/// <summary>
/// 设置管理员信息,如果当前用户是管理员的话,则给session的adminId设置为管理员ID,否则不设置session
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public static void SetAdmindId(HttpContext context)
{
if (context.Session["adminId"] != null)
{
return;
}
HttpCookie recordCookie = context.Request.Cookies["sh"];//said history=>Said登录历史
string recordId = recordCookie == null ? null : recordCookie.Value;
if (!string.IsNullOrEmpty(recordId))
{ //管理员访问历史cookie存在
AdminRecord record = CacheHelper.GetCache(recordId) as AdminRecord; //检测cache是否有
if (record == null)
{
record = new AdminRecordApplication().FindById(recordId); //从数据库查询
if (record != null) //从cookie中查出来了,放入cache
{
CacheHelper.SetCache(recordId, record.Admin);
//更新到Session
context.Session["adminId"] = record.AdminId;
//return record.AdminId;
}
}
else
{
//return record.AdminId;
context.Session["adminId"] = record.AdminId;
}
}
//return null;
}
/// <summary>
/// 获取当前登录管理员的管理员信息
/// </summary>
/// <returns></returns>
protected Admin GetAdmin()
{
HttpCookie recordCookie = Request.Cookies["sh"];
Admin admin = CacheHelper.GetCache(recordCookie.Value) as Admin;
if (admin == null)
{
//从数据库中查询
AdminRecord record = adminRecordApplication.Get(recordCookie.Value);
if (record == null)
{
return(null);
}
admin = record.Admin;
CacheHelper.SetCache(recordCookie.Value, admin);
}
return(admin);
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
if (filterContext.ActionDescriptor.GetCustomAttributes(typeof(NoFilter), false).Length > 0)
{
//登录页不使用过滤器
//TODO 检测一下有木有登录记录,有登录记录的话直接登录,否则放行
return;
}
HttpContext context = HttpContext.Current;
HttpCookie recordCookie = context.Request.Cookies["sh"];//said history=>Said登录历史
string recordId = recordCookie == null ? null : recordCookie.Value;
//System.Diagnostics.Debug.Write();
//从缓存读,读不到再从数据库读
if (string.IsNullOrEmpty(recordId))
{
//跳转到登录页
filterContext.Result = new RedirectResult(string.Format("/Back/Home/Login?re={0}", System.Web.HttpUtility.UrlEncode(context.Request.Url.AbsoluteUri)));
return;
}
//没有记录 && 从数据库读不到记录
if (CacheHelper.GetCache(recordId) == null)
{
AdminRecord record = adminRecordApplication.Get(recordId);
if (record != null)
{
CacheHelper.SetCache(recordId, record.Admin);
}
else
{
/*
* 跳转到登录页,RedirectResult参考这篇:http://www.cnblogs.com/artech/archive/2012/08/16/action-result-04.html
* RedirectResult是暂时重定向,搜索引擎不会收录
*/
filterContext.Result = new RedirectResult(string.Format("/Back/Home/Login?re={0}", System.Web.HttpUtility.UrlEncode(context.Request.Url.AbsoluteUri)));
}
}
}
public ActionResult SetAdminRecord(SetAdminRecordModel model)
{
if (ModelState.IsValid)
{
using (UWCContext db = new UWCContext())
{
string roleName = model.RoleName == "Преподаватель"
? UserRoles.TEACHER_ROLE_NAME
: UserRoles.STUDENT_ROLE_NAME;
AdminRecord record = db.AdminRecords.FirstOrDefault(r => r.RoleName == roleName);
Guid salt = Guid.NewGuid();
if (record != null)
{
record.Salt = salt;
record.Password = Rfc2898Encoder.Encode(model.AccessPassword, salt.ToString());
db.Entry(record).State = EntityState.Modified;
db.SaveChanges();
}
else
{
AdminRecord newRecord = new AdminRecord()
{
Salt = salt,
RoleName = roleName,
Password = Rfc2898Encoder.Encode(model.AccessPassword, salt.ToString())
};
db.AdminRecords.Add(newRecord);
db.SaveChanges();
}
return(RedirectToAction("AdminRecordAddedMessage", "Administration"));
}
}
ViewBag.AllowedRoles = new SelectList(new string[] { "Преподаватель", "Студент" });
return(View(model));
}
public JsonResult Login(string name, string pwd)
{
if (string.IsNullOrWhiteSpace(name))
{
return(ResponseResult(1, "没有输入用户名"));
}
if (string.IsNullOrWhiteSpace(pwd))
{
return(ResponseResult(2, "没有输入用户密码"));
}
string newPwd = Encrypt.MD5Encrypt(pwd);
//登录记录
AdminRecord record = new AdminRecord
{
Date = DateTime.Now,
//AdminId = admin.AdminId,
//Description = string.Format("管理员【{0}】登录", admin.Name),
IP = HttpHelper.GetIP(System.Web.HttpContext.Current),
OperationType = OperationType.Login,
Rollback = string.Empty,
Url = Request.Url.AbsoluteUri,
Address = string.Empty,
UserAgent = HttpContext.Request.UserAgent,
AdminRecordId = SaidCommon.GUID
};
if (HttpContext.Request.UrlReferrer != null)
{
record.UrlReferrer = HttpContext.Request.UrlReferrer.AbsoluteUri;
record.ReferrerAuthority = HttpContext.Request.UrlReferrer.Authority;
}
record.Address = GetAddressToString(record.IP);
//判断白名单
//if (!IPRange.Check(record.IP))
//{
// //将这次记录打入数据库
// record.Description = string.Format("异常IP(白名单约束)正在登录,输入的用户名:{0},密码:{1}", name, pwd);
// record.OperationType = OperationType.Warning;
// AdminRecordApplication.Add(record);
// return ResponseResult(6, "登录异常");
//}
Admin admin = adminApplication.Get(name, newPwd);
if (admin == null)
{
record.Description = string.Format("请求登录失败,输入的用户名:{0},密码:{1}", name, pwd);
record.OperationType = OperationType.Warning;
adminRecordApplication.Add(record);
adminRecordApplication.Commit();
return(ResponseResult(3, "用户名或密码不正确"));
}
//record.AdminId = admin.AdminId;
record.AdminId = admin.AdminId;
record.Description = string.Format("管理员【{0}】登录", admin.Name);
adminRecordApplication.Add(record);
if (adminRecordApplication.Commit())
{
//放到缓存池
CacheHelper.SetCache(record.AdminRecordId, admin);
return(ResponseResult(record.AdminRecordId));//成功返回登录记录
}
return(ResponseResult(5, "添加登录记录异常"));
}
public ActionResult Register(RegisterModel model)
{
if (ModelState.IsValid)
{
User user = null;
using (UWCContext db = new UWCContext())
{
user = db.Users.FirstOrDefault(u => u.Email == model.Email);
}
if (user == null)
{
using (UWCContext db = new UWCContext())
{
string roleName = model.RoleName == "Преподаватель"
? UserRoles.TEACHER_ROLE_NAME
: UserRoles.STUDENT_ROLE_NAME;
AdminRecord adminRecord = db.AdminRecords.FirstOrDefault(r => r.RoleName == roleName);
if (adminRecord != null)
{
Guid uid = Guid.NewGuid();
string userSalt = uid.ToString();
string encodedPassword = Rfc2898Encoder.Encode(model.Password, userSalt);
if (Rfc2898Encoder.Validate(model.RoleAccessPassword, adminRecord.Password, adminRecord.Salt.ToString()))
{
User newUser = new User()
{
Id = uid,
Surname = model.Surname,
Name = model.Name,
Patronymic = model.Patronymic,
Age = model.Age,
Email = model.Email,
Password = encodedPassword,
RoleId = model.RoleName == "Преподаватель"
? UserRoles.TEACHER_ROLE_ID
: UserRoles.STUDENT_ROLE_ID
};
db.Users.Add(newUser);
db.SaveChanges();
}
else
{
ModelState.AddModelError("", "Неверный пользовательский или преподавательский пароль");
}
user = db.Users.Where(u => u.Email == model.Email && u.Password == encodedPassword).FirstOrDefault();
}
else
{
ModelState.AddModelError("", "Пароль для регистрации с ролью \"" + roleName + "\" еще не задан администратором, попробуйте позже.");
}
}
if (user != null)
{
FormsAuthentication.SetAuthCookie(model.Email, true);
return(RedirectToAction("Index", "Home"));
}
}
else
{
ModelState.AddModelError("", "Пользоваетль с таким адресом Email уже существует");
}
}
ViewBag.AllowedRoles = new SelectList(new string[] { "Преподаватель", "Студент" });
return(View(model));
}
