Example #1
0
        protected override void OnAuthorization(AuthorizationContext filterContext)
        {
            //不能应用在子方法上
            if (filterContext.IsChildAction)
            {
                return;
            }

            //商城已经关闭
            if (WorkContext.ShopConfig.IsClosed == 1 && WorkContext.AdminGid == 1 && WorkContext.PageKey != "/account/login" && WorkContext.PageKey != "/account/logout")
            {
                filterContext.Result = PromptView(WorkContext.ShopConfig.CloseReason);
                return;
            }

            //当前时间为禁止访问时间
            if (ValidateHelper.BetweenPeriod(WorkContext.ShopConfig.BanAccessTime) && WorkContext.AdminGid == 1 && WorkContext.PageKey != "/account/login" && WorkContext.PageKey != "/account/logout")
            {
                filterContext.Result = PromptView("当前时间不能访问本商城");
                return;
            }

            //当用户ip在被禁止的ip列表时
            if (ValidateHelper.InIPList(WorkContext.IP, WorkContext.ShopConfig.BanAccessIP))
            {
                filterContext.Result = PromptView("您的IP被禁止访问本商城");
                return;
            }

            //当用户ip不在允许的ip列表时
            if (!string.IsNullOrEmpty(WorkContext.ShopConfig.AllowAccessIP) && !ValidateHelper.InIPList(WorkContext.IP, WorkContext.ShopConfig.AllowAccessIP))
            {
                filterContext.Result = PromptView("您的IP被禁止访问本商城");
                return;
            }

            //当用户IP被禁止时
            if (BannedIPs.CheckIP(WorkContext.IP))
            {
                filterContext.Result = PromptView("您的IP被禁止访问本商城");
                return;
            }

            //当用户等级是禁止访问等级时
            if (WorkContext.UserRid == 1)
            {
                filterContext.Result = PromptView("您的账号当前被锁定,不能访问");
                return;
            }

            //判断目前访问人数是否达到允许的最大人数
            if (WorkContext.OnlineUserCount > WorkContext.ShopConfig.MaxOnlineCount && WorkContext.AdminGid == 1 && (WorkContext.Controller != "account" && (WorkContext.Action != "login" || WorkContext.Action != "logout")))
            {
                filterContext.Result = PromptView("商城人数达到访问上限, 请稍等一会再访问!");
                return;
            }
        }
Example #2
0
        protected override void OnAuthorization(AuthorizationContext filterContext)
        {
            //不能应用在子方法上
            if (filterContext.IsChildAction)
            {
                return;
            }

            //系统已经关闭
            if (WorkContext.MallConfig.IsClosed == 1 && WorkContext.PageKey != "/account/login" && WorkContext.PageKey != "/account/logout")
            {
                filterContext.Result = PromptView(WorkContext.MallConfig.CloseReason);
                return;
            }

            //当前时间为禁止访问时间
            if (ValidateHelper.BetweenPeriod(WorkContext.MallConfig.BanAccessTime) && WorkContext.PageKey != "/account/login" && WorkContext.PageKey != "/account/logout")
            {
                filterContext.Result = PromptView("当前时间不能访问本系统");
                return;
            }

            //当用户ip在被禁止的ip列表时
            if (ValidateHelper.InIPList(WorkContext.IP, WorkContext.MallConfig.BanAccessIP))
            {
                filterContext.Result = PromptView("您的IP被禁止访问本系统");
                return;
            }

            //当用户ip不在允许的ip列表时
            if (!string.IsNullOrEmpty(WorkContext.MallConfig.AllowAccessIP) && !ValidateHelper.InIPList(WorkContext.IP, WorkContext.MallConfig.AllowAccessIP))
            {
                filterContext.Result = PromptView("您的IP被禁止访问本系统");
                return;
            }

            ////当用户IP被禁止时 (不使用此功能)
            //if (BannedIPs.CheckIP(WorkContext.IP))
            //{
            //    filterContext.Result = PromptView("您的IP被禁止访问本系统");
            //    return;
            //}

            //判断目前访问人数是否达到允许的最大人数
            if (WorkContext.OnlineUserCount > WorkContext.MallConfig.MaxOnlineCount && (WorkContext.Controller != "account" && (WorkContext.Action != "login" || WorkContext.Action != "logout")))
            {
                filterContext.Result = PromptView("系统人数达到访问上限, 请稍等一会再访问!");
                return;
            }

