📄 privilege.java~166~
字号:
if (user==null || !user.isLoaded())
throw new InvalidNameException(req);
// 检查密码是否相符
String MD5pwd = "";
try {
MD5pwd = SecurityUtil.MD5(pwd);
} catch (Exception e) {
logger.error("login MD5 exception: " +
e.getMessage());
}
if (!user.getPwdMd5().equals(MD5pwd))
throw new WrongPasswordException(req);
if (!user.isValid())
throw new ErrMsgException(LoadString(req, "err_invalid"));
// throw new ErrMsgException("对不起,您已被屏蔽!");
// 检查是否被关进了监狱
Prision prision = new Prision();
if (prision.isUserArrested(user.getName())) {
Calendar cal = prision.getReleaseDate(user.getName());
String s = LoadString(req, "err_prision");
s = s.replaceFirst("\\$d", ForumSkin.formatDate(req, cal.getTime()));
throw new ErrMsgException(s); // "您已被关押在社区监狱中,释放日期为" + DateUtil.format(cal, "yy-MM-dd") + ",不能登录!");
}
// 取得登录前的用户名
String oldname = getUser(req);
// 判断是否已登录,即重复登录
if (oldname.equals(user.getName())) {
return true;
}
isvalid = doLogin(req, res, user);
return isvalid;
}
private static String encodeCookie(String username, String password) {
StringBuffer buf = new StringBuffer();
if (username != null && password != null) {
byte[] bytes = (username + ENCODE_DELIMETER + password).getBytes();
int b;
for (int n = 0; n < bytes.length; n++) {
b = bytes[n] ^ (ENCODE_XORMASK + n);
buf.append((char) (ENCODE_CHAR_OFFSET1 + (b & 0x0F)));
buf.append((char) (ENCODE_CHAR_OFFSET2 + ((b >> 4) & 0x0F)));
}
}
return buf.toString();
}
private static String[] decodeCookie(String cookieVal) {
// check that the cookie value isn't null or zero-length
if (cookieVal == null || cookieVal.length() <= 0) {
return null;
}
// unrafel the cookie value
char[] chars = cookieVal.toCharArray();
byte[] bytes = new byte[chars.length / 2];
int b;
for (int n = 0, m = 0; n < bytes.length; n++) {
b = chars[m++] - ENCODE_CHAR_OFFSET1;
b |= (chars[m++] - ENCODE_CHAR_OFFSET2) << 4;
bytes[n] = (byte) (b ^ (ENCODE_XORMASK + n));
}
cookieVal = new String(bytes);
int pos = cookieVal.indexOf(ENCODE_DELIMETER);
String username = (pos < 0) ? "" : cookieVal.substring(0, pos);
String password = (pos < 0) ? "" : cookieVal.substring(pos + 1);
return new String[] {username, password};
}
/**
* 登记访客,只放在listtopic.jsp及index.jsp,其余页面不放
* @param request 请求.
* @param response 响应.
* @return void
*/
public void enrolGuest(HttpServletRequest request, HttpServletResponse res) throws
ErrMsgException, UserArrestedException {
/**
* zjrj.cn/index.jsp登录---->login.jsp--->/forum/index.jsp---->enrolGuest() refreshStayTime()
* 王长江登录时发现 登录成功后,用户名在listtopic.jsp中看时变成了随机用户名,并且测试后发现
* 该随机用户名是在refreshStayTime()时被create的,并且该随机用户于在线列表中还不是游客身份,说明"islogin"这个
* cookie应该是被写入了,怀疑在login.jsp中因为<html><body>头的存在,可能使cookie未能及时写入
* 而被重定向至index.jsp后,enrolGuest认为未被登记,而将其登记,而当5分钟后,refreshStayTime()时,islogin这个cookie
* 已被写入,造成随机名称用户有非游客的身份出现在线列中有
* 解决方法:将login.jsp中多余的<html><body>头去掉,将%> <%之间的换行及空格也去掉
* 经检查,原来有可能是login.jsp中sendRedirect的问题 见http://dev.csdn.net/develop/article/6/6435.shtm
*/
// 已经用会员身份登录了
if (isUserLogin(request)) {
HttpSession session = request.getSession(true);
Authorization auth = (Authorization) session.getAttribute(
SESSION_CWBBS_AUTH);
if (!auth.isArrestChecked()) { // 如果未检查过是否被捕
// 检查其是否被捕,如果是的话,则强制其退出登录
// 此检查只进行一次
auth.setArrestChecked(true);
Prision prision = new Prision();
String userName = getUser(request);
if (prision.isUserArrested(userName)) {
// 如果被捕,则撤销以前保存的登录信息
logout(request, res);
Calendar cal = prision.getReleaseDate(userName);
String s = LoadString(request, "err_prision");
s = s.replaceFirst("\\$d",
ForumSkin.formatDate(request, cal.getTime()));
throw new ErrMsgException(s); // "您已被关押在社区监狱中,释放日期为" + DateUtil.format(cal, "yy-MM-dd") + ",不能登录!");
} else // 未被捕,则退出函数
return;
} else {
// 已检查过是否被捕
return;
}
}
HttpSession session = request.getSession(true);
Authorization auth = (Authorization) session.getAttribute(
SESSION_CWBBS_AUTH);
// 如果用户未登录,则检查是否已随机赋予name值
if (auth != null)
return; // name已记录则表示已被登记过
String guestname = FileUpload.getRandName(); // "" + System.currentTieMillis();
String boardcode = StrUtil.getNullString(ParamUtil.get(request,
"boardcode"));
// 在数据库中插入在线记录,置游客在位时间
OnlineUserDb ou = new OnlineUserDb();
int k = 0;
boolean isGuestNameUsed = true;
while (k < 10) {
// 检查该用户名是否已被使用,防止重复
ou = ou.getOnlineUserDb(guestname);
// 未被使用,则退出
if (!ou.isLoaded()) {
isGuestNameUsed = false;
break;
} else {
isGuestNameUsed = true;
guestname = FileUpload.getRandName(); // "" + System.currentTimeMillis() + "f";
}
k++;
}
// 原来在forum/index.jsp中之所以不能写入cookie,可能与userservice.enrolGuest(request,response);
// 在index.jsp中的位置有关,当位于网页的正文部分时,会不起作用,但listtopic.jsp放在body后一开始处却也是可以的
// 将其移至index.jsp的首部时,cookie就能被写入了
if (!isGuestNameUsed) {
auth = new Authorization(guestname, true);
session.setAttribute(SESSION_CWBBS_AUTH, auth);
ou.setName(guestname);
ou.setBoardCode(boardcode);
ou.setGuest(true);
ou.setIp(request.getRemoteAddr());
ou.setCovered(false);
ou.create();
}
}
public Authorization getAuthorization(HttpServletRequest request) {
HttpSession session = request.getSession(true);
return (Authorization) session.getAttribute(SESSION_CWBBS_AUTH);
}
/**
* 判别用户是否具有版块中的权限
* @param userName String
* @param boardCode String
* @param doWhat String
* @return boolean
*/
public boolean canUserDo(String userName, String boardCode, String doWhat) {
UserDb ud = new UserDb();
ud = ud.getUser(userName);
if (!ud.isLoaded())
return false;
UserPrivDb upd = new UserPrivDb();
upd = upd.getUserPrivDb(userName);
// 使用默认新用户设定的参数
boolean userPriv = false;
boolean isDefaultLoaded = false;
boolean defaultPriv = false;
if (upd.getBoolean("is_default")) {
defaultPriv = getDefaultPriv(doWhat);
isDefaultLoaded = true;
userPriv = defaultPriv;
}
else {
userPriv = upd.getBoolean(doWhat);
if (!userPriv) // 如果用户不使用默认设置,且被设置为false,则说明已被禁用此项功能
return false;
// else
// return true; // 当不使用默认权限时,则说明强制使用该权限
}
// 当默认权限允许或者用户权限允许,则以用户组权限为准
String groupCode = ud.getUserGroupDb().getCode();
UserGroupPrivDb ugpd = new UserGroupPrivDb();
ugpd = ugpd.getUserGroupPrivDb(groupCode, boardCode);
boolean groupPriv = false;
LogUtil.getLog(getClass()).info("userPriv=" + userPriv + " defaultPriv=" + defaultPriv + " doWhat=" + doWhat);
if (ugpd.getBoolean("is_default")) {
if (!isDefaultLoaded) {
defaultPriv = getDefaultPriv(doWhat);
isDefaultLoaded = true;
}
groupPriv = defaultPriv;
}
else {
groupPriv = ugpd.getBoolean(doWhat);
}
LogUtil.getLog(getClass()).info("userPriv=" + userPriv + " defaultPriv=" + defaultPriv + " groupPriv=" + groupPriv + " doWhat=" + doWhat);
return groupPriv;
}
public boolean getDefaultPriv(String doWhat) {
boolean defaultPriv = false;
Config cfg = new Config();
if (doWhat.equals("add_topic")) {
defaultPriv = cfg.getProperty("forum.canUserAddTopic").equals(
"true");
} else if (doWhat.equals("attach_upload")) {
defaultPriv = cfg.getProperty("forum.canUserUploadAttach").
equals("true");
} else if (doWhat.equals("reply_topic")) {
defaultPriv = cfg.getProperty("forum.canUserReplyTopic").
equals(
"true");
} else if (doWhat.equals("vote")) {
defaultPriv = cfg.getProperty("forum.canUserVote").equals("true");
} else if (doWhat.equals("search")) {
defaultPriv = cfg.getProperty("forum.canUserSearch").equals(
"true");
}
return defaultPriv;
}
/**
* 判断用户能否在版块中上传文件
* @param userName String
* @param boardCode String
* @return boolean
*/
public boolean canUserUpload(String userName, String boardCode) {
UserDb ud = new UserDb();
ud = ud.getUser(userName);
if (!ud.isLoaded())
return false;
boolean defaultPriv = false;
boolean isDefalutLoaded = false;
UserPrivDb upd = new UserPrivDb();
upd = upd.getUserPrivDb(userName);
if (upd.getBoolean("is_default")) {
defaultPriv = getDefaultPriv("attach_upload");
isDefalutLoaded = true;
}
else {
if (!upd.getBoolean("attach_upload"))
return false;
}
String groupCode = ud.getUserGroupDb().getCode();
UserGroupPrivDb ugpd = new UserGroupPrivDb();
ugpd = ugpd.getUserGroupPrivDb(groupCode, boardCode);
boolean groupPriv = false;
if (ugpd.getBoolean("is_default")) {
if (!isDefalutLoaded) {
defaultPriv = getDefaultPriv("attach_upload");
groupPriv = defaultPriv;
}
}
else {
if (!ugpd.getBoolean("attach_upload"))
return false;
}
if (!groupPriv) {
return false;
}
Config cfg = new Config();
int uploadCount = cfg.getIntProperty("forum.maxAttachDayCount");
if (upd.getBoolean("is_default")) {
if (upd.getInt("attach_day_count") > uploadCount) {
uploadCount = upd.getInt("attach_day_count");
}
}
if (upd.getAttachTodayUploadCount() < uploadCount)
return true;
else
return false;
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -