📄 privilege.java~47~
字号:
// 检查是否被关进了监狱
Prision prision = new Prision();
if (!prision.isUserArrested(userName)) {
isLogin = true;
}
}
}
// 如果帐号验证不合法或者被关进了监狱,则清除其COOKIE
// 此处因为缺乏resonse参数,所以无法清除,可以改进一下
}
return isLogin;
}
/**
* 是否为访客,即已登记过
* @param request HttpServletRequest
* @return boolean
*/
public static boolean isGuest(HttpServletRequest request) {
CookieBean cookiebean = new CookieBean();
// 是注册用户
if (cookiebean.getCookieValue(request, ISLOGIN).equals("y")) {
// Logger.getLogger(Privilege.class.getName()).info("isGuest:" + getUser(request) + " islogin=y");
return false;
}
// 非注册用户已登记过,则为guest
if (!cookiebean.getCookieValue(request, NAME).equals(""))
return true;
else {
Logger.getLogger(Privilege.class.getName()).info("isGuest: name is empty.");
return false;
}
}
public static String getUser(HttpServletRequest request) {
CookieBean cookiebean = new CookieBean();
return cookiebean.getCookieValue(request, NAME);
}
public static String getPwd(HttpServletRequest request) {
CookieBean cookiebean = new CookieBean();
return cookiebean.getCookieValue(request, PWDMD5);
}
public static boolean canUploadAttachment(HttpServletRequest request) {
UserDb ud = new UserDb();
ud = ud.getUser(getUser(request));
if (ud.getDiskSpaceAllowed() <= ud.getDiskSpaceUsed())
return false;
return true;
}
public boolean logout(HttpServletRequest req, HttpServletResponse res) throws
ErrMsgException {
CookieBean cookiebean = new CookieBean();
String name = cookiebean.getCookieValue(req, NAME);
cookiebean.delCookie(res, NAME, "/");
cookiebean.delCookie(res, PWDMD5, "/");
cookiebean.delCookie(res, ISLOGIN, "/");
// 从在线列表中删除
OnlineUserDb ou = new OnlineUserDb();
ou = ou.getOnlineUserDb(name);
if (ou.isLoaded()) {
return ou.del();
}
return false;
}
public boolean doLogin(HttpServletRequest req, HttpServletResponse res,
UserDb user) throws ErrMsgException {
CookieBean cookiebean = new CookieBean();
// 取得登录前的用户名
String oldname = cookiebean.getCookieValue(req, Privilege.NAME);
boolean isvalid = false;
String strcovered = ParamUtil.get(req, "covered");
int covered = 0;
if (strcovered.equals(""))
strcovered = "0";
covered = Integer.parseInt(strcovered);
// 保存用户上次登录时间
user.setLastTime(user.getCurTime());
user.setCurTime();
user.setIp(req.getRemoteAddr());
isvalid = user.save();
String name = user.getName();
// logger.info("login oldname=" + oldname + " isvalid=" + isvalid);
// System.out.println("Privilege.java doLogin oldname=" + oldname + " name=" + name + " isvalid=" + isvalid);
if (isvalid) {
OnlineUserDb oud = new OnlineUserDb();
// 如果用户原来未登录,是访客(已被系统登记,随机赋予过用户名)
if (Privilege.isGuest(req)) {
// 查询该访客是否已在线
oud = oud.getOnlineUserDb(oldname);
if (oud.isLoaded()) {
// 删除原来作为访客的在线记录
oud.del();
}
}
// 检查用户name是否在线
oud = oud.getOnlineUserDb(name);
// 如果该用户已处于在线记录中
// System.out.println("Privilege.java oud.isLoaded=" + oud.isLoaded());
if (oud.isLoaded()) {
oud.setCovered(covered == 1 ? true : false);
oud.save();
} else {
// 如果在线记录中没有该用户,则创建在线记录
oud.setName(name);
oud.setIp(req.getRemoteAddr());
oud.setCovered(covered == 1 ? true : false);
oud.setGuest(false);
oud.create();
}
// 根据loginSaveDate置cookie时间
int loginSaveDate = LOGIN_SAVE_NONE;
try {
loginSaveDate = ParamUtil.getInt(req, "loginSaveDate");
}
catch (Exception e) {
}
int maxAge = -1;
if (loginSaveDate==LOGIN_SAVE_NONE)
maxAge = -1;
else if (loginSaveDate==LOGIN_SAVE_DAY)
maxAge = 60*60*24;
else if (loginSaveDate==LOGIN_SAVE_MONTH)
maxAge = 60*60*24*30;
else if (loginSaveDate == LOGIN_SAVE_YEAR)
maxAge = 60*60*24*365;
// COOKIE都有一个有效期,有效期默认值为-1,这表示没有保存该COOKIE,当该浏览器退出时,该COOKIE立即失效.
// System.out.println("Privilege.java doLogin name=" + name + " isvalid=" + isvalid);
cookiebean.addCookie(res, NAME, name, "/", maxAge);
// 使用cookiebean.setCookieMaxAge不会产生效果,因为setCookieMaxAge从request中取COOKIE,然后设其到期值,但是此时request中尚没有发送过来的cookie
// cookiebean.setCookieMaxAge(req, res, NAME, maxAge);
cookiebean.addCookie(res, PWDMD5, user.getPwdMd5(), "/", maxAge);
cookiebean.addCookie(res, ISLOGIN, "y", "/", maxAge);
// 在cookie中置本人在位时间
cookiebean.addCookie(res, "staytime",
"" + System.currentTimeMillis(), "/");
}
return isvalid;
}
public boolean login(HttpServletRequest req, HttpServletResponse res) throws
WrongPasswordException, InvalidNameException, ErrMsgException {
// 检测验证码
String validateCode = ParamUtil.get(req, "validateCode");
HttpSession session = req.getSession(true);
String sessionCode = StrUtil.getNullStr((String)session.getAttribute("validateCode"));
if (!validateCode.equals(sessionCode))
throw new ErrMsgException("验证码出错,请检查!");
// 验证IP
IPMonitor im = new IPMonitor();
if (!im.isValid(StrUtil.getIp(req))) {
throw new ErrMsgException(im.getMessage());
}
boolean isvalid = false;
String name = ParamUtil.get(req, "name");
CookieBean cookiebean = new CookieBean();
// 取得登录前的用户名
String oldname = cookiebean.getCookieValue(req, NAME);
String oldpwd = cookiebean.getCookieValue(req, PWDMD5);
if (name.equals("")) {
throw new InvalidNameException();
}
UserDb user = new UserDb();
user = user.getUser(name);
if (!user.isLoaded())
throw new InvalidNameException();
if (!user.isValid())
throw new ErrMsgException("对不起,您已被屏蔽!");
// 检查是否被关进了监狱
Prision prision = new Prision();
if (prision.isUserArrested(name)) {
Calendar cal = prision.getReleaseDate(name);
throw new ErrMsgException("您已被关押在社区监狱中,释放日期为" +
DateUtil.format(cal, "yy-MM-dd") +
",不能登录!");
}
String pwd = (String) req.getParameter("pwd");
if (pwd == null) {
throw new WrongPasswordException();
}
String MD5pwd = "";
try {
MD5pwd = SecurityUtil.MD5(pwd);
} catch (Exception e) {
logger.error("login MD5 exception: " +
e.getMessage());
}
// 判断是否已登录,即重复登录
if (oldname.equals(name)) {
if (oldpwd.equals(MD5pwd))
return true;
}
if (!user.getPwdMd5().equals(MD5pwd))
throw new WrongPasswordException();
isvalid = doLogin(req, res, user);
return isvalid;
}
private static String encodePasswordCookie(String username, String password) {
StringBuffer buf = new StringBuffer();
if (username != null && password != null) {
byte[] bytes = (username + ENCODE_DELIMETER + password).getBytes();
int b;
for (int n = 0; n < bytes.length; n++) {
b = bytes[n] ^ (ENCODE_XORMASK + n);
buf.append((char)(ENCODE_CHAR_OFFSET1 + (b & 0x0F)));
buf.append((char)(ENCODE_CHAR_OFFSET2 + ((b >> 4) & 0x0F)));
}
}
return buf.toString();
}
private static String[] decodePasswordCookie( String cookieVal ) {
// check that the cookie value isn't null or zero-length
if( cookieVal == null || cookieVal.length() <= 0 ) {
return null;
}
// unrafel the cookie value
char[] chars = cookieVal.toCharArray();
byte[] bytes = new byte[chars.length / 2];
int b;
for (int n = 0, m = 0; n < bytes.length; n++) {
b = chars[m++] - ENCODE_CHAR_OFFSET1;
b |= (chars[m++] - ENCODE_CHAR_OFFSET2) << 4;
bytes[n] = (byte)(b ^ (ENCODE_XORMASK + n));
}
cookieVal = new String(bytes);
int pos = cookieVal.indexOf(ENCODE_DELIMETER);
String username = (pos < 0) ? "" : cookieVal.substring(0, pos);
String password = (pos < 0) ? "" : cookieVal.substring(pos + 1);
return new String[] {username, password};
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -