protected override void OnAuthorization(AuthorizationContext filterContext)
{
//不能应用在子方法上
if (filterContext.IsChildAction)
{
return;
}
//商城已经关闭
if (WorkContext.ShopConfig.IsClosed == 1 && WorkContext.AdminGid == 1 && WorkContext.PageKey != "/account/login" && WorkContext.PageKey != "/account/logout")
{
filterContext.Result = PromptView(WorkContext.ShopConfig.CloseReason);
return;
}
//当前时间为禁止访问时间
if (ValidateHelper.BetweenPeriod(WorkContext.ShopConfig.BanAccessTime) && WorkContext.AdminGid == 1 && WorkContext.PageKey != "/account/login" && WorkContext.PageKey != "/account/logout")
{
filterContext.Result = PromptView("当前时间不能访问本商城");
return;
}
//当用户ip在被禁止的ip列表时
if (ValidateHelper.InIPList(WorkContext.IP, WorkContext.ShopConfig.BanAccessIP))
{
filterContext.Result = PromptView("您的IP被禁止访问本商城");
return;
}
//当用户ip不在允许的ip列表时
if (!string.IsNullOrEmpty(WorkContext.ShopConfig.AllowAccessIP) && !ValidateHelper.InIPList(WorkContext.IP, WorkContext.ShopConfig.AllowAccessIP))
{
filterContext.Result = PromptView("您的IP被禁止访问本商城");
return;
}
//当用户IP被禁止时
if (BannedIPs.CheckIP(WorkContext.IP))
{
filterContext.Result = PromptView("您的IP被禁止访问本商城");
return;
}
//当用户等级是禁止访问等级时
if (WorkContext.UserRid == 1)
{
filterContext.Result = PromptView("您的账号当前被锁定,不能访问");
return;
}
//判断目前访问人数是否达到允许的最大人数
if (WorkContext.OnlineUserCount > WorkContext.ShopConfig.MaxOnlineCount && WorkContext.AdminGid == 1 && (WorkContext.Controller != "account" && (WorkContext.Action != "login" || WorkContext.Action != "logout")))
{
filterContext.Result = PromptView("商城人数达到访问上限, 请稍等一会再访问!");
return;
}
}
protected override void OnAuthorization(AuthorizationContext filterContext)
{
//不能应用在子方法上
if (filterContext.IsChildAction)
{
return;
}
//系统已经关闭
if (WorkContext.MallConfig.IsClosed == 1 && WorkContext.PageKey != "/account/login" && WorkContext.PageKey != "/account/logout")
{
filterContext.Result = PromptView(WorkContext.MallConfig.CloseReason);
return;
}
//当前时间为禁止访问时间
if (ValidateHelper.BetweenPeriod(WorkContext.MallConfig.BanAccessTime) && WorkContext.PageKey != "/account/login" && WorkContext.PageKey != "/account/logout")
{
filterContext.Result = PromptView("当前时间不能访问本系统");
return;
}
//当用户ip在被禁止的ip列表时
if (ValidateHelper.InIPList(WorkContext.IP, WorkContext.MallConfig.BanAccessIP))
{
filterContext.Result = PromptView("您的IP被禁止访问本系统");
return;
}
//当用户ip不在允许的ip列表时
if (!string.IsNullOrEmpty(WorkContext.MallConfig.AllowAccessIP) && !ValidateHelper.InIPList(WorkContext.IP, WorkContext.MallConfig.AllowAccessIP))
{
filterContext.Result = PromptView("您的IP被禁止访问本系统");
return;
}
////当用户IP被禁止时 (不使用此功能)
//if (BannedIPs.CheckIP(WorkContext.IP))
//{
// filterContext.Result = PromptView("您的IP被禁止访问本系统");
// return;
//}
//判断目前访问人数是否达到允许的最大人数
if (WorkContext.OnlineUserCount > WorkContext.MallConfig.MaxOnlineCount && (WorkContext.Controller != "account" && (WorkContext.Action != "login" || WorkContext.Action != "logout")))
{
filterContext.Result = PromptView("系统人数达到访问上限, 请稍等一会再访问!");
return;
