(" ", "+")); } string besappsekLog; List <J_GetBesapsekLog> list = new List <J_GetBesapsekLog>(); AppWebService.BasicAPI.GetBesapsekLog(ViewBag.User.SchoolNo, ViewBag.User.StudentNo, 0, 100, out besappsekLog); //SeatManage.SeatManageComm.WriteLog.Write("33"); //SeatManage.SeatManageComm.WriteLog.Write("ViewBag.User.SchoolNo:"+ ViewBag.User.SchoolNo+ "ViewBag.User.StudentNo:"+ ViewBag.User.StudentNo+ "besappsekLog:"+besappsekLog); foreach (J_GetBesapsekLog item in JSONSerializer.JSONStringToList <J_GetBesapsekLog>(besappsekLog)) { if (item.IsValid) { list.Add(item); } } ViewBag.List = list; ViewBag.Count = list.Count; if (param != null && param != "") { SeatManage.SeatManageComm.WriteLog.Write("44"); NameValueCollection paramlist = UrlCommon.GetQueryString(param); //schoolNo=2014101603&clientNo=201410160302&codeTime=2016-02-23 11:20:15 DateTime CodeTime = Convert.ToDateTime(paramlist["codeTime"].ToString()); string SchoolNo = paramlist["schoolNo"].ToString(); if (CodeTime > DateTime.Now.AddMinutes(-5)) { SeatManage.SeatManageComm.WriteLog.Write("1"); AppWebService.BasicAPI.GetUserNowState(ViewBag.User.SchoolNo, ViewBag.User.StudentNo, true, out msg); SeatManage.SeatManageComm.WriteLog.Write(msg); ViewBag.UserNowState = JSONSerializer.Deserialize <J_GetUserNowState>(msg); //return Content("1 " + CodeTime.ToString("yyyy-MM-dd HH:mm:ss") + " " + DateTime.Now.AddMinutes(-5).ToString("yyyy-MM-dd HH:mm:ss")); return(View()); } else { SeatManage.SeatManageComm.WriteLog.Write("2"); AppWebService.BasicAPI.GetUserNowState(ViewBag.User.SchoolNo, ViewBag.User.StudentNo, false, out msg); SeatManage.SeatManageComm.WriteLog.Write(msg); ViewBag.UserNowState = JSONSerializer.Deserialize <J_GetUserNowState>(msg); //return Content("2 " + CodeTime.ToString("yyyy-MM-dd HH:mm:ss") + " " + DateTime.Now.AddMinutes(-5).ToString("yyyy-MM-dd HH:mm:ss")); return(View()); } } else { AppWebService.BasicAPI.GetUserNowState(ViewBag.User.SchoolNo, ViewBag.User.StudentNo, false, out msg); // SeatManage.SeatManageComm.WriteLog.Write("msg:" + msg); ViewBag.UserNowState = JSONSerializer.Deserialize <J_GetUserNowState>(msg); return(View()); } }
/// <summary> /// 检测用户站点是否正确(注意,站点允许为空)(要求value不为null) /// </summary> /// <param name="value"></param> /// <returns></returns> public static string CheckSite(string value) { if (value.Trim().Length > 60 || !UrlCommon.CheckUri(value)) { return("用户站点不正确,不允许携带参数和超过60个字符"); } return(null); }
/// <summary> /// 轮播图 /// </summary> public IActionResult Slideshow() { var gateway = Config.OtherService.Gateway; var data = pageMngService.GetNavigationImgPlays(gateway); data.UploadUrl = UrlCommon.CreateUrlPath(gateway, Config.OtherService.Api.Upload.Url); return(View(data)); }
public IActionResult SlideshowSave(ImgPlayDto input) { if (!ModelState.IsValid) { return(ShowError(GetModelError(ModelState))); } input.ImgUrl = UrlCommon.GetUrlPath(Config.OtherService.Gateway, input.ImgUrl); var res = pageMngService.SaveNavigationImgPlays(input); return(new JsonResult(res)); }
public virtual async Task <IActionResult> Upload([FromServices] IHostingEnvironment env) { UploadFileModel upload = new UploadFileModel(); var files = Request.Form.Files; if (files.Count > 0) { var file = files[0]; string md5code = string.Empty; using (var inputStream = file.OpenReadStream()) { using (var md5 = System.Security.Cryptography.MD5.Create()) { byte[] retVal = md5.ComputeHash(inputStream); StringBuilder md5sb = new StringBuilder(); for (int i = 0; i < retVal.Length; i++) { md5sb.Append(retVal[i].ToString("x2")); } md5code = md5sb.ToString(); } } // 文件名完整路径 upload.extension = Path.GetExtension(file.FileName); upload.fileName = md5code + upload.extension; var path = string.Format(@"\images\Upload\{0}\{1}", DateTime.Today.Year.ToString(), DateTime.Today.Month.ToString().PadLeft(2, '0')); upload.path = string.Format(@"{0}\{1}", path, upload.fileName); upload.fullPath = UrlCommon.CreateUrlPath(Request.GetSiteUri(), upload.path); var savedFilePath = env.WebRootPath + path; if (!Directory.Exists(savedFilePath)) { Directory.CreateDirectory(savedFilePath); } var fullFileNamePath = Path.Combine(savedFilePath, upload.fileName); if (!System.IO.File.Exists(fullFileNamePath)) { try { using (var fileStream = new FileStream(fullFileNamePath, FileMode.Create)) { await file.CopyToAsync(fileStream); } } catch (Exception ex) { } } return(new JsonResult(VRequestInfo.SuccessResult("上传成功", upload))); } return(new JsonResult(VRequestInfo.ErrorResult("上传失败"))); }
public ActionResult Cl(string url, string referrer = null) { //收集统计信息 string key = Request[SaidRecordCommon.KEY]; //修正 if (string.IsNullOrWhiteSpace(key)) { key = string.Empty; } //请求来源 Uri urlReferrer = null; //请求的url Uri requestUrl = null; //检测并修正来源 if (string.IsNullOrWhiteSpace(referrer) || !Uri.TryCreate(referrer, UriKind.RelativeOrAbsolute, out urlReferrer)) { urlReferrer = Request.UrlReferrer; } try { //检测请求的url是否合法 if (!Uri.TryCreate(url, UriKind.RelativeOrAbsolute, out requestUrl)) { SaidRecordCommon.AddFail(key, url, urlReferrer == null ? null : urlReferrer.OriginalString); return(Redirect(url)); } url = UrlCommon.ResolveHTTPUri(url); //修正uri //检测通过 if (urlReferrer == null) { SaidRecordCommon.Add(key, url); } else { SaidRecordCommon.Add(key, url, urlReferrer); } } catch (Exception e) { logManager.Error(string.Format("跳转Error{0}【请求url】{1}", Environment.NewLine, url), e); } return(Redirect(url)); }
public ActionResult Index(string msg) { msg = AESAlgorithm.AESDecrypt(msg.Replace(" ", "+"));//解密参数 //string path = Server.MapPath("/App_Data/" + Guid.NewGuid().ToString() + ".txt");//将参数写入文件 //StreamWriter sw = new StreamWriter(path); //sw.Write(msg.Replace("&", "\r\n"));//TextBox2中的文本是可以编辑后的。 //sw.Close(); //sw.Dispose(); NameValueCollection param = UrlCommon.GetQueryString(msg);//获取参数 string SchoolNum = param["SchoolNum"].ToString(); string StudentNo = param["StudentNo"].ToString(); tb_User user = DbSession.Default.From <tb_User>().Where(tb_User._.SchoolNo == SchoolNum && tb_User._.StudentNo == StudentNo).ToFirst(); string MsgType = param["MsgType"].ToString(); switch (MsgType) { case "UserOperation": var UserOperation = new UserOperation() { first = new TemplateDataItem(user.Name + " 您好"), keyword1 = new TemplateDataItem(param["Room"].ToString()), keyword2 = new TemplateDataItem(param["SeatNo"].ToString()), keyword3 = new TemplateDataItem(param["AddTime"].ToString()), remark = new TemplateDataItem(param["Msg"].ToString()) }; TemplateApi.SendTemplateMessage(WeiXinApi.GetToken(), user.OpenId, "At7HOxsJ5CW81OV81hipLglDV21O46UVU9Gm_nToXGQ", "#7B68EE", GetAppSettings.SysURL + "/User/SeatState", UserOperation); break; default: var UserOperation1 = new UserOperation() { first = new TemplateDataItem(user.Name + " 您好"), keyword1 = new TemplateDataItem(param["Room"].ToString()), keyword2 = new TemplateDataItem(param["SeatNo"].ToString()), keyword3 = new TemplateDataItem(param["AddTime"].ToString()), remark = new TemplateDataItem(param["Msg"].ToString()) }; TemplateApi.SendTemplateMessage(WeiXinApi.GetToken(), user.OpenId, "At7HOxsJ5CW81OV81hipLglDV21O46UVU9Gm_nToXGQ", "#7B68EE", GetAppSettings.SysURL + "/User/SeatState", UserOperation1); break; } return(Content("0")); }
public JsonResult Edit(Blog newModel) { newModel = UrlCommon.DecodeModel(newModel); if (string.IsNullOrWhiteSpace(newModel.BlogId)) { return(ResponseResult(-1, "要编辑的文章ID不正确(无法获取)")); } var model = blogApplication.FindById(newModel.BlogId); IList <Tag> tags = null; if (!string.IsNullOrWhiteSpace(Request["Tags"])) { //反序列化tag tags = JavaScriptCommon.DeSerialize <IList <Tag> >(UrlCommon.Decode(Request["Tags"])); } else { return(ResponseResult(1, new { msg = "标签不允许为空" })); } //TODO 应该先对两个blog进行修改,如果发现是一样的就不修改blog了 string validateResult = blogApplication.ValidateAndCorrectSubmit(newModel, classifyApplication); if (validateResult == null) { return(SaidCommon.Transaction(() => { blogApplication.EditBlog(newModel, model, tags, tagApplication, blogTagsApplication); if (blogTagsApplication.Commit()) { // 清理 cache,因为前台读取的时候引用了 cache if (CacheHelper.GetCache(model.BlogId) != null) { CacheHelper.RemoveAllCache(model.BlogId); } return ResponseResult(new { id = newModel.BlogId }); } return ResponseResult(2, "修改Blog失败"); })); } else { return(ResponseResult(1, new { msg = validateResult })); } }
public JsonResult AddBlog(Blog model) { //if (string.IsNullOrWhiteSpace(model.ClassifyId)) // return ResponseResult(1, "没有填写分类信息"); //修正编码数据 model = UrlCommon.DecodeModel(model); IList <Tag> tags = null; if (!String.IsNullOrWhiteSpace(Request["Tags"])) { //反序列化tag tags = JavaScriptCommon.DeSerialize <IList <Tag> >(UrlCommon.Decode(Request["Tags"])); } else { return(ResponseResult(1, new { msg = "标签不允许为空" })); } string validateResult = blogApplication.ValidateAndCorrectSubmit(model, classifyApplication); if (validateResult == null) { return(SaidCommon.Transaction(() => { blogApplication.AddBlog(model, tags, blogTagsApplication, tagApplication); if (blogApplication.Commit()) { return ResponseResult(new { id = model.BlogId }); } return ResponseResult(2); })); } else { return(ResponseResult(1, new { msg = validateResult })); } }
/// <summary> /// 验证昵称、站点、和Email是否正确 /// </summary> ///<param name="user">包含userId的用户信息</param> ///<param name="databaseUser">从数据库中查阅出来,经过修剪处理后的用户信息,如果验证通过,则它是有数据的</param> /// <returns>没有错误信息则返回null,否则返回错误信息</returns> public string CheckAndTrimInput(User user, out User databaseUser) { databaseUser = null; string validateResult = null; if (!string.IsNullOrWhiteSpace(user.Name)) { validateResult = CheckNickName(user.Name); if (validateResult != null) { return(validateResult); } user.Name = user.Name.Trim(); } else { user.Name = null;//标记这次没有数据 } if (!string.IsNullOrWhiteSpace(user.Site)) { validateResult = CheckSite(user.Site); if (validateResult != null) { return(validateResult); } user.Site = UrlCommon.ResolveHTTPUri(user.Site.Trim());//将URL修正 } else { user.Site = null; } if (!string.IsNullOrWhiteSpace(user.EMail)) { validateResult = CheckEmail(user.EMail); if (validateResult != null) { return(validateResult); } user.EMail = user.EMail.Trim(); } else { user.EMail = null; } databaseUser = base.FindById(user.UserID); if (databaseUser == null) { return("没有找到当前用户信息"); } /** * 当数据库的用户信息没有数据,而这次验证的用户也没有用户数据,则判定当前用户验证失败 * 如果数据库有数据,而这次验证的数据没有数据,则不会影响到数据库的数据,所以判定为验证通过 **/ if (string.IsNullOrEmpty(databaseUser.Name) && user.Name == null) { return("用户昵称不允许为空"); } if (string.IsNullOrEmpty(databaseUser.EMail) && user.EMail == null)//这里只需要判断是不是为null即可,因为前面已经修剪了数据 { return("用户邮箱不允许为空"); } //哪个信息有变动,就修改哪个信息,否则采用数据库中默认的信息 if (user.Name != null && databaseUser.Name != user.Name) { databaseUser.Name = user.Name; } //if (user.Site != null && databaseUser.Site != user.Site) databaseUser.Site = user.Site == null ? string.Empty : user.Site;//用户站点可以被更新,不能被空的逻辑给占用了,这样会让用户觉得自己修改不了自己的站点 if (user.EMail != null && databaseUser.EMail != user.EMail) { databaseUser.EMail = user.EMail; } //用户角色改变 if (user.Rule != databaseUser.Rule) { databaseUser.Rule = user.Rule; if (user.SecretKey != null) { databaseUser.SecretKey = user.SecretKey; } } return(validateResult); }
public JsonResult Reply(string blogId, string commentId, string replyId, string nickName, string site, string email, string context) { //TODO 这里要防反复提交,刷评论,DDos攻击之类的 nickName = UrlCommon.Decode(nickName); site = UrlCommon.Decode(site); email = UrlCommon.Decode(email); context = UrlCommon.Decode(context); if (string.IsNullOrWhiteSpace(blogId)) { return(ResponseResult(1, "文章不正确")); } if (string.IsNullOrWhiteSpace(commentId) && string.IsNullOrWhiteSpace(replyId)) { return(ResponseResult(1, "要回复的评论不正确")); } //验证输入的文本 string validateContextResultString = commentApplication.CheckContext(context); if (validateContextResultString != null) { return(ResponseResult(1, validateContextResultString)); } //事务需要对源进行监听,这里从数据库中获取了Blog,需要让事务监听到 try { return(SaidCommon.Transaction(() => { //从数据库检索Blog是否存在 var blog = blogApplication.FindById(blogId.Trim()); if (blog == null) { throw new Exception("用户回复:文章不正确"); } //准备数据 var inputUser = new User { UserID = this.UserId, Name = nickName, Site = site, EMail = email }; Reply toReply = null; Comment comment = null; string toUserEmail = string.Empty; string toUserNickName = string.Empty; if (!string.IsNullOrWhiteSpace(replyId))//如果有针对回复的ID,则以回复ID为准 { toReply = replyApplicaiton.Find(replyId); if (toReply == null) { throw new Exception("用户回复:回复的信息不正确"); } if (toReply.UserId == this.UserId) { throw new Exception("用户不允许回复自己的评论"); } toUserEmail = toReply.User.EMail; toUserNickName = toReply.User.Name; } else //否则以评论ID为准 { comment = commentApplication.Find(commentId); if (comment == null) { throw new Exception("用户回复:回复的评论不正确"); } if (comment.UserId == this.UserId) { throw new Exception("用户不允许回复自己的评论"); } toUserEmail = comment.User.EMail; toUserNickName = comment.User.Name; } User user = null; string validateUserResultString = userApplication.CheckAndTrimInput(inputUser, out user); if (validateUserResultString != null) { return ResponseResult(8, validateUserResultString); } blog.BComment++; blogApplication.Update(blog); //这里拿到的user是已经修剪处理好的user了 userApplication.Update(user); Reply reply = new Reply { BlogId = blog.BlogId, ReplyId = SaidCommon.GUID, CommentId = toReply == null ? comment.CommentId : toReply.CommentId, Context = context, SourceContext = context, Date = DateTime.Now, UserId = user.UserID, ReplyType = toReply == null ? 0 : 1, ToReplyId = toReply == null ? null : toReply.ReplyId }; replyApplicaiton.Add(reply); if (!replyApplicaiton.Commit()) { throw new Exception("用户回复:添加回复对象失败"); } // 发送邮件 EmailCommon.SendReplyEmailAsync(toUserEmail, string.Format("Said - 您在文章《{0}》的评论中收到新的回复", blog.BTitle), context, toUserNickName, string.Format("{2}://{0}/blog/{1}.html?sgs=email-more#comment", Request.Url.Authority, blog.BlogId, Request.Url.Scheme), blog.BTitle, string.Format("{2}://{0}/blog/{1}.html?sgs=email-more#comment", Request.Url.Authority, blog.BlogId, Request.Url.Scheme)); return ResponseResult(new { king = this.AdminId != null, cid = reply == null ? comment.CommentId : reply.CommentId, rid = reply == null ? string.Empty : reply.ReplyId }); })); } catch (Exception e) { logManager.Error("用户评论失败", e); return(ResponseResult(3, "评论失败")); } }
public JsonResult Comment(string blogId, string nickName, string site, string email, string context) { //TODO 这里要防反复提交,刷评论,DDos攻击之类的 nickName = UrlCommon.Decode(nickName); site = UrlCommon.Decode(site); email = UrlCommon.Decode(email); context = UrlCommon.Decode(context); if (string.IsNullOrWhiteSpace(blogId)) { return(ResponseResult(1, "用户评论:文章不正确")); } //验证输入的文本 string validateContextResultString = commentApplication.CheckContext(context); if (validateContextResultString != null) { return(ResponseResult(1, validateContextResultString)); } //事务需要对源进行监听,这里从数据库中获取了Blog,需要让事务监听到 try { return(SaidCommon.Transaction(() => { //从数据库检索Blog是否存在 var blog = blogApplication.FindById(blogId.Trim()); if (blog == null) { throw new Exception("用户评论:文章不正确"); } //准备数据 var inputUser = new User { UserID = this.UserId, Name = nickName, Site = site, EMail = email, //有可能当前用户本来是普通用户,但是管理员新开了页面登录了后台,这样角色的身份就不一样了,这里需要同步把用户角色,并且把用户key同步过去 Rule = this.AdminId != null ? 1 : 0, SecretKey = this.AdminId }; User user = null; string validateUserResultString = userApplication.CheckAndTrimInput(inputUser, out user); if (validateUserResultString != null) { return ResponseResult(8, validateUserResultString); } blog.BComment++; blogApplication.Update(blog); //这里拿到的user是已经修剪处理好的user了 userApplication.Update(user); Comment comment = new Comment { BlogId = blog.BlogId, CommentId = SaidCommon.GUID, Date = DateTime.Now, SourceContext = context, Context = context, UserId = user.UserID }; commentApplication.Add(comment); if (!commentApplication.Commit()) { throw new Exception("用户评论:评论失败"); } // 发送邮件 EmailCommon.SendReplyEmailAsync("*****@*****.**", string.Format("Said - 用户评论了文章《{0}》", blog.BTitle), context, "linkFly", string.Format("{2}://{0}/blog/{1}.html?sgs=email-more#comment", Request.Url.Authority, blog.BlogId, Request.Url.Scheme), blog.BTitle, string.Format("{2}://{0}/blog/{1}.html?sgs=email-more#comment", Request.Url.Authority, blog.BlogId, Request.Url.Scheme)); return ResponseResult(new { king = this.AdminId != null, id = comment.CommentId }); })); } catch (Exception e) { logManager.Error(e); return(ResponseResult(1, "评论失败")); } }
public ActionResult ShowQRCode(string param) { tb_User user = Session["User"] as tb_User; ViewBag.User = Session["User"] as tb_User; string msg; if (param != null && param != "") { param = SeatManage.SeatManageComm.AESAlgorithm.AESDecrypt(param.Replace(" ", "+")); } try { string path = Server.MapPath("~/QRCodeImages/" + user.SchoolNo + "_" + user.CardNo + ".jpg"); if (!System.IO.File.Exists(path)) { string schoolNo = user.SchoolNo; string cardno = user.CardNo; string AESCode = string.Format("schoolNo={0}&cardNo={1}", schoolNo, cardno); AESCode = AESAlgorithm.AESEncrypt(AESCode, "SeatManage_WeiCharCode"); AESCode = AESCode.Replace("+", "%2B"); Bitmap bitmap = QRCode.GetDimensionalCode(AESCode, 6, 8); bitmap.Save(path, System.Drawing.Imaging.ImageFormat.Jpeg); bitmap.Dispose(); } ViewBag.QRCodeImage = "/seatwx/QRCodeImages/" + user.SchoolNo + "_" + user.CardNo + ".jpg"; } catch (Exception ex) { SeatManage.SeatManageComm.WriteLog.Write(ex.ToString()); } if (param != null && param != "") { NameValueCollection paramlist = UrlCommon.GetQueryString(param); //schoolNo=2014101603&clientNo=201410160302&codeTime=2016-02-23 11:20:15 DateTime CodeTime = Convert.ToDateTime(paramlist["codeTime"].ToString()); string SchoolNo = paramlist["schoolNo"].ToString(); if (CodeTime > DateTime.Now.AddMinutes(-5)) { AppWebService.BasicAPI.GetUserNowState(ViewBag.User.SchoolNo, ViewBag.User.StudentNo, true, out msg); ViewBag.UserNowState = JSONSerializer.Deserialize <J_GetUserNowState>(msg); //return Content("1 " + CodeTime.ToString("yyyy-MM-dd HH:mm:ss") + " " + DateTime.Now.AddMinutes(-5).ToString("yyyy-MM-dd HH:mm:ss")); return(View()); } else { AppWebService.BasicAPI.GetUserNowState(ViewBag.User.SchoolNo, ViewBag.User.StudentNo, false, out msg); ViewBag.UserNowState = JSONSerializer.Deserialize <J_GetUserNowState>(msg); //return Content("2 " + CodeTime.ToString("yyyy-MM-dd HH:mm:ss") + " " + DateTime.Now.AddMinutes(-5).ToString("yyyy-MM-dd HH:mm:ss")); return(View()); } } else { AppWebService.BasicAPI.GetUserNowState(ViewBag.User.SchoolNo, ViewBag.User.StudentNo, false, out msg); ViewBag.UserNowState = JSONSerializer.Deserialize <J_GetUserNowState>(msg); return(View()); } }