public void Entry() { var token = "c17e82c72ff74c2ea476006012345678"; var key = token.Substring(0, 24); var id = token.Substring(24, 8); var s2 = DesEncryptHelper.Decrypt3Des("F+C/TtcK6W4=", key, CipherMode.ECB, id); }
public ActionResult SignIn() { var from = Request.UrlReferrer != null && Request.UrlReferrer.AbsoluteUri.Contains("from") ? Request.UrlReferrer.AbsoluteUri.Substring(Request.UrlReferrer.AbsoluteUri.IndexOf('=') + 1) : ""; try { if (Request.Cookies.AllKeys.Contains("TOKEN") && Request.Form.AllKeys.Contains("Account") && Request.Form.AllKeys.Contains("Password")) { var accoutS = Request["Account"]; var passwordS = Request["Password"]; var key = Request.Cookies["TOKEN"]; var iv = Request.Cookies["Timespan"]; var loginInfo = new LoginUserInfo() { Account = accoutS, Password = passwordS }; if (key != null && iv != null) { var account = loginInfo.Account; var password = DesEncryptHelper.Decrypt3Des(loginInfo.Password, key.Value, CipherMode.CBC, iv.Value); //获取用户信息 var userInfo = UserService.Instance.GetUserInfoByLoginInAccount(new LoginInArgs() { Account = account }); if (userInfo.Code == 200) { var user = userInfo.Items.FirstOrDefault(); if (user != null) { //通过用户的token解密用户密码,然后跟此次输入密码比对 var userToken = user.Token.Substring(0, 24); var userIv = user.Token.Substring(24, 8); var userPassword = DesEncryptHelper.Decrypt3Des(user.Password, userToken, CipherMode.ECB, userIv); if (userPassword == password) { ApplicationContext.RoleId = user.RoleId; ApplicationContext.SchoolId = user.SchoolId; ApplicationContext.UserId = user.UserId; ApplicationContext.UserName = user.Name; var Ip = ApplicationContext.GetHostAddress(); //登陆信息是否记录cookie中 if (Request.Form.AllKeys.Contains("ckRemeber")) { var ck = Request["ckRemeber"]; if (ck == "None") { var login = user.RoleId + "&" + user.SchoolId + "&" + user.UserId; var loginToken = DesEncryptHelper.Encrypt3Des(login, userToken, CipherMode.ECB, userIv); //存储登陆信息到cookie中 HttpCookie loginCookie = new HttpCookie("LoginToken", loginToken); loginCookie.Expires = DateTime.Now.AddDays(1); Response.Cookies.Add(loginCookie); //存储userid、schoolid到cookie中 var userSchool = user.UserId + "&" + user.SchoolId; HttpCookie userCookie = new HttpCookie("UserCookie", userSchool); loginCookie.Expires = DateTime.Now.AddDays(1); Response.Cookies.Add(userCookie); } } //记录登陆信息 Task.Factory.StartNew(obj => { var o = (dynamic)obj; //存入数据库 UserService.Instance.AddUserLoginLog(new AddUserLoginLogArgs() { UserId = o.UserId, SchoolId = o.SchoolId, LoginIp = o.Ip }); }, new { Ip, user.UserId, user.SchoolId }); if (!string.IsNullOrEmpty(from)) { return(Redirect(HttpUtility.UrlDecode(from))); } return(RedirectToAction("Index", "Home")); } ViewBag.Msg = "用户密码错误"; } else { ViewBag.Msg = "用户不存在"; } } else { ViewBag.Msg = "服务器异常,请稍后重试"; } } else { ViewBag.Msg = "页面数据异常,请刷新页面"; } } else { ViewBag.Msg = "令牌格式错误"; } SetToken(); return(View("Login")); } catch (Exception e) { LogHelper.Error(this.GetType(), e.ToString(), e); ViewBag.Msg = "用户登录异常"; SetToken(); return(View("Login")); } }
public override void OnActionExecuting(ActionExecutingContext filterContext) { //权限逻辑 var schoolId = ApplicationContext.SchoolId; var userId = ApplicationContext.UserId; var roleId = ApplicationContext.RoleId; var userName = ApplicationContext.UserName; bool isRedirct = schoolId == 0 || userId == 0 || roleId == 0 || string.IsNullOrEmpty(userName); if (true) { //判断cookie中是否包含登陆信息 bool isRealRedirect = true; if (HttpContext.Current.Request.Cookies.AllKeys.Contains("LoginToken") && HttpContext.Current.Request.Cookies.AllKeys.Contains("UserCookie")) { var loginCookie = HttpContext.Current.Request.Cookies["LoginToken"]; var userCookie = HttpContext.Current.Request.Cookies["UserCookie"]; if (userCookie != null && loginCookie != null) { var userInfoArray = userCookie.Value.Split('&'); if (userInfoArray.Length == 2) { if (int.TryParse(userInfoArray[0], out userId) && int.TryParse(userInfoArray[1], out schoolId)) { var userInfos = UserService.Instance.GetUserInfoByUserId(new GetObjectByIdArgs() { SchoolId = schoolId, OId = userId }); if (userInfos.Code == 200) { var user = userInfos.Items.FirstOrDefault(); if (user != null) { var userToken = user.Token.Substring(0, 24); var userIv = user.Token.Substring(24, 8); var loginInfo = DesEncryptHelper.Decrypt3Des(loginCookie.Value, userToken, CipherMode.ECB, userIv); var loginInfoArray = loginInfo.Split('&'); int roleId2, schoolId2, userId2; //验证cookie是否造假 if (loginInfoArray.Length == 3 && int.TryParse(loginInfoArray[0], out roleId2) && int.TryParse(loginInfoArray[1], out schoolId2) && int.TryParse(loginInfoArray[2], out userId2)) { if (schoolId2 == schoolId && userId2 == userId) { ApplicationContext.SchoolId = schoolId; ApplicationContext.UserId = userId; ApplicationContext.RoleId = roleId2; ApplicationContext.UserName = user.Name; //记录登陆信息 var Ip = ApplicationContext.GetHostAddress(); Task.Factory.StartNew(obj => { var o = (dynamic)obj; //存入数据库 UserService.Instance.AddUserLoginLog(new AddUserLoginLogArgs() { UserId = o.UserId, SchoolId = o.SchoolId, LoginIp = o.Ip }); }, new { Ip, user.UserId, ApplicationContext.SchoolId }); isRealRedirect = false; base.OnActionExecuting(filterContext); } } } } } } } } //是否跳转 if (isRealRedirect) { filterContext.Result = new RedirectToRouteResult("User", new RouteValueDictionary { { "from", HttpContext.Current.Request.Url.ToString() } }); } else { base.OnActionExecuting(filterContext); } } else { base.OnActionExecuting(filterContext); } }
public string ChangePassword(PasswordInfo passwordInfo) { try { var userId = ApplicationContext.UserId; var schoolId = ApplicationContext.SchoolId; if (passwordInfo != null && Request.Cookies.AllKeys.Contains("TOKEN")) { var key = Request.Cookies["TOKEN"]; var iv = Request.Cookies["Timespan"]; if (key != null && iv != null) { //先解密码,然后比对系统中的密码 var originalPassword = DesEncryptHelper.Decrypt3Des(passwordInfo.OriginalPassword, key.Value, CipherMode.CBC, iv.Value); var newPassword = DesEncryptHelper.Decrypt3Des(passwordInfo.NewPassword, key.Value, CipherMode.CBC, iv.Value); var userInfo = UserService.Instance.GetUserInfoByUserId(new GetObjectByIdArgs() { OId = userId, SchoolId = schoolId }); if (userInfo.Code == 200) { var user = userInfo.Items.FirstOrDefault(); if (user != null) { //通过用户的token解密用户密码,然后跟此次输入密码比对 var userToken = user.Token.Substring(0, 24); var userIv = user.Token.Substring(24, 8); var userPassword = DesEncryptHelper.Decrypt3Des(user.Password, userToken, CipherMode.ECB, userIv); //对比原始密码 if (userPassword == originalPassword) { //开始修改密码 var newPasswordEncrypt = DesEncryptHelper.Encrypt3Des(newPassword, userToken, CipherMode.ECB, userIv); var result = UserService.Instance.UpdateUserPassword(new UpdatePasswordArgs() { ModifyBy = userId, SchoolId = schoolId, Password = newPasswordEncrypt, UserId = userId }); return(JsonHelper.Serialize(result)); } return(JsonHelper.Serialize(CommandResult.Failure("原始密码错误"))); } return(JsonHelper.Serialize(CommandResult.Failure("用户不存在"))); } return(JsonHelper.Serialize(CommandResult.Failure("服务器异常,请稍后重试"))); } } return(JsonHelper.Serialize(CommandResult.Failure("页面数据异常,请刷新页面"))); } catch (Exception e) { return(JsonHelper.Serialize(CommandResult.Failure("服务器异常:" + e.ToString()))); } }