📄 admincpaction.java
字号:
package cn.jsprun.struts.action;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.actions.DispatchAction;
import cn.jsprun.domain.Members;
import cn.jsprun.foreg.utils.CookieUtil;
import cn.jsprun.service.system.DataBaseService;
import cn.jsprun.service.user.MemberService;
import cn.jsprun.utils.BeanFactory;
import cn.jsprun.utils.Common;
import cn.jsprun.utils.DataParse;
import cn.jsprun.utils.ForumInit;
import cn.jsprun.utils.Log;
import cn.jsprun.utils.Md5Token;
public class AdmincpAction extends DispatchAction {
private MemberService memberService = (MemberService) BeanFactory.getBean("memberService");
private DataBaseService dataBaseService = (DataBaseService) BeanFactory.getBean("dataBaseService");
private DataParse dataParse = (DataParse)BeanFactory.getBean("dataParse");
@SuppressWarnings("unchecked")
public ActionForward admincp(ActionMapping mapping, ActionForm form,HttpServletRequest request, HttpServletResponse response) {
HttpSession session = request.getSession();
Map<String,String> settings=ForumInit.settings;
byte adminid = (Byte)session.getAttribute("jsprun_adminid");
int cpaccess = 1;
int errorcount=0;
String onlineip = request.getRemoteAddr();
int uid = (Integer) session.getAttribute("jsprun_uid");
int timestamp = (Integer)(request.getAttribute("timestamp"));
Map<String,String> usergroups = (Map<String,String>)request.getAttribute("usergroups");
if (adminid <= 0) {
cpaccess = 0;
} else {
String adminipaccess = settings.get("adminipaccess");
if (!"".equals(adminipaccess)&&adminid == 1 &&!Common.ipaccess(onlineip,adminipaccess)) {
cpaccess=2;
}else{
String addonlineip = Common.toDigit(settings.get("admincp_checkip"))>0? " AND ip='"+onlineip+"'" : "";
List<Map<String,String>> errorcounts=dataBaseService.executeQuery("SELECT errorcount FROM jrun_adminsessions WHERE uid='"+uid+"'"+addonlineip+" AND dateline+1800>'"+timestamp+"'");
if(errorcounts!=null&&errorcounts.size()>0){
errorcount=Integer.valueOf(errorcounts.get(0).get("errorcount"));
if(errorcount==-1){
dataBaseService.runQuery("UPDATE jrun_adminsessions SET dateline='"+timestamp+"' WHERE uid='"+uid+"'",true);
cpaccess = 3;
} else if (errorcount <=3) {
cpaccess = 1;
}else{
cpaccess = 0;
}
}else{
dataBaseService.runQuery("DELETE FROM jrun_adminsessions WHERE uid='"+uid+"' OR dateline+1800<'"+timestamp+"'",true);
dataBaseService.runQuery("INSERT INTO jrun_adminsessions (uid, ip, dateline, errorcount) VALUES ('"+uid+"', '"+onlineip+"', '"+timestamp+"', '0')",true);
cpaccess = 1;
}
}
}
String jsprun_userss=(String)session.getAttribute("jsprun_userss");
if(jsprun_userss==null){
jsprun_userss="";
}
String action=request.getParameter("action");
if(action!=null&&!("|main|header|menu|illegallog|ratelog|modslog|medalslog|creditslog|banlog|cplog|errorlog|".contains("|"+action+"|"))){
String extra=null;
switch(cpaccess){
case 0:
extra="PERMISSION DENIED";
break;
case 1:
extra="AUTHENTIFICATION(ERROR #"+errorcount+")";
break;
case 2:
extra="IP ACCESS DENIED";
break;
case 3:
StringBuffer extraBuffer=new StringBuffer();
Map<String,String[]> map=request.getParameterMap();
if(map!=null&&map.size()>0){
Set<String> keys=map.keySet();
for(String key:keys){
if(!("|action|adminaction|sid|formhash|admin_password|".contains("|"+action+"|"))){
String[] values=map.get(key);
if(values!=null){
int length=values.length;
if(length>1){
extraBuffer.append("; "+key+"=Array(");
for(int i=0;i<length;i++){
extraBuffer.append(i+"="+Common.cutstr(values[i], 15, null)+"; ");
}
extraBuffer.append(")");
}else if(!"".equals(values[0])){
extraBuffer.append("; "+key+"=");
extraBuffer.append(Common.cutstr(values[0], 15, null));
}
}
}
}
}
extra=extraBuffer.length()>2?extraBuffer.substring(2):"";
break;
}
Log.writelog(servlet.getServletContext().getRealPath("/"),"cplog", timestamp + "\t" + jsprun_userss + "\t" + adminid + "\t" + onlineip + "\t" + action + "\t"+("home".equals(action)? "" :extra));
}
if(cpaccess==0){
CookieUtil.clearCookies(request, response, settings);
this.loginmsg(request, new StringBuffer("您没有权限访问系统设置。"), null, null, null, null);
return mapping.findForward("toAdmincp");
}else if(cpaccess==1){
String admin_password=request.getParameter("admin_password");
if(admin_password==null||!Md5Token.getInstance().getLongToken(request.getParameter("admin_password")).equals(session.getAttribute("jsprun_pw"))){
if(admin_password!=null){
dataBaseService.runQuery("UPDATE jrun_adminsessions SET errorcount=errorcount+1 WHERE uid='"+uid+"'",true);
Log.writelog(servlet.getServletContext().getRealPath("/"),"cplog", timestamp + "\t" + jsprun_userss + "\t" + adminid + "\t" + onlineip + "\t" + action + "\tAUTHENTIFICATION(PASSWORD)");
}
loginmsg(request,null, null, "login", (String)session.getAttribute("jsprun_sid"),(String)session.getAttribute("jsprun_userss"));
return mapping.findForward("toAdmincp");
}else{
dataBaseService.runQuery("UPDATE jrun_adminsessions SET errorcount='-1' WHERE uid='"+uid+"'",true);
String extra=(String)request.getAttribute("extra");
this.loginmsg(request, new StringBuffer("登录成功"), "admincp.jsp?"+extra, null, null, null);
String url_forward=request.getParameter("url_forward");
if(url_forward!=null) {
try {
response.getWriter().write("<meta http-equiv=refresh content=\"0;URL="+url_forward+"\">");
} catch (IOException e) {
e.printStackTrace();
}
}
return mapping.findForward("toAdmincp");
}
}else if(cpaccess==2){
this.loginmsg(request, new StringBuffer("对不起,管理员设定了只有特定 IP 地址范围才能访问系统设置,您的地址不在被允许的范围内。"), null, null, null, null);
return mapping.findForward("toAdmincp");
}
Members adminUser = memberService.findMemberById(uid);
List founderlist = new ArrayList();
session.setAttribute("ishavefounder",false);
session.setAttribute("isfounder", false);
if(adminUser.getGroupid()==1){
String forumfounder =settings.get("forumfounders");
if(!forumfounder.equals("")){
String forumfounders[] = forumfounder.split(",");
for(int i=0;i<forumfounders.length;i++){
Members forfunder = memberService.findMemberById(convertInt(forumfounders[i]));
if(forfunder!=null && forfunder.getGroupid()==1){
founderlist.add(forfunder.getUsername());
session.setAttribute("ishavefounder",true);
if(forfunder.getUid()==adminUser.getUid()){
session.setAttribute("isfounder", true);
}
}
}
}
}
session.setAttribute("founderlist", founderlist);
session.setAttribute("members", adminUser);
String frames=request.getParameter("frames");
String sid=request.getParameter("sid");
String url=null;
if((action==null||"yes".equals(frames))&&sid==null){
url="/admin/index.jsp";
}else{
url="admin/page/main.jsp";
}
if(usergroups.get("radminid").equals("1")){
List<Map<String,String>> dactionarray = dataBaseService.executeQuery("SELECT disabledactions FROM jrun_adminactions WHERE admingid='"+usergroups.get("groupid")+"'");
if(dactionarray!=null&&dactionarray.size()>0){
Map<String,String> dactionarrayMap = dataParse.characterParse(dactionarray.get(0).get("disabledactions"),false);
Set<String> actionskey = dactionarrayMap.keySet();
for(String key:actionskey){
String keys[] = key.split(":");
for(String s:keys){
if(s.equals(action)){
request.setAttribute("resultInfo", "对不起,管理员设定了您没有权限使用本功能。");
return mapping.findForward("result");
}
}
}
}
}
try {
request.getRequestDispatcher(url).forward(request, response);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
public ActionForward logout(ActionMapping mapping, ActionForm form,HttpServletRequest request, HttpServletResponse response) {
HttpSession session = request.getSession();
session.removeAttribute("members");
dataBaseService.runQuery("DELETE FROM jrun_adminsessions WHERE uid='"+session.getAttribute("jsprun_uid")+"'",true);
this.loginmsg(request, new StringBuffer("您已成功退出系统设置。"), "index.jsp", null, null, null);
return mapping.findForward("toAdmincp");
}
private int convertInt(String str){
int count = 0;
try{
count = Integer.valueOf(str);
}catch(Exception e){
}
return count;
}
private void loginmsg(HttpServletRequest request,StringBuffer message,String url_forward,String msgtype,String jsprun_sid,String jsprun_user)
{
if(message==null){
message=new StringBuffer();
}
if(url_forward==null){
url_forward="";
}
if(msgtype==null){
msgtype="message";
}
if("message".equals(msgtype)){
message.insert(0, "<tr><td> </td><td align='center' colspan='3' >");
if(!"".equals(url_forward)){
message.append("<br /><br /><a href='"+url_forward+"'>如果您的浏览器没有自动跳转,请点击这里</a>");
message.append("<script>setTimeout(\"redirect('"+url_forward+"');\", 1250);</script><br /><br /><br /></td><td> </td></tr>");
}else{
message.append("<br /><br /><br />");
}
}else{
String adminaction=request.getParameter("adminaction");
String frames=request.getParameter("frames");
String extra=(String)request.getAttribute("extra");
if(extra==null){
extra="";
}
extra = adminaction!=null && frames==null? "?frames=yes"+("".equals(extra)?"":"&"+extra):"?"+extra;
message.append("<form method='post' name='login' action='admincp.jsp"+extra+"'><input type='hidden' name='sid' value='"+jsprun_sid+"'><input type='hidden' name='frames' value='yes'><input type='hidden' name='url_forward' value='"+url_forward+"'><tr><td> </td><td align='right'>用户名:</td><td>"+jsprun_user+"</td><td><a href='logging.jsp?action=logout&formhash="+Common.getRandStr(8, false)+"&referer=index.jsp'>退出</a></td><td> </td></tr><tr><td> </td><td align='right'>密 码:</td><td><input type='password' name='admin_password' size='25'></td><td> </td><td> </td></tr><tr><td> </td><td class='line1'> </td><td class='line1' align='center'><input type='submit' class='button' value='提 交' /></form><script language='JavaScript'>document.login.admin_password.focus();</script></td><td class='line1'> </td><td> </td></tr>");
}
request.setAttribute("message", message.toString());
}
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -