loginmonitor.java

cwbbs 云网论坛源码

package com.redmoon.forum.security;

import javax.servlet.*;
import javax.servlet.http.*;
import cn.js.fan.util.*;
import cn.js.fan.web.SkinUtil;
import com.redmoon.forum.Config;



public class LoginMonitor {
    static long delaytime = 60000; 
    static int maxfailcount = 3;
    static long failtimespan = 30000; 

    static final String prefix = "cwbbs";

    static {
        initParam();
    }

    public LoginMonitor() {
    }

    public static void initParam() {
        Config cfg = Config.getInstance();
        failtimespan = cfg.getIntProperty("forum.loginFailInterval") * 1000;
        maxfailcount = cfg.getIntProperty("forum.loginFailCount");
        delaytime = cfg.getIntProperty("forum.loginFailDelay") * 1000;
    }

    
    public static void initLogin(HttpServletRequest request) {
        HttpSession session = request.getSession(true);
        String c = (String) session.getAttribute(prefix + "_loginfail_count");
        if (c == null)
            session.setAttribute(prefix + "_loginfail_count", "0");
    }

    public static boolean canLogin(HttpServletRequest request) throws
            ErrMsgException {
        HttpSession session = request.getSession(true);
        String strcount = (String) session.getAttribute(prefix +
                "_loginfail_count");
        int count = 0;
        if (strcount == null) {
            session.setAttribute(prefix + "_loginfail_count", "0"); 
            
        } else {
            try {
                count = Integer.parseInt(strcount);
            } catch (Exception e) {
                throw new ErrMsgException("Login count error！");
            }
        }
        if (count <= maxfailcount)
            return true;
        long first = 0;
        long last = 0;
        try {
            first = Long.parseLong((String) session.getAttribute(
                    prefix + "_loginfail_first"));
            last = Long.parseLong((String) session.getAttribute(
                    prefix + "_loginfail_last"));
        } catch (NumberFormatException e) {
            throw new ErrMsgException("Login fail time error！");
        }
        long timespan = last - first;
        if (timespan <= failtimespan) { 
            long tspan = System.currentTimeMillis() - last;
            tspan = (delaytime - tspan) / 1000;
            if (tspan > 0) {
                
                
                
                
                String str = SkinUtil.LoadString(request, "err_login_can_not");
                str = str.replaceFirst("\\$s", "" + failtimespan/1000);
                str = str.replaceFirst("\\$c", "" + maxfailcount);
                str = str.replaceFirst("\\$d", "" + delaytime/1000);
                str = str.replaceFirst("\\$t", "" + tspan);
                throw new ErrMsgException(str);
            }
        } else
            session.setAttribute(prefix + "_loginfail_count", "0");
        return true;
    }

    
    public static void afterLogin(HttpServletRequest request,
                                  boolean isloginsuccess,
                                  boolean keepsession) throws ErrMsgException {
        HttpSession session = request.getSession(true);
        if (isloginsuccess) {
            if (!keepsession)
                session.invalidate(); 
            return;
        }
        String strcount = (String) session.getAttribute(prefix +
                "_loginfail_count");
        int count = 0;
        if (strcount == null) {
            throw new ErrMsgException("After:" + SkinUtil.LoadString(request, "err_login_invalid")); 
        } else {
            try {
                count = Integer.parseInt(strcount);
            } catch (Exception e) {
                throw new ErrMsgException("After login coutn error！");
            }
        }
        count++;
        session.setAttribute(prefix + "_loginfail_count", "" + count);
        long t = System.currentTimeMillis();
        
        if (count == 1) {
            session.setAttribute(prefix + "_loginfail_first", "" + t);
            session.setAttribute(prefix + "_loginfail_last", "" + t);
        } else
            session.setAttribute(prefix + "_loginfail_last",
                                 "" + System.currentTimeMillis());
        long timespan = 0;
        long first = 0, last = 0;
        if (count == 1) {
            
            
            
            
            String str = SkinUtil.LoadString(request, "err_login_fail_one");
            str = str.replaceFirst("\\$c", "" + count);
            str = str.replaceFirst("\\$s", "" + failtimespan/1000);
            str = str.replaceFirst("\\$m", "" + maxfailcount);
            str = str.replaceFirst("\\$d", "" + delaytime/1000);
            throw new ErrMsgException(str);
        }
        else
            last = t;
        try {
            first = Long.parseLong((String) session.getAttribute(
                    prefix + "_loginfail_first"));
        } catch (NumberFormatException e) {
            throw new ErrMsgException("Error when parseLong loginfail_first");
        }
        timespan = (last - first) / 1000;
        
        
        
        
        String str = SkinUtil.LoadString(request, "err_login_fail");
        str = str.replaceFirst("\\$t", "" + timespan);
        str = str.replaceFirst("\\$c", "" + count);
        str = str.replaceFirst("\\$f", "" + failtimespan/1000);
        str = str.replaceFirst("\\$m", "" + maxfailcount);
        str = str.replaceFirst("\\$s", "" + delaytime/1000);
        throw new ErrMsgException(str);
    }
}