public void Entry()
{
var token = "c17e82c72ff74c2ea476006012345678";
var key = token.Substring(0, 24);
var id = token.Substring(24, 8);
var s2 = DesEncryptHelper.Decrypt3Des("F+C/TtcK6W4=", key, CipherMode.ECB, id);
}
public ActionResult SignIn()
{
var from = Request.UrlReferrer != null && Request.UrlReferrer.AbsoluteUri.Contains("from")
? Request.UrlReferrer.AbsoluteUri.Substring(Request.UrlReferrer.AbsoluteUri.IndexOf('=') + 1)
: "";
try
{
if (Request.Cookies.AllKeys.Contains("TOKEN") && Request.Form.AllKeys.Contains("Account") &&
Request.Form.AllKeys.Contains("Password"))
{
var accoutS = Request["Account"];
var passwordS = Request["Password"];
var key = Request.Cookies["TOKEN"];
var iv = Request.Cookies["Timespan"];
var loginInfo = new LoginUserInfo()
{
Account = accoutS,
Password = passwordS
};
if (key != null && iv != null)
{
var account = loginInfo.Account;
var password = DesEncryptHelper.Decrypt3Des(loginInfo.Password, key.Value, CipherMode.CBC,
iv.Value);
//获取用户信息
var userInfo = UserService.Instance.GetUserInfoByLoginInAccount(new LoginInArgs()
{
Account = account
});
if (userInfo.Code == 200)
{
var user = userInfo.Items.FirstOrDefault();
if (user != null)
{
//通过用户的token解密用户密码,然后跟此次输入密码比对
var userToken = user.Token.Substring(0, 24);
var userIv = user.Token.Substring(24, 8);
var userPassword = DesEncryptHelper.Decrypt3Des(user.Password, userToken, CipherMode.ECB,
userIv);
if (userPassword == password)
{
ApplicationContext.RoleId = user.RoleId;
ApplicationContext.SchoolId = user.SchoolId;
ApplicationContext.UserId = user.UserId;
ApplicationContext.UserName = user.Name;
var Ip = ApplicationContext.GetHostAddress();
//登陆信息是否记录cookie中
if (Request.Form.AllKeys.Contains("ckRemeber"))
{
var ck = Request["ckRemeber"];
if (ck == "None")
{
var login = user.RoleId + "&" + user.SchoolId + "&" + user.UserId;
var loginToken = DesEncryptHelper.Encrypt3Des(login, userToken,
CipherMode.ECB, userIv);
//存储登陆信息到cookie中
HttpCookie loginCookie = new HttpCookie("LoginToken", loginToken);
loginCookie.Expires = DateTime.Now.AddDays(1);
Response.Cookies.Add(loginCookie);
//存储userid、schoolid到cookie中
var userSchool = user.UserId + "&" + user.SchoolId;
HttpCookie userCookie = new HttpCookie("UserCookie", userSchool);
loginCookie.Expires = DateTime.Now.AddDays(1);
Response.Cookies.Add(userCookie);
}
}
//记录登陆信息
Task.Factory.StartNew(obj =>
{
var o = (dynamic)obj;
//存入数据库
UserService.Instance.AddUserLoginLog(new AddUserLoginLogArgs()
{
UserId = o.UserId,
SchoolId = o.SchoolId,
LoginIp = o.Ip
});
}, new { Ip, user.UserId, user.SchoolId });
if (!string.IsNullOrEmpty(from))
{
return(Redirect(HttpUtility.UrlDecode(from)));
}
return(RedirectToAction("Index", "Home"));
}
ViewBag.Msg = "用户密码错误";
}
else
{
ViewBag.Msg = "用户不存在";
}
}
else
{
ViewBag.Msg = "服务器异常,请稍后重试";
}
}
else
{
ViewBag.Msg = "页面数据异常,请刷新页面";
}
}
else
{
ViewBag.Msg = "令牌格式错误";
}
SetToken();
return(View("Login"));
}
catch (Exception e)
{
LogHelper.Error(this.GetType(), e.ToString(), e);
ViewBag.Msg = "用户登录异常";
SetToken();
return(View("Login"));
}
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
//权限逻辑
var schoolId = ApplicationContext.SchoolId;
var userId = ApplicationContext.UserId;
var roleId = ApplicationContext.RoleId;
var userName = ApplicationContext.UserName;
bool isRedirct = schoolId == 0 || userId == 0 || roleId == 0 || string.IsNullOrEmpty(userName);
if (true)
{
//判断cookie中是否包含登陆信息
bool isRealRedirect = true;
if (HttpContext.Current.Request.Cookies.AllKeys.Contains("LoginToken") &&
HttpContext.Current.Request.Cookies.AllKeys.Contains("UserCookie"))
{
var loginCookie = HttpContext.Current.Request.Cookies["LoginToken"];
var userCookie = HttpContext.Current.Request.Cookies["UserCookie"];
if (userCookie != null && loginCookie != null)
{
var userInfoArray = userCookie.Value.Split('&');
if (userInfoArray.Length == 2)
{
if (int.TryParse(userInfoArray[0], out userId) && int.TryParse(userInfoArray[1], out schoolId))
{
var userInfos = UserService.Instance.GetUserInfoByUserId(new GetObjectByIdArgs()
{
SchoolId = schoolId,
OId = userId
});
if (userInfos.Code == 200)
{
var user = userInfos.Items.FirstOrDefault();
if (user != null)
{
var userToken = user.Token.Substring(0, 24);
var userIv = user.Token.Substring(24, 8);
var loginInfo = DesEncryptHelper.Decrypt3Des(loginCookie.Value, userToken, CipherMode.ECB,
userIv);
var loginInfoArray = loginInfo.Split('&');
int roleId2, schoolId2, userId2;
//验证cookie是否造假
if (loginInfoArray.Length == 3 && int.TryParse(loginInfoArray[0], out roleId2) &&
int.TryParse(loginInfoArray[1], out schoolId2) &&
int.TryParse(loginInfoArray[2], out userId2))
{
if (schoolId2 == schoolId && userId2 == userId)
{
ApplicationContext.SchoolId = schoolId;
ApplicationContext.UserId = userId;
ApplicationContext.RoleId = roleId2;
ApplicationContext.UserName = user.Name;
//记录登陆信息
var Ip = ApplicationContext.GetHostAddress();
Task.Factory.StartNew(obj =>
{
var o = (dynamic)obj;
//存入数据库
UserService.Instance.AddUserLoginLog(new AddUserLoginLogArgs()
{
UserId = o.UserId,
SchoolId = o.SchoolId,
LoginIp = o.Ip
});
}, new { Ip, user.UserId, ApplicationContext.SchoolId });
isRealRedirect = false;
base.OnActionExecuting(filterContext);
}
}
}
}
}
}
}
}
//是否跳转
if (isRealRedirect)
{
filterContext.Result = new RedirectToRouteResult("User", new RouteValueDictionary
{
{
"from", HttpContext.Current.Request.Url.ToString()
}
});
}
else
{
base.OnActionExecuting(filterContext);
}
}
else
{
base.OnActionExecuting(filterContext);
}
}
public string ChangePassword(PasswordInfo passwordInfo)
{
try
{
var userId = ApplicationContext.UserId;
var schoolId = ApplicationContext.SchoolId;
if (passwordInfo != null && Request.Cookies.AllKeys.Contains("TOKEN"))
{
var key = Request.Cookies["TOKEN"];
var iv = Request.Cookies["Timespan"];
if (key != null && iv != null)
{
//先解密码,然后比对系统中的密码
var originalPassword = DesEncryptHelper.Decrypt3Des(passwordInfo.OriginalPassword, key.Value,
CipherMode.CBC,
iv.Value);
var newPassword = DesEncryptHelper.Decrypt3Des(passwordInfo.NewPassword, key.Value,
CipherMode.CBC,
iv.Value);
var userInfo = UserService.Instance.GetUserInfoByUserId(new GetObjectByIdArgs()
{
OId = userId,
SchoolId = schoolId
});
if (userInfo.Code == 200)
{
var user = userInfo.Items.FirstOrDefault();
if (user != null)
{
//通过用户的token解密用户密码,然后跟此次输入密码比对
var userToken = user.Token.Substring(0, 24);
var userIv = user.Token.Substring(24, 8);
var userPassword = DesEncryptHelper.Decrypt3Des(user.Password, userToken,
CipherMode.ECB,
userIv);
//对比原始密码
if (userPassword == originalPassword)
{
//开始修改密码
var newPasswordEncrypt = DesEncryptHelper.Encrypt3Des(newPassword, userToken,
CipherMode.ECB, userIv);
var result = UserService.Instance.UpdateUserPassword(new UpdatePasswordArgs()
{
ModifyBy = userId,
SchoolId = schoolId,
Password = newPasswordEncrypt,
UserId = userId
});
return(JsonHelper.Serialize(result));
}
return(JsonHelper.Serialize(CommandResult.Failure("原始密码错误")));
}
return(JsonHelper.Serialize(CommandResult.Failure("用户不存在")));
}
return(JsonHelper.Serialize(CommandResult.Failure("服务器异常,请稍后重试")));
}
}
return(JsonHelper.Serialize(CommandResult.Failure("页面数据异常,请刷新页面")));
}
catch (Exception e)
{
return(JsonHelper.Serialize(CommandResult.Failure("服务器异常:" + e.ToString())));
}
}
