public List<SecretAccountSet> GetSecretSetList(SecretAccountSet query)
{
StringBuilder sql = new StringBuilder();
StringBuilder sqlwhere = new StringBuilder();
try
{
sql.Append(@"SELECT sas.id,sas.user_id,sas.secret_pwd,sas.createdate,sas.updatedate, sas.`status`,sas.pwd_status,sas.user_login_attempts,sas.ipfrom,secret_limit,secret_count ");
sqlwhere.AppendLine(@" FROM secret_account_set sas ");
sqlwhere.AppendLine(@" WHERE user_login_attempts<5 ");
if (query.user_id != 0)
{
sqlwhere.AppendFormat(@" AND sas.user_id ='{0}'", query.user_id);
}
if (!string.IsNullOrEmpty(query.ipfrom))
{
sqlwhere.AppendFormat(@" AND sas.ipfrom ='{0}'", query.ipfrom);
}
if (query.status != -1)
{
sqlwhere.AppendFormat(@" AND sas.`status` ='{0}'", query.status);
}
sql.Append(sqlwhere.ToString());
return _access.getDataTableForObj<SecretAccountSet>(sql.ToString());
}
catch (Exception ex)
{
throw new Exception("SecretAccountSetDao-->GetSecretSetList" + ex.Message + sql.ToString(), ex);
}
}
public SecretAccountSet Select(SecretAccountSet model)
{
try
{
return sasDao.Select(model);
}
catch (Exception ex)
{
throw new Exception("SecretInfoLogMgr-->Select-->" + ex.Message, ex);
}
}
public int Update(SecretAccountSet sas)
{
try
{
return sasDao.Update(sas);
}
catch (Exception ex)
{
throw new Exception("SecretAccountSetMgr-->Update" + ex.Message, ex);
}
}
public int Insert(SecretAccountSet sas)
{
try
{
return sasDao.Insert(sas);
}
catch (Exception ex)
{
throw new Exception("SecretAccountSetMgr-->Insert" + ex.Message, ex);
}
}
public List<SecretAccountSet> GetSecretSetList(SecretAccountSet query)
{
try
{
return sasDao.GetSecretSetList(query);
}
catch (Exception ex)
{
throw new Exception("SecretAccountSetMgr-->GetSecretSetList(SecretAccountSet query)" + ex.Message, ex);
}
}
/// <summary>
/// 查詢登入錯誤時使字段user_login_attempts加1,至5時改變status為停用
/// </summary>
/// <returns></returns>
public int LoginError(SecretAccountSet sas)
{
try
{
if (sas.user_login_attempts == 5)
{
sas.status = 0;
}
return sasDao.Update(sas);
}
catch (Exception ex)
{
throw new Exception("SecretAccountSetMgr-->UpdateState" + ex.Message, ex);
}
}
/// <summary>
/// 對賬號解鎖重設
/// </summary>
/// <returns>數據庫操作結果</returns>
public JsonResult UnlockAndReset()
{
string jsonStr = string.Empty;
try
{
sasMgr = new SecretAccountSetMgr(mySqlConnectionString);
_muMgr = new ManageUserMgr(mySqlConnectionString);
int id = Convert.ToInt32(Request.Params["id"]);
int activeValue = Convert.ToInt32(Request.Params["active"]);
SecretAccountSet sas = new SecretAccountSet();
sas.id = id;
SecretAccountSet oldsas = sasMgr.Select(sas);//獲得用戶的密保信息
if (oldsas.secret_limit == oldsas.secret_count && oldsas.secret_limit != 0)
{
sas.status = 0;
}
else
{
sas.status = 1;
}
sas.pwd_status = oldsas.pwd_status;
sas.user_login_attempts = 0;
if (sasMgr.Update(sas) > 0)
{
return Json(new { success = "true" });
}
else
{
return Json(new { success = "false" });
}
}
catch (Exception ex)
{
Log4NetCustom.LogMessage logMessage = new Log4NetCustom.LogMessage();
logMessage.Content = string.Format("TargetSite:{0},Source:{1},Message:{2}", ex.TargetSite.Name, ex.Source, ex.Message);
logMessage.MethodName = System.Reflection.MethodBase.GetCurrentMethod().Name;
log.Error(logMessage);
return Json(new { success = "false" });
}
}
public HttpResponseBase SecretLogin()
{
string json = string.Empty;
try
{
SecretAccountSet query = new SecretAccountSet();
sasMgr = new SecretAccountSetMgr(mySqlConnectionString);
_secretLogMgr = new SecretInfoLogMgr(mySqlConnectionString);
query.user_id = Convert.ToUInt32((System.Web.HttpContext.Current.Session["caller"] as Caller).user_id.ToString());
query.ipfrom = CommonFunction.GetIP4Address(Request.UserHostAddress.ToString());
query.status = 1;
List<SecretAccountSet> store = sasMgr.GetSecretSetList(query);//獲得用戶的密保信息
if (store.Count != 0)//該用戶有機敏權限
{
if (!string.IsNullOrEmpty(Request.Params["password"]))
{
HashEncrypt hmd5 = new HashEncrypt();
if (store[0].secret_pwd != hmd5.SHA256Encrypt(Request.Params["oldpassword"]) && Request.Params["oldpassword"].ToString() != "" && store[0].pwd_status == 0)
{
ulaMgr = new UserLoginAttemptsMgr(mySqlConnectionString);
UserLoginAttempts ula = new UserLoginAttempts();
ula.login_mail = (System.Web.HttpContext.Current.Session["caller"] as Caller).user_email;
ula.login_ipfrom = query.ipfrom;
ula.login_type = 4;
ulaMgr.Insert(ula);
SecretAccountSet sas = new SecretAccountSet();
store[0].user_login_attempts += 1;
store[0].updatedate = DateTime.Now;
sasMgr.LoginError(store[0]);
int count = 5 - store[0].user_login_attempts;//還有count次登入機會
json = "{success:true,error:5,count:" + count + "}";//返回json數據0:密碼錯誤
}
else
{
if ((store[0].secret_pwd == hmd5.SHA256Encrypt(Request.Params["password"]) && Request.Params["oldpassword"].ToString() == "") || store[0].pwd_status == 0)//密碼驗證正確
{
if (store[0].secret_count != 0 || store[0].user_login_attempts != 0 || store[0].pwd_status == 0)
{
if (store[0].user_login_attempts != 0)
{
store[0].user_login_attempts = 0;
}
if (store[0].secret_count > 1)
{
store[0].secret_count = 1;
}
if (store[0].pwd_status == 0)
{
store[0].pwd_status = 1;
store[0].secret_pwd = hmd5.SHA256Encrypt(Request.Params["password"]);
}
store[0].updatedate = DateTime.Now;
sasMgr.Update(store[0]);//清空賬戶錯誤預警信息
}
//獲取最新的一條數據
SecretInfoLog info = _secretLogMgr.GetMaxCreateLog(new SecretInfoLog { user_id = query.user_id, ipfrom = query.ipfrom }).FirstOrDefault();
if (info.input_pwd_date == DateTime.MinValue)//該條數據是否已經記錄驗證時間,沒有則修改,有則新增
{
info.input_pwd_date = DateTime.Now;
_secretLogMgr.UpdateSecretInfoLog(info);
}
else
{
info.input_pwd_date = DateTime.Now;
_secretLogMgr.InsertSecretInfoLog(info);
}
json = "{success:true,error:0}";//返回json數據
}
else
{//密碼錯誤向
ulaMgr = new UserLoginAttemptsMgr(mySqlConnectionString);
UserLoginAttempts ula = new UserLoginAttempts();
ula.login_mail = (System.Web.HttpContext.Current.Session["caller"] as Caller).user_email;
ula.login_ipfrom = query.ipfrom;
ula.login_type = 4;
ulaMgr.Insert(ula);
SecretAccountSet sas = new SecretAccountSet();
store[0].user_login_attempts += 1;
store[0].updatedate = DateTime.Now;
sasMgr.LoginError(store[0]);
int count = 5 - store[0].user_login_attempts;//還有count次登入機會
if (store[0].secret_pwd != hmd5.SHA256Encrypt(Request.Params["oldpassword"]) && Request.Params["oldpassword"].ToString() != "" && store[0].pwd_status == 0)
{
json = "{success:true,error:1,count:" + count + "}";//返回json數據0:密碼錯誤
}
else
{
json = "{success:true,error:1,count:" + count + "}";//返回json數據0:密碼錯誤
}
}
}
}
else
{
json = "{success:true,error:3}";//返回json數據,後台未獲取到輸入的密碼
}
}
else
{
json = "{success:true,error:2}";//返回json數據1:用戶未註冊資安權限或被鎖定
}
}
catch (Exception ex)
{
Log4NetCustom.LogMessage logMessage = new Log4NetCustom.LogMessage();
logMessage.Content = string.Format("TargetSite:{0},Source:{1},Message:{2}", ex.TargetSite.Name, ex.Source, ex.Message);
logMessage.MethodName = System.Reflection.MethodBase.GetCurrentMethod().Name;
log.Error(logMessage);
json = "{success:false}";
}
this.Response.Clear();
this.Response.Write(json);
this.Response.End();
return this.Response;
}
public HttpResponseBase SaveSecretSet()
{
string json = string.Empty;
SecretAccountSet sas = new SecretAccountSet();
try
{
sasMgr = new SecretAccountSetMgr(mySqlConnectionString);
SecretAccountSetQuery sasq = new SecretAccountSetQuery();
sasq.IsPage = false;
bool issame = false;
if (!string.IsNullOrEmpty(Request.Params["id"]))
{
sas.id = int.Parse(Request.Params["id"]);
sasq.id = sas.id;
}
SecretAccountSet sasModel = sasMgr.Select(sasq);
if (!string.IsNullOrEmpty(Request.Params["user_id"]))
{
sas.user_id = uint.Parse(Request.Params["user_id"]);
}
string opassword = Request.Params["osecret_password"];
string npassword = Request.Params["nsecret_password"];
string password = string.Empty;
string oldpwd = string.Empty;
if (!string.IsNullOrEmpty(Request.Params["secret_limit"]))
{
sas.secret_limit = Convert.ToInt32(Request.Params["secret_limit"]);
}
if (sasModel != null)
{
sas.pwd_status = Convert.ToInt32(sasModel.pwd_status);
}
sas.updatedate = sas.createdate;
//新密碼
if (!string.IsNullOrEmpty(npassword))
{
HashEncrypt hmd5 = new HashEncrypt();
password = hmd5.SHA256Encrypt(npassword);
sas.secret_pwd = password;
sas.pwd_status = 0;
}
if (string.IsNullOrEmpty(Request.Params["reset"]))
{
//舊密碼
if (!string.IsNullOrEmpty(opassword))
{
HashEncrypt hmd5 = new HashEncrypt();
oldpwd = hmd5.SHA256Encrypt(opassword);
}
if (sasModel != null)
{
if (oldpwd == sasModel.secret_pwd)
{
issame = true;
}
}
IPAddress ip = new IPAddress(0);
if (IPAddress.TryParse(Request.Params["ipfrom"], out ip))
{
sas.ipfrom = ip.ToString();
if (!string.IsNullOrEmpty(Request.Params["id"]))
{
if (issame || Request.Params["nsecret_password"] == "")
{
if (sasMgr.Update(sas) > 0)
{
json = "{success:true,msg:'修改成功!'}";
}
else
{
json = "{success:false,msg:'修改失敗!'}";
}
}
else
{
json = "{success:false,msg:'原始密碼輸入錯誤!'}";
}
}
else
{
sas.secret_count = 0;
sas.user_login_attempts = 0;
sas.createdate = DateTime.Now;
sas.status = 0;
sas.pwd_status = 0;
if (sasMgr.SelectByUserIP(sas) == null)
{
if (sasMgr.Insert(sas) > 0)
{
json = "{success:true,msg:'保存成功!'}";
}
else
{
json = "{success:false,msg:'保存失敗!'}";
}
}
else
{
json = "{success:false,msg:'相同的用戶和IP不能重複添加!'}";
}
}
}
else
{
json = "{success:false,msg:'请输入正确的IP地址!'}";
}
}
else
{
sas.pwd_status = 0;
if (sasMgr.Update(sas) > 0)
{
json = "{success:true}";
}
else
{
json = "{success:false}";
}
}
}
catch (Exception ex)
{
Log4NetCustom.LogMessage logMessage = new Log4NetCustom.LogMessage();
logMessage.Content = string.Format("TargetSite:{0},Source:{1},Message:{2}", ex.TargetSite.Name, ex.Source, ex.Message);
logMessage.MethodName = System.Reflection.MethodBase.GetCurrentMethod().Name;
log.Error(logMessage);
json = "{success:false,msg:'操作失敗!'}";
}
this.Response.Clear();
this.Response.Write(json);
this.Response.End();
return this.Response;
}
/// <summary>
/// 誰在什麼時候通過哪個頁面訪問了哪筆機敏資料
/// </summary>
/// <returns></returns>
public HttpResponseBase SaveSecretLog()
{
string json = "{success:false,isconti:false,ispower:false,pwd_status:\"" + 0 + "\"}";
try
{
_secretLogMgr = new SecretInfoLogMgr(mySqlConnectionString);
SecretInfoLog query = new SecretInfoLog();
//誰
query.user_id = Convert.ToUInt32((System.Web.HttpContext.Current.Session["caller"] as Caller).user_id.ToString());
query.ipfrom = CommonFunction.GetIP4Address(Request.UserHostAddress.ToString());
//在哪個時候
query.createdate = DateTime.Now;
//訪問了哪個頁面
if (!string.IsNullOrEmpty(Request.Params["urlRecord"]))
{
query.url = Request.Params["urlRecord"].ToString();
}
if (!string.IsNullOrEmpty(Request.Params["secretType"]))
{
query.type = Convert.ToInt32(Request.Params["secretType"].ToString());
}
//哪筆機敏資料
if (!string.IsNullOrEmpty(Request.Params["ralatedId"]))
{
query.related_id = Convert.ToInt32(Request.Params["ralatedId"].ToString());
}
sasMgr = new SecretAccountSetMgr(mySqlConnectionString);
SecretAccountSet querysas = new SecretAccountSet();
querysas.user_id = query.user_id;
querysas.ipfrom = query.ipfrom;
querysas.status = -1;
List<SecretAccountSet> store = sasMgr.GetSecretSetList(querysas);//獲得用戶的密保信息
if (store.Count > 0)//該賬號具有機敏權限
{
if ((store[0].secret_count < store[0].secret_limit) && store[0].status == 1)//該賬號查詢次數未達極限
{
if (_secretLogMgr.InsertSecretInfoLog(query) > 0)//查詢記錄保存成功
{
store[0].secret_count = store[0].secret_count + 1;
store[0].updatedate = DateTime.Now;
sasMgr.Update(store[0]);
//判斷是否具有權限
json = "{success:true,isconti:true,ispower:true,pwd_status:\"" + store[0].pwd_status + "\"}";//正常進行
}
}
else if ((store[0].secret_count >= store[0].secret_limit) && store[0].status == 1)//極限值訪問
{
store[0].status = 0;
store[0].updatedate = DateTime.Now;
sasMgr.Update(store[0]);
//判斷是否具有權限
json = "{success:true,isconti:false,ispower:true,pwd_status:\"" + store[0].pwd_status + "\"}";//已達極限
}
else if ((store[0].secret_count < store[0].secret_limit) && store[0].status == 0)
{//達極限
json = "{success:true,isconti:false,ispower:false,pwd_status:\"" + store[0].pwd_status + "\"}";//沒有賬號
}
else
{
json = "{success:true,isconti:false,ispower:true,pwd_status:\"" + store[0].pwd_status + "\"}";//已達極限
}
}
else
{
json = "{success:true,isconti:false,ispower:false,pwd_status:\"" + 0 + "\"}";//沒有賬號
}
}
catch (Exception ex)
{
Log4NetCustom.LogMessage logMessage = new Log4NetCustom.LogMessage();
logMessage.Content = string.Format("TargetSite:{0},Source:{1},Message:{2}", ex.TargetSite.Name, ex.Source, ex.Message);
logMessage.MethodName = System.Reflection.MethodBase.GetCurrentMethod().Name;
log.Error(logMessage);
}
this.Response.Clear();
this.Response.Write(json);
this.Response.End();
return this.Response;
}
/// <summary>
/// 更改活動使用狀態
/// </summary>
/// <returns>數據庫操作結果</returns>
public JsonResult UpdateActive()
{
string jsonStr = string.Empty;
try
{
sasMgr = new SecretAccountSetMgr(mySqlConnectionString);
int id = Convert.ToInt32(Request.Params["id"]);
int activeValue = Convert.ToInt32(Request.Params["active"]);
SecretAccountSet model = new SecretAccountSet();
model.id = id;
model.status = activeValue;
model.updatedate = DateTime.Now;
model.pwd_status = sasMgr.Select(new SecretAccountSet { id = model.id }).pwd_status;
if (sasMgr.Update(model) > 0)
{
return Json(new { success = "true" });
}
else
{
return Json(new { success = "false" });
}
}
catch (Exception ex)
{
Log4NetCustom.LogMessage logMessage = new Log4NetCustom.LogMessage();
logMessage.Content = string.Format("TargetSite:{0},Source:{1},Message:{2}", ex.TargetSite.Name, ex.Source, ex.Message);
logMessage.MethodName = System.Reflection.MethodBase.GetCurrentMethod().Name;
log.Error(logMessage);
return Json(new { success = "false" });
}
}
public SecretAccountSet SelectByUserIP(SecretAccountSet model)
{
StringBuilder sql = new StringBuilder();
try
{
sql.AppendLine(@"SELECT id,user_id,secret_pwd,createdate,updatedate, `status`,pwd_status, ");
sql.AppendLine(@"user_login_attempts,ipfrom ,secret_limit,secret_count ");
sql.AppendLine(@" FROM secret_account_set ");
sql.AppendFormat(" WHERE user_id='{0}'", model.user_id);
sql.AppendFormat(" AND ipfrom='{0}'", model.ipfrom);
return _access.getSinggleObj<SecretAccountSet>(sql.ToString());
}
catch (Exception ex)
{
throw new Exception("SecretAccountSetDao-->Select" + ex.Message + sql.ToString(), ex);
}
}
/// <summary>
/// 更新
/// </summary>
/// <param name="sas"></param>
/// <returns></returns>
public int Update(SecretAccountSet sas)
{
StringBuilder sql = new StringBuilder();
sql.AppendFormat(@" UPDATE secret_account_set SET updatedate='{0}' ", sas.updatedate.ToString("yyyy-MM-dd HH:mm:ss"));
if (sas.user_id != 0)
{
sql.AppendFormat(@" ,user_id='{0}'", sas.user_id);
}
if (!string.IsNullOrEmpty(sas.ipfrom))
{
sql.AppendFormat(@", ipfrom='{0}' ", sas.ipfrom);
}
if (!string.IsNullOrEmpty(sas.secret_pwd))
{
sql.AppendFormat(@" , secret_pwd='{0}'", sas.secret_pwd);
}
if (sas.secret_limit != -1)
{
sql.AppendFormat(@" ,secret_limit='{0}'", sas.secret_limit);
}
if (sas.secret_count != -1)
{
sql.AppendFormat(@" ,secret_count='{0}'", sas.secret_count);
}
if (sas.user_login_attempts != -1)
{
sql.AppendFormat(@", user_login_attempts='{0}' ", sas.user_login_attempts);
} if (sas.status != -1)
{
sql.AppendFormat(@" ,`status`='{0}' ", sas.status);
}
sql.AppendFormat(@" ,pwd_status='{0}' ", sas.pwd_status);
sql.AppendFormat(@" WHERE id ='{0}'; ", sas.id);
try
{
return _access.execCommand(sql.ToString());
}
catch (Exception ex)
{
throw new Exception("SecretAccountSetDao-->UpdateCode" + ex.Message + sql.ToString(), ex);
}
}
public int Insert(SecretAccountSet sas)
{
StringBuilder sql = new StringBuilder();
sql.AppendFormat(@"INSERT INTO secret_account_set(user_id,secret_pwd,createdate,updatedate,`status`,pwd_status,ipfrom,user_login_attempts,secret_limit,secret_count )");
sql.AppendFormat(@" VALUES('{0}','{1}','{2}',", sas.user_id, sas.secret_pwd, sas.createdate.ToString("yyyy-MM-dd HH:mm:ss"));
sql.AppendFormat(@"'{0}','{1}','{2}','{3}','{4}',", sas.updatedate.ToString("yyyy-MM-dd HH:mm:ss"), sas.status, sas.pwd_status, sas.ipfrom, sas.user_login_attempts);
sql.AppendFormat(@"'{0}','{1}')", sas.secret_limit, sas.secret_count);
try
{
return _access.execCommand(sql.ToString());
}
catch (Exception ex)
{
throw new Exception("SecretAccountSetDao-->Insert" + ex.Message + sql.ToString(), ex);
}
}
