/// <summary>
/// 對賬號解鎖重設
/// </summary>
/// <returns>數據庫操作結果</returns>
public JsonResult UnlockAndReset()
{
string jsonStr = string.Empty;
try
{
sasMgr = new SecretAccountSetMgr(mySqlConnectionString);
_muMgr = new ManageUserMgr(mySqlConnectionString);
int id = Convert.ToInt32(Request.Params["id"]);
int activeValue = Convert.ToInt32(Request.Params["active"]);
SecretAccountSet sas = new SecretAccountSet();
sas.id = id;
SecretAccountSet oldsas = sasMgr.Select(sas);//獲得用戶的密保信息
if (oldsas.secret_limit == oldsas.secret_count && oldsas.secret_limit != 0)
{
sas.status = 0;
}
else
{
sas.status = 1;
}
sas.pwd_status = oldsas.pwd_status;
sas.user_login_attempts = 0;
if (sasMgr.Update(sas) > 0)
{
return Json(new { success = "true" });
}
else
{
return Json(new { success = "false" });
}
}
catch (Exception ex)
{
Log4NetCustom.LogMessage logMessage = new Log4NetCustom.LogMessage();
logMessage.Content = string.Format("TargetSite:{0},Source:{1},Message:{2}", ex.TargetSite.Name, ex.Source, ex.Message);
logMessage.MethodName = System.Reflection.MethodBase.GetCurrentMethod().Name;
log.Error(logMessage);
return Json(new { success = "false" });
}
}
public HttpResponseBase SecretLogin()
{
string json = string.Empty;
try
{
SecretAccountSet query = new SecretAccountSet();
sasMgr = new SecretAccountSetMgr(mySqlConnectionString);
_secretLogMgr = new SecretInfoLogMgr(mySqlConnectionString);
query.user_id = Convert.ToUInt32((System.Web.HttpContext.Current.Session["caller"] as Caller).user_id.ToString());
query.ipfrom = CommonFunction.GetIP4Address(Request.UserHostAddress.ToString());
query.status = 1;
List<SecretAccountSet> store = sasMgr.GetSecretSetList(query);//獲得用戶的密保信息
if (store.Count != 0)//該用戶有機敏權限
{
if (!string.IsNullOrEmpty(Request.Params["password"]))
{
HashEncrypt hmd5 = new HashEncrypt();
if (store[0].secret_pwd != hmd5.SHA256Encrypt(Request.Params["oldpassword"]) && Request.Params["oldpassword"].ToString() != "" && store[0].pwd_status == 0)
{
ulaMgr = new UserLoginAttemptsMgr(mySqlConnectionString);
UserLoginAttempts ula = new UserLoginAttempts();
ula.login_mail = (System.Web.HttpContext.Current.Session["caller"] as Caller).user_email;
ula.login_ipfrom = query.ipfrom;
ula.login_type = 4;
ulaMgr.Insert(ula);
SecretAccountSet sas = new SecretAccountSet();
store[0].user_login_attempts += 1;
store[0].updatedate = DateTime.Now;
sasMgr.LoginError(store[0]);
int count = 5 - store[0].user_login_attempts;//還有count次登入機會
json = "{success:true,error:5,count:" + count + "}";//返回json數據0:密碼錯誤
}
else
{
if ((store[0].secret_pwd == hmd5.SHA256Encrypt(Request.Params["password"]) && Request.Params["oldpassword"].ToString() == "") || store[0].pwd_status == 0)//密碼驗證正確
{
if (store[0].secret_count != 0 || store[0].user_login_attempts != 0 || store[0].pwd_status == 0)
{
if (store[0].user_login_attempts != 0)
{
store[0].user_login_attempts = 0;
}
if (store[0].secret_count > 1)
{
store[0].secret_count = 1;
}
if (store[0].pwd_status == 0)
{
store[0].pwd_status = 1;
store[0].secret_pwd = hmd5.SHA256Encrypt(Request.Params["password"]);
}
store[0].updatedate = DateTime.Now;
sasMgr.Update(store[0]);//清空賬戶錯誤預警信息
}
//獲取最新的一條數據
SecretInfoLog info = _secretLogMgr.GetMaxCreateLog(new SecretInfoLog { user_id = query.user_id, ipfrom = query.ipfrom }).FirstOrDefault();
if (info.input_pwd_date == DateTime.MinValue)//該條數據是否已經記錄驗證時間,沒有則修改,有則新增
{
info.input_pwd_date = DateTime.Now;
_secretLogMgr.UpdateSecretInfoLog(info);
}
else
{
info.input_pwd_date = DateTime.Now;
_secretLogMgr.InsertSecretInfoLog(info);
}
json = "{success:true,error:0}";//返回json數據
}
else
{//密碼錯誤向
ulaMgr = new UserLoginAttemptsMgr(mySqlConnectionString);
UserLoginAttempts ula = new UserLoginAttempts();
ula.login_mail = (System.Web.HttpContext.Current.Session["caller"] as Caller).user_email;
ula.login_ipfrom = query.ipfrom;
ula.login_type = 4;
ulaMgr.Insert(ula);
SecretAccountSet sas = new SecretAccountSet();
store[0].user_login_attempts += 1;
store[0].updatedate = DateTime.Now;
sasMgr.LoginError(store[0]);
int count = 5 - store[0].user_login_attempts;//還有count次登入機會
if (store[0].secret_pwd != hmd5.SHA256Encrypt(Request.Params["oldpassword"]) && Request.Params["oldpassword"].ToString() != "" && store[0].pwd_status == 0)
{
json = "{success:true,error:1,count:" + count + "}";//返回json數據0:密碼錯誤
}
else
{
json = "{success:true,error:1,count:" + count + "}";//返回json數據0:密碼錯誤
}
}
}
}
else
{
json = "{success:true,error:3}";//返回json數據,後台未獲取到輸入的密碼
}
}
else
{
json = "{success:true,error:2}";//返回json數據1:用戶未註冊資安權限或被鎖定
}
}
catch (Exception ex)
{
Log4NetCustom.LogMessage logMessage = new Log4NetCustom.LogMessage();
logMessage.Content = string.Format("TargetSite:{0},Source:{1},Message:{2}", ex.TargetSite.Name, ex.Source, ex.Message);
logMessage.MethodName = System.Reflection.MethodBase.GetCurrentMethod().Name;
log.Error(logMessage);
json = "{success:false}";
}
this.Response.Clear();
this.Response.Write(json);
this.Response.End();
return this.Response;
}
public HttpResponseBase SaveSecretSet()
{
string json = string.Empty;
SecretAccountSet sas = new SecretAccountSet();
try
{
sasMgr = new SecretAccountSetMgr(mySqlConnectionString);
SecretAccountSetQuery sasq = new SecretAccountSetQuery();
sasq.IsPage = false;
bool issame = false;
if (!string.IsNullOrEmpty(Request.Params["id"]))
{
sas.id = int.Parse(Request.Params["id"]);
sasq.id = sas.id;
}
SecretAccountSet sasModel = sasMgr.Select(sasq);
if (!string.IsNullOrEmpty(Request.Params["user_id"]))
{
sas.user_id = uint.Parse(Request.Params["user_id"]);
}
string opassword = Request.Params["osecret_password"];
string npassword = Request.Params["nsecret_password"];
string password = string.Empty;
string oldpwd = string.Empty;
if (!string.IsNullOrEmpty(Request.Params["secret_limit"]))
{
sas.secret_limit = Convert.ToInt32(Request.Params["secret_limit"]);
}
if (sasModel != null)
{
sas.pwd_status = Convert.ToInt32(sasModel.pwd_status);
}
sas.updatedate = sas.createdate;
//新密碼
if (!string.IsNullOrEmpty(npassword))
{
HashEncrypt hmd5 = new HashEncrypt();
password = hmd5.SHA256Encrypt(npassword);
sas.secret_pwd = password;
sas.pwd_status = 0;
}
if (string.IsNullOrEmpty(Request.Params["reset"]))
{
//舊密碼
if (!string.IsNullOrEmpty(opassword))
{
HashEncrypt hmd5 = new HashEncrypt();
oldpwd = hmd5.SHA256Encrypt(opassword);
}
if (sasModel != null)
{
if (oldpwd == sasModel.secret_pwd)
{
issame = true;
}
}
IPAddress ip = new IPAddress(0);
if (IPAddress.TryParse(Request.Params["ipfrom"], out ip))
{
sas.ipfrom = ip.ToString();
if (!string.IsNullOrEmpty(Request.Params["id"]))
{
if (issame || Request.Params["nsecret_password"] == "")
{
if (sasMgr.Update(sas) > 0)
{
json = "{success:true,msg:'修改成功!'}";
}
else
{
json = "{success:false,msg:'修改失敗!'}";
}
}
else
{
json = "{success:false,msg:'原始密碼輸入錯誤!'}";
}
}
else
{
sas.secret_count = 0;
sas.user_login_attempts = 0;
sas.createdate = DateTime.Now;
sas.status = 0;
sas.pwd_status = 0;
if (sasMgr.SelectByUserIP(sas) == null)
{
if (sasMgr.Insert(sas) > 0)
{
json = "{success:true,msg:'保存成功!'}";
}
else
{
json = "{success:false,msg:'保存失敗!'}";
}
}
else
{
json = "{success:false,msg:'相同的用戶和IP不能重複添加!'}";
}
}
}
else
{
json = "{success:false,msg:'请输入正确的IP地址!'}";
}
}
else
{
sas.pwd_status = 0;
if (sasMgr.Update(sas) > 0)
{
json = "{success:true}";
}
else
{
json = "{success:false}";
}
}
}
catch (Exception ex)
{
Log4NetCustom.LogMessage logMessage = new Log4NetCustom.LogMessage();
logMessage.Content = string.Format("TargetSite:{0},Source:{1},Message:{2}", ex.TargetSite.Name, ex.Source, ex.Message);
logMessage.MethodName = System.Reflection.MethodBase.GetCurrentMethod().Name;
log.Error(logMessage);
json = "{success:false,msg:'操作失敗!'}";
}
this.Response.Clear();
this.Response.Write(json);
this.Response.End();
return this.Response;
}
public HttpResponseBase GetSecretSetList()
{
string json = string.Empty;
int totalCount = 0;
uint result = 0;
try
{
SecretAccountSetQuery query = new SecretAccountSetQuery();
query.Start = Convert.ToInt32(Request.Params["start"] ?? "0");
query.Limit = Convert.ToInt32(Request.Params["limit"] ?? "25");
if (!string.IsNullOrEmpty(Request.Params["search_content"]))
{
if (uint.TryParse(Request.Params["search_content"], out result))
{
query.user_id = result;
}
else
{
query.user_username = Request.Params["search_content"];
}
}
//判斷user_id 和ipfrom是否同時存在該賬號 若存在 則提示不能添加
if (!string.IsNullOrEmpty(Request.Params["id"]))
{
query.id = int.Parse(Request.Params["id"]);
}
if (!string.IsNullOrEmpty(Request.Params["ipfrom"]))
{
query.ipfrom = Request.Params["ipfrom"];
}
if (!string.IsNullOrEmpty(Request.Params["ispage"]))
{
query.IsPage = false;
}
sasMgr = new SecretAccountSetMgr(mySqlConnectionString);
DataTable dt = sasMgr.GetSecretSetList(query, out totalCount);
IsoDateTimeConverter timeConverter = new IsoDateTimeConverter();
//这里使用自定义日期格式,如果不使用的话,默认是ISO8601格式
timeConverter.DateTimeFormat = "yyyy-MM-dd HH:mm:ss";
//listUser是准备转换的对象
json = "{success:true,totalCount:" + totalCount + ",data:" + JsonConvert.SerializeObject(dt, Formatting.Indented, timeConverter) + "}";//返回json數據
}
catch (Exception ex)
{
Log4NetCustom.LogMessage logMessage = new Log4NetCustom.LogMessage();
logMessage.Content = string.Format("TargetSite:{0},Source:{1},Message:{2}", ex.TargetSite.Name, ex.Source, ex.Message);
logMessage.MethodName = System.Reflection.MethodBase.GetCurrentMethod().Name;
log.Error(logMessage);
json = "{success:false,totalCount:0,data:[]}";
}
this.Response.Clear();
this.Response.Write(json);
this.Response.End();
return this.Response;
}
/// <summary>
/// 誰在什麼時候通過哪個頁面訪問了哪筆機敏資料
/// </summary>
/// <returns></returns>
public HttpResponseBase SaveSecretLog()
{
string json = "{success:false,isconti:false,ispower:false,pwd_status:\"" + 0 + "\"}";
try
{
_secretLogMgr = new SecretInfoLogMgr(mySqlConnectionString);
SecretInfoLog query = new SecretInfoLog();
//誰
query.user_id = Convert.ToUInt32((System.Web.HttpContext.Current.Session["caller"] as Caller).user_id.ToString());
query.ipfrom = CommonFunction.GetIP4Address(Request.UserHostAddress.ToString());
//在哪個時候
query.createdate = DateTime.Now;
//訪問了哪個頁面
if (!string.IsNullOrEmpty(Request.Params["urlRecord"]))
{
query.url = Request.Params["urlRecord"].ToString();
}
if (!string.IsNullOrEmpty(Request.Params["secretType"]))
{
query.type = Convert.ToInt32(Request.Params["secretType"].ToString());
}
//哪筆機敏資料
if (!string.IsNullOrEmpty(Request.Params["ralatedId"]))
{
query.related_id = Convert.ToInt32(Request.Params["ralatedId"].ToString());
}
sasMgr = new SecretAccountSetMgr(mySqlConnectionString);
SecretAccountSet querysas = new SecretAccountSet();
querysas.user_id = query.user_id;
querysas.ipfrom = query.ipfrom;
querysas.status = -1;
List<SecretAccountSet> store = sasMgr.GetSecretSetList(querysas);//獲得用戶的密保信息
if (store.Count > 0)//該賬號具有機敏權限
{
if ((store[0].secret_count < store[0].secret_limit) && store[0].status == 1)//該賬號查詢次數未達極限
{
if (_secretLogMgr.InsertSecretInfoLog(query) > 0)//查詢記錄保存成功
{
store[0].secret_count = store[0].secret_count + 1;
store[0].updatedate = DateTime.Now;
sasMgr.Update(store[0]);
//判斷是否具有權限
json = "{success:true,isconti:true,ispower:true,pwd_status:\"" + store[0].pwd_status + "\"}";//正常進行
}
}
else if ((store[0].secret_count >= store[0].secret_limit) && store[0].status == 1)//極限值訪問
{
store[0].status = 0;
store[0].updatedate = DateTime.Now;
sasMgr.Update(store[0]);
//判斷是否具有權限
json = "{success:true,isconti:false,ispower:true,pwd_status:\"" + store[0].pwd_status + "\"}";//已達極限
}
else if ((store[0].secret_count < store[0].secret_limit) && store[0].status == 0)
{//達極限
json = "{success:true,isconti:false,ispower:false,pwd_status:\"" + store[0].pwd_status + "\"}";//沒有賬號
}
else
{
json = "{success:true,isconti:false,ispower:true,pwd_status:\"" + store[0].pwd_status + "\"}";//已達極限
}
}
else
{
json = "{success:true,isconti:false,ispower:false,pwd_status:\"" + 0 + "\"}";//沒有賬號
}
}
catch (Exception ex)
{
Log4NetCustom.LogMessage logMessage = new Log4NetCustom.LogMessage();
logMessage.Content = string.Format("TargetSite:{0},Source:{1},Message:{2}", ex.TargetSite.Name, ex.Source, ex.Message);
logMessage.MethodName = System.Reflection.MethodBase.GetCurrentMethod().Name;
log.Error(logMessage);
}
this.Response.Clear();
this.Response.Write(json);
this.Response.End();
return this.Response;
}
/// <summary>
/// 更改活動使用狀態
/// </summary>
/// <returns>數據庫操作結果</returns>
public JsonResult UpdateActive()
{
string jsonStr = string.Empty;
try
{
sasMgr = new SecretAccountSetMgr(mySqlConnectionString);
int id = Convert.ToInt32(Request.Params["id"]);
int activeValue = Convert.ToInt32(Request.Params["active"]);
SecretAccountSet model = new SecretAccountSet();
model.id = id;
model.status = activeValue;
model.updatedate = DateTime.Now;
model.pwd_status = sasMgr.Select(new SecretAccountSet { id = model.id }).pwd_status;
if (sasMgr.Update(model) > 0)
{
return Json(new { success = "true" });
}
else
{
return Json(new { success = "false" });
}
}
catch (Exception ex)
{
Log4NetCustom.LogMessage logMessage = new Log4NetCustom.LogMessage();
logMessage.Content = string.Format("TargetSite:{0},Source:{1},Message:{2}", ex.TargetSite.Name, ex.Source, ex.Message);
logMessage.MethodName = System.Reflection.MethodBase.GetCurrentMethod().Name;
log.Error(logMessage);
return Json(new { success = "false" });
}
}
