public virtual ActionResult Register(RegisterEditModel model) { if (!ModelState.IsValid) { return(View(model)); } var user = model.AsUser(); if (_userService.AddUser(user).Id <= 0) { return(View(model)); } var adminCookie = new HttpCookie("ChiakiCookie" + user.UserName) { Value = UserPasswordHelper.MD5(true.ToString()) }; if (!string.IsNullOrEmpty(FormsAuthentication.CookieDomain)) { adminCookie.Domain = FormsAuthentication.CookieDomain; } adminCookie.HttpOnly = true; Response.Cookies.Add(adminCookie); FormsAuthentication.SetAuthCookie(model.UserName, false); return(RedirectToAction(MVC.Channel.Home())); }
// This method must be thread-safe since it is called by the thread-safe OnCacheAuthorization() method. protected virtual bool AuthorizeCore(AuthorizationContext filterContext) { var currentUser = UserContext.CurrentUser; if (currentUser == null) { return(false); } if (!CheckCookie) { return(false); } var adminCookie = filterContext.HttpContext.Request.Cookies["ChiakiAdminCookie" + currentUser.Id]; if (adminCookie == null) { return(false); } var isLoginMarked = false; try { if (UserPasswordHelper.MD5(true.ToString()).Equals(adminCookie.Value)) { isLoginMarked = true; } } catch { // ignored } return(isLoginMarked); }
/// <summary> /// Updates the password question and answer. /// </summary> /// <param name="passwordQuestion">The password question</param> /// <param name="passwordAnswer">The password answer</param> /// <remarks>This method does not save the user record.</remarks> public void SetPasswordQuestion(string passwordQuestion, string passwordAnswer) { this.PasswordQuestion = passwordQuestion; string encodedPasswordAnswer = string.Empty; if (!string.IsNullOrEmpty(passwordAnswer)) { encodedPasswordAnswer = UserPasswordHelper.EncodePassword(passwordAnswer, "SHA1"); } this.PasswordAnswer = encodedPasswordAnswer; }
/// <summary> /// Processes a request to update the password question and answer for a membership user. /// </summary> /// <param name="username">The user to change the password question and answer for. </param> /// <param name="password">The password for the specified user.</param> /// <param name="newPasswordQuestion">The new password question for the specified user</param> /// <param name="newPasswordAnswer">The new password answer for the specified user. </param> /// <returns>true if the password question and answer are updated successfully; otherwise, false.</returns> public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer) { User user = UserDataSource.LoadForUserName(username); if ((user != null) && user.CheckPassword(password)) { user.PasswordQuestion = newPasswordQuestion; //password answer is always encoded in SHA1 user.PasswordAnswer = UserPasswordHelper.EncodePassword(newPasswordAnswer, "SHA1"); return(user.Save() != SaveResult.Failed); } return(false); }
public User AsUser() { var user = new User { UserName = UserName, NickName = NickName, PasswordFormat = UserPasswordFormat.Md5, Password = UserPasswordHelper.EncodePassword("123456", UserPasswordFormat.Md5), AccountEmail = AccountEmail, AccountMobile = AccountMobile }; return(user); }
/// <summary> /// Updates the user password /// </summary> /// <param name="newPassword">new password</param> /// <param name="forceExpiration">force expiration</param> /// <returns>True if the password was set successfully; false otherwise</returns> public bool SetPassword(string newPassword, bool forceExpiration) { bool isAdmin = this.IsAdmin; PasswordPolicy policy; if (isAdmin) { policy = new MerchantPasswordPolicy(); } else { policy = new CustomerPasswordPolicy(); } int historyDays = policy.HistoryDays; int historyCount = policy.HistoryCount; DateTime lastPasswordDate = LocaleHelper.LocalNow.AddDays(-1 * historyDays); UserPasswordCollection passwordCollection = this.Passwords; int passwordCount = passwordCollection.Count; for (int i = passwordCount - 1; i >= 0; i--) { UserPassword oldPassword = passwordCollection[i]; if ((oldPassword.PasswordNumber >= historyCount) && (oldPassword.CreateDate <= lastPasswordDate)) { passwordCollection[i].Delete(); passwordCollection.RemoveAt(i); } else { passwordCollection[i].PasswordNumber++; } } UserPassword userPassword = new UserPassword(); userPassword.Password = UserPasswordHelper.EncodePassword(newPassword, policy.PasswordFormat); userPassword.PasswordFormat = policy.PasswordFormat; userPassword.PasswordNumber = 1; userPassword.CreateDate = LocaleHelper.LocalNow; userPassword.ForceExpiration = forceExpiration; passwordCollection.Add(userPassword); this.LastPasswordChangedDate = userPassword.CreateDate; bool result = (this.Save() != SaveResult.Failed); if (isAdmin) { Logger.Audit(AuditEventType.PasswordChanged, result, string.Empty); } return(result); }
/// <summary> /// 验证用户名密码 /// </summary> /// <param name="userName">用户名/注册邮箱/注册手机</param> /// <param name="password">密码</param> /// <returns></returns> public UserLoginStatus ValidateUser(string userName, string password) { var user = _userRepository.Table .FirstOrDefault( n => n.UserName == userName || n.AccountEmail == userName || n.AccountMobile == userName); if (user == null) { return(UserLoginStatus.IsNotExist); } if (!UserPasswordHelper.CheckPassword(password, user.Password, user.PasswordFormat)) { return(UserLoginStatus.InvalidCredentials); } return(!user.IsActived ? UserLoginStatus.NotActivated : UserLoginStatus.Success); }
public JsonResult _Step2_Install_InitialData() { ConcurrentDictionary <string, string> messages = new ConcurrentDictionary <string, string>(); string connectString = Request.Form.Get <string>("connectString", string.Empty); //连接新库 SqlConnection dbConnection = GetSqlConnection(connectString, out messages); if (messages.Keys.Count > 0) { return(Json(new StatusMessageData(StatusMessageType.Error, "连接字符串不对!"))); } string administrator = Request.Form.Get <string>("Administrator", string.Empty); string userPassword = Request.Form.Get <string>("UserPassword", string.Empty); KeyValuePair <string, string> adminInfo = new KeyValuePair <string, string>(administrator, UserPasswordHelper.EncodePassword(userPassword, Tunynet.Common.UserPasswordFormat.MD5)); string mainRootSiteUrl = Request.Form.Get <string>("MainRootSiteUrl", string.Empty); List <string> fileList = SetupHelper.GetInstallFiles(null, true).Where(n => n.Contains("InitialData") || n.Contains("CreateAdministrator")).ToList(); string message = string.Empty; foreach (var file in fileList) { try { SetupHelper.ExecuteInFile(dbConnection, file, out messages, adminInfo, mainRootSiteUrl); } catch { } if (messages.Count > 0) { WriteLogFile(messages); return(Json(new StatusMessageData(StatusMessageType.Error, "执行数据库初始化脚本时出现错误,请查看安装日志!"))); } } return(Json(new StatusMessageData(StatusMessageType.Success, "安装数据库表结构成功!"))); }
/// <summary> /// Checks the given password to see if it is equal to the password represented by this instance. /// </summary> /// <param name="password">The unencrypted password to check</param> /// <returns>True if the input is equal to the password stored in this instance; false otherwise.</returns> public bool VerifyPassword(string password) { return(UserPasswordHelper.VerifyPassword(password, this.PasswordFormat, this.Password)); }
public virtual ActionResult ManageLogin(LoginViewModel model) { if (!ModelState.IsValid) { return(View(model)); } var user = model.AsUser(); var userLoginStatus = _userService.ValidateUser(user.UserName, user.Password); switch (userLoginStatus) { case UserLoginStatus.Success: user = _userService.GetAll().FirstOrDefault(n => n.UserName == user.UserName); break; case UserLoginStatus.IsNotExist: TempData["StatusMessageData"] = "账号不存在!"; break; case UserLoginStatus.InvalidCredentials: TempData["StatusMessageData"] = "帐号或密码错误,请重新输入!"; break; case UserLoginStatus.NotActivated: TempData["StatusMessageData"] = "账号未激活!"; break; case UserLoginStatus.Banned: TempData["StatusMessageData"] = "账号被封禁!"; break; case UserLoginStatus.UnknownError: TempData["StatusMessageData"] = "未知错误,请重试!"; break; default: TempData["StatusMessageData"] = "未知错误,请重试!"; break; } if (userLoginStatus != UserLoginStatus.Success) { return(View(model)); } FormsAuthentication.SignOut(); var adminCookie = new HttpCookie("ChiakiAdminCookie" + user.Id) { Value = UserPasswordHelper.MD5(true.ToString()) }; if (!string.IsNullOrEmpty(FormsAuthentication.CookieDomain)) { adminCookie.Domain = FormsAuthentication.CookieDomain; } adminCookie.HttpOnly = true; Response.Cookies.Add(adminCookie); FormsAuthentication.SetAuthCookie(user.UserName, model.RememberMe); var returnUrl = string.IsNullOrEmpty(model.ReturnUrl) ? Request.QueryString.Get("ReturnUrl") : model.ReturnUrl; if (string.IsNullOrWhiteSpace(returnUrl)) { return(RedirectToAction(MVC.Admin.Admin.Home())); } return(Redirect(returnUrl)); }