📄 privilege.java~46~
字号:
package com.redmoon.forum;
/**
* Title: bluewind's forum
* Description:
* Copyright: Copyright (c) 2002
* Company:
* @author bluewind
* @version 1.0
*/
import java.sql.*;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServletRequest;
import cn.js.fan.util.*;
import org.apache.log4j.Logger;
import com.redmoon.forum.person.UserDb;
import java.util.Iterator;
import com.redmoon.forum.plugin.base.IPluginPrivilege;
import java.util.Vector;
import com.redmoon.forum.plugin.PluginUnit;
import com.redmoon.forum.plugin.PluginMgr;
import cn.js.fan.module.pvg.Priv;
import cn.js.fan.security.SecurityUtil;
import javax.servlet.http.HttpServletResponse;
import com.redmoon.forum.person.WrongPasswordException;
import java.util.Calendar;
import com.redmoon.forum.life.prision.Prision;
import com.redmoon.forum.person.InvalidNameException;
import com.redmoon.forum.security.IPMonitor;
public class Privilege {
Logger logger = Logger.getLogger(Privilege.class.getName());
boolean debug = false;
public static final String ISLOGIN = "islogin";
public static final String NAME = "name";
public static final String PWDMD5 = "pwd";
public static final String MASTER = "sq_master";
public static final int LOGIN_SAVE_NONE = 0;
public static final int LOGIN_SAVE_DAY = 1;
public static final int LOGIN_SAVE_MONTH = 2;
public static final int LOGIN_SAVE_YEAR = 3;
private final static int ENCODE_XORMASK = 0x5A;
private final static char ENCODE_DELIMETER = '\002';
private final static char ENCODE_CHAR_OFFSET1 = 'A';
private final static char ENCODE_CHAR_OFFSET2 = 'h';
public Privilege() {
}
public boolean isRequestValid(HttpServletRequest request) throws SQLException {
if (request.getRequestURL().indexOf(request.getServerName()) == -1)
return false;
else
return true;
}
public boolean isMasterLogin(HttpServletRequest request) {
cn.js.fan.module.pvg.Privilege pvg = new cn.js.fan.module.pvg.Privilege();
if (pvg.isUserPrivValid(request, Priv.PRIV_ADMIN))
return true;
if (pvg.isUserPrivValid(request, Priv.PRIV_FORUM))
return true;
return false;
}
public boolean isMasterPrivValid(HttpServletRequest request, String priv) {
cn.js.fan.module.pvg.Privilege pvg = new cn.js.fan.module.pvg.Privilege();
if (pvg.isUserPrivValid(request, Priv.PRIV_ADMIN))
return true;
if (pvg.isUserPrivValid(request, Priv.PRIV_FORUM))
return true;
if (pvg.isUserPrivValid(request, priv))
return true;
return false;
}
public String getMaster(HttpServletRequest request) {
HttpSession session = request.getSession(true);
return (String)session.getAttribute(MASTER);
}
public boolean canWebEditRedMoon(HttpServletRequest request, String boardCode){
if (boardCode.equals(Leaf.CODE_BLOG))
return true;
// 检查版块是否允许高级发贴方式
Leaf lf = new Leaf();
lf = lf.getLeaf(boardCode);
if (lf==null || !lf.isLoaded())
return false;
if (lf.getWebeditAllowType()==lf.WEBEDIT_ALLOW_TYPE_UBB_NORMAL_REDMOON || lf.getWebeditAllowType()==lf.WEBEDIT_ALLOW_TYPE_REDMOON_FIRST) {
return true;
}
else {
// 如果版块不允许WebEdit控件发贴方式,则只有版主和总管理员才可用
if (isManagerLogin(request) || isMasterLogin(request))
return true;
}
return false;
}
public boolean canAddNew(HttpServletRequest request) throws ErrMsgException {
if (isUserLogin(request)) {
// 二次验证,防止伪造COOKIE
return true;
}
else
return false;
}
public boolean canAddReply(HttpServletRequest request) throws ErrMsgException {
if (isUserLogin(request)) {
// 二次验证,防止伪造COOKIE
return true;
}
else
return false;
}
public boolean canAddQuickReply(HttpServletRequest request, String boardcode, MsgDb remsg) throws ErrMsgException {
if (!isUserLogin(request))
return false;
// 插件的权限检查
PluginMgr pm = new PluginMgr();
Vector vplugin = pm.getAllPluginUnitOfBoard(boardcode);
if (vplugin.size() > 0) {
Iterator irplugin = vplugin.iterator();
while (irplugin.hasNext()) {
PluginUnit pu = (PluginUnit) irplugin.next();
IPluginPrivilege ipp = pu.getPrivilege();
if (ipp!=null && !ipp.canAddQuickReply(request, remsg))
throw new ErrMsgException("对不起,您没有" + pu.getName(request) +
"的权限!");
}
}
return true;
}
public boolean canManage(HttpServletRequest request, int id) {
String name = getUser(request);
String pwd = getPwd(request);
return canManage(request, name, pwd, ""+id);
}
public boolean canManage(HttpServletRequest request, String name,
String pwd, String id) {
if (isMasterPrivValid(request, Priv.PRIV_FORUM_MESSAGE))
return true;
if (!isUserLogin(request))
return false;
// 查询该贴所对应的版面
MsgDb md = new MsgDb();
md = md.getMsgDb(Integer.parseInt(id));
if (!md.isLoaded())
return false;
String boardcode = md.getboardcode();
if (boardcode == null)
return false;
// 验证该贴是否为用户所写的博客
if (md.isBlog()) {
if (md.getName().equals(name))
return true;
}
// 验证是否为版主
BoardManagerDb bm = new BoardManagerDb();
bm = bm.getBoardManagerDb(boardcode, name);
if (bm.isLoaded()) {
return true;
}
return false;
}
public boolean isManager(HttpServletRequest request, String boardCode) {
String name = getUser(request);
if (name == null)
return false;
if (isMasterPrivValid(request, Priv.PRIV_FORUM_MESSAGE))
return true;
// 验证是否为版主
BoardManagerDb bm = new BoardManagerDb();
bm = bm.getBoardManagerDb(boardCode, name);
if (bm.isLoaded()) {
return true;
}
return false;
}
public boolean isManagerLogin(HttpServletRequest request) {
// 先验证是否为会员
if (!isUserLogin(request))
return false;
// 该贴所对应的版面
String boardcode = request.getParameter("boardcode");
if (boardcode == null)
return false;
// 验证是否为版主
BoardManagerDb bm = new BoardManagerDb();
bm = bm.getBoardManagerDb(boardcode, getUser(request));
if (bm.isLoaded()) {
return true;
}
return false;
}
public boolean canEdit(HttpServletRequest request, MsgDb md) throws ErrMsgException {
// 先验证是否为会员
if (!isUserLogin(request))
return false;
String name = getUser(request);
String boardcode = md.getboardcode();
String username = md.getName();
boolean valid = false;
// 验证是否为作者
if (username.equals(name)) {
valid = true;
}
// 验证是否为版主
BoardManagerDb bm = new BoardManagerDb();
bm = bm.getBoardManagerDb(boardcode, name);
if (bm.isLoaded()) {
valid = true;
}
// 是否为总版主
if (isMasterLogin(request))
valid = true;
// 插件的权限检查
PluginMgr pm = new PluginMgr();
Vector vplugin = pm.getAllPluginUnitOfBoard(boardcode);
if (vplugin.size() > 0) {
Iterator irplugin = vplugin.iterator();
while (irplugin.hasNext()) {
PluginUnit pu = (PluginUnit) irplugin.next();
IPluginPrivilege ipp = pu.getPrivilege();
if (ipp!=null && !ipp.canEdit(request, md))
throw new ErrMsgException("对不起,您没有" + pu.getName(request) +
"的权限!");
}
}
return valid;
}
public static boolean isUserLogin(HttpServletRequest request) {
CookieBean cookiebean = new CookieBean();
String userName = getUser(request);
boolean isLogin = false;
if (!userName.equals("") && cookiebean.getCookieValue(request, ISLOGIN).equals("y")) {
String pwdMD5 = getPwd(request);
UserDb ud = new UserDb();
ud = ud.getUser(userName);
if (ud.isLoaded()) {
if (ud.getPwdMd5().equals(pwdMD5)) {
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -