public ActionResult _ChangeWebSite(WebSiteViewModel model)
{
#region 访问权限
var user = (Maticsoft.Model.User_Info)ViewBag.curentUser;
var curentUser = _iuserService.getUserByID(user.Id);
var ManagePermission = curentUser.UserGroup.ManagePermission;
List <string> managePermissionstr = new List <string>(ManagePermission.Split(','));
var managePermission = managePermissionstr.Select(x => Convert.ToInt32(x)).ToList();
if (curentUser.UserGroupID != 1)
{
if (!managePermission.Contains((int)SortEnum.sortClass.webSet))
{
return(Json("error", JsonRequestBehavior.AllowGet));
}
}
#endregion
try
{
UntilMethod.writeAppSettingValue("lockLogin", model.lockLogin.ToString());
UntilMethod.writeAppSettingValue("OpenSSl", model.OpenSSl.ToString());
UntilMethod.writeAppSettingValue("overdueHoru", model.overdueHoru.ToString());
UntilMethod.writeAppSettingValue("passWordLength", model.passWordLength.ToString());
UntilMethod.writeAppSettingValue("verificationCode", model.verificationCode.ToString());
UntilMethod.writeAppSettingValue("lcokTimeLenth", model.lcokTimeLenth.ToString());
return(Json("success", JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
return(Json("error", JsonRequestBehavior.AllowGet));
}
}
/// <summary>
/// 站点设置
/// </summary>
/// <returns></returns>
public ActionResult webSiteSet()
{
#region 访问权限
var user = (Maticsoft.Model.User_Info)ViewBag.curentUser;
var curentUser = _iuserService.getUserByID(user.Id);
var ManagePermission = curentUser.UserGroup.ManagePermission;
List <string> managePermissionstr = new List <string>(ManagePermission.Split(','));
var managePermission = managePermissionstr.Select(x => Convert.ToInt32(x)).ToList();
if (curentUser.UserGroupID != 1)
{
if (!managePermission.Contains((int)SortEnum.sortClass.webSet))
{
return(new RedirectResult("/Home/deny"));
}
}
#endregion
//UntilMethod.getAppSettingValue("indexPicAddress");
var model = new WebSiteViewModel();
model.lockLogin = int.Parse(UntilMethod.getAppSettingValue("lockLogin"));
model.OpenSSl = Convert.ToBoolean(UntilMethod.getAppSettingValue("OpenSSl"));
model.overdueHoru = int.Parse(UntilMethod.getAppSettingValue("overdueHoru"));
model.passWordLength = int.Parse(UntilMethod.getAppSettingValue("passWordLength"));
model.verificationCode = Convert.ToBoolean(UntilMethod.getAppSettingValue("verificationCode"));
model.lcokTimeLenth = int.Parse(UntilMethod.getAppSettingValue("lcokTimeLenth"));
return(View(model));
}
public ActionResult _SetPassWord()
{
var user = (Maticsoft.Model.User_Info)ViewBag.curentUser;
var curentUser = _iuserService.getUserByID(user.Id);
var length = int.Parse(UntilMethod.getAppSettingValue("passWordLength").ToString());
try
{
var oldPwd = Request["oldPwd"].ToString().Trim();
var newPwd = Request["NewPwd"].ToString().Trim();
var udictionary = TempData["uToken"];
#region 验证新密码规则
var regex = new Regex(@"(?=.*[0-9])(?=.*[a-zA-Z])(?=([\x21-\x7e]+)[^a-zA-Z0-9]).{" + length + ",15}", RegexOptions.Multiline | RegexOptions.IgnorePatternWhitespace);
if (regex.IsMatch(newPwd))
{
#region 数据安全性校验
var utoken = Request["token"].ToString();
if (udictionary.ToString() != utoken)
{
return(Json(new { state = "error", mes = "非法操作!" }));
}
#endregion
#region 原密码验证
if (curentUser.UserPassword == UntilMethod.Md5Encrypt(oldPwd))
{
curentUser.UserPassword = UntilMethod.Md5Encrypt(newPwd);
curentUser.passWordTime = DateTime.Now;
_iuserService.UpdateUser(curentUser);
return(Json(new { state = "success" }));
}
else
{
return(Json(new { state = "error", mes = "与原密码不匹配" }));
}
#endregion
}
else
{
return(Json(new { state = "error", mes = "密码格式不符,请输入" + length + "-15位,并含有数字字母和特殊字符" }));
}
#endregion
}
catch (Exception ex)
{
return(Json(new { state = "error", mes = "发生错误" }));
}
}
public ActionResult _ChangePassword()
{
var length = int.Parse(UntilMethod.getAppSettingValue("passWordLength").ToString());
try
{
var oldPwd = Request["oldPwd"].ToString().Trim();
var newPwd = Request["NewPwd"].ToString().Trim();
var udictionary = TempData["uNameToken"] as Dictionary <string, string>;
var uID = "";
#region 验证新密码规则
var regex = new Regex(@"(?=.*[0-9])(?=.*[a-zA-Z])(?=([\x21-\x7e]+)[^a-zA-Z0-9]).{" + length + ",15}", RegexOptions.Multiline | RegexOptions.IgnorePatternWhitespace);
if (regex.IsMatch(newPwd))
{
#region 数据安全性校验
var utoken = Request["token"].ToString();
if (!udictionary.ContainsKey(utoken))
{
return(Json(new { state = "error", mes = "非法操作!" }));
}
#endregion
uID = udictionary[utoken];
var curentUser = _iuserService.GetUserByName(uID);
#region 原密码验证
if (curentUser.UserPassword == UntilMethod.Md5Encrypt(oldPwd))
{
curentUser.UserPassword = UntilMethod.Md5Encrypt(newPwd);
curentUser.passWordTime = DateTime.Now;
_iuserService.UpdateUser(curentUser);
return(Json(new { state = "success" }));
}
else
{
TempData["uNameToken"] = udictionary;
return(Json(new { state = "error", mes = "与原密码不匹配" }));
}
#endregion
}
else
{
TempData["uNameToken"] = udictionary;
return(Json(new { state = "error", mes = "密码格式不符,请输入" + length + "-15位,并含有数字字母和特殊字符" }));
}
#endregion
}
catch (Exception ex)
{
return(Json(new { state = "error", mes = "发生错误" }));
}
}
public HCHttpsRequirementAttribute(SslRequirement sslRequirement)
{
if (Convert.ToBoolean(UntilMethod.getAppSettingValue("OpenSSl")))
{
this.SslRequirement = SslRequirement.Yes;
}
else
{
this.SslRequirement = SslRequirement.NoMatter;
}
//this.SslRequirement = sslRequirement;
}
/// <summary>
///
/// </summary>
/// <param name="file"></param>
/// <param name="folderName"></param>
/// <param name="fileName"></param>
/// <returns></returns>
public string picUpLoad(HttpPostedFileBase file, string folderName, string fileName, int width, int height)
{
var PicUrl = UntilMethod.appsetingValue("PicUrl");
#region 设置本地临时路径和允许允许上传的文件格式与大小
string fileTypes = "jpg,jpeg,png,bmp";
int maxSize = 4096000;//大小限制4M 和web.config中一致
#endregion
#region 临时路径是否存在
var TempfolderPath = HttpRuntime.AppDomainAppPath.ToString() + "uploadTemp";
if (!Directory.Exists(TempfolderPath))
{
fileRWhelper.CreateDirectory(TempfolderPath);//创建路径
}
#endregion
#region 裁剪并保存图片
string fileExt = Path.GetExtension(file.FileName).ToLower();
fileName = fileName + fileExt;
string TempfilePath = TempfolderPath + "//" + fileName;
if (width == 0 && height == 0)
{
Image image = Image.FromStream(file.InputStream);
image.Save(TempfilePath);
}
else
{
GenerateThumbnailWarr(TempfilePath, width, height, file.InputStream);
}
#endregion
#region 是否符合格式与大小
ArrayList fileTypeList = ArrayList.Adapter(fileTypes.Split(','));
if (file.InputStream == null || file.InputStream.Length > maxSize)
{
//大小限制
}
if (string.IsNullOrEmpty(fileExt) || Array.IndexOf(fileTypes.Split(','), fileExt.Substring(1).ToLower()) == -1)
{
//格式限制
}
#endregion
#region 先将图片保存至程序所在目录
//string newFileName = Guid.NewGuid().ToString() + fileExt;
//string TempfilePath = TempfolderPath + newFileName;
//file.SaveAs(TempfilePath);
#endregion
#region 至图片服务器
string filesdir = "//" + folderName + "//";
String uploadUrl = PicUrl + "/Services/PicServices.aspx?PathDir=" + filesdir;
String fileFormName = "file";
String contenttype = "image/jpeg";
string boundary = "----------" + DateTime.Now.Ticks.ToString("x");
HttpWebRequest webrequest = (HttpWebRequest)WebRequest.Create(uploadUrl);
webrequest.ContentType = "multipart/form-data; boundary=" + boundary;
webrequest.Method = "POST";
StringBuilder sb = new StringBuilder();
sb.Append("--");
sb.Append(boundary);
sb.Append("\r\n");
sb.Append("Content-Disposition: form-data; name=\"");
sb.Append(fileFormName);
sb.Append("\"; filename=\"");
sb.Append(Path.GetFileName(fileName));
sb.Append("\"");
sb.Append("\r\n");
sb.Append("Content-Type: ");
sb.Append(contenttype);
sb.Append("\r\n");
sb.Append("\r\n");
string postHeader = sb.ToString();
byte[] postHeaderBytes = Encoding.UTF8.GetBytes(postHeader);
byte[] boundaryBytes = Encoding.ASCII.GetBytes("\r\n--" + boundary + "\r\n");
FileStream fileStream = new FileStream(TempfilePath, FileMode.Open, FileAccess.Read, FileShare.ReadWrite);
long length = postHeaderBytes.Length + fileStream.Length + boundaryBytes.Length;
webrequest.ContentLength = length;
Stream requestStream = webrequest.GetRequestStream();
requestStream.Write(postHeaderBytes, 0, postHeaderBytes.Length);
byte[] buffer = new Byte[(int)fileStream.Length];
int bytesRead = 0;
while ((bytesRead = fileStream.Read(buffer, 0, buffer.Length)) != 0)
{
requestStream.Write(buffer, 0, bytesRead);
}
requestStream.Write(boundaryBytes, 0, boundaryBytes.Length);
requestStream.Close();
fileStream.Close();
fileStream.Dispose();
Thread.Sleep(1000);
string fileUrl = PicUrl + filesdir + fileName;
#endregion
#region 除临时文件
FileInfo info = new FileInfo(TempfilePath);
info.Delete();
#endregion
fileUrl = fileUrl.Replace(PicUrl, "");
return(fileUrl);
}
public ActionResult AddUser(CxUser model)
{
#region 访问权限
var user1 = (Maticsoft.Model.User_Info)ViewBag.curentUser;
var curentUser = _iuserService.getUserByID(user1.Id);
var ManagePermission = curentUser.UserGroup.ManagePermission;
List <string> managePermissionstr = new List <string>(ManagePermission.Split(','));
var managePermission = managePermissionstr.Select(x => Convert.ToInt32(x)).ToList();
if (!managePermission.Contains((int)SortEnum.sortClass.userManage))
{
return(new RedirectResult("/Home/deny"));
//return Json(new { state = "Error", mes = "发生错误" });
}
#endregion
#region 安全校验
var unitiM = new UntilMethod();
var serverToken = TempData["addToken"].ToString();
var ClientToken = Request["addToken"] == null ? "" : Request["addToken"].ToString();
if (unitiM.DecryptDES(ClientToken, "jack") != serverToken)
{
TempData["addToken"] = serverToken;
return(new RedirectResult("/Home/deny"));
}
#endregion
#region 解密
model.UserName = unitiM.DecryptDES(model.UserName, "jack");
model.UserPassword = unitiM.DecryptDES(model.UserPassword, "jack");
#endregion
var length = int.Parse(UntilMethod.getAppSettingValue("passWordLength").ToString());
#region 密码强度校验
var regex = new Regex(@"(?=.*[0-9])(?=.*[a-zA-Z])(?=([\x21-\x7e]+)[^a-zA-Z0-9]).{" + length + ",15}", RegexOptions.Multiline | RegexOptions.IgnorePatternWhitespace);
if (!regex.IsMatch(model.UserPassword))
{
return(Json(new { state = "Error", mes = "密码格式不符,请输入" + length + "-15位,并含有数字字母和特殊字符" }));
}
#endregion
try
{
if (model.UserID > 0)//更新
{
var user = _iuserService.getUserByID(model.UserID);
user.UserPassword = UntilMethod.Md5Encrypt(model.UserPassword);
user.RealName = model.RealName;
user.UserGroupID = model.UserGroupID;
user.passWordTime = DateTime.Now;
user.Effective = model.Effective;
_iuserService.UpdateUser(user);
AddOpLog("用户修改,修改账户:" + user.UserName.ToString() + " 角色:" + user.UserGroup.GroupName);
}
else//新增
{
#region 用户名重复校验
var CheckUser = getUser(model.UserName);
if (CheckUser != null)
{
return(Json(new { state = "Error", mes = "用户名已存在" }));
}
#endregion
#region 获取密码过期时常
var overdueTimeLenth = -int.Parse(UntilMethod.getAppSettingValue("overdueHoru").ToString());
#endregion
model.isAdmin = true;
model.UserPassword = UntilMethod.Md5Encrypt(model.UserPassword);
//model.passWordTime = DateTime.Now;
model.passWordTime = DateTime.Now.AddDays(overdueTimeLenth);
_iuserService.AddUser(model);
var addUserGroup = _iuserGroupService.GetByID(model.UserGroupID);
AddOpLog("用户新增,新增账户:" + model.UserName.ToString() + " 角色:" + addUserGroup.GroupName);
}
return(Json(new { state = "OK", mes = "" }));
}
catch (Exception ex)
{
return(Json(new { state = "Error", mes = "发生错误" }));
}
}
private User_Info BoolSuccess(string uName, string pwd)
{
return(_iuser_InfoService.authentiUser(uName, UntilMethod.Md5Encrypt(pwd)));
}
/// <summary>
/// 跨站点调用
/// </summary>
/// <param name="linqp"></param>
public void getAuth(string linqp)
{
#region 联系passPort验证PassGUID的值(颁发的还是伪造的)根据令牌去获取凭证 并生成当前网站票据
HttpClient client = new HttpClient();
client.BaseAddress = new Uri(UntilMethod.appsetingValue("ssoAddress"));//http://localhost:21619
HttpResponseMessage response = client.GetAsync("/api/Token/" + linqp.ToString()).Result;
if (response.IsSuccessStatusCode)
{
var result = response.Content.ReadAsStringAsync().Result;//存的是用户的id
if (result != null)//通过passport认证
{
#region json处理
var ss = JObject.Parse(result);
var userID = ss["result"].ToString();
#endregion
#region 如果该cookieGuid的值有效 则取返回来的result(当前用户的id)
var customer = GetAuthenticatedCustomerFromUserID(int.Parse(userID));
_cachedCustomer = customer;
#endregion
#region 生成本地票据
var now = DateTime.UtcNow.ToLocalTime();
#region 获取当前会话sessionID 并存入ticket中
var currentSession_ID = _httpContext.Session.SessionID;
#endregion
#region 设置票据中的信息
var ticket = new FormsAuthenticationTicket(
1 /*version*/,
customer.UserName,
now,
now.Add(_expirationTimeSpan),
false,//持久化
string.Format("{0}:{1}", customer.Id.ToString(), currentSession_ID),
//customer.Id.ToString(),
FormsAuthentication.FormsCookiePath);
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
#endregion
#region 设置cookie过期时间
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
cookie.HttpOnly = false;
if (ticket.IsPersistent)
{
cookie.Expires = ticket.Expiration;
}
cookie.Path = FormsAuthentication.FormsCookiePath;
if (FormsAuthentication.CookieDomain != null)
{
cookie.Domain = FormsAuthentication.CookieDomain;
}
//cookie.Domain = ".autobobo.com";
_httpContext.Response.Cookies.Add(cookie);
#endregion
#endregion
}
}
#endregion
}