            //强行显示一下(测试)
            //filterContext.Result = PromptView("系统人数达到访问上限, 请稍等一会再访问!");
        }
Example #3
0
        protected override void OnAuthorization(AuthorizationContext filterContext)
        {
            //不能应用在子方法上
            if (filterContext.IsChildAction)
            {
                return;
            }

            //当用户ip不在允许的后台访问ip列表时
            if (!string.IsNullOrEmpty(WorkContext.ShopConfig.AdminAllowAccessIP) && !ValidateHelper.InIPList(WorkContext.IP, WorkContext.ShopConfig.AdminAllowAccessIP))
            {
                if (WorkContext.IsHttpAjax)
                {
                    filterContext.Result = AjaxResult("404", "您访问的网址不存在");
                }
                else
                {
                    filterContext.Result = new RedirectResult("/");
                }
                return;
            }

            //当用户IP被禁止时
            if (BannedIPs.CheckIP(WorkContext.IP))
            {
                if (WorkContext.IsHttpAjax)
                {
                    filterContext.Result = AjaxResult("404", "您访问的网址不存在");
                }
                else
                {
                    filterContext.Result = new RedirectResult("/");
                }
                return;
            }

            //当用户等级是禁止访问等级时
            if (WorkContext.UserRid == 1)
            {
                if (WorkContext.IsHttpAjax)
                {
                    filterContext.Result = AjaxResult("404", "您访问的网址不存在");
                }
                else
                {
                    filterContext.Result = new RedirectResult("/");
                }
                return;
            }

            //如果当前用户没有登录
            if (WorkContext.Uid < 1)
            {
                if (WorkContext.IsHttpAjax)
                {
                    filterContext.Result = AjaxResult("404", "您访问的网址不存在");
                }
                else
                {
                    filterContext.Result = new RedirectResult("/");
                }
                return;
            }

            //如果当前用户不是管理员
            if (WorkContext.AdminGid == 1)
            {
                if (WorkContext.IsHttpAjax)
                {
                    filterContext.Result = AjaxResult("404", "您访问的网址不存在");
                }
                else
                {
                    filterContext.Result = new RedirectResult("/");
                }
                return;
            }

            //判断当前用户是否有访问当前页面的权限
            if (WorkContext.Controller != "home" && !AdminGroups.CheckAuthority(WorkContext.AdminGid, WorkContext.Controller, WorkContext.PageKey))
            {
                if (WorkContext.IsHttpAjax)
                {
                    filterContext.Result = AjaxResult("nopermit", "您没有当前操作的权限");
                }
                else
                {
                    filterContext.Result = PromptView("您没有当前操作的权限!");
                }
                return;
            }
        }
Example #4
0
        private PartUserInfo partUserInfo     = null;                 //用户信息

        protected override void OnAuthorization(AuthorizationContext filterContext)
        {
            ip = WebHelper.GetIP();
            //当用户ip不在允许的后台访问ip列表时
            if (!string.IsNullOrEmpty(shopConfigInfo.AdminAllowAccessIP) && !ValidateHelper.InIPList(ip, shopConfigInfo.AdminAllowAccessIP))
            {
                filterContext.Result = HttpNotFound();
                return;
            }
            //当用户IP被禁止时
            if (BannedIPs.CheckIP(ip))
            {
                filterContext.Result = HttpNotFound();
                return;
            }

            //获得用户id
            int uid = ShopUtils.GetUidCookie();

            if (uid < 1)
            {
                uid = WebHelper.GetRequestInt("uid");
            }
            if (uid < 1)//当用户为游客时
            {
                //创建游客
                partUserInfo = Users.CreatePartGuest();
            }
            else//当用户为会员时
            {
                //获得保存在cookie中的密码
                string encryptPwd = ShopUtils.GetCookiePassword();
                if (string.IsNullOrWhiteSpace(encryptPwd))
                {
                    encryptPwd = WebHelper.GetRequestString("password");
                }
                //防止用户密码被篡改为危险字符
                if (encryptPwd.Length == 0 || !SecureHelper.IsBase64String(encryptPwd))
                {
                    //创建游客
                    partUserInfo = Users.CreatePartGuest();
                    ShopUtils.SetUidCookie(-1);
                    ShopUtils.SetCookiePassword("");
                }
                else
                {
                    partUserInfo = Users.GetPartUserByUidAndPwd(uid, ShopUtils.DecryptCookiePassword(encryptPwd));
                    if (partUserInfo == null)
                    {
                        partUserInfo = Users.CreatePartGuest();
                        ShopUtils.SetUidCookie(-1);
                        ShopUtils.SetCookiePassword("");
                    }
                }
            }

            //当用户等级是禁止访问等级时
            if (partUserInfo.UserRid == 1)
            {
                filterContext.Result = HttpNotFound();
                return;
            }

            //如果当前用户没有登录
            if (partUserInfo.Uid < 1)
            {
                filterContext.Result = HttpNotFound();
                return;
            }

            //如果当前用户不是管理员
            if (partUserInfo.AdminGid == 1)
            {
                filterContext.Result = HttpNotFound();
                return;
            }
        }
Example #5
0
        protected override void OnAuthorization(AuthorizationContext filterContext)
        {
            //不能应用在子方法上
            if (filterContext.IsChildAction)
            {
                return;
            }

            ControllerBase ctb = filterContext.Controller;

            string result = WebHelper.GetPostStr();
            NameValueCollection parmas = WebHelper.GetParmList(result);

            WorkContext.postparms = parmas;
            //if (filterContext.ActionDescriptor.ActionName.ToLower() == "existsdrawpd")
            //    Logs.Write("请求参数:" + result);
            //if (result != string.Empty)
            //{
            //}
            //接口验证关闭
            //List<string> actionlist;
            //if (!WebHelper.IsPost())
            //{
            //    actionlist = new List<string>();
            //    actionlist.AddRange(new string[] { "expand", "notice", "help", "download", "dlapp", "flownotify", "down", "message", "getkefuinfo" });

            //    if (!ctb.ToString().Contains("ErrorController") && !actionlist.Contains(filterContext.ActionDescriptor.ActionName.ToLower()))
            //    {
            //        filterContext.Result = APIResult("error", "只支持POST方式请求");
            //        return;
            //    }
            //}
            //else
            //{
            //    NameValueCollection parmas = WebHelper.GetParmList(result);
            //    WorkContext.postparms = parmas;
            //    string account = parmas.Get("account") == null ? Request.Form["account"] : parmas.Get("account");
            //    if (account != null && account != string.Empty)
            //    {
            //        InitUser(account);
            //    }
            //    actionlist = new List<string>();
            //    actionlist.AddRange(new string[] { "sendmsg", "updateuserinfo", "homedata", "advert", "login", "register", "sendsms", "dlapp", "down", "resetpwd", "about" });
            //    //验证IMEI
            //    if (!actionlist.Contains(filterContext.ActionDescriptor.ActionName.ToLower()))
            //    {
            //        // Logs.Write("请求参数:" + parmas.Get("account") + "____" + parmas.Get("imei") + ";" + Request.Form["account"] + "___" + Request.Form["imei"]);
            //        if ((parmas.Get("account") == null || parmas.Get("imei") == null) && (Request.Form["account"] == null || Request.Form["imei"] == null))
            //        {
            //            filterContext.Result = APIResult("error", "缺少请求参数");
            //            return;
            //        }

            //        string imei = parmas.Get("imei") == null ? Request.Form["imei"] : parmas.Get("imei");
            //        string imres = ComMethod.ValidateIMEI(account, imei);
            //        if (imres != string.Empty)
            //        {
            //            filterContext.Result = APIResult("error", imres);
            //            return;
            //        }
            //    }
            //}
            //商城已经关闭
            if (WorkContext.ShopConfig.IsClosed == 1 && WorkContext.AdminGid == 1 && WorkContext.PageKey != "/account/login" && WorkContext.PageKey != "/account/logout")
            {
                filterContext.Result = PromptView(WorkContext.ShopConfig.CloseReason);
                return;
            }

            //当前时间为禁止访问时间
            if (ValidateHelper.BetweenPeriod(WorkContext.ShopConfig.BanAccessTime) && WorkContext.AdminGid == 1 && WorkContext.PageKey != "/account/login" && WorkContext.PageKey != "/account/logout")
            {
                filterContext.Result = PromptView("当前时间不能访问本商城");
                return;
            }

            //当用户ip在被禁止的ip列表时
            if (ValidateHelper.InIPList(WorkContext.IP, WorkContext.ShopConfig.BanAccessIP))
            {
                filterContext.Result = PromptView("您的IP被禁止访问本商城");
                return;
            }

            //当用户ip不在允许的ip列表时
            if (!string.IsNullOrEmpty(WorkContext.ShopConfig.AllowAccessIP) && !ValidateHelper.InIPList(WorkContext.IP, WorkContext.ShopConfig.AllowAccessIP))
            {
                filterContext.Result = PromptView("您的IP被禁止访问本商城");
                return;
            }

            //当用户IP被禁止时
            if (BannedIPs.CheckIP(WorkContext.IP))
            {
                filterContext.Result = PromptView("您的IP被禁止访问本商城");
                return;
            }

            //判断目前访问人数是否达到允许的最大人数
            if (WorkContext.OnlineUserCount > WorkContext.ShopConfig.MaxOnlineCount && WorkContext.AdminGid == 1 && (WorkContext.Controller != "account" && (WorkContext.Action != "login" || WorkContext.Action != "logout")))
            {
                filterContext.Result = PromptView("商城人数达到访问上限, 请稍等一会再访问!");
                return;
            }
        }
Example #6
0
        protected override void OnAuthorization(AuthorizationContext filterContext)
        {
            //不能应用在子方法上
            if (filterContext.IsChildAction)
            {
                return;
            }

            //商城已经关闭
            if (WorkContext.MallConfig.IsClosed == 1 && WorkContext.MallAGid == 1 && WorkContext.PageKey != Url.Action("login", "account") && WorkContext.PageKey != Url.Action("logout", "account"))
            {
                WorkContext.SystemState    = "closemall";
                WorkContext.SystemStateMsg = WorkContext.MallConfig.CloseReason;
                return;
            }

            //当前时间为禁止访问时间
            if (ValidateHelper.BetweenPeriod(WorkContext.MallConfig.BanAccessTime) && WorkContext.MallAGid == 1 && WorkContext.PageKey != Url.Action("login", "account") && WorkContext.PageKey != Url.Action("logout", "account"))
            {
                WorkContext.SystemState    = "banaccesstime";
                WorkContext.SystemStateMsg = "当前时间不能访问本商城";
                return;
            }

            //当用户ip在被禁止的ip列表时
            if (ValidateHelper.InIPList(WorkContext.IP, WorkContext.MallConfig.BanAccessIP))
            {
                WorkContext.SystemState    = "banaccessip";
                WorkContext.SystemStateMsg = "您的IP被禁止访问本商城";
                return;
            }

            //当用户ip不在允许的ip列表时
            if (!string.IsNullOrEmpty(WorkContext.MallConfig.AllowAccessIP) && !ValidateHelper.InIPList(WorkContext.IP, WorkContext.MallConfig.AllowAccessIP))
            {
                WorkContext.SystemState    = "banaccessip";
                WorkContext.SystemStateMsg = "您的IP被禁止访问本商城";
                return;
            }

            //当用户IP被禁止时
            if (BannedIPs.CheckIP(WorkContext.IP))
            {
                WorkContext.SystemState    = "banaccessip";
                WorkContext.SystemStateMsg = "您的IP被禁止访问本商城";
                return;
            }

            //当用户等级是禁止访问等级时
            if (WorkContext.UserRid == 1)
            {
                WorkContext.SystemState    = "banuserrank";
                WorkContext.SystemStateMsg = "您的账号当前被锁定,不能访问";
                return;
            }

            //判断目前访问人数是否达到允许的最大人数
            if (WorkContext.OnlineUserCount > WorkContext.MallConfig.MaxOnlineCount && WorkContext.MallAGid == 1 && (WorkContext.Controller != "account" && (WorkContext.Action != "login" || WorkContext.Action != "logout")))
            {
                WorkContext.SystemState    = "maxonlinecount";
                WorkContext.SystemStateMsg = "商城人数达到访问上限, 请稍等一会再访问";
                return;
            }
        }
Example #7
0
        protected override void OnAuthorization(AuthorizationContext filterContext)
        {
            string returnUrl = WorkContext.SubPath + "/"; //返回路径

            //不能应用在子方法上
            if (filterContext.IsChildAction)
            {
                return;
            }

            //当用户ip不在允许的后台访问ip列表时
            if (!string.IsNullOrEmpty(WorkContext.MallConfig.AdminAllowAccessIP) && !ValidateHelper.InIPList(WorkContext.IP, WorkContext.MallConfig.AdminAllowAccessIP))
            {
                if (WorkContext.IsHttpAjax)
                {
                    filterContext.Result = AjaxResult("404", "您访问的网址不存在");
                }
                else
                {
                    //filterContext.Result = new RedirectResult("/");
                    filterContext.Result = new RedirectResult(returnUrl);
                }
                return;
            }

            #region 当用户IP被禁止时
            //if (BannedIPs.CheckIP(WorkContext.IP))
            //{
            //    if (WorkContext.IsHttpAjax)
            //        filterContext.Result = AjaxResult("404", "您访问的网址不存在");
            //    else
            //        filterContext.Result = new RedirectResult("/");
            //    return;
            //}
            #endregion

            //如果当前用户没有登录
            if (WorkContext.Uid < 1)
            {
                if (WorkContext.IsHttpAjax)
                {
                    filterContext.Result = AjaxResult("404", "您访问的网址不存在");
                }
                else
                {
                    //filterContext.Result = new RedirectResult("/");
                    filterContext.Result = new RedirectResult(returnUrl);
                }
                return;
            }

            //判断当前用户是否有访问当前页面的权限  ,很好的功能 (暂时不启用,内部没必要防止盗链,减少一次数据库访问)

            //string controller = WorkContext.Controller;
            //string action = WorkContext.Action;
            //if (WorkContext.Controller != "home")
            //{
            //    string authorityPath = controller + "/" + action;
            //    //验证权限
            //    if (!BMAData.RDBS.UserAuthorizationCheck(WorkContext.Uid, authorityPath))
            //    {
            //        if (WorkContext.IsHttpAjax)
            //            filterContext.Result = AjaxResult("nopermit", "您没有当前操作的权限");
            //        else
            //            filterContext.Result =  PromptView("您没有当前操作的权限!");  // 提示器显示不完全?
            //        return;
            //    }
            //}
        }
Example #8
0
        protected override void OnAuthorization(AuthorizationContext filterContext)
        {
            //不能应用在子方法上
            if (filterContext.IsChildAction)
            {
                return;
            }

            //商城已经关闭
            if (WorkContext.MallConfig.IsClosed == 1 && WorkContext.MallAGid == 1 && WorkContext.PageKey != Url.Action("login", "account") && WorkContext.PageKey != Url.Action("logout", "account"))
            {
                filterContext.Result = PromptView(WorkContext.MallConfig.CloseReason);
                return;
            }
            //判断是否阅读了用户协议
            if (WorkContext.IsReal == 0)
            {
                filterContext.Result = IsRealView();
                return;
            }
            //当前时间为禁止访问时间
            if (ValidateHelper.BetweenPeriod(WorkContext.MallConfig.BanAccessTime) && WorkContext.MallAGid == 1 && WorkContext.PageKey != Url.Action("login", "account") && WorkContext.PageKey != Url.Action("logout", "account"))
            {
                filterContext.Result = PromptView("当前时间不能访问本商城");
                return;
            }

            //当用户ip在被禁止的ip列表时
            if (ValidateHelper.InIPList(WorkContext.IP, WorkContext.MallConfig.BanAccessIP))
            {
                filterContext.Result = PromptView("您的IP被禁止访问本商城");
                return;
            }

            //当用户ip不在允许的ip列表时
            if (!string.IsNullOrEmpty(WorkContext.MallConfig.AllowAccessIP) && !ValidateHelper.InIPList(WorkContext.IP, WorkContext.MallConfig.AllowAccessIP))
            {
                filterContext.Result = PromptView("您的IP被禁止访问本商城");
                return;
            }

            //当用户IP被禁止时
            if (BannedIPs.CheckIP(WorkContext.IP))
            {
                filterContext.Result = PromptView("您的IP被禁止访问本商城");
                return;
            }

            //判断目前访问人数是否达到允许的最大人数
            if (WorkContext.OnlineUserCount > WorkContext.MallConfig.MaxOnlineCount && WorkContext.MallAGid == 1 && (WorkContext.Controller != "account" && (WorkContext.Action != "login" || WorkContext.Action != "logout")))
            {
                filterContext.Result = PromptView("商城人数达到访问上限, 请稍等一会再访问!");
                return;
            }

            //判断是否关注了公众号
            if (string.IsNullOrEmpty(WorkContext.Openid))
            {
                filterContext.Result = PromptView("网页错误,请联系管理员");
                return;
            }
        }