📄 privilege.java~1~
字号:
ou.setIp(StrUtil.getIp(request));
ou.setGuest(isguest == 1 ? true : false);
try {
ou.create();
}
catch (ErrMsgException e) {
Logger.getLogger(Privilege.class.getName()).error("isUserLogin:" + e.getMessage());
}
}
return true;
}
}
// 如果帐号验证不合法或者被关进了监狱,则清除其COOKIE
// enrolGuest中作了这样的相应处理
return false;
}
/**
* 是否为访客,即已登记过并赋予了随机用户名,是则返回true;如果已登录用户,则返回false,未登记用户,也返回false
* @param request HttpServletRequest
* @return boolean
*/
public static boolean isGuest(HttpServletRequest request) {
HttpSession session = request.getSession(true);
Authorization auth = (Authorization) session.getAttribute(
SESSION_CWBBS_AUTH);
if (auth == null)
return false;
return auth.isGuest();
}
public static String getUser(HttpServletRequest request) {
HttpSession session = request.getSession(true);
Authorization auth = (Authorization) session.getAttribute(
SESSION_CWBBS_AUTH);
if (auth == null)
return "";
else
return auth.getName();
}
public static boolean canUploadAttachment(HttpServletRequest request) {
UserDb ud = new UserDb();
ud = ud.getUser(getUser(request));
if (ud.getDiskSpaceAllowed() <= ud.getDiskSpaceUsed())
return false;
return true;
}
public boolean logout(HttpServletRequest req, HttpServletResponse res) throws
ErrMsgException {
String name = getUser(req);
HttpSession session = req.getSession(true);
session.removeAttribute(SESSION_CWBBS_AUTH);
CookieBean cookiebean = new CookieBean();
cookiebean.delCookie(res, COOKIE_CWBBS_AUTH, "/");
// 从在线列表中删除
OnlineUserDb ou = new OnlineUserDb();
ou = ou.getOnlineUserDb(name);
if (ou.isLoaded()) {
return ou.del();
}
return false;
}
public boolean doLogin(HttpServletRequest req, HttpServletResponse res,
UserDb user) throws ErrMsgException {
// 取得登录前的用户名
String oldname = getUser(req);
boolean isvalid = false;
String strcovered = ParamUtil.get(req, "covered");
int covered = 0;
if (strcovered.equals(""))
strcovered = "0";
covered = Integer.parseInt(strcovered);
// 保存用户上次登录时间
user.setLastTime(user.getCurTime());
user.setCurTime();
user.setIp(req.getRemoteAddr());
isvalid = user.save();
if (isvalid) {
OnlineUserDb oud = new OnlineUserDb();
// 如果用户原来未登录,是访客(已被系统登记,随机赋予过用户名)
if (Privilege.isGuest(req)) {
// 查询该访客是否已在线
oud = oud.getOnlineUserDb(oldname);
if (oud.isLoaded()) {
// 删除原来作为访客的在线记录
oud.del();
}
}
// 检查用户name是否在线
oud = oud.getOnlineUserDb(user.getName());
// 如果该用户已处于在线记录中
if (oud.isLoaded()) {
oud.setCovered(covered == 1 ? true : false);
oud.save();
} else {
// 如果在线记录中没有该用户,则创建在线记录
oud.setName(user.getName());
oud.setIp(req.getRemoteAddr());
oud.setCovered(covered == 1 ? true : false);
oud.setGuest(false);
oud.create();
}
// 保存session
HttpSession session = req.getSession(true);
Authorization auth = new Authorization(user.getName(), false);
session.setAttribute(SESSION_CWBBS_AUTH, auth);
// 保存cookie,根据loginSaveDate置cookie时间
int loginSaveDate = LOGIN_SAVE_NONE;
try {
loginSaveDate = ParamUtil.getInt(req, "loginSaveDate");
} catch (Exception e) {
}
int maxAge = -1;
if (loginSaveDate == LOGIN_SAVE_NONE)
maxAge = -1;
else if (loginSaveDate == LOGIN_SAVE_DAY)
maxAge = 60 * 60 * 24;
else if (loginSaveDate == LOGIN_SAVE_MONTH)
maxAge = 60 * 60 * 24 * 30;
else if (loginSaveDate == LOGIN_SAVE_YEAR)
maxAge = 60 * 60 * 24 * 365;
// COOKIE都有一个有效期,有效期默认值为-1,这表示没有保存该COOKIE,当该浏览器退出时,该COOKIE立即失效.
String c = this.encodeCookie(user.getName(), user.getPwdMd5());
CookieBean cookiebean = new CookieBean();
cookiebean.addCookie(res, COOKIE_CWBBS_AUTH, c, "/", maxAge);
// 使用cookiebean.setCookieMaxAge不会产生效果,因为setCookieMaxAge从request中取COOKIE,然后设其到期值,但是此时request中尚没有发送过来的cookie
// cookiebean.setCookieMaxAge(req, res, NAME, maxAge);
}
return isvalid;
}
/**
* 验证码是否合法
* @param req HttpServletRequest
* @return boolean
*/
public boolean isValidateCodeRight(HttpServletRequest request) {
// 检测验证码
String validateCode = ParamUtil.get(request, "validateCode");
HttpSession session = request.getSession(true);
String sessionCode = StrUtil.getNullStr((String) session.getAttribute(
"validateCode"));
if (!validateCode.equals(sessionCode))
return false;
else
return true;
}
public boolean isValidateCodeRight(HttpServletRequest request, FileUpload fu) {
// 检测验证码
String validateCode = StrUtil.getNullString(fu.getFieldValue("validateCode"));
HttpSession session = request.getSession(true);
String sessionCode = StrUtil.getNullStr((String) session.getAttribute(
"validateCode"));
if (!validateCode.equals(sessionCode))
return false;
else
return true;
}
/**
* 此处需修改为加密COOKIE
* @param req HttpServletRequest
* @param res HttpServletResponse
* @return boolean
* @throws WrongPasswordException
* @throws InvalidNameException
* @throws ErrMsgException
*/
public boolean login(HttpServletRequest req, HttpServletResponse res) throws
WrongPasswordException, InvalidNameException, ErrMsgException {
// 检测验证码
Config cfg = new Config();
if (cfg.getBooleanProperty("forum.loginUseValidateCode")) {
if (!isValidateCodeRight(req))
throw new ErrMsgException(LoadString(req, "err_validate_code"));
}
// 验证IP
IPMonitor im = new IPMonitor();
if (!im.isValid(req, StrUtil.getIp(req))) {
throw new ErrMsgException(im.getMessage());
}
boolean isvalid = false;
String name = ParamUtil.get(req, "name");
if (name.equals("")) {
throw new InvalidNameException(req);
}
String pwd = (String) req.getParameter("pwd");
if (pwd == null) {
throw new WrongPasswordException(req);
}
UserDb user = new UserDb();
user = user.getUser(name);
if (!user.isLoaded())
throw new InvalidNameException(req);
// 检查密码是否相符
String MD5pwd = "";
try {
MD5pwd = SecurityUtil.MD5(pwd);
} catch (Exception e) {
logger.error("login MD5 exception: " +
e.getMessage());
}
if (!user.getPwdMd5().equals(MD5pwd))
throw new WrongPasswordException(req);
if (!user.isValid())
throw new ErrMsgException(LoadString(req, "err_invalid"));
// throw new ErrMsgException("对不起,您已被屏蔽!");
// 检查是否被关进了监狱
Prision prision = new Prision();
if (prision.isUserArrested(name)) {
Calendar cal = prision.getReleaseDate(name);
String s = LoadString(req, "err_prision");
s = s.replaceFirst("\\$d", SkinUtil.formatDate(req, cal.getTime()));
throw new ErrMsgException(s); // "您已被关押在社区监狱中,释放日期为" + DateUtil.format(cal, "yy-MM-dd") + ",不能登录!");
}
// 取得登录前的用户名
String oldname = getUser(req);
// 判断是否已登录,即重复登录
if (oldname.equals(name)) {
return true;
}
isvalid = doLogin(req, res, user);
return isvalid;
}
private static String encodeCookie(String username, String password) {
StringBuffer buf = new StringBuffer();
if (username != null && password != null) {
byte[] bytes = (username + ENCODE_DELIMETER + password).getBytes();
int b;
for (int n = 0; n < bytes.length; n++) {
b = bytes[n] ^ (ENCODE_XORMASK + n);
buf.append((char) (ENCODE_CHAR_OFFSET1 + (b & 0x0F)));
buf.append((char) (ENCODE_CHAR_OFFSET2 + ((b >> 4) & 0x0F)));
}
}
return buf.toString();
}
private static String[] decodeCookie(String cookieVal) {
// check that the cookie value isn't null or zero-length
if (cookieVal == null || cookieVal.length() <= 0) {
return null;
}
// unrafel the cookie value
char[] chars = cookieVal.toCharArray();
byte[] bytes = new byte[chars.length / 2];
int b;
for (int n = 0, m = 0; n < bytes.length; n++) {
b = chars[m++] - ENCODE_CHAR_OFFSET1;
b |= (chars[m++] - ENCODE_CHAR_OFFSET2) << 4;
bytes[n] = (byte) (b ^ (ENCODE_XORMASK + n));
}
cookieVal = new String(bytes);
int pos = cookieVal.indexOf(ENCODE_DELIMETER);
String username = (pos < 0) ? "" : cookieVal.substring(0, pos);
String password = (pos < 0) ? "" : cookieVal.substring(pos + 1);
return new String[] {username, password};
}
/**
* 登记访客,只放在listtopic.jsp及index.jsp,其余页面不放
* @param request 请求.
* @param response 响应.
* @return void
*/
public void enrolGuest(HttpServletRequest request, HttpServletResponse res) throws
ErrMsgException, UserArrestedException {
/**
* zjrj.cn/index.jsp登录---->login.jsp--->/forum/index.jsp---->enrolGuest() refreshStayTime()
* 王长江登录时发现 登录成功后,用户名在listtopic.jsp中看时变成了随机用户名,并且测试后发现
* 该随机用户名是在refreshStayTime()时被create的,并且该随机用户于在线列表中还不是游客身份,说明"islogin"这个
* cookie应该是被写入了,怀疑在login.jsp中因为<html><body>头的存在,可能使cookie未能及时写入
* 而被重定向至index.jsp后,enrolGuest认为未被登记,而将其登记,而当5分钟后,refreshStayTime()时,islogin这个cookie
* 已被写入,造成随机名称用户有非游客的身份出现在线列中有
* 解决方法:将login.jsp中多余的<html><body>头去掉,将%> <%之间的换行及空格也去掉
* 经检查,原来有可能是login.jsp中sendRedirect的问题 见http://dev.csdn.net/develop/article/6/6435.shtm
*/
// 已经用会员身份登录了
if (isUserLogin(request)) {
HttpSession session = request.getSession(true);
Authorization auth = (Authorization) session.getAttribute(
SESSION_CWBBS_AUTH);
if (!auth.isArrestChecked()) { // 如果未检查过是否被捕
// 检查其是否被捕,如果是的话,则强制其退出登录
// 此检查只进行一次
auth.setArrestChecked(true);
Prision prision = new Prision();
String userName = getUser(request);
if (prision.isUserArrested(userName)) {
// 如果被捕,则撤销以前保存的登录信息
logout(request, res);
Calendar cal = prision.getReleaseDate(userName);
String s = LoadString(request, "err_prision");
s = s.replaceFirst("\\$d",
SkinUtil.formatDate(request, cal.getTime()));
throw new ErrMsgException(s); // "您已被关押在社区监狱中,释放日期为" + DateUtil.format(cal, "yy-MM-dd") + ",不能登录!");
} else // 未被捕,则退出函数
return;
} else {
// 已检查过是否被捕
return;
}
}
HttpSession session = request.getSession(true);
Authorization auth = (Authorization) session.getAttribute(
SESSION_CWBBS_AUTH);
// 如果用户未登录,则检查是否已随机赋予name值
if (auth != null)
return; // name已记录则表示已被登记过
String guestname = FileUpload.getRandName(); // "" + System.currentTieMillis();
String boardcode = StrUtil.getNullString(ParamUtil.get(request,
"boardcode"));
// 在数据库中插入在线记录,置游客在位时间
OnlineUserDb ou = new OnlineUserDb();
int k = 0;
boolean isGuestNameUsed = true;
while (k < 10) {
// 检查该用户名是否已被使用,防止重复
ou = ou.getOnlineUserDb(guestname);
// 未被使用,则退出
if (!ou.isLoaded()) {
isGuestNameUsed = false;
break;
} else {
isGuestNameUsed = true;
guestname = FileUpload.getRandName(); // "" + System.currentTimeMillis() + "f";
}
k++;
}
// 原来在forum/index.jsp中之所以不能写入cookie,可能与userservice.enrolGuest(request,response);
// 在index.jsp中的位置有关,当位于网页的正文部分时,会不起作用,但listtopic.jsp放在body后一开始处却也是可以的
// 将其移至index.jsp的首部时,cookie就能被写入了
if (!isGuestNameUsed) {
auth = new Authorization(guestname, true);
session.setAttribute(SESSION_CWBBS_AUTH, auth);
ou.setName(guestname);
ou.setBoardCode(boardcode);
ou.setGuest(true);
ou.setIp(request.getRemoteAddr());
ou.setCovered(false);
ou.create();
}
}
public Authorization getAuthorization(HttpServletRequest request) {
HttpSession session = request.getSession(true);
return (Authorization) session.getAttribute(SESSION_CWBBS_AUTH);
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -