<!DOCTYPE html>
<html>
<head lang="en">
<meta charset="UTF-8">
<title>修改密码 | ${appName} - ${sysName}</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>${appName}-${sysName}</title> <%include("/admin/header.html"){}%>
<script type="text/javascript">
var app="${app}";
</script>
<link rel="stylesheet" href="${app}assets/css/amazeui-qhyf.css">
</head>
<body>
<div class="am-g" style="padding-top: 3%;">
<div class="am-u-lg-3 am-u-md-6 am-u-sm-centered loginContent">
<div class="loginBox">
<div class="loginTitle">
<div class="inner">
<i class="title-icon"></i>
<h1>${appName}</h1>
<span>首次登陆请先修改密码</span>
</div>
</div>
<!-- loginTitle end -->
<div class="log-mainbox">
<form method="post" id="changePasswordForm" class="am-form"
action="${app}password/change">
<fieldset>
<div class="iptBox ipt-logCon" style="margin-bottom: 30px;">
<i class="user"></i> <input name="userName" type="text"
id="userName" minlength="4" placeholder="请输入用户名" required="required" />
</div>
<div class="iptBox ipt-logCon" style="margin-bottom: 30px;">
<i class="pass"></i> <input name="oldPassword" type="password"
id="oldPassword" minlength="6" onblur="javascrpit:checkPassWord()" placeholder="请输入原密码" required/>
</div>
<div class="iptBox ipt-logCon" style="margin-bottom: 30px;">
<i class="pass"></i> <input name="password" type="password"
id="password" minlength="8"placeholder="请输入新密码" required />
</div>
<div class="iptBox ipt-logCon" style="margin-bottom: 30px;">
<i class="pass"></i> <input name="passwordConfirm" type="password"
id="passwordConfirm" data-equal-to="#password" minlength="8" placeholder="请再次输入新密码" required="required" />
</div>
<div class="am-cf" style="margin-bottom: 30px;">
<input id="changePasswordBtn" type="button"
class="am-btn am-btn-primary am-btn-sm am-fl log-sendBox log-sendshadowFont log-sendBoxShadow "
value="修改密码" />
</div>
<span style="color:#FFFFFF;font-size: 5px;margin-left: 0px">新密码必须包含数字、大写字母、小写字母、特殊字字符至少3种,长度必须大于或等于8位</span>
</fieldset>
</form>
</div>
<!-- log-mainbox end -->
</div>
<div class="loginShadow" style="margin-top: 10px;">
<img src="${app}assets/i/image/loginShadow.jpg">
</div>
</div>
</div>
<div class="admin-tpl" id="templateDiv">
<%include("/admin/template/modal.tpl"){}%>
</div>
<div id="modal-div"></div>
<script src="${app}assets/js/jquery.min.js"></script>
<script src="${app}assets/js/admin/admin.js"></script>
<script src="${app}assets/js/admin/admin.utils.js"></script>
<script src="${app}assets/js/amazeui.min.js"></script>
<script src="${app}assets/js/handlebars.min.js"></script>
<script type="text/javascript">
//每个模块都应该提供一个init方法用来进行事件注册什么的
function changePasswordAdmin() {
}// 定义一个类(函数)
changePasswordAdmin.formId="changePasswordForm";
changePasswordAdmin.comfirBtnName="确定";
changePasswordAdmin.modal=null;
var $modalTpl = $('#admin-modal-div-tpl');
var $modalDivName = "#modal-div";
var $modalDiv = $($modalDivName);
//为该类(函数)添加一个静态方法extend
changePasswordAdmin.extend = function(obj) {
for ( var a in obj)
this[a] = obj[a];
}
changePasswordAdmin.extend({
init : function(data) {
//注册新增按钮
$("#changePasswordBtn").on(
'click',function(){
commit;
});//新增按钮注册结束
},//init End
commit : function(data) {
var passwordConfirm = $('#changePasswordForm').find('#passwordConfirm').val();
var password = $('#changePasswordForm').find('#password')
.val();
if (passwordConfirm !== password) {
alertMsg("初始密码和确认密码必须一致");
return;
}
var $form= $("#"+changePasswordAdmin.formId);
commitForm($form, changePasswordAdmin.modal,changePasswordAdmin);
}
});//extend END
function checkPassWord(){
var oldPassword = document.getElementById("oldPassword").value;
var userName= document.getElementById("userName").value;
/* var para={};
para['oldPassword']=oldPassword;
para['userName']=userName; */
ajax_jsonp("${app}password/check", {"oldPassword":oldPassword,"userName":userName}, function(response){
if(response.errmsg=="密码不正确,请重新输入"){
alert("密码不正确请重新输入");
//alert("密码不正确请重新输入");
return;
}
},null,"POST");
}
$("#changePasswordBtn").on(
'click',
function() {
var passwordConfirm = $('#changePasswordForm').find(
'#passwordConfirm').val();
var password = $('#changePasswordForm').find('#password').val();
if (passwordConfirm !== password) {
alert("新密码和确认密码必须一致");
return false;
}
if (password == "" || password.length < 8) {
alert("密码至少为8位");
return false;
}
var passwordFormat = /^(?![a-zA-Z]+$)(?![A-Z0-9]+$)(?![A-Z\\\\W_!@#$%^&*`~()-+=]+$)(?![a-z0-9]+$)(?![a-z\\\\W_!@#$%^&*`~()-+=]+$)(?![0-9\\\\W_!@#$%^&*`~()-+=]+$)[a-zA-Z0-9\\\\W_!@#$%^&*`~()-+=]{8,30}$/
if (!passwordFormat.test(password)) {
alert("新密码必须包含数字、大写字母、小写字母、特殊字字符4种中至少3种");
return;
}
if (!passwordFormat.test(passwordConfirm)) {
alert("确认密码必须包含数字、大写字母、小写字母、特殊字字符4种中至少3种");
return;
}
var $form= $("#"+changePasswordAdmin.formId);
// commitForm($form, changePasswordAdmin.modal,changePasswordAdmin);
// 异步提交
var formData = $form.serializeArray();
var data = {};
$.each(formData, function(index, object) {
data[object.name] = object.value;
});
url = build_url("${app}password/change");
$.ajax({
async: true,
data: data,
url: url,
dataType: "json",
type: "POST"
}).then(function(data, status) {
if(!checkResponseData(data)) {
if(data && data.errmsg) {
alert(data.errmsg);
$("#userName").val("");
$("#oldPassword").val("");
$("#password").val("");
$("#passwordConfirm").val("");
return;
} else {
console.error("发生未知错误");
}
}
}, function(data, status, errorThrown) {
if(data.status && data.status === 200) {
document.write(data.responseText);
return;
}
});
});
</script>
</body>
</html>
<!DOCTYPE html>
<html>
<head lang="en">
<meta charset="UTF-8">
<title>登陆 | ${appName} - ${sysName}</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>${appName}-${sysName}</title> <%include("/admin/header.html"){}%>
<script>
if (!endWith(window.location.href, "/login")
&& !endWith(window.location.href, "/login/")) {
console.log("非登陆地址,重新刷新一次登陆界面");
window.location.href = "${app}login";
}
$(function() {
var loginMsg = "${loginErrMsg!}";
if (loginMsg != "") {
alert(loginMsg);
}
});
$(function() {
var needPhoneCheck = "${needPhoneCheck!}";
if (needPhoneCheck) {
$("#identifyingCode").parent(".iptBox").css('display','block');
if("1"==needPhoneCheck){
$("#resend").css('display','block');
settime($("#resend"));
}else if("2"==needPhoneCheck){
$("#resend").css('display','block');
}
}
});
$(function() {
var obj = $("#resend");
var countdown = "${countdown!}";
settime(obj);
});
</script>
</head>
<body>
<div class="am-g" style="padding-top: 3%;">
<div class="am-u-lg-3 am-u-md-6 am-u-sm-centered loginContent">
<div class="loginBox">
<div class="loginTitle">
<div class="inner">
<i class="title-icon"></i>
<h1>${appName}</h1>
<span>您好!欢迎进入${appName}!</span>
</div>
</div>
<!-- loginTitle end -->
<div class="log-mainbox">
<form method="post" class="am-form" action="${app}action/login" id="form">
<fieldset>
<div class="iptBox ipt-logCon" style="margin-bottom: 30px;">
<i class="user"></i> <input name="userName" type="text"
value="${loginUserId!}" id="userName" minlength="4"
placeholder="用户名" required />
<input name="mobile" type="hidden"
value="${mobile!}" id="mobile"/>
<input name="countdown" type="hidden"
value="${countdown!}" id="countdown"/>
</div>
<div class="iptBox ipt-logCon" style="margin-bottom: 30px;">
<i class="pass"></i> <input name="password" type="password"
id="password" minlength="6" placeholder="密码" required />
</div>
<div class="iptBox ipt-logCon" style="margin-bottom: 30px;display:none; width:158px;">
<i class="pass"></i> <input name="identifyingCode" type="text"
id="identifyingCode" minlength="6" placeholder="验证码"/>
</div>
<input type="button" id="resend" value="重新发送" style="margin-top: -68px;width: 150px;height: 39px;float: right;display: none;border-radius: 5px;background: #E6E6E6;"/>
<div class="am-cf" style="margin-bottom: 30px;">
<input type="button"
class="am-btn am-btn-primary am-btn-sm am-fl log-sendBox log-sendshadowFont log-sendBoxShadow " onclick="check()"
value="登 录" />
</div>
</fieldset>
</form>
<!-- <div class="log-forgetcon"> -->
<!-- <a href="javascript:void(0);" class="log-forget"> <i></i> -->
<!-- 忘记密码? -->
<!-- </a> -->
<!-- </div> -->
</div>
<!-- log-mainbox end -->
</div>
<div class="loginShadow" style="margin-top: 10px;">
<img src="${app}assets/i/image/loginShadow.jpg">
</div>
</div>
</div>
</body>
<script src="${app}assets/js/admin/admin.js"></script>
<script type="text/javascript">
if($("#countdown").val()!=""){
var countdown=$("#countdown").val();
}else{
var countdown=120;
}
$("#resend").on("click",function(){
var obj = $("#resend");
resend();
settime(obj);
})
function settime(obj) { //发送验证码倒计时
if (countdown == 0) {
obj.attr('disabled',false);
obj.val("获取验证码");
$("#resend").css("background","#E6E6E6");
$("#countdown").val("120");
countdown = 120;
return;
} else {
obj.attr('disabled',true);
obj.val("(" + countdown + ")S");
$("#countdown").val(""+ countdown +"");
countdown--;
}
setTimeout(function() {
settime(obj) }
,1000)
}
function resend(){
$("#countdown").val("120");
$.ajax({
type: "POST",
url: "/action/login/",
data: {"mobile" : $("#mobile").val(),"flag":"1"},
dataType: "json",
success: function(data){}
});
}
function check() {
var passwordFormat = /^(?![a-zA-Z]+$)(?![A-Z0-9]+$)(?![A-Z\\\\W_!@#$%^&*`~()-+=]+$)(?![a-z0-9]+$)(?![a-z\\\\W_!@#$%^&*`~()-+=]+$)(?![0-9\\\\W_!@#$%^&*`~()-+=]+$)[a-zA-Z0-9\\\\W_!@#$%^&*`~()-+=]{8,30}$/
var commitFlag = false
if ($("#password").val().length < 8||!passwordFormat.test($("#password").val())) {
commitFlag = alertMsg("密码必须包含数字、大写字母、小写字母、特殊字字符至少3种,长度必须大于或等于8位.是否修改",'COMFIR');
if(commitFlag){
document.getElementById('form').submit();
}
} else { 88888888
document.getElementById('form').submit(); //验证成功进行表单提交
}
}
</script>
</html>
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.URL;
import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.aliyuncs.exceptions.ClientException;
import com.google.common.io.BaseEncoding;
import com.jfinal.core.ActionKey;
import com.jfinal.core.action.Rest;
import com.jfinal.core.pojo.RestMethod;
import com.qhyf.app.bl.BlConfig;
import com.qhyf.app.bl.BlConstant;
import com.qhyf.app.bl.base.common.AdminService;
import com.qhyf.app.bl.base.common.EnvironmentUtils;
import com.qhyf.app.bl.base.support.SuppliersToken;
import com.qhyf.app.bl.base.util.SmsUtils;
import com.qhyf.app.bl.base.util.VerifyCodeUtil;
import com.qhyf.app.bl.model.SysUser;
import club.newepoch.persistent.db.common.Db;
import club.newepoch.persistent.db.exception.ActiveRecordException;
import club.newepoch.persistent.db.pojo.Record;
import club.newepoch.utils.AssertUtils;
public class LoginController extends QhyfController {
/**
* 日志
*/
private static Logger logger = LoggerFactory.getLogger(LoginController.class);
/**
* 筛选用户
*/
private static String selectUser = "SELECT * FROM `sys_user` WHERE `sys_status`=? AND `user_id`=?";
/**
* 注销
*/
@ActionKey("/logout")
public void logout() {
Record loginUser = AdminService.getLoginUser(this);
if (loginUser != null) {
AdminService.logout(this, loginUser);
} else {
redirect("/");
}
}
/**
* 打开登陆界面
*/
public void index() {
// String nesid = AdminService.getNesid(this);
// if (!StringUtils.isBlank(nesid)) {
// Record user = AdminService.getLoginUser(this);
// if (AdminService.isValidSession(nesid, user)) {
// // 已登陆,直接跳转到主界面
// logger.info("用户[{}]已登陆(nesid=[{}],直接跳转到登陆界面", user.getStr(BlConstant.FIELD_USER_ID), nesid);
// redirect("/admin/");
// return;
// }
// }
render("/admin/login.html");
}
/**
* 修改密码
*/
@Rest(method = RestMethod.GET)
@ActionKey("/password/change")
public void changePassword() {
this.render("/admin/changePassword.html");
}
/**
* 修改密码
*/
@Rest(method = RestMethod.POST)
@ActionKey("/password/change")
public void doChangePassword() {
Record loginUser = null;
try {
String userName = this.getPara("userName");
AssertUtils.notBlank(userName, "用户名不能为空");
String oldPassword = this.getPara("oldPassword");
AssertUtils.notBlank(oldPassword, "登陆密码不能为空");
String password = this.getPara("password");
AssertUtils.notBlank(password, "新密码不能为空");
String passwordConfirm = this.getPara("passwordConfirm");
AssertUtils.notBlank(passwordConfirm, "确认密码不能为空");
AssertUtils.isTrue(password.equals(passwordConfirm), "新密码和确认密码必须一致");
String sql = selectUser;
loginUser = Db.findFirst(sql, BlConstant.SYS_STATUS_VALUE, userName);
AssertUtils.notNull(loginUser, "登陆账号不存在或密码错误");
this.checkPassword(loginUser, userName, oldPassword);
String newPasswordMd5 = AdminService.getUserPassword(loginUser.getStr(BlConstant.FIELD_SALT),
passwordConfirm);
Db.update("update " + SysUser.dao.getTable().getName() + " set status='1',password=? where uuid=?",
newPasswordMd5, loginUser.getStr(BlConstant.FIELD_UUID));
loginUser.set("password", newPasswordMd5);
AdminService.login(this, loginUser);
// this.renderVjson("密码修改成功");
// redirect("/admin/");
logger.debug("密码修改成功,跳转到后台界面");
//bug对应NO.1455---修改完成后界面不跳转 add by dujiang 2016/08/25 start
render("/admin/login.html");
// this.redirect(EnvironmentUtils.me().getEnv().getLoginAction());
//bug对应NO.1455---修改完成后界面不跳转 add by dujiang 2016/08/25 end
} catch (Exception e) {
logger.error("修改密码失败", e);
// this.renderVjson("修改密码失败");
this.renderVerrorJson(2, e.getLocalizedMessage(), e);
}
}
/**
* 检验密码
*
* @throws ActiveRecordException
*/
@Rest(method = RestMethod.POST)
@ActionKey("/password/check")
public void checkPassword() {
Record loginUser = null;
String userName = this.getPara("userName");
AssertUtils.notBlank(userName, "请先输入用户名");
String oldPassword = this.getPara("oldPassword");
AssertUtils.notBlank(oldPassword, "密码不能为空");
String sql = selectUser;
try {
loginUser = Db.findFirst(sql, BlConstant.SYS_STATUS_VALUE, userName);
AssertUtils.notNull(loginUser, "用户不存在");
this.checkPassword(loginUser, userName, oldPassword);
if (loginUser != null) {
this.renderVjson("密码正确,请继续执行");
} else {
logger.error("密码不正确,请重新输入");
this.renderVjson("密码不正确,请重新输入");
}
} catch (Exception e) {
logger.error("密码不正确,请重新输入", e);
this.renderVjson("密码不正确,请重新输入");
}
}
/**
* 登陆(登陆必须以post方式)
*/
@Rest(method = RestMethod.POST)
@ActionKey("/action/login")
public void loginAction() {
String mobile = this.getPara("mobile");
String flag = this.getPara("flag");//是否是重新发送的消息
String countdown = this.getPara("countdown");
if("1".equals(flag)){
resend(mobile);
}else{
String userName = this.getPara("userName");
try {
Record loginUser = null;
AssertUtