📄 privilege.java~166~
字号:
// 验证是否为版主
BoardManagerDb bm = new BoardManagerDb();
bm = bm.getBoardManagerDb(boardcode, name);
if (bm.isLoaded()) {
valid = true;
}
// 是否为总版主
if (isMasterLogin(request))
valid = true;
// 插件的权限检查
PluginMgr pm = new PluginMgr();
Vector vplugin = pm.getAllPluginUnitOfBoard(boardcode);
if (vplugin.size() > 0) {
Iterator irplugin = vplugin.iterator();
while (irplugin.hasNext()) {
PluginUnit pu = (PluginUnit) irplugin.next();
IPluginPrivilege ipp = pu.getPrivilege();
if (ipp != null && !ipp.canEdit(request, md)) {
String s = LoadString(request, "err_plugin");
s = s.replaceFirst("\\$p", pu.getName(request));
throw new ErrMsgException(s);
}
}
}
return valid;
}
public static boolean isUserLogin(HttpServletRequest request) {
// 如果从session中直接取Authorization(JIVE),速度快,但是需耗session资源
// 而从cookie中取出值之后,需从缓存中取user的帐号判断COOKIE是否合法以及用户是否被关入监狱
// 效率上前者快一些,后者所耗费的session资源无,但是cookie中的信息需加密和解密,这样一来每资带来的资源消耗就比较大
// 因此相比之下,JIVE更合适一些,另外,因为系统中在别处使用到了session(SkinUtil),所以决定还是采用session来进行登录处理
// 而以cookie作为一种辅助手段,这样也可以避免因为客户端IE不支持COOKIE而导致登录失败
HttpSession session = request.getSession(true);
Authorization auth = (Authorization) session.getAttribute(
SESSION_CWBBS_AUTH);
boolean isValid = false;
if (auth != null) {
isValid = !auth.isGuest();
if (isValid)
return true;
}
// 保存的cookie登录
CookieBean cookiebean = new CookieBean();
String c = cookiebean.getCookieValue(request, COOKIE_CWBBS_AUTH);
if (c.equals(""))
return false;
String[] ck = decodeCookie(c);
String userName = ck[0];
String pwdMD5 = ck[1];
UserDb ud = new UserDb();
ud = ud.getUser(userName);
if (ud.isLoaded()) {
if (ud.getPwdMd5().equals(pwdMD5)) {
// 检查是否被关进了监狱
Prision prision = new Prision();
if (prision.isUserArrested(userName)) {
return false;
}
auth = new Authorization(userName, false);
session.setAttribute(SESSION_CWBBS_AUTH, auth);
// 取得用户的locale
String mylocale = ud.getLocale();
if (!mylocale.equals("")) {
String[] ary = StrUtil.split(mylocale, "_");
if (ary!=null && ary.length==2) {
Locale locale = new Locale(ary[0], ary[1]);
session.setAttribute(SkinUtil.SESSION_LOCALE, locale);
}
}
OnlineUserDb ou = new OnlineUserDb();
ou = ou.getOnlineUserDb(userName);
ou.setStayTime(new java.util.Date());
// 如果用户在线
if (ou.isLoaded()) {
ou.save();
} else {
// 如果不在线,即超时被刷新掉了,则再加入在线列表
int isguest = 0;
ou.setName(auth.getName());
ou.setIp(StrUtil.getIp(request));
ou.setGuest(isguest == 1 ? true : false);
try {
ou.create();
}
catch (ErrMsgException e) {
Logger.getLogger(Privilege.class.getName()).error("isUserLogin:" + e.getMessage());
}
}
return true;
}
}
// 如果帐号验证不合法或者被关进了监狱,则清除其COOKIE
// enrolGuest中作了这样的相应处理
return false;
}
/**
* 是否为访客,即已登记过并赋予了随机用户名,是则返回true;如果已登录用户,则返回false,未登记用户,也返回false
* @param request HttpServletRequest
* @return boolean
*/
public static boolean isGuest(HttpServletRequest request) {
HttpSession session = request.getSession(true);
Authorization auth = (Authorization) session.getAttribute(
SESSION_CWBBS_AUTH);
if (auth == null)
return false;
return auth.isGuest();
}
public static String getUser(HttpServletRequest request) {
HttpSession session = request.getSession(true);
Authorization auth = (Authorization) session.getAttribute(
SESSION_CWBBS_AUTH);
if (auth == null)
return "";
else
return auth.getName();
}
public static boolean canUploadAttachment(HttpServletRequest request) {
UserDb ud = new UserDb();
ud = ud.getUser(getUser(request));
if (ud.getDiskSpaceAllowed() <= ud.getDiskSpaceUsed())
return false;
return true;
}
public boolean logout(HttpServletRequest req, HttpServletResponse res) throws
ErrMsgException {
String name = getUser(req);
HttpSession session = req.getSession(true);
session.removeAttribute(SESSION_CWBBS_AUTH);
CookieBean cookiebean = new CookieBean();
cookiebean.delCookie(res, COOKIE_CWBBS_AUTH, "/");
// 从在线列表中删除
OnlineUserDb ou = new OnlineUserDb();
ou = ou.getOnlineUserDb(name);
if (ou.isLoaded()) {
return ou.del();
}
return false;
}
public boolean doLogin(HttpServletRequest req, HttpServletResponse res,
UserDb user) throws ErrMsgException {
// 取得登录前的用户名
String oldname = getUser(req);
boolean isvalid = false;
String strcovered = ParamUtil.get(req, "covered");
int covered = 0;
if (strcovered.equals(""))
strcovered = "0";
covered = Integer.parseInt(strcovered);
// 保存用户上次登录时间
user.setLastTime(user.getCurTime());
user.setCurTime();
user.setIp(req.getRemoteAddr());
isvalid = user.save();
if (isvalid) {
OnlineUserDb oud = new OnlineUserDb();
// 如果用户原来未登录,是访客(已被系统登记,随机赋予过用户名)
if (Privilege.isGuest(req)) {
// 查询该访客是否已在线
oud = oud.getOnlineUserDb(oldname);
if (oud.isLoaded()) {
// 删除原来作为访客的在线记录
oud.del();
}
}
// 检查用户name是否在线
oud = oud.getOnlineUserDb(user.getName());
// 如果该用户已处于在线记录中
if (oud.isLoaded()) {
oud.setCovered(covered == 1 ? true : false);
oud.save();
} else {
// 如果在线记录中没有该用户,则创建在线记录
oud.setName(user.getName());
oud.setIp(req.getRemoteAddr());
oud.setCovered(covered == 1 ? true : false);
oud.setGuest(false);
oud.create();
}
// 保存session
HttpSession session = req.getSession(true);
Authorization auth = new Authorization(user.getName(), false);
session.setAttribute(SESSION_CWBBS_AUTH, auth);
// 取得用户的locale
String mylocale = user.getLocale();
if (!mylocale.equals("")) {
String[] ary = StrUtil.split(mylocale, "_");
if (ary!=null && ary.length==2) {
Locale locale = new Locale(ary[0], ary[1]);
session.setAttribute(SkinUtil.SESSION_LOCALE, locale);
}
}
// 保存cookie,根据loginSaveDate置cookie时间
int loginSaveDate = LOGIN_SAVE_NONE;
try {
loginSaveDate = ParamUtil.getInt(req, "loginSaveDate");
} catch (Exception e) {
}
int maxAge = -1;
if (loginSaveDate == LOGIN_SAVE_NONE)
maxAge = -1;
else if (loginSaveDate == LOGIN_SAVE_DAY)
maxAge = 60 * 60 * 24;
else if (loginSaveDate == LOGIN_SAVE_MONTH)
maxAge = 60 * 60 * 24 * 30;
else if (loginSaveDate == LOGIN_SAVE_YEAR)
maxAge = 60 * 60 * 24 * 365;
// COOKIE都有一个有效期,有效期默认值为-1,这表示没有保存该COOKIE,当该浏览器退出时,该COOKIE立即失效.
String c = this.encodeCookie(user.getName(), user.getPwdMd5());
CookieBean cookiebean = new CookieBean();
cookiebean.addCookie(res, COOKIE_CWBBS_AUTH, c, "/", maxAge);
// 使用cookiebean.setCookieMaxAge不会产生效果,因为setCookieMaxAge从request中取COOKIE,然后设其到期值,但是此时request中尚没有发送过来的cookie
// cookiebean.setCookieMaxAge(req, res, NAME, maxAge);
}
return isvalid;
}
/**
* 验证码是否合法
* @param req HttpServletRequest
* @return boolean
*/
public boolean isValidateCodeRight(HttpServletRequest request) {
// 检测验证码
String validateCode = ParamUtil.get(request, "validateCode");
HttpSession session = request.getSession(true);
String sessionCode = StrUtil.getNullStr((String) session.getAttribute(
"validateCode"));
if (!validateCode.equals(sessionCode))
return false;
else
return true;
}
public boolean isValidateCodeRight(HttpServletRequest request, FileUpload fu) {
// 检测验证码
String validateCode = StrUtil.getNullString(fu.getFieldValue("validateCode"));
HttpSession session = request.getSession(true);
String sessionCode = StrUtil.getNullStr((String) session.getAttribute(
"validateCode"));
if (!validateCode.equals(sessionCode))
return false;
else
return true;
}
/**
* 此处需修改为加密COOKIE
* @param req HttpServletRequest
* @param res HttpServletResponse
* @return boolean
* @throws WrongPasswordException
* @throws InvalidNameException
* @throws ErrMsgException
*/
public boolean login(HttpServletRequest req, HttpServletResponse res) throws
WrongPasswordException, InvalidNameException, ErrMsgException {
// 检测验证码
Config cfg = new Config();
if (cfg.getBooleanProperty("forum.loginUseValidateCode")) {
if (!isValidateCodeRight(req))
throw new ErrMsgException(LoadString(req, "err_validate_code"));
}
// 验证IP
IPMonitor im = new IPMonitor();
if (!im.isValid(req, StrUtil.getIp(req))) {
throw new ErrMsgException(im.getMessage());
}
boolean isvalid = false;
String nick = ParamUtil.get(req, "name");
if (nick.equals("")) {
throw new InvalidNameException(req);
}
String pwd = (String) req.getParameter("pwd");
if (pwd == null) {
throw new WrongPasswordException(req);
}
UserDb user = new UserDb();
user = user.getUserDbByNick(nick);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -