/// <summary>
/// 清除会员登录缓存信息
/// </summary>
public static void ClearUserLogin()
{
try
{
var loginData = LoginData;
#region 重新获取并写入Cookie
var model = AdminService.Get(w => w.Id == loginData.Id);
if (model != null)
{
#region 保存票据
UserLoginEncrypt userLoginEncryptData = new UserLoginEncrypt();
userLoginEncryptData.UserData = string.Format(Config.userData
, model.Id
//, model.UserGuid
, model.UserName
, loginData.Password
//, model.Mobile
//, model.Email
, model.Name
//, model.UserPic
//, model.Gender
, model.Enabled
//, loginData.Logins
, loginData.LoginDate
, loginData.LoginIp
, loginData.IsAdmin
);
if (!string.IsNullOrEmpty(userLoginEncryptData.UserData))
{
//写入Session值
if (!string.IsNullOrEmpty(userLoginEncryptData.UserData))
{
UserLoginData _data = XmlToModel.ToUser(userLoginEncryptData.UserData);
if (_data != null)
{
SessionUser.WriteSession(_data.Id);
SessionUser.WriteSession(_data);
}
//用于校验cookie值是否被修改和Session的及时性
SessionUser.WriteSessionMd5(Security.Md5(userLoginEncryptData.UserData));
}
//写入Cookie
userLoginEncryptData.UserData = Security.DesEncrypt(userLoginEncryptData.UserData);
Cookie.WriteCookie(userLoginEncryptData, DateTime.Now.AddDays(7));
}
#endregion
}
#endregion
}
catch { }
}
public static UserLoginData GetUser()
{
/*
* 采用Cookie和Session双重验证
* 方法:
* 1、Session和Cookie同时存在时,直接读取Session值
* 2、Cookie存在、Session丢失,把Cookie值,自动二次登录生成Session,同时验证Cookie的完整性
* 3、Cookie丢失,清除Cookie和Session记录
* 要点:
* 1、Cookie用于记着用户登录,Session用于即时验证
* 2、用户在修改加密后的Cookie值时,不会对当前登录账户造成造成影响,只有Session丢失之后,在解密时才会失败,同时清除Cookie值
*/
//循环读取会员生成的Cookie组数据
string xml = "";
for (int i = 0; i < Config.cookieName.Length; i++)
{
HttpCookie cookie = HttpContext.Current.Request.Cookies[Config.cookieName[i]];
if (cookie != null)
{
xml += cookie.Value;
}
}
UserLoginData userLoginData = new UserLoginData();
//校验cookie值是否已经修改和Session的及时性
bool isCookieMd5 = false;
try
{
if (SessionUser.Md5 == Security.Md5(xml))
{
isCookieMd5 = true;
}
}
catch { }
//一、判断Session和Cookie同时存在
if (SessionUser.Exists() && !string.IsNullOrEmpty(xml) && isCookieMd5)
{
try
{
userLoginData = SessionUser.UserModel;
}
catch { }
//System.IO.File.AppendAllText(System.Web.HttpContext.Current.Server.MapPath("/_logs/log.txt"), "SessionUser.Md5\r\n");
}
else
{
//二、Cookie存在、Session丢失
if (!string.IsNullOrEmpty(xml))
{
string encryptXml = xml;
xml = Security.DesDecrypt(xml);
userLoginData = XmlToModel.ToUser(xml);
if (userLoginData != null)
{
//自动二次登录生成Session
UserLoginEncrypt userLoginEncrypt = new UserLoginEncrypt();
if (Main.ReLogin(userLoginData.Id, userLoginData.Password))
{
SessionUser.WriteSession(userLoginData.Id);
SessionUser.WriteSession(userLoginData);
SessionUser.WriteSessionMd5(Security.Md5(encryptXml));
}
else
{
Cookie.ClearCookie();
}
}
else
{
Cookie.ClearCookie();
}
}
else
{
//三、Cookie丢失,清除Cookie和Session记录
Cookie.ClearCookie();
}
}
return(userLoginData);
}
/// <summary>
/// 用户登录
/// </summary>
public static string Login(string loginName, string plaintext, string ipAddress, string checkCode, bool IsAuto = false)
{
if (!VerifyCode.Validate(checkCode))
{
return("验证码输入错误");
}
var model = AdminService.Login(loginName, plaintext, ipAddress);
//判断是否登录成功
if (model != null)
{
#region 保存票据
UserLoginEncrypt userLoginEncryptData = new UserLoginEncrypt();
userLoginEncryptData.UserData = string.Format(Config.userData
, model.Id
, model.UserName
, plaintext
, model.Name
, model.Enabled
, model.LastLoginTime
, model.LastLoginIp
, model.IsAdmin
);
if (!string.IsNullOrEmpty(userLoginEncryptData.UserData))
{
//写入Session值
if (!string.IsNullOrEmpty(userLoginEncryptData.UserData))
{
UserLoginData _data = XmlToModel.ToUser(userLoginEncryptData.UserData);
if (_data != null)
{
SessionUser.WriteSession(_data.Id);
SessionUser.WriteSession(_data);
}
//用于校验cookie值是否被修改和Session的及时性
SessionUser.WriteSessionMd5(Security.Md5(userLoginEncryptData.UserData));
}
//写入Cookie
userLoginEncryptData.UserData = Security.DesEncrypt(userLoginEncryptData.UserData);
if (IsAuto)
{
Cookie.WriteCookie(userLoginEncryptData, DateTime.Now.AddDays(7));
}
else
{
Cookie.WriteCookie(userLoginEncryptData, DateTime.Now.AddHours(1));
}
#region 单用户登录
HttpContext.Current.Session[Config.sessionUserGUID] = Guid.NewGuid().ToString("N");
CookieUtility.Save(Config.cookiesUserGUID, HttpContext.Current.Session[Config.sessionUserGUID].ToString(), 10);
Hashtable hOnline = (Hashtable)HttpContext.Current.Application["Online"];
if (hOnline != null)
{
IDictionaryEnumerator idE = hOnline.GetEnumerator();
string strKey = "";
while (idE.MoveNext())
{
if (idE.Value != null && idE.Value.ToString().Equals(model.Id.ToString()))
{
strKey = idE.Key.ToString();
hOnline[strKey] = "XXXXXX";
break;
}
}
}
else
{
hOnline = new Hashtable();
}
hOnline[HttpContext.Current.Session[Config.sessionUserGUID].ToString()] = model.Id;
HttpContext.Current.Application.Lock();
HttpContext.Current.Application["Online"] = hOnline;
HttpContext.Current.Application.UnLock();
#endregion
}
#endregion
return("");
}
else
{
return("登录名或密码错误");
}
}