}
//强行显示一下(测试)
//filterContext.Result = PromptView("系统人数达到访问上限, 请稍等一会再访问!");
}
protected override void OnAuthorization(AuthorizationContext filterContext)
{
//不能应用在子方法上
if (filterContext.IsChildAction)
{
return;
}
//当用户ip不在允许的后台访问ip列表时
if (!string.IsNullOrEmpty(WorkContext.ShopConfig.AdminAllowAccessIP) && !ValidateHelper.InIPList(WorkContext.IP, WorkContext.ShopConfig.AdminAllowAccessIP))
{
if (WorkContext.IsHttpAjax)
{
filterContext.Result = AjaxResult("404", "您访问的网址不存在");
}
else
{
filterContext.Result = new RedirectResult("/");
}
return;
}
//当用户IP被禁止时
if (BannedIPs.CheckIP(WorkContext.IP))
{
if (WorkContext.IsHttpAjax)
{
filterContext.Result = AjaxResult("404", "您访问的网址不存在");
}
else
{
filterContext.Result = new RedirectResult("/");
}
return;
}
//当用户等级是禁止访问等级时
if (WorkContext.UserRid == 1)
{
if (WorkContext.IsHttpAjax)
{
filterContext.Result = AjaxResult("404", "您访问的网址不存在");
}
else
{
filterContext.Result = new RedirectResult("/");
}
return;
}
//如果当前用户没有登录
if (WorkContext.Uid < 1)
{
if (WorkContext.IsHttpAjax)
{
filterContext.Result = AjaxResult("404", "您访问的网址不存在");
}
else
{
filterContext.Result = new RedirectResult("/");
}
return;
}
//如果当前用户不是管理员
if (WorkContext.AdminGid == 1)
{
if (WorkContext.IsHttpAjax)
{
filterContext.Result = AjaxResult("404", "您访问的网址不存在");
}
else
{
filterContext.Result = new RedirectResult("/");
}
return;
}
//判断当前用户是否有访问当前页面的权限
if (WorkContext.Controller != "home" && !AdminGroups.CheckAuthority(WorkContext.AdminGid, WorkContext.Controller, WorkContext.PageKey))
{
if (WorkContext.IsHttpAjax)
{
filterContext.Result = AjaxResult("nopermit", "您没有当前操作的权限");
}
else
{
filterContext.Result = PromptView("您没有当前操作的权限!");
}
return;
}
}
private PartUserInfo partUserInfo = null; //用户信息
protected override void OnAuthorization(AuthorizationContext filterContext)
{
ip = WebHelper.GetIP();
//当用户ip不在允许的后台访问ip列表时
if (!string.IsNullOrEmpty(shopConfigInfo.AdminAllowAccessIP) && !ValidateHelper.InIPList(ip, shopConfigInfo.AdminAllowAccessIP))
{
filterContext.Result = HttpNotFound();
return;
}
//当用户IP被禁止时
if (BannedIPs.CheckIP(ip))
{
filterContext.Result = HttpNotFound();
return;
}
//获得用户id
int uid = ShopUtils.GetUidCookie();
if (uid < 1)
{
uid = WebHelper.GetRequestInt("uid");
}
if (uid < 1)//当用户为游客时
{
//创建游客
partUserInfo = Users.CreatePartGuest();
}
else//当用户为会员时
{
//获得保存在cookie中的密码
string encryptPwd = ShopUtils.GetCookiePassword();
if (string.IsNullOrWhiteSpace(encryptPwd))
{
encryptPwd = WebHelper.GetRequestString("password");
}
//防止用户密码被篡改为危险字符
if (encryptPwd.Length == 0 || !SecureHelper.IsBase64String(encryptPwd))
{
//创建游客
partUserInfo = Users.CreatePartGuest();
ShopUtils.SetUidCookie(-1);
ShopUtils.SetCookiePassword("");
}
else
{
partUserInfo = Users.GetPartUserByUidAndPwd(uid, ShopUtils.DecryptCookiePassword(encryptPwd));
if (partUserInfo == null)
{
partUserInfo = Users.CreatePartGuest();
ShopUtils.SetUidCookie(-1);
ShopUtils.SetCookiePassword("");
}
}
}
//当用户等级是禁止访问等级时
if (partUserInfo.UserRid == 1)
{
filterContext.Result = HttpNotFound();
return;
}
//如果当前用户没有登录
if (partUserInfo.Uid < 1)
{
filterContext.Result = HttpNotFound();
return;
}
//如果当前用户不是管理员
if (partUserInfo.AdminGid == 1)
{
filterContext.Result = HttpNotFound();
return;
}
}
protected override void OnAuthorization(AuthorizationContext filterContext)
{
//不能应用在子方法上
if (filterContext.IsChildAction)
{
return;
}
ControllerBase ctb = filterContext.Controller;
string result = WebHelper.GetPostStr();
NameValueCollection parmas = WebHelper.GetParmList(result);
WorkContext.postparms = parmas;
//if (filterContext.ActionDescriptor.ActionName.ToLower() == "existsdrawpd")
// Logs.Write("请求参数:" + result);
//if (result != string.Empty)
//{
//}
//接口验证关闭
//List<string> actionlist;
//if (!WebHelper.IsPost())
//{
// actionlist = new List<string>();
// actionlist.AddRange(new string[] { "expand", "notice", "help", "download", "dlapp", "flownotify", "down", "message", "getkefuinfo" });
// if (!ctb.ToString().Contains("ErrorController") && !actionlist.Contains(filterContext.ActionDescriptor.ActionName.ToLower()))
// {
// filterContext.Result = APIResult("error", "只支持POST方式请求");
// return;
// }
//}
//else
//{
// NameValueCollection parmas = WebHelper.GetParmList(result);
// WorkContext.postparms = parmas;
// string account = parmas.Get("account") == null ? Request.Form["account"] : parmas.Get("account");
// if (account != null && account != string.Empty)
// {
// InitUser(account);
// }
// actionlist = new List<string>();
// actionlist.AddRange(new string[] { "sendmsg", "updateuserinfo", "homedata", "advert", "login", "register", "sendsms", "dlapp", "down", "resetpwd", "about" });
// //验证IMEI
// if (!actionlist.Contains(filterContext.ActionDescriptor.ActionName.ToLower()))
// {
// // Logs.Write("请求参数:" + parmas.Get("account") + "____" + parmas.Get("imei") + ";" + Request.Form["account"] + "___" + Request.Form["imei"]);
// if ((parmas.Get("account") == null || parmas.Get("imei") == null) && (Request.Form["account"] == null || Request.Form["imei"] == null))
// {
// filterContext.Result = APIResult("error", "缺少请求参数");
// return;
// }
// string imei = parmas.Get("imei") == null ? Request.Form["imei"] : parmas.Get("imei");
// string imres = ComMethod.ValidateIMEI(account, imei);
// if (imres != string.Empty)
// {
// filterContext.Result = APIResult("error", imres);
// return;
// }
// }
//}
//商城已经关闭
if (WorkContext.ShopConfig.IsClosed == 1 && WorkContext.AdminGid == 1 && WorkContext.PageKey != "/account/login" && WorkContext.PageKey != "/account/logout")
{
filterContext.Result = PromptView(WorkContext.ShopConfig.CloseReason);
return;
}
//当前时间为禁止访问时间
if (ValidateHelper.BetweenPeriod(WorkContext.ShopConfig.BanAccessTime) && WorkContext.AdminGid == 1 && WorkContext.PageKey != "/account/login" && WorkContext.PageKey != "/account/logout")
{
filterContext.Result = PromptView("当前时间不能访问本商城");
return;
}
//当用户ip在被禁止的ip列表时
if (ValidateHelper.InIPList(WorkContext.IP, WorkContext.ShopConfig.BanAccessIP))
{
filterContext.Result = PromptView("您的IP被禁止访问本商城");
return;
}
//当用户ip不在允许的ip列表时
if (!string.IsNullOrEmpty(WorkContext.ShopConfig.AllowAccessIP) && !ValidateHelper.InIPList(WorkContext.IP, WorkContext.ShopConfig.AllowAccessIP))
{
filterContext.Result = PromptView("您的IP被禁止访问本商城");
return;
}
//当用户IP被禁止时
if (BannedIPs.CheckIP(WorkContext.IP))
{
filterContext.Result = PromptView("您的IP被禁止访问本商城");
return;
}
//判断目前访问人数是否达到允许的最大人数
if (WorkContext.OnlineUserCount > WorkContext.ShopConfig.MaxOnlineCount && WorkContext.AdminGid == 1 && (WorkContext.Controller != "account" && (WorkContext.Action != "login" || WorkContext.Action != "logout")))
{
filterContext.Result = PromptView("商城人数达到访问上限, 请稍等一会再访问!");
return;
}
}
protected override void OnAuthorization(AuthorizationContext filterContext)
{
//不能应用在子方法上
if (filterContext.IsChildAction)
{
return;
}
//商城已经关闭
if (WorkContext.MallConfig.IsClosed == 1 && WorkContext.MallAGid == 1 && WorkContext.PageKey != Url.Action("login", "account") && WorkContext.PageKey != Url.Action("logout", "account"))
{
WorkContext.SystemState = "closemall";
WorkContext.SystemStateMsg = WorkContext.MallConfig.CloseReason;
return;
}
//当前时间为禁止访问时间
if (ValidateHelper.BetweenPeriod(WorkContext.MallConfig.BanAccessTime) && WorkContext.MallAGid == 1 && WorkContext.PageKey != Url.Action("login", "account") && WorkContext.PageKey != Url.Action("logout", "account"))
{
WorkContext.SystemState = "banaccesstime";
WorkContext.SystemStateMsg = "当前时间不能访问本商城";
return;
}
//当用户ip在被禁止的ip列表时
if (ValidateHelper.InIPList(WorkContext.IP, WorkContext.MallConfig.BanAccessIP))
{
WorkContext.SystemState = "banaccessip";
WorkContext.SystemStateMsg = "您的IP被禁止访问本商城";
return;
}
//当用户ip不在允许的ip列表时
if (!string.IsNullOrEmpty(WorkContext.MallConfig.AllowAccessIP) && !ValidateHelper.InIPList(WorkContext.IP, WorkContext.MallConfig.AllowAccessIP))
{
WorkContext.SystemState = "banaccessip";
WorkContext.SystemStateMsg = "您的IP被禁止访问本商城";
return;
}
//当用户IP被禁止时
if (BannedIPs.CheckIP(WorkContext.IP))
{
WorkContext.SystemState = "banaccessip";
WorkContext.SystemStateMsg = "您的IP被禁止访问本商城";
return;
}
//当用户等级是禁止访问等级时
if (WorkContext.UserRid == 1)
{
WorkContext.SystemState = "banuserrank";
WorkContext.SystemStateMsg = "您的账号当前被锁定,不能访问";
return;
}
//判断目前访问人数是否达到允许的最大人数
if (WorkContext.OnlineUserCount > WorkContext.MallConfig.MaxOnlineCount && WorkContext.MallAGid == 1 && (WorkContext.Controller != "account" && (WorkContext.Action != "login" || WorkContext.Action != "logout")))
{
WorkContext.SystemState = "maxonlinecount";
WorkContext.SystemStateMsg = "商城人数达到访问上限, 请稍等一会再访问";
return;
}
}
protected override void OnAuthorization(AuthorizationContext filterContext)
{
string returnUrl = WorkContext.SubPath + "/"; //返回路径
//不能应用在子方法上
if (filterContext.IsChildAction)
{
return;
}
//当用户ip不在允许的后台访问ip列表时
if (!string.IsNullOrEmpty(WorkContext.MallConfig.AdminAllowAccessIP) && !ValidateHelper.InIPList(WorkContext.IP, WorkContext.MallConfig.AdminAllowAccessIP))
{
if (WorkContext.IsHttpAjax)
{
filterContext.Result = AjaxResult("404", "您访问的网址不存在");
}
else
{
//filterContext.Result = new RedirectResult("/");
filterContext.Result = new RedirectResult(returnUrl);
}
return;
}
#region 当用户IP被禁止时
//if (BannedIPs.CheckIP(WorkContext.IP))
//{
// if (WorkContext.IsHttpAjax)
// filterContext.Result = AjaxResult("404", "您访问的网址不存在");
// else
// filterContext.Result = new RedirectResult("/");
// return;
//}
#endregion
//如果当前用户没有登录
if (WorkContext.Uid < 1)
{
if (WorkContext.IsHttpAjax)
{
filterContext.Result = AjaxResult("404", "您访问的网址不存在");
}
else
{
//filterContext.Result = new RedirectResult("/");
filterContext.Result = new RedirectResult(returnUrl);
}
return;
}
//判断当前用户是否有访问当前页面的权限 ,很好的功能 (暂时不启用,内部没必要防止盗链,减少一次数据库访问)
//string controller = WorkContext.Controller;
//string action = WorkContext.Action;
//if (WorkContext.Controller != "home")
//{
// string authorityPath = controller + "/" + action;
// //验证权限
// if (!BMAData.RDBS.UserAuthorizationCheck(WorkContext.Uid, authorityPath))
// {
// if (WorkContext.IsHttpAjax)
// filterContext.Result = AjaxResult("nopermit", "您没有当前操作的权限");
// else
// filterContext.Result = PromptView("您没有当前操作的权限!"); // 提示器显示不完全?
// return;
// }
//}
}
protected override void OnAuthorization(AuthorizationContext filterContext)
{
//不能应用在子方法上
if (filterContext.IsChildAction)
{
return;
}
//商城已经关闭
if (WorkContext.MallConfig.IsClosed == 1 && WorkContext.MallAGid == 1 && WorkContext.PageKey != Url.Action("login", "account") && WorkContext.PageKey != Url.Action("logout", "account"))
{
filterContext.Result = PromptView(WorkContext.MallConfig.CloseReason);
return;
}
//判断是否阅读了用户协议
if (WorkContext.IsReal == 0)
{
filterContext.Result = IsRealView();
return;
}
//当前时间为禁止访问时间
if (ValidateHelper.BetweenPeriod(WorkContext.MallConfig.BanAccessTime) && WorkContext.MallAGid == 1 && WorkContext.PageKey != Url.Action("login", "account") && WorkContext.PageKey != Url.Action("logout", "account"))
{
filterContext.Result = PromptView("当前时间不能访问本商城");
return;
}
//当用户ip在被禁止的ip列表时
if (ValidateHelper.InIPList(WorkContext.IP, WorkContext.MallConfig.BanAccessIP))
{
filterContext.Result = PromptView("您的IP被禁止访问本商城");
return;
}
//当用户ip不在允许的ip列表时
if (!string.IsNullOrEmpty(WorkContext.MallConfig.AllowAccessIP) && !ValidateHelper.InIPList(WorkContext.IP, WorkContext.MallConfig.AllowAccessIP))
{
filterContext.Result = PromptView("您的IP被禁止访问本商城");
return;
}
//当用户IP被禁止时
if (BannedIPs.CheckIP(WorkContext.IP))
{
filterContext.Result = PromptView("您的IP被禁止访问本商城");
return;
}
//判断目前访问人数是否达到允许的最大人数
if (WorkContext.OnlineUserCount > WorkContext.MallConfig.MaxOnlineCount && WorkContext.MallAGid == 1 && (WorkContext.Controller != "account" && (WorkContext.Action != "login" || WorkContext.Action != "logout")))
{
filterContext.Result = PromptView("商城人数达到访问上限, 请稍等一会再访问!");
return;
}
//判断是否关注了公众号
if (string.IsNullOrEmpty(WorkContext.Openid))
{
filterContext.Result = PromptView("网页错误,请联系管理员");
return;
}
}