📄 privilege.java
字号:
} return isvalid; } public boolean isValidateCodeRight(HttpServletRequest request) { HttpSession session = request.getSession(true); String sessionCode = StrUtil.getNullStr((String) session.getAttribute( "validateCode")); if (sessionCode.equals("")) return false; String validateCode = ParamUtil.get(request, "validateCode"); if (!validateCode.equals(sessionCode)) return false; else return true; } public boolean isValidateCodeRight(HttpServletRequest request, FileUpload fu) { HttpSession session = request.getSession(true); String sessionCode = StrUtil.getNullStr((String) session.getAttribute( "validateCode")); if (sessionCode.equals("")) return false; String validateCode = StrUtil.getNullString(fu.getFieldValue("validateCode")); if (!validateCode.equals(sessionCode)) return false; else return true; } public boolean login(HttpServletRequest req, HttpServletResponse res) throws WrongPasswordException, InvalidNameException, ErrMsgException { return login(req, res, true); } public boolean login(HttpServletRequest req, HttpServletResponse res, boolean isCheckValidateCode) throws WrongPasswordException, InvalidNameException, ErrMsgException { Config cfg = Config.getInstance(); if (isCheckValidateCode) { if (cfg.getBooleanProperty("forum.loginUseValidateCode")) { if (!isValidateCodeRight(req)) throw new ErrMsgException(LoadString(req, "err_validate_code")); } } IPMonitor im = new IPMonitor(); if (!im.isValid(req, StrUtil.getIp(req))) { throw new ErrMsgException(im.getMessage()); } boolean isvalid = false; String nick = ParamUtil.get(req, "name"); if (nick.equals("")) { throw new InvalidNameException(req); } String pwd = (String) req.getParameter("pwd"); if (pwd == null) { throw new WrongPasswordException(req); } UserDb user = new UserDb(); user = user.getUserDbByNick(nick); if (user==null || !user.isLoaded()) throw new InvalidNameException(req); String MD5pwd = ""; try { MD5pwd = SecurityUtil.MD5(pwd); } catch (Exception e) { logger.error("login MD5 exception: " + e.getMessage()); } if (cfg.getBooleanProperty("forum.loginCompatibleDVBBS")) { if (user.getPwdMd5().length()==16) { String pwd16 = MD5pwd.substring(8, 24); if (!user.getPwdMd5().equals(pwd16)) throw new WrongPasswordException(req); } else { if (!user.getPwdMd5().equals(MD5pwd)) throw new WrongPasswordException(req); } } else { if (!user.getPwdMd5().equals(MD5pwd)) throw new WrongPasswordException(req); } if (!user.isValid()) throw new ErrMsgException(LoadString(req, "err_invalid")); if (user.getCheckStatus()!=user.CHECK_STATUS_PASS) { RegConfig rc = new RegConfig(); int regVerify = rc.getIntProperty("regVerify"); if (regVerify==rc.REGIST_VERIFY_MANUAL) throw new ErrMsgException(LoadString(req, "info_need_check_manual")); else if (regVerify==rc.REGIST_VERIFY_EMAIL) throw new ErrMsgException(LoadString(req, "info_need_check_email")); } Prision prision = new Prision(); if (prision.isUserArrested(user.getName())) { Calendar cal = prision.getReleaseDate(user.getName()); String s = LoadString(req, "err_prision"); s = s.replaceFirst("\\$d", ForumSkin.formatDate(req, cal.getTime())); throw new ErrMsgException(s); } String oldname = getUser(req); if (oldname.equals(user.getName())) { return true; } isvalid = doLogin(req, res, user); return isvalid; } private static String encodeCookie(String username, String password) { StringBuffer buf = new StringBuffer(); if (username != null && password != null) { byte[] bytes = (username + ENCODE_DELIMETER + password).getBytes(); int b; for (int n = 0; n < bytes.length; n++) { b = bytes[n] ^ (ENCODE_XORMASK + n); buf.append((char) (ENCODE_CHAR_OFFSET1 + (b & 0x0F))); buf.append((char) (ENCODE_CHAR_OFFSET2 + ((b >> 4) & 0x0F))); } } return buf.toString(); } private static String[] decodeCookie(String cookieVal) { if (cookieVal == null || cookieVal.length() <= 0) { return null; } char[] chars = cookieVal.toCharArray(); byte[] bytes = new byte[chars.length / 2]; int b; for (int n = 0, m = 0; n < bytes.length; n++) { b = chars[m++] - ENCODE_CHAR_OFFSET1; b |= (chars[m++] - ENCODE_CHAR_OFFSET2) << 4; bytes[n] = (byte) (b ^ (ENCODE_XORMASK + n)); } cookieVal = new String(bytes); int pos = cookieVal.indexOf(ENCODE_DELIMETER); String username = (pos < 0) ? "" : cookieVal.substring(0, pos); String password = (pos < 0) ? "" : cookieVal.substring(pos + 1); return new String[] {username, password}; } public void enrolGuest(HttpServletRequest request, HttpServletResponse res) throws ErrMsgException, UserArrestedException { if (isUserLogin(request)) { HttpSession session = request.getSession(true); Authorization auth = (Authorization) session.getAttribute( SESSION_CWBBS_AUTH); if (!auth.isArrestChecked()) { auth.setArrestChecked(true); Prision prision = new Prision(); String userName = getUser(request); if (prision.isUserArrested(userName)) { logout(request, res); Calendar cal = prision.getReleaseDate(userName); String s = LoadString(request, "err_prision"); s = s.replaceFirst("\\$d", ForumSkin.formatDate(request, cal.getTime())); throw new ErrMsgException(s); } else return; } else { return; } } HttpSession session = request.getSession(true); Authorization auth = (Authorization) session.getAttribute( SESSION_CWBBS_AUTH); if (auth != null) return; String guestname = FileUpload.getRandName(); String boardcode = StrUtil.getNullString(ParamUtil.get(request, "boardcode")); OnlineUserDb ou = new OnlineUserDb(); int k = 0; boolean isGuestNameUsed = true; while (k < 10) { ou = ou.getOnlineUserDb(guestname); if (!ou.isLoaded()) { isGuestNameUsed = false; break; } else { isGuestNameUsed = true; guestname = FileUpload.getRandName(); } k++; } if (!isGuestNameUsed) { auth = new Authorization(guestname, true); session.setAttribute(SESSION_CWBBS_AUTH, auth); ou.setName(guestname); ou.setBoardCode(boardcode); ou.setGuest(true); ou.setIp(request.getRemoteAddr()); ou.setCovered(false); ou.create(); } } public Authorization getAuthorization(HttpServletRequest request) { HttpSession session = request.getSession(true); return (Authorization) session.getAttribute(SESSION_CWBBS_AUTH); } public boolean canUserDo(HttpServletRequest request, String boardCode, String doWhat) { if (isMasterLogin(request)) return true; if (boardCode.equals("")) boardCode = UserGroupPrivDb.ALLBOARD; boolean isDefaultLoaded = false; boolean defaultPriv = false; String groupCode = ""; if (isUserLogin(request)) { String userName = getUser(request); UserDb ud = new UserDb(); ud = ud.getUser(userName); if (!ud.isLoaded()) return false; UserPrivDb upd = new UserPrivDb(); upd = upd.getUserPrivDb(userName); boolean userPriv = false; if (upd.getBoolean("is_default")) { defaultPriv = getDefaultPriv(doWhat); isDefaultLoaded = true; userPriv = defaultPriv; } else { if (!doWhat.equals("view_online") && !doWhat.equals("enter_board") && !doWhat.equals("view_topic") && !doWhat.equals("view_listmember") && !doWhat.equals("view_userinfo")) { userPriv = upd.getBoolean(doWhat); if (!userPriv) return false; } } groupCode = ud.getUserGroupDb().getCode(); } else { UserGroupDb ug = new UserGroupDb(); groupCode = ug.getGuestGroupCodeByIP(request.getRemoteAddr()); } UserGroupPrivDb ugpd = new UserGroupPrivDb(); ugpd = ugpd.getUserGroupPrivDb(groupCode, boardCode); boolean groupPriv = false; if (!groupCode.equals(UserGroupDb.GUEST)) { if (ugpd.getBoolean("is_default")) { if (!isDefaultLoaded) { defaultPriv = getDefaultPriv(doWhat); isDefaultLoaded = true; } groupPriv = defaultPriv; } else { groupPriv = ugpd.getBoolean(doWhat); } } else { groupPriv = ugpd.getBoolean(doWhat); } return groupPriv; } public boolean getDefaultPriv(String doWhat) { boolean defaultPriv = true; Config cfg = Config.getInstance(); if (doWhat.equals("add_topic")) { defaultPriv = cfg.getProperty("forum.canUserAddTopic").equals( "true"); } else if (doWhat.equals("attach_upload")) { defaultPriv = cfg.getProperty("forum.canUserUploadAttach"). equals("true"); } else if (doWhat.equals("reply_topic")) { defaultPriv = cfg.getProperty("forum.canUserReplyTopic"). equals( "true"); } else if (doWhat.equals("vote")) { defaultPriv = cfg.getProperty("forum.canUserVote").equals("true"); } else if (doWhat.equals("search")) { defaultPriv = cfg.getProperty("forum.canUserSearch").equals( "true"); } return defaultPriv; } public boolean canUserUpload(HttpServletRequest request, String boardCode) { String groupCode = ""; boolean defaultPriv = false; boolean isDefalutLoaded = false; UserPrivDb upd = new UserPrivDb(); if (isUserLogin(request)) { String userName = getUser(request); UserDb ud = new UserDb(); ud = ud.getUser(userName); if (!ud.isLoaded()) return false; groupCode = ud.getUserGroupDb().getCode(); upd = upd.getUserPrivDb(userName); if (upd.getBoolean("is_default")) { defaultPriv = getDefaultPriv("attach_upload"); isDefalutLoaded = true; } else { if (!upd.getBoolean("attach_upload")) return false; } } else groupCode = UserGroupDb.GUEST; UserGroupPrivDb ugpd = new UserGroupPrivDb(); ugpd = ugpd.getUserGroupPrivDb(groupCode, boardCode); boolean groupPriv = false; if (ugpd.getBoolean("is_default")) { if (!isDefalutLoaded) { defaultPriv = getDefaultPriv("attach_upload"); } groupPriv = defaultPriv; } else { groupPriv = ugpd.getBoolean("attach_upload"); } if (!groupPriv) { return false; } if (isUserLogin(request)) { Config cfg = Config.getInstance(); int uploadCount = cfg.getIntProperty("forum.maxAttachDayCount"); if (upd.getBoolean("is_default")) { if (upd.getInt("attach_day_count") > uploadCount) { uploadCount = upd.getInt("attach_day_count"); } } if (upd.getAttachTodayUploadCount() < uploadCount) return true; else return false; } else return groupPriv; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -