public ActionResult _ChangeWebSite(WebSiteViewModel model) { #region 访问权限 var user = (Maticsoft.Model.User_Info)ViewBag.curentUser; var curentUser = _iuserService.getUserByID(user.Id); var ManagePermission = curentUser.UserGroup.ManagePermission; List <string> managePermissionstr = new List <string>(ManagePermission.Split(',')); var managePermission = managePermissionstr.Select(x => Convert.ToInt32(x)).ToList(); if (curentUser.UserGroupID != 1) { if (!managePermission.Contains((int)SortEnum.sortClass.webSet)) { return(Json("error", JsonRequestBehavior.AllowGet)); } } #endregion try { UntilMethod.writeAppSettingValue("lockLogin", model.lockLogin.ToString()); UntilMethod.writeAppSettingValue("OpenSSl", model.OpenSSl.ToString()); UntilMethod.writeAppSettingValue("overdueHoru", model.overdueHoru.ToString()); UntilMethod.writeAppSettingValue("passWordLength", model.passWordLength.ToString()); UntilMethod.writeAppSettingValue("verificationCode", model.verificationCode.ToString()); UntilMethod.writeAppSettingValue("lcokTimeLenth", model.lcokTimeLenth.ToString()); return(Json("success", JsonRequestBehavior.AllowGet)); } catch (Exception ex) { return(Json("error", JsonRequestBehavior.AllowGet)); } }
/// <summary> /// 站点设置 /// </summary> /// <returns></returns> public ActionResult webSiteSet() { #region 访问权限 var user = (Maticsoft.Model.User_Info)ViewBag.curentUser; var curentUser = _iuserService.getUserByID(user.Id); var ManagePermission = curentUser.UserGroup.ManagePermission; List <string> managePermissionstr = new List <string>(ManagePermission.Split(',')); var managePermission = managePermissionstr.Select(x => Convert.ToInt32(x)).ToList(); if (curentUser.UserGroupID != 1) { if (!managePermission.Contains((int)SortEnum.sortClass.webSet)) { return(new RedirectResult("/Home/deny")); } } #endregion //UntilMethod.getAppSettingValue("indexPicAddress"); var model = new WebSiteViewModel(); model.lockLogin = int.Parse(UntilMethod.getAppSettingValue("lockLogin")); model.OpenSSl = Convert.ToBoolean(UntilMethod.getAppSettingValue("OpenSSl")); model.overdueHoru = int.Parse(UntilMethod.getAppSettingValue("overdueHoru")); model.passWordLength = int.Parse(UntilMethod.getAppSettingValue("passWordLength")); model.verificationCode = Convert.ToBoolean(UntilMethod.getAppSettingValue("verificationCode")); model.lcokTimeLenth = int.Parse(UntilMethod.getAppSettingValue("lcokTimeLenth")); return(View(model)); }
public ActionResult _SetPassWord() { var user = (Maticsoft.Model.User_Info)ViewBag.curentUser; var curentUser = _iuserService.getUserByID(user.Id); var length = int.Parse(UntilMethod.getAppSettingValue("passWordLength").ToString()); try { var oldPwd = Request["oldPwd"].ToString().Trim(); var newPwd = Request["NewPwd"].ToString().Trim(); var udictionary = TempData["uToken"]; #region 验证新密码规则 var regex = new Regex(@"(?=.*[0-9])(?=.*[a-zA-Z])(?=([\x21-\x7e]+)[^a-zA-Z0-9]).{" + length + ",15}", RegexOptions.Multiline | RegexOptions.IgnorePatternWhitespace); if (regex.IsMatch(newPwd)) { #region 数据安全性校验 var utoken = Request["token"].ToString(); if (udictionary.ToString() != utoken) { return(Json(new { state = "error", mes = "非法操作!" })); } #endregion #region 原密码验证 if (curentUser.UserPassword == UntilMethod.Md5Encrypt(oldPwd)) { curentUser.UserPassword = UntilMethod.Md5Encrypt(newPwd); curentUser.passWordTime = DateTime.Now; _iuserService.UpdateUser(curentUser); return(Json(new { state = "success" })); } else { return(Json(new { state = "error", mes = "与原密码不匹配" })); } #endregion } else { return(Json(new { state = "error", mes = "密码格式不符,请输入" + length + "-15位,并含有数字字母和特殊字符" })); } #endregion } catch (Exception ex) { return(Json(new { state = "error", mes = "发生错误" })); } }
public ActionResult _ChangePassword() { var length = int.Parse(UntilMethod.getAppSettingValue("passWordLength").ToString()); try { var oldPwd = Request["oldPwd"].ToString().Trim(); var newPwd = Request["NewPwd"].ToString().Trim(); var udictionary = TempData["uNameToken"] as Dictionary <string, string>; var uID = ""; #region 验证新密码规则 var regex = new Regex(@"(?=.*[0-9])(?=.*[a-zA-Z])(?=([\x21-\x7e]+)[^a-zA-Z0-9]).{" + length + ",15}", RegexOptions.Multiline | RegexOptions.IgnorePatternWhitespace); if (regex.IsMatch(newPwd)) { #region 数据安全性校验 var utoken = Request["token"].ToString(); if (!udictionary.ContainsKey(utoken)) { return(Json(new { state = "error", mes = "非法操作!" })); } #endregion uID = udictionary[utoken]; var curentUser = _iuserService.GetUserByName(uID); #region 原密码验证 if (curentUser.UserPassword == UntilMethod.Md5Encrypt(oldPwd)) { curentUser.UserPassword = UntilMethod.Md5Encrypt(newPwd); curentUser.passWordTime = DateTime.Now; _iuserService.UpdateUser(curentUser); return(Json(new { state = "success" })); } else { TempData["uNameToken"] = udictionary; return(Json(new { state = "error", mes = "与原密码不匹配" })); } #endregion } else { TempData["uNameToken"] = udictionary; return(Json(new { state = "error", mes = "密码格式不符,请输入" + length + "-15位,并含有数字字母和特殊字符" })); } #endregion } catch (Exception ex) { return(Json(new { state = "error", mes = "发生错误" })); } }
public HCHttpsRequirementAttribute(SslRequirement sslRequirement) { if (Convert.ToBoolean(UntilMethod.getAppSettingValue("OpenSSl"))) { this.SslRequirement = SslRequirement.Yes; } else { this.SslRequirement = SslRequirement.NoMatter; } //this.SslRequirement = sslRequirement; }
/// <summary> /// /// </summary> /// <param name="file"></param> /// <param name="folderName"></param> /// <param name="fileName"></param> /// <returns></returns> public string picUpLoad(HttpPostedFileBase file, string folderName, string fileName, int width, int height) { var PicUrl = UntilMethod.appsetingValue("PicUrl"); #region 设置本地临时路径和允许允许上传的文件格式与大小 string fileTypes = "jpg,jpeg,png,bmp"; int maxSize = 4096000;//大小限制4M 和web.config中一致 #endregion #region 临时路径是否存在 var TempfolderPath = HttpRuntime.AppDomainAppPath.ToString() + "uploadTemp"; if (!Directory.Exists(TempfolderPath)) { fileRWhelper.CreateDirectory(TempfolderPath);//创建路径 } #endregion #region 裁剪并保存图片 string fileExt = Path.GetExtension(file.FileName).ToLower(); fileName = fileName + fileExt; string TempfilePath = TempfolderPath + "//" + fileName; if (width == 0 && height == 0) { Image image = Image.FromStream(file.InputStream); image.Save(TempfilePath); } else { GenerateThumbnailWarr(TempfilePath, width, height, file.InputStream); } #endregion #region 是否符合格式与大小 ArrayList fileTypeList = ArrayList.Adapter(fileTypes.Split(',')); if (file.InputStream == null || file.InputStream.Length > maxSize) { //大小限制 } if (string.IsNullOrEmpty(fileExt) || Array.IndexOf(fileTypes.Split(','), fileExt.Substring(1).ToLower()) == -1) { //格式限制 } #endregion #region 先将图片保存至程序所在目录 //string newFileName = Guid.NewGuid().ToString() + fileExt; //string TempfilePath = TempfolderPath + newFileName; //file.SaveAs(TempfilePath); #endregion #region 至图片服务器 string filesdir = "//" + folderName + "//"; String uploadUrl = PicUrl + "/Services/PicServices.aspx?PathDir=" + filesdir; String fileFormName = "file"; String contenttype = "image/jpeg"; string boundary = "----------" + DateTime.Now.Ticks.ToString("x"); HttpWebRequest webrequest = (HttpWebRequest)WebRequest.Create(uploadUrl); webrequest.ContentType = "multipart/form-data; boundary=" + boundary; webrequest.Method = "POST"; StringBuilder sb = new StringBuilder(); sb.Append("--"); sb.Append(boundary); sb.Append("\r\n"); sb.Append("Content-Disposition: form-data; name=\""); sb.Append(fileFormName); sb.Append("\"; filename=\""); sb.Append(Path.GetFileName(fileName)); sb.Append("\""); sb.Append("\r\n"); sb.Append("Content-Type: "); sb.Append(contenttype); sb.Append("\r\n"); sb.Append("\r\n"); string postHeader = sb.ToString(); byte[] postHeaderBytes = Encoding.UTF8.GetBytes(postHeader); byte[] boundaryBytes = Encoding.ASCII.GetBytes("\r\n--" + boundary + "\r\n"); FileStream fileStream = new FileStream(TempfilePath, FileMode.Open, FileAccess.Read, FileShare.ReadWrite); long length = postHeaderBytes.Length + fileStream.Length + boundaryBytes.Length; webrequest.ContentLength = length; Stream requestStream = webrequest.GetRequestStream(); requestStream.Write(postHeaderBytes, 0, postHeaderBytes.Length); byte[] buffer = new Byte[(int)fileStream.Length]; int bytesRead = 0; while ((bytesRead = fileStream.Read(buffer, 0, buffer.Length)) != 0) { requestStream.Write(buffer, 0, bytesRead); } requestStream.Write(boundaryBytes, 0, boundaryBytes.Length); requestStream.Close(); fileStream.Close(); fileStream.Dispose(); Thread.Sleep(1000); string fileUrl = PicUrl + filesdir + fileName; #endregion #region 除临时文件 FileInfo info = new FileInfo(TempfilePath); info.Delete(); #endregion fileUrl = fileUrl.Replace(PicUrl, ""); return(fileUrl); }
public ActionResult AddUser(CxUser model) { #region 访问权限 var user1 = (Maticsoft.Model.User_Info)ViewBag.curentUser; var curentUser = _iuserService.getUserByID(user1.Id); var ManagePermission = curentUser.UserGroup.ManagePermission; List <string> managePermissionstr = new List <string>(ManagePermission.Split(',')); var managePermission = managePermissionstr.Select(x => Convert.ToInt32(x)).ToList(); if (!managePermission.Contains((int)SortEnum.sortClass.userManage)) { return(new RedirectResult("/Home/deny")); //return Json(new { state = "Error", mes = "发生错误" }); } #endregion #region 安全校验 var unitiM = new UntilMethod(); var serverToken = TempData["addToken"].ToString(); var ClientToken = Request["addToken"] == null ? "" : Request["addToken"].ToString(); if (unitiM.DecryptDES(ClientToken, "jack") != serverToken) { TempData["addToken"] = serverToken; return(new RedirectResult("/Home/deny")); } #endregion #region 解密 model.UserName = unitiM.DecryptDES(model.UserName, "jack"); model.UserPassword = unitiM.DecryptDES(model.UserPassword, "jack"); #endregion var length = int.Parse(UntilMethod.getAppSettingValue("passWordLength").ToString()); #region 密码强度校验 var regex = new Regex(@"(?=.*[0-9])(?=.*[a-zA-Z])(?=([\x21-\x7e]+)[^a-zA-Z0-9]).{" + length + ",15}", RegexOptions.Multiline | RegexOptions.IgnorePatternWhitespace); if (!regex.IsMatch(model.UserPassword)) { return(Json(new { state = "Error", mes = "密码格式不符,请输入" + length + "-15位,并含有数字字母和特殊字符" })); } #endregion try { if (model.UserID > 0)//更新 { var user = _iuserService.getUserByID(model.UserID); user.UserPassword = UntilMethod.Md5Encrypt(model.UserPassword); user.RealName = model.RealName; user.UserGroupID = model.UserGroupID; user.passWordTime = DateTime.Now; user.Effective = model.Effective; _iuserService.UpdateUser(user); AddOpLog("用户修改,修改账户:" + user.UserName.ToString() + " 角色:" + user.UserGroup.GroupName); } else//新增 { #region 用户名重复校验 var CheckUser = getUser(model.UserName); if (CheckUser != null) { return(Json(new { state = "Error", mes = "用户名已存在" })); } #endregion #region 获取密码过期时常 var overdueTimeLenth = -int.Parse(UntilMethod.getAppSettingValue("overdueHoru").ToString()); #endregion model.isAdmin = true; model.UserPassword = UntilMethod.Md5Encrypt(model.UserPassword); //model.passWordTime = DateTime.Now; model.passWordTime = DateTime.Now.AddDays(overdueTimeLenth); _iuserService.AddUser(model); var addUserGroup = _iuserGroupService.GetByID(model.UserGroupID); AddOpLog("用户新增,新增账户:" + model.UserName.ToString() + " 角色:" + addUserGroup.GroupName); } return(Json(new { state = "OK", mes = "" })); } catch (Exception ex) { return(Json(new { state = "Error", mes = "发生错误" })); } }
private User_Info BoolSuccess(string uName, string pwd) { return(_iuser_InfoService.authentiUser(uName, UntilMethod.Md5Encrypt(pwd))); }
/// <summary> /// 跨站点调用 /// </summary> /// <param name="linqp"></param> public void getAuth(string linqp) { #region 联系passPort验证PassGUID的值(颁发的还是伪造的)根据令牌去获取凭证 并生成当前网站票据 HttpClient client = new HttpClient(); client.BaseAddress = new Uri(UntilMethod.appsetingValue("ssoAddress"));//http://localhost:21619 HttpResponseMessage response = client.GetAsync("/api/Token/" + linqp.ToString()).Result; if (response.IsSuccessStatusCode) { var result = response.Content.ReadAsStringAsync().Result;//存的是用户的id if (result != null)//通过passport认证 { #region json处理 var ss = JObject.Parse(result); var userID = ss["result"].ToString(); #endregion #region 如果该cookieGuid的值有效 则取返回来的result(当前用户的id) var customer = GetAuthenticatedCustomerFromUserID(int.Parse(userID)); _cachedCustomer = customer; #endregion #region 生成本地票据 var now = DateTime.UtcNow.ToLocalTime(); #region 获取当前会话sessionID 并存入ticket中 var currentSession_ID = _httpContext.Session.SessionID; #endregion #region 设置票据中的信息 var ticket = new FormsAuthenticationTicket( 1 /*version*/, customer.UserName, now, now.Add(_expirationTimeSpan), false,//持久化 string.Format("{0}:{1}", customer.Id.ToString(), currentSession_ID), //customer.Id.ToString(), FormsAuthentication.FormsCookiePath); var encryptedTicket = FormsAuthentication.Encrypt(ticket); #endregion #region 设置cookie过期时间 var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); cookie.HttpOnly = false; if (ticket.IsPersistent) { cookie.Expires = ticket.Expiration; } cookie.Path = FormsAuthentication.FormsCookiePath; if (FormsAuthentication.CookieDomain != null) { cookie.Domain = FormsAuthentication.CookieDomain; } //cookie.Domain = ".autobobo.com"; _httpContext.Response.Cookies.Add(cookie); #endregion #endregion } } #endregion }