📄 privilege.java~1~
字号:
package com.redmoon.forum;
/**
* Title: bluewind's forum
* Description:
* Copyright: Copyright (c) 2002
* Company:
* @author bluewind
* @version 1.0
*/
import java.sql.*;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServletRequest;
import cn.js.fan.util.*;
import org.apache.log4j.Logger;
import com.redmoon.forum.person.UserDb;
import java.util.Iterator;
import com.redmoon.forum.plugin.base.IPluginPrivilege;
import java.util.Vector;
import com.redmoon.forum.plugin.PluginUnit;
import com.redmoon.forum.plugin.PluginMgr;
import cn.js.fan.module.pvg.Priv;
import cn.js.fan.security.SecurityUtil;
import javax.servlet.http.HttpServletResponse;
import com.redmoon.forum.person.WrongPasswordException;
import java.util.Calendar;
import com.redmoon.forum.life.prision.Prision;
import com.redmoon.forum.person.InvalidNameException;
import com.redmoon.forum.security.IPMonitor;
import com.redmoon.forum.err.UserArrestedException;
import com.redmoon.kit.util.FileUpload;
import com.redmoon.forum.plugin.EntranceMgr;
import com.redmoon.forum.plugin.EntranceUnit;
import com.redmoon.forum.plugin.base.IPluginEntrance;
import cn.js.fan.web.SkinUtil;
public class Privilege {
Logger logger = Logger.getLogger(Privilege.class.getName());
boolean debug = false;
public static final String MASTER = "sq_master";
public static final String COOKIE_CWBBS_AUTH = "cwbbs.auth";
public static final String SESSION_CWBBS_AUTH = "cwbbs.auth";
public static final int LOGIN_SAVE_NONE = 0;
public static final int LOGIN_SAVE_DAY = 1;
public static final int LOGIN_SAVE_MONTH = 2;
public static final int LOGIN_SAVE_YEAR = 3;
private final static int ENCODE_XORMASK = 0x5A;
private final static char ENCODE_DELIMETER = '\002';
private final static char ENCODE_CHAR_OFFSET1 = 'A';
private final static char ENCODE_CHAR_OFFSET2 = 'h';
public Privilege() {
}
public boolean isRequestValid(HttpServletRequest request) throws
SQLException {
if (request.getRequestURL().indexOf(request.getServerName()) == -1)
return false;
else
return true;
}
public boolean isMasterLogin(HttpServletRequest request) {
cn.js.fan.module.pvg.Privilege pvg = new cn.js.fan.module.pvg.Privilege();
if (pvg.isUserPrivValid(request, Priv.PRIV_ADMIN))
return true;
if (pvg.isUserPrivValid(request, Priv.PRIV_FORUM))
return true;
return false;
}
public boolean isMasterPrivValid(HttpServletRequest request, String priv) {
cn.js.fan.module.pvg.Privilege pvg = new cn.js.fan.module.pvg.Privilege();
if (pvg.isUserPrivValid(request, Priv.PRIV_ADMIN))
return true;
if (pvg.isUserPrivValid(request, Priv.PRIV_FORUM))
return true;
if (pvg.isUserPrivValid(request, priv))
return true;
return false;
}
public String getMaster(HttpServletRequest request) {
HttpSession session = request.getSession(true);
return (String) session.getAttribute(MASTER);
}
public boolean canWebEditRedMoon(HttpServletRequest request,
String boardCode) {
if (boardCode.equals(Leaf.CODE_BLOG))
return true;
// 检查版块是否允许高级发贴方式
Leaf lf = new Leaf();
lf = lf.getLeaf(boardCode);
if (lf == null || !lf.isLoaded())
return false;
if (lf.getWebeditAllowType() ==
lf.WEBEDIT_ALLOW_TYPE_UBB_NORMAL_REDMOON ||
lf.getWebeditAllowType() == lf.WEBEDIT_ALLOW_TYPE_REDMOON_FIRST) {
return true;
} else {
// 如果版块不允许WebEdit控件发贴方式,则只有版主和总管理员才可用
if (isManagerLogin(request) || isMasterLogin(request))
return true;
}
return false;
}
public String LoadString(HttpServletRequest request, String key) {
return SkinUtil.LoadString(request, "res.forum.Privilege", key);
}
/**
* 检查用户能否进入版块
* @param request HttpServletRequest
* @param boardCode String
* @return boolean
* @throws ErrMsgException
*/
public boolean checkCanEnterBoard(HttpServletRequest request, String boardCode) throws ErrMsgException {
Leaf curleaf = new Leaf();
curleaf = curleaf.getLeaf(boardCode);
if (curleaf == null || !curleaf.isLoaded()) {
throw new ErrMsgException(LoadString(request, "err_board_lost")); // "版块 " + boardCode + " 不存在!");
}
Privilege privilege = new Privilege();
if (curleaf.isLocked()) {
// 如果不是管理员
if (!privilege.isMasterLogin(request)) {
throw new ErrMsgException(LoadString(request, "err_board_locked"));
}
}
// 检查是否可以进入版块
EntranceMgr em = new EntranceMgr();
Vector vEntrancePlugin = em.getAllEntranceUnitOfBoard(boardCode);
if (vEntrancePlugin.size() > 0) {
Iterator irpluginentrance = vEntrancePlugin.iterator();
while (irpluginentrance.hasNext()) {
EntranceUnit eu = (EntranceUnit) irpluginentrance.next();
IPluginEntrance ipe = eu.getEntrance();
ipe.canEnter(request, boardCode);
}
}
return true;
}
public boolean canAddNew(HttpServletRequest request, String boardCode, FileUpload fu) throws ErrMsgException {
checkCanEnterBoard(request, boardCode);
if (isUserLogin(request)) {
Config cfg = new Config();
if (cfg.getBooleanProperty("forum.addUseValidateCode")) {
if (isValidateCodeRight(request, fu))
return true;
else
throw new ErrMsgException(LoadString(request, "err_validate_code"));
}
else
return true;
} else
throw new ErrMsgException(SkinUtil.LoadString(request, "err_not_login"));
}
public boolean canAddReply(HttpServletRequest request, String boardCode, FileUpload fu) throws
ErrMsgException {
checkCanEnterBoard(request, boardCode);
if (isUserLogin(request)) {
Config cfg = new Config();
if (cfg.getBooleanProperty("forum.addUseValidateCode")) {
if (isValidateCodeRight(request, fu))
return true;
else
throw new ErrMsgException(LoadString(request, "err_validate_code"));
}
else
return true;
} else
throw new ErrMsgException(SkinUtil.LoadString(request, "err_not_login"));
}
public boolean canAddQuickReply(HttpServletRequest request,
String boardcode, MsgDb remsg) throws
ErrMsgException {
checkCanEnterBoard(request, boardcode);
if (!isUserLogin(request)) {
throw new ErrMsgException(SkinUtil.LoadString(request, "err_not_login"));
}
Config cfg = new Config();
if (cfg.getBooleanProperty("forum.addUseValidateCode")) {
if (isValidateCodeRight(request))
;
else
throw new ErrMsgException(LoadString(request, "err_validate_code"));
}
// 插件的权限检查
PluginMgr pm = new PluginMgr();
Vector vplugin = pm.getAllPluginUnitOfBoard(boardcode);
if (vplugin.size() > 0) {
Iterator irplugin = vplugin.iterator();
while (irplugin.hasNext()) {
PluginUnit pu = (PluginUnit) irplugin.next();
IPluginPrivilege ipp = pu.getPrivilege();
if (ipp != null && !ipp.canAddQuickReply(request, remsg)) {
String s = LoadString(request, "err_plugin");
s = s.replaceFirst("\\$p", pu.getName(request));
throw new ErrMsgException(s);
}
}
}
return true;
}
public boolean canManage(HttpServletRequest request, long id) throws ErrMsgException {
if (isMasterPrivValid(request, Priv.PRIV_FORUM_MESSAGE))
return true;
if (!isUserLogin(request))
throw new ErrMsgException(SkinUtil.LoadString(request, "err_not_login"));
String name = getUser(request);
// 查询该贴所对应的版面
MsgDb md = new MsgDb();
md = md.getMsgDb(id);
if (!md.isLoaded())
return false;
String boardcode = md.getboardcode();
if (boardcode == null)
return false;
// 验证该贴是否为用户所写的博客
if (md.isBlog()) {
if (md.getName().equals(name))
return true;
}
// 验证是否为版主
BoardManagerDb bm = new BoardManagerDb();
bm = bm.getBoardManagerDb(boardcode, name);
if (bm.isLoaded()) {
return true;
}
return false;
}
public boolean isManager(HttpServletRequest request, String boardCode) {
if (!isUserLogin(request))
return false;
if (isMasterPrivValid(request, Priv.PRIV_FORUM_MESSAGE))
return true;
// 验证是否为版主
BoardManagerDb bm = new BoardManagerDb();
bm = bm.getBoardManagerDb(boardCode, getUser(request));
if (bm.isLoaded()) {
return true;
}
return false;
}
public boolean isManagerLogin(HttpServletRequest request) {
// 先验证是否为会员
if (!isUserLogin(request))
return false;
// 该贴所对应的版面
String boardcode = request.getParameter("boardcode");
if (boardcode == null)
return false;
// 验证是否为版主
BoardManagerDb bm = new BoardManagerDb();
bm = bm.getBoardManagerDb(boardcode, getUser(request));
if (bm.isLoaded()) {
return true;
}
return false;
}
public boolean canEdit(HttpServletRequest request, MsgDb md) throws
ErrMsgException {
// 先验证是否为会员
if (!isUserLogin(request))
throw new ErrMsgException(SkinUtil.LoadString(request, "err_not_login"));
String name = getUser(request);
String boardcode = md.getboardcode();
checkCanEnterBoard(request, boardcode);
String username = md.getName();
boolean valid = false;
// 验证是否为作者
if (username.equals(name)) {
valid = true;
}
// 验证是否为版主
BoardManagerDb bm = new BoardManagerDb();
bm = bm.getBoardManagerDb(boardcode, name);
if (bm.isLoaded()) {
valid = true;
}
// 是否为总版主
if (isMasterLogin(request))
valid = true;
// 插件的权限检查
PluginMgr pm = new PluginMgr();
Vector vplugin = pm.getAllPluginUnitOfBoard(boardcode);
if (vplugin.size() > 0) {
Iterator irplugin = vplugin.iterator();
while (irplugin.hasNext()) {
PluginUnit pu = (PluginUnit) irplugin.next();
IPluginPrivilege ipp = pu.getPrivilege();
if (ipp != null && !ipp.canEdit(request, md)) {
String s = LoadString(request, "err_plugin");
s = s.replaceFirst("\\$p", pu.getName(request));
throw new ErrMsgException(s);
}
}
}
return valid;
}
public static boolean isUserLogin(HttpServletRequest request) {
// 如果从session中直接取Authorization(JIVE),速度快,但是需耗session资源
// 而从cookie中取出值之后,需从缓存中取user的帐号判断COOKIE是否合法以及用户是否被关入监狱
// 效率上前者快一些,后者所耗费的session资源无,但是cookie中的信息需加密和解密,这样一来每资带来的资源消耗就比较大
// 因此相比之下,JIVE更合适一些,另外,因为系统中在别处使用到了session(SkinUtil),所以决定还是采用session来进行登录处理
// 而以cookie作为一种辅助手段,这样也可以避免因为客户端IE不支持COOKIE而导致登录失败
HttpSession session = request.getSession(true);
Authorization auth = (Authorization) session.getAttribute(
SESSION_CWBBS_AUTH);
boolean isValid = false;
if (auth != null) {
isValid = !auth.isGuest();
if (isValid)
return true;
}
// 保存的cookie登录
CookieBean cookiebean = new CookieBean();
String c = cookiebean.getCookieValue(request, COOKIE_CWBBS_AUTH);
if (c.equals(""))
return false;
String[] ck = decodeCookie(c);
String userName = ck[0];
String pwdMD5 = ck[1];
UserDb ud = new UserDb();
ud = ud.getUser(userName);
if (ud.isLoaded()) {
if (ud.getPwdMd5().equals(pwdMD5)) {
// 检查是否被关进了监狱
Prision prision = new Prision();
if (prision.isUserArrested(userName)) {
return false;
}
auth = new Authorization(userName, false);
session.setAttribute(SESSION_CWBBS_AUTH, auth);
OnlineUserDb ou = new OnlineUserDb();
ou = ou.getOnlineUserDb(userName);
ou.setStayTime(new java.util.Date());
// 如果用户在线
if (ou.isLoaded()) {
ou.save();
} else {
// 如果不在线,即超时被刷新掉了,则再加入在线列表
int isguest = 0;
ou.setName(auth.getName());
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -