protected void loginBtn_Click(object sender, EventArgs e)
{
T_PicUsrTableAdapter adapter = new T_PicUsrTableAdapter();
var date = adapter.GetDataByUserName(txtUsrName.Text);
if (date.Count <= 0)
{
loginMsg.Text = "用户名不存在";
loginMsg.Visible = true;
}
else
{
var user = date.Single();
if (!user.IsErrorTimesNull() && !user.IsLastErrorTimeNull())
{
//比较当前时间与上次登陆错误错误时间差
double span = (DateTime.Now - user.LastErrorTime).TotalMinutes;
if (user.ErrorTimes > 4 && span <= 30)
{
loginMsg.Text = "错误次数过多,30分钟后重试";
loginMsg.Visible = true;
return;
}
}
if (user.Password == txtPassword.Text)
{
//登录成功,登陆用户信息存到session中
Session["isLogin"] = true;
Session["loginUsrId"] = user.Id;
//重置错误次数
adapter.ResetErrorTimesById(user.Id);
//将用户重定向到下载页面
Response.Redirect("downLoadList.htm");
}
else
{
adapter.IncErrorTimesById(user.Id);//错误次数加一并记录当前登陆失败时间,IsNull(ErrorTimes,0)
loginMsg.Text = "密码错误";
loginMsg.Visible = true;
}
}
}
public void ProcessRequest(HttpContext context)
{
if (context.Session["isLogin"] == null)
{
context.Response.Redirect("Default.aspx");
//提示未登录跳转页面
}
else
{
//输出格式
context.Response.ContentType = "image/JPEG";
//添加报文头
string filename = context.Request["FileName"];
string encodeFileName = HttpUtility.UrlEncode(filename);
context.Response.AddHeader("Content-Disposition", string.Format("attachment;filename=\"{0}\"", encodeFileName));
//核对下载权限
int usrId = Convert.ToInt32(context.Session["loginUsrId"]);
T_PicUsrTableAdapter adapter = new T_PicUsrTableAdapter();
var data = adapter.GetDataById(usrId);
var usr = data.Single();
if (usr.Level == 0)//普通用户
{
using (Bitmap bitmap = new Bitmap(context.Server.MapPath("images/"+filename)))
{
using (Graphics g = Graphics.FromImage(bitmap))
{
g.DrawString("免费用户"+usr.UserName+"试用", new System.Drawing.Font("宋体", 20), System.Drawing.Brushes.Red, 0, 0);
}
bitmap.Save(context.Response.OutputStream, System.Drawing.Imaging.ImageFormat.Jpeg);
}
}
else//收费用户
{
context.Response.WriteFile("images/" + filename);//有攻击漏洞,可以直接下载网站源码http://localhost:57753/downLoadPic.ashx?FileName=./Default.aspx.cs
}
}
}
