📄 loggingmanageaction.java
字号:
package cn.jsprun.struts.foreg.actions;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.actions.DispatchAction;
import cn.jsprun.domain.Members;
import cn.jsprun.foreg.utils.CookieUtil;
import cn.jsprun.service.system.DataBaseService;
import cn.jsprun.service.user.MemberService;
import cn.jsprun.utils.BeanFactory;
import cn.jsprun.utils.Common;
import cn.jsprun.utils.DataParse;
import cn.jsprun.utils.Log;
import cn.jsprun.utils.Md5Token;
public class LoggingManageAction extends DispatchAction {
private DataBaseService dataBaseService = (DataBaseService) BeanFactory.getBean("dataBaseService");
private MemberService memberService = (MemberService) BeanFactory.getBean("memberService");
private DataParse dataParse = (DataParse) BeanFactory.getBean("dataParse");
@SuppressWarnings("unchecked")
public ActionForward toLogin(ActionMapping mapping, ActionForm form,HttpServletRequest request, HttpServletResponse response) {
Map<String,String> settings=(Map<String,String>)request.getAttribute("settings");
HttpSession session=request.getSession();
int jsprun_uid=(Integer)session.getAttribute("jsprun_uid");
if (jsprun_uid>0) {
request.setAttribute("successInfo", "欢迎您回来,"+session.getAttribute("jsprun_userss")+ "。现在将转入登录前页面。");
request.setAttribute("requestPath",settings.get("indexname"));
return mapping.findForward("showMessage");
}
int timestamp = (Integer)(request.getAttribute("timestamp"));
boolean seccodecheck = (Integer.valueOf(settings.get("seccodestatus"))&2)>0;
if (seccodecheck&& this.logincheck(request.getRemoteAddr(), timestamp) > 0) {
request.setAttribute("seccodedata", dataParse.characterParse(settings.get("seccodedata"), false));
}
request.setAttribute("seccodecheck", seccodecheck);
float timeoffset = (Float)session.getAttribute("timeoffset");
String timeformat=(String)session.getAttribute("timeformat");
String dateformat=(String)session.getAttribute("dateformat");
String offset=String.valueOf(timeoffset);
int index=offset.indexOf(".0");
if(index>0){
offset=offset.substring(0,index);
}
request.setAttribute("timestamp", timestamp);
request.setAttribute("thetimenow", "(GMT "+ (timeoffset > 0 ? "+" : "")+ offset+ ") "+Common.gmdate(dateformat+" "+timeformat,timestamp,timeoffset));
request.setAttribute("styleTemplates", dataParse.characterParse(settings.get("stylejump"),true));
String cookietimes=CookieUtil.getCookie(request, "cookietime",true,settings);
int cookietime=cookietimes!=null? Common.toDigit(cookietimes) :-1;
request.setAttribute("cookietime", cookietime >-1 ? cookietime : 2592000);
String referer=request.getParameter("referer");
if(referer==null){
referer= request.getHeader("Referer");
if(referer!=null){
referer=referer.substring(referer.lastIndexOf("/")+1);
}else{
referer="";
}
}
request.setAttribute("referer",Common.matches(referer, "(logging|register)")?"":referer);
return mapping.findForward("toLogin");
}
@SuppressWarnings("unchecked")
public ActionForward login(ActionMapping mapping, ActionForm form,HttpServletRequest request, HttpServletResponse response) {
Map<String,String> settings=(Map<String,String>)request.getAttribute("settings");
HttpSession session=request.getSession();
int jsprun_uid=(Integer)session.getAttribute("jsprun_uid");
boolean isfastsuccess = Common.isshowsuccess(session, "login_succeed");
if (jsprun_uid>0) {
if(isfastsuccess){
Common.requestforward(response, settings.get("indexname"));
return null;
}else{
request.setAttribute("successInfo", "欢迎您回来,"+session.getAttribute("jsprun_userss")+ "。现在将转入登录前页面。");
request.setAttribute("requestPath",settings.get("indexname"));
return mapping.findForward("showMessage");
}
}
String onlineip = request.getRemoteAddr() ;
int timestamp = (Integer)(request.getAttribute("timestamp"));
int loginperm = logincheck(onlineip, timestamp);
if (loginperm <= 0) {
request.setAttribute("resultInfo", "累计 5 次错误尝试,15 分钟内您将不能登录论坛。");
return mapping.findForward("showMessage");
}
String styleid = request.getParameter("styleid");
if(styleid!=null&&!styleid.equals(""))
{
session.setAttribute("styleid", styleid);
}else{
styleid=(String)session.getAttribute("styleid");
}
boolean seccodecheck = (Integer.valueOf(settings.get("seccodestatus"))&2)>0;
if (seccodecheck&& loginperm > 0) {
request.setAttribute("seccodedata", dataParse.characterParse(settings.get("seccodedata"), false));
}
String seccodeverify = request.getParameter("seccodeverify");
boolean seccodemiss = (seccodecheck&&seccodeverify==null)||(seccodecheck && seccodeverify!=null&&seccodeverify.equals("")) ? true : false;
if (seccodecheck&&!seccodemiss) {
if (!seccodeverify.equals(session.getAttribute("rand"))) {
request.setAttribute("errorInfo", "您输入的验证码不正确,无法提交,请返回修改。");
return mapping.findForward("showMessage");
}
}
String username = request.getParameter("username");
String password = request.getParameter("password");
String loginauth = request.getParameter("loginauth");
int questionid = Common.toDigit(request.getParameter("questionid"));
String answer = request.getParameter("answer");
int cookietime =Common.toDigit(request.getParameter("cookietime"));
String loginmode = request.getParameter("loginmode");
String secques = Common.quescrypt(questionid, answer);
Members member = null;
if ("uid".equals(request.getParameter("loginfield"))) {
member = memberService.findMemberById(Common.toDigit(username,2147483647L, 0L).intValue());
}
else{
member = memberService.findByName(username);
}
String passwordbak=null;
if(loginauth!=null)
{
password=loginauth;
}else{
if(member!=null&&member.getPassword().length()==32)
{
password = password!=null?Md5Token.getInstance().getLongToken(password):"";
}
else{
passwordbak=password!=null?Md5Token.getInstance().getLongToken(password):null;
password = password!=null?Md5Token.getInstance().getShortToken(password):"";
}
}
String referer=request.getParameter("referer");
if(referer==null){
referer=request.getHeader("Referer");
}else if(referer.equals("")){
referer=settings.get("indexname");
}
if (member != null && member.getPassword().equals(password)) {
if(member.getSecques().equals(secques)&&!seccodemiss)
{
if(passwordbak!=null)
{
member.setPassword(passwordbak);
memberService.modifyMember(member);
}
Short groupid=member.getGroupid();
String jsprun_userss=member.getUsername();
Map<String,String> usergroups=(Map<String,String>)request.getAttribute("usergroups");
if("1".equals(usergroups.get("allowinvisible"))&&loginmode!=null&&loginmode.equals("invisible")||loginmode!=null&&loginmode.equals("normal"))
{
member.setInvisible(Byte.valueOf(loginmode.equals("invisible")?"1":"0"));
memberService.modifyMember(member);
}
styleid=styleid==null||styleid.equals("")?(member.getStyleid()!=0?member.getStyleid().toString():settings.get("styleid")):styleid;
if(cookietime<=0){
String cookietimes=CookieUtil.getCookie(request, "cookietime",true,settings);
cookietime=cookietimes!=null?Common.toDigit(cookietimes) :0;
}
CookieUtil.setCookie(request, response, "uid", String.valueOf(member.getUid()), cookietime, true,settings);
CookieUtil.setCookie(request, response, "cookietime", String.valueOf(cookietime), 31536000, true,settings);
CookieUtil.setCookie(request, response, "auth", Md5Token.getInstance().getLongToken(member.getPassword()+"\t"+member.getSecques()+"\t"+member.getUid()), cookietime, true,settings);
session.setAttribute("jsprun_uid", member.getUid());
session.setAttribute("jsprun_userss", jsprun_userss);
session.setAttribute("jsprun_groupid", groupid);
session.setAttribute("jsprun_adminid", member.getAdminid());
session.setAttribute("jsprun_pw", member.getPassword());
session.setAttribute("formhash", Common.getRandStr(8,false));
session.setAttribute("user", member);
session.setAttribute("styleid",styleid);
request.setAttribute("refresh", "true");
request.setAttribute("sessionexists", false);
if(settings.get("passport_status").equals("shopex")&&!settings.get("passport_shopex").equals("0"))
{
if(groupid==8)
{
request.setAttribute("successInfo", "欢迎您回来,"+jsprun_userss+"。您的帐号处于非激活状态,现在将转入控制面板。");
request.setAttribute("requestPath", "memcp.jsp");
return mapping.findForward("showMessage");
}else{
if(isfastsuccess){
Common.requestforward(response,referer);
return null;
}else{
request.setAttribute("successInfo", "欢迎您回来,"+jsprun_userss+"。现在将转入登录前页面。");
request.setAttribute("requestPath",referer);
return mapping.findForward("showMessage");
}
}
}
else{
if(groupid==8)
{
request.setAttribute("successInfo", "欢迎您回来,"+jsprun_userss+"。您的帐号处于非激活状态,现在将转入控制面板。");
request.setAttribute("requestPath", "memcp.jsp");
return mapping.findForward("showMessage");
}
else{
if(isfastsuccess){
Common.requestforward(response,referer);
return null;
}else{
request.setAttribute("successInfo", "欢迎您回来,"+jsprun_userss+"。现在将转入登录前页面。");
request.setAttribute("requestPath",referer);
return mapping.findForward("showMessage");
}
}
}
}
else if(secques==null||secques.equals("")||seccodemiss){
if(!member.getSecques().equals(""))
{
request.setAttribute("login_secques", "请选择您设置的安全提问,并回答正确后才能登录。");
}
request.setAttribute("username", member.getUsername());
request.setAttribute("cookietime", cookietime);
request.setAttribute("loginmode", loginmode);
request.setAttribute("styleid", styleid);
request.setAttribute("loginauth", member.getPassword());
request.setAttribute("seccodecheck", seccodecheck);
return mapping.findForward("toLogin_secques");
}
}
Log.writelog(servlet.getServletContext().getRealPath("/"),"illegallog", timestamp+"\t"+(member!=null?member.getUsername():username)+"\t"+password+"\t"+(secques!=null&&!secques.equals("")?"Ques #"+questionid:"")+"\t"+onlineip);
loginfailed(loginperm,onlineip,timestamp);
request.setAttribute("successInfo", "用户名无效,密码错误或安全问题回答错误,您可以有至多 5 次尝试。");
request.setAttribute("requestPath", "logging.jsp?action=login&referer="+referer);
return mapping.findForward("showMessage");
}
@SuppressWarnings("unchecked")
public ActionForward logout(ActionMapping mapping, ActionForm form,HttpServletRequest request, HttpServletResponse response) {
HttpSession session=request.getSession();
session.removeAttribute("members");
String referer=request.getParameter("referer");
if(referer==null){
referer=request.getHeader("Referer");
}
if(!request.getParameter("formhash").equals(session.getAttribute("formhash")))
{
if(Common.isshowsuccess(session, "logout_succeed")){
Common.requestforward(response, referer);
return null;
}else{
request.setAttribute("successInfo", "您已退出论坛,现在将以游客身份转入退出前页面。");
request.setAttribute("requestPath",referer);
return mapping.findForward("showMessage");
}
}
Map<String,String> settings=(Map<String,String>)request.getAttribute("settings");
CookieUtil.clearCookies(request, response,settings);
session.setAttribute("styleid", settings.get("styleid"));
settings=null;
if(Common.isshowsuccess(session, "logout_succeed")){
Common.requestforward(response, referer);
return null;
}else{
request.setAttribute("successInfo", "您已退出论坛,现在将以游客身份转入退出前页面。");
request.setAttribute("requestPath", referer);
return mapping.findForward("showMessage");
}
}
private void loginfailed(int permission,String onlineip,int timestamp)
{
switch(permission)
{
case 1:
dataBaseService.runQuery("REPLACE INTO jrun_failedlogins (ip, count, lastupdate) VALUES ('"+onlineip+"', '1', '"+timestamp+"')",true);
break;
case 2:
dataBaseService.runQuery("UPDATE jrun_failedlogins SET count=count+1, lastupdate='"+timestamp+"' WHERE ip='"+onlineip+"'",true);
break;
case 3:
dataBaseService.runQuery("UPDATE jrun_failedlogins SET count='1', lastupdate='"+timestamp+"' WHERE ip='"+onlineip+"'",true);
dataBaseService.runQuery("DELETE FROM jrun_failedlogins WHERE lastupdate<"+(timestamp-901),true);
break;
}
}
private int logincheck(String onlineip, int timestamp) {
List<Map<String,String>> failedlogins=dataBaseService.executeQuery("SELECT count, lastupdate FROM jrun_failedlogins WHERE ip='"+onlineip+"'");
if (failedlogins != null&&failedlogins.size()>0) {
Map<String,String> failedlogin=failedlogins.get(0);
if (timestamp - Integer.valueOf(failedlogin.get("lastupdate")) > 900) {
return 3;
} else if (Integer.valueOf(failedlogin.get("count")) < 5) {
return 2;
} else {
return 0;
}
} else {
return 1;
}
}
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -