/// <summary>
/// 分页查询
/// </summary>
/// <param name="taskId">任务标识</param>
/// <param name="userInfo">用户</param>
/// <param name="recordCount">记录数</param>
/// <param name="pageIndex">当前页</param>
/// <param name="pageSize">每页显示</param>
/// <param name="whereClause">条件</param>
/// <param name="dbParameters">参数</param>
/// <param name="order">排序</param>
/// <returns>数据表</returns>
public DataTable GetDataTableByPage(string taskId, BaseUserInfo userInfo, out int recordCount, int pageIndex, int pageSize, string whereClause, List <KeyValuePair <string, object> > dbParameters, string order = null)
{
var result = new DataTable(BaseLoginLogEntity.TableName);
int myRecordCount = 0;
var parameter = ServiceInfo.Create(taskId, userInfo, MethodBase.GetCurrentMethod());
// 这里需要连接到登录日志数据库服务器
ServiceUtil.ProcessLoginLogDb(userInfo, parameter, (dbHelper) =>
{
if (SecretUtil.IsSqlSafe(whereClause))
{
var loginLogManager = new BaseLoginLogManager(dbHelper, userInfo);
result = loginLogManager.GetDataTableByPage(out myRecordCount, pageIndex, pageSize, whereClause, dbHelper.MakeParameters(dbParameters), order);
result.TableName = BaseLoginLogEntity.TableName;
}
else
{
if (System.Web.HttpContext.Current != null)
{
// 记录注入日志
FileUtil.WriteMessage("userInfo:" + userInfo.Serialize() + " " + whereClause, System.Web.HttpContext.Current.Server.MapPath("~/Log/") + "SqlSafe" + DateTime.Now.ToString(BaseSystemInfo.DateFormat) + ".txt");
}
}
});
recordCount = myRecordCount;
return(result);
}
public static string AddLog(string systemCode, BaseUserEntity userEntity, string ipAddress, string ipAddressName, string macAddress, string loginStatus)
{
if (!BaseSystemInfo.RecordLogOnLog)
{
return(string.Empty);
}
if (userEntity == null)
{
return(null);
}
string result = string.Empty;
BaseLoginLogEntity entity = new BaseLoginLogEntity();
entity.SystemCode = systemCode;
entity.UserId = userEntity.Id;
entity.UserName = userEntity.NickName;
entity.RealName = userEntity.RealName;
entity.CompanyId = userEntity.CompanyId;
entity.CompanyName = userEntity.CompanyName;
if (BaseSystemInfo.OnInternet && !string.IsNullOrEmpty(userEntity.CompanyId))
{
entity.CompanyCode = BaseOrganizeManager.GetCodeByCache(userEntity.CompanyId);
}
entity.IPAddress = ipAddress;
entity.IPAddressName = ipAddressName;
entity.MACAddress = macAddress;
entity.LoginStatus = loginStatus;
entity.LogLevel = LoginStatusToLogLevel(loginStatus);
entity.CreateOn = DateTime.Now;
string tableName = GetSplitTableName(userEntity);
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.LoginLogDbType, BaseSystemInfo.LoginLogDbConnection))
{
BaseLoginLogManager loginLogManager = new BaseLoginLogManager(dbHelper, tableName);
try
{
// 2015-07-13 把登录日志无法正常写入的,进行日志记录
result = loginLogManager.Add(entity, false, false);
}
catch (System.Exception ex)
{
FileUtil.WriteMessage("AddLogTask: 异常信息:" + ex.Message
+ System.Environment.NewLine + "错误源:" + ex.Source
+ System.Environment.NewLine + "堆栈信息:" + ex.StackTrace, System.Web.HttpContext.Current.Server.MapPath("~/Log/") + "Log" + DateTime.Now.ToString(BaseSystemInfo.DateFormat) + ".txt");
}
}
return(result);
}
/// <summary>
/// 用户退出
/// </summary>
/// <param name="openId">信令</param>
/// <param name="createOpenId">重新生成令牌</param>
/// <returns>影响行数</returns>
public bool SignOut(string openId, bool createOpenId = true, string systemCode = "Base", string ipAddress = null, string macAddress = null)
{
int result = 0;
// 应该进行一次日志记录
// 从缓存读取、效率高
string id = string.Empty;
if (!string.IsNullOrWhiteSpace(openId))
{
BaseUserEntity userEntity = BaseUserManager.GetObjectByOpenIdByCache(openId);
if (userEntity != null && !string.IsNullOrEmpty(userEntity.Id))
{
string ipAddressName = string.Empty;
if (!string.IsNullOrEmpty(ipAddress))
{
ipAddressName = IpHelper.GetInstance().FindName(ipAddress);
}
BaseLoginLogManager.AddLog(systemCode, userEntity, ipAddress, ipAddressName, macAddress, Status.SignOut.ToDescription());
// 是否更新访问日期信息
if (!BaseSystemInfo.UpdateVisit)
{
return(result > 0);
}
string sqlQuery = string.Empty;
// 最后一次登录时间
sqlQuery = " UPDATE " + BaseUserLogOnEntity.TableName
+ " SET " + BaseUserLogOnEntity.FieldPreviousVisit + " = " + BaseUserLogOnEntity.FieldLastVisit;
if (createOpenId)
{
// sqlQuery += " , " + BaseUserLogOnEntity.FieldOpenId + " = '" + System.Guid.NewGuid().ToString("N") + "'";
}
sqlQuery += " , " + BaseUserLogOnEntity.FieldUserOnLine + " = 0 "
+ " , " + BaseUserLogOnEntity.FieldLastVisit + " = " + this.DbHelper.GetDbNow();
sqlQuery += " WHERE " + BaseUserLogOnEntity.FieldId + " = " + DbHelper.GetParameter(BaseUserEntity.FieldId);
List <IDbDataParameter> dbParameters = new List <IDbDataParameter>();
dbParameters.Add(DbHelper.MakeParameter(BaseUserEntity.FieldId, userEntity.Id));
result = this.DbHelper.ExecuteNonQuery(sqlQuery, dbParameters.ToArray());
}
}
return(result > 0);
}
private static void AddLogTaskByBaseUserInfo(object param)
{
var tuple = param as Tuple <string, BaseUserInfo, string, string, string, string>;
string systemCode = tuple.Item1;
BaseUserInfo userInfo = tuple.Item2;
string ipAddress = tuple.Item3;
string ipAddressName = tuple.Item4;
string macAddress = tuple.Item5;
string loginStatus = tuple.Item6;
BaseLoginLogEntity entity = new BaseLoginLogEntity();
entity.SystemCode = systemCode;
entity.UserId = userInfo.Id;
entity.UserName = userInfo.NickName;
entity.RealName = userInfo.RealName;
entity.CompanyId = userInfo.CompanyId;
entity.CompanyName = userInfo.CompanyName;
entity.CompanyCode = userInfo.CompanyCode;
entity.IPAddress = ipAddress;
entity.IPAddressName = ipAddressName;
entity.MACAddress = macAddress;
entity.LoginStatus = loginStatus;
entity.LogLevel = LoginStatusToLogLevel(loginStatus);
entity.CreateOn = DateTime.Now;
string tableName = GetSplitTableName(userInfo);
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.LoginLogDbType, BaseSystemInfo.LoginLogDbConnection))
{
BaseLoginLogManager loginLogManager = new BaseLoginLogManager(dbHelper, tableName);
try
{
// 2015-07-13 把登录日志无法正常写入的,进行日志记录
loginLogManager.Add(entity, false, false);
}
catch (System.Exception ex)
{
FileUtil.WriteMessage("AddLogTask: ipAddress:" + ipAddress + "macAddress:" + macAddress
+ System.Environment.NewLine + "异常信息:" + ex.Message
+ System.Environment.NewLine + "错误源:" + ex.Source
+ System.Environment.NewLine + "堆栈信息:" + ex.StackTrace, System.Web.HttpContext.Current.Server.MapPath("~/Log/") + "Log" + DateTime.Now.ToString(BaseSystemInfo.DateFormat) + ".txt");
}
}
}
/// <summary>
/// 检查一个服务调用是否是允许调用的?
/// 1:是否要记录日志?
/// 2:是否需要埋点?检查性能?访问频率等?调用次数?
/// 3:非合法的调用?是否日志记录?
/// 4:异常的要进行处理?
/// </summary>
/// <param name="appKey">应用唯一标识</param>
/// <param name="appSecret">应用的签名密钥</param>
/// <param name="callLimit">是否进行限制</param>
/// <param name="systemCode">访问子系统</param>
/// <param name="permissionCode">判断的权限编号</param>
/// <returns>验证情况</returns>
public static BaseResult CheckService(string appKey, string appSecret, bool callLimit = false, string systemCode = "Base", string permissionCode = null)
{
BaseResult result = new DotNet.Utilities.BaseResult();
result.Status = false;
// AppKey: 23286115
// AppSecret: c8d1f06f599d7370467993c72a34c701
// permissionCode: "User.Add"
string ipAddress = Utilities.GetIPAddress(true);
// 1: 判断参数是否合理?目标服务,总不可以为空,否则怎么区别谁在调用这个服务了?
if (string.IsNullOrEmpty(appKey))
{
result.StatusCode = "AccessDeny";
result.StatusMessage = "appKey为空、访问被拒绝";
return(result);
}
// 2: 判断是否在接口角色里, 只有在接口角色里的,才可以进行远程调用,这样也方便把接口随时踢出来。
string roleCode = "Interface";
if (!BaseUserManager.IsInRoleByCache(systemCode, appKey, roleCode))
{
result.StatusCode = "AccessDeny";
result.StatusMessage = "非接口用户、访问被拒绝";
return(result);
}
// 3: 判断调用的频率是否?这里需要高速判断,不能总走数据库?调用的效率要高,不能被远程接口给拖死了、自己的服务都不正常了。
if (callLimit && PooledRedisHelper.CallLimit(appKey, 10, 10000))
{
result.StatusCode = "AccessDeny";
result.StatusMessage = "访问频率过高、访问被拒绝";
return(result);
}
// 4: 判断签名是否有效?是否过期?可以支持多个签名,容易升级、容易兼容、容易有个过度的缓冲期。为了提高安全性,必须要有签名才对。
if (!BaseServicesLicenseManager.CheckServiceByCache(appKey, appSecret))
{
result.StatusCode = "AccessDeny";
result.StatusMessage = "不合法签名、访问被拒绝";
return(result);
}
// 5: 判断对方的ip是否合法的?1个服务程序,可以有多个ip。可以把服务当一个用户看待,一个目标用户可能也配置了多个服务,一般是远程连接。
BaseUserLogOnManager userLogOnManager = new BaseUserLogOnManager();
BaseUserLogOnEntity userLogOnEntity = userLogOnManager.GetObject(appKey);
if (BaseUserManager.CheckIPAddressByCache(userLogOnEntity, ipAddress, true))
{
result.StatusCode = "AccessDeny";
result.StatusMessage = "不合法IP、访问被拒绝";
return(result);
}
// 6: 判断是否有权限?防止被过渡调用,拖死数据库,可以用缓存的方式进行判断,这样不容易被客户端、合作伙伴拖垮。
if (!string.IsNullOrEmpty(permissionCode) && !BasePermissionManager.IsAuthorizedByCache(systemCode, appKey, permissionCode))
{
result.StatusCode = "AccessDeny";
result.StatusMessage = "无权限 " + permissionCode + "、访问被拒绝";
return(result);
}
// 7: 判断是否有效?判断时间是否对?
BaseUserManager userManager = new BaseUserManager();
BaseUserEntity userEntity = userManager.GetObject(appKey);
UserLogOnResult userLogOnResult = userManager.CheckUser(userEntity, userLogOnEntity);
if (!string.IsNullOrEmpty(userLogOnResult.StatusCode))
{
BaseLoginLogManager.AddLog(systemCode, userEntity, ipAddress, string.Empty, string.Empty, userLogOnResult.StatusMessage);
result.StatusCode = userLogOnResult.StatusCode;
result.StatusMessage = userLogOnResult.StatusMessage;
return(result);
}
// 8:目前需要判断的,都加上了。
result.Status = true;
return(result);
}
/// <summary>
/// 宋彪 2015-01-22
/// 向登录用户发送登录提醒消息
/// 1、邮件提醒;、2手机短信提醒;3、吉信提醒
/// 为了避免线程阻塞,使用一个新线程处理提醒消息的发送
/// 所有超管及IT信息中心的人员全部强制提醒
/// </summary>
/// <param name="userInfo">用户登录信息</param>
public void SendLogOnRemind(BaseUserInfo userInfo)
{
System.Threading.ThreadPool.QueueUserWorkItem(delegate
{
try
{
//获取提醒实体信息 提醒要求已设置且启用
string systemName = userInfo.SystemCode;
BaseUserLogonExtendManager manager = new BaseUserLogonExtendManager();
BaseUserLogonExtendEntity userLogonRemind = manager.GetObject(userInfo.Id);
BaseUserContactEntity userContactEntity = new BaseUserContactManager().GetObject(userInfo.Id);
WebClient webClient = new WebClient();
//提醒对象实体和联系信息实体存在则进行下一步
if (userLogonRemind != null && userContactEntity != null)
{
//发送吉信消息提醒 有唯一账号而且设置了在登录时发送吉信登录提醒
if (!string.IsNullOrWhiteSpace(userInfo.NickName) && userLogonRemind.JixinRemind == 1)
{
//吉信接口地址
string url = "http://jixin.zt-express.com:8280/mng/httpservices/msg-sendMessageToUsers.action";
NameValueCollection postValues = new NameValueCollection();
//为空则无发送者,客户无回复按钮+(v1.1)
postValues.Add("sender", string.Empty);
//关闭延迟 默认为30秒 +(v1.1)
postValues.Add("closeDelay", "30");
//显示延迟 默认为0秒 +(v1.1)
postValues.Add("showDelay", "0");
//接收者,以逗号分隔,包含中文需使用URL编码
// ReSharper disable once AssignNullToNotNullAttribute
postValues.Add("receivers", System.Web.HttpUtility.UrlEncode(userInfo.NickName, System.Text.Encoding.UTF8));
//显示位置,0表示居中,1表示右下角(默认0)
postValues.Add("position", "1");
//消息标题
postValues.Add("title", "中天系统账号登录提醒");
//消息内容
string content = "<div style='word-break:keep-all;'><font color='#FF7E00'>" + userInfo.NickName + "</font>,您的账号于<font color='#FF7E00'>" + DateTime.Now.ToString(BaseSystemInfo.DateTimeFormat) + "</font>登录了<font color='#FF7E00'>" + systemName + "</font></div>"
+ "<div style='word-break:keep-all;margin-top:5px'>登录IP:<font color='#FF7E00'>" + userInfo.IPAddress + "</font></div>"
+ "<div style=' word-break:keep-all;margin-top:5px'>IP参考所在地:<font color='#FF7E00'>" + DotNet.Utilities.IpHelper.GetInstance().FindName(userInfo.IPAddress) + "</font></div>"
+ "<div style=' word-break:keep-all;margin-top:5px'>如果不是您自己登录,请马上联系:021-31165566,或即刻<a href='http://security.zt-express.com' target='_blank'>登录安全中心</a>修改密码。</div>";
postValues.Add("content", content);
postValues.Add("width", "300");
postValues.Add("height", "180");
// 向服务器发送POST数据
webClient.UploadValues(url, postValues);
}
//用户邮箱存在,邮箱已经认证而且设置了使用登录时发送邮件提醒
if (!string.IsNullOrWhiteSpace(userContactEntity.Email) && userContactEntity.EmailValiated == 1 && userLogonRemind.EmailRemind == 1)
{
string subject = userInfo.CompanyName + " - " + userInfo.NickName + " 登录" + systemName + " 系统提醒";
string body = userInfo.UserName + System.Environment.NewLine + ":<br/>"
+ DateTime.Now.ToString(BaseSystemInfo.DateTimeFormat) + "登录了" + systemName + ";<br/>" + System.Environment.NewLine
+ "编号:" + userInfo.Code + ";<br/> " + System.Environment.NewLine
+ "登录系统:" + systemName + ";<br/> " + System.Environment.NewLine
+ "登录IP:" + userInfo.IPAddress + ";<br/> " + System.Environment.NewLine
+ "MAC地址:" + userInfo.MACAddress + ";<br/>" + System.Environment.NewLine
+ "如果不是您自己登录,请马上联系021-31165566,或即刻登录系统修改密码。";
SmtpClient smtp = new SmtpClient();
//邮箱的smtp地址
smtp.Host = "mail.zto.cn";//BaseSystemInfo.MailServer;
//端口号
smtp.Port = 25;
//构建发件人的身份凭据类
//smtp.Credentials = new NetworkCredential(BaseSystemInfo.MailUserName, BaseSystemInfo.MailPassword);
smtp.Credentials = new NetworkCredential("remind", "ztoremind#@!~");
//构建消息类
MailMessage objMailMessage = new MailMessage();
//设置优先级
objMailMessage.Priority = MailPriority.High;
//消息发送人
objMailMessage.From = new MailAddress("remind", "中通快递登录提醒", System.Text.Encoding.UTF8);
//收件人
objMailMessage.To.Add(userContactEntity.Email);
//标题
objMailMessage.Subject = subject;
//标题字符编码
objMailMessage.SubjectEncoding = System.Text.Encoding.UTF8;
//正文
objMailMessage.Body = body;
objMailMessage.IsBodyHtml = true;
//内容字符编码
objMailMessage.BodyEncoding = System.Text.Encoding.UTF8;
//发送
smtp.Send(objMailMessage);
}
//用户手机存在,已验证,而且设置了登录时发送手机短信提醒 需要对网点扣费
if (!string.IsNullOrWhiteSpace(userContactEntity.Mobile) && userContactEntity.MobileValiated == 1 && userLogonRemind.MobileRemind == 1)
{
//根据朱工建议,增加判断登陆地是否发生变化
//获取最近两次的登录记录 按时间降序查询
BaseLoginLogManager loginLogManager = new BaseLoginLogManager(userInfo);
List <BaseLoginLogEntity> loginLogEntities = loginLogManager.GetList <BaseLoginLogEntity>(new KeyValuePair <string, object>(BaseLoginLogEntity.FieldUserId, UserInfo.Id), 2, " CREATEON DESC ");
IpHelper ipHelper = new IpHelper();
string addressA = ipHelper.FindName(loginLogEntities[0].IPAddress);
if (string.IsNullOrWhiteSpace(addressA))
{
addressA = ipHelper.FindName(loginLogEntities[0].IPAddress);
}
string addressB = ipHelper.FindName(loginLogEntities[1].IPAddress);
if (string.IsNullOrWhiteSpace(addressB))
{
addressB = ipHelper.FindName(loginLogEntities[1].IPAddress);
}
if (loginLogEntities[0] != null &&
loginLogEntities[1] != null &&
(!string.Equals(loginLogEntities[0].IPAddress, loginLogEntities[1].IPAddress, StringComparison.OrdinalIgnoreCase) ||
!string.Equals(addressA, addressB, StringComparison.OrdinalIgnoreCase)
))
{
string url = "http://mas.zto.cn/WebAPIV42/API/Mobile/SendMessageByCompanyCode";
NameValueCollection postValues = new NameValueCollection();
postValues.Add("companyCode", userInfo.CompanyCode);
postValues.Add("mobiles", userContactEntity.Mobile);
string message = userInfo.NickName + ",您好!您的账号于" + DateTime.Now.ToString(BaseSystemInfo.DateTimeFormat) + "登录了" + systemName + ",登录IP:" + userInfo.IPAddress + ",如果不是您自己登录,请马上联系021-31165566,或即刻登录安全中心修改密码。";
postValues.Add("message", message);
postValues.Add("customerName", userInfo.NickName);
webClient.UploadValues(url, postValues);
}
}
//微信提醒
if (!string.IsNullOrWhiteSpace(userContactEntity.WeChat) && userContactEntity.WeChatValiated == 1 && userLogonRemind.WechatRemind == 1)
{
string url = "http://weixin.zto.cn/Template/WeiXinLogin";
NameValueCollection postValues = new NameValueCollection();
postValues.Add("first", "您已经成功登录系统");
postValues.Add("keyword1", userInfo.NickName);
postValues.Add("remark", userInfo.NickName + ",您的账号于" + DateTime.Now.ToString(BaseSystemInfo.DateTimeFormat) + "登录了" + systemName);
postValues.Add("OpenId", userContactEntity.WeChat);
//postValues.Add("url", "http://security.zt-express.com/changepassword"); 详情的链接
webClient.UploadValues(url, postValues);
}
}
}
catch (Exception ex)
{
FileUtil.WriteMessage(userInfo.NickName + "登录提醒消息发送异常:" + ex.Message, System.Web.HttpContext.Current.Server.MapPath("~/Log/") + "Log" + DateTime.Now.ToString(BaseSystemInfo.DateFormat) + ".txt");
}
});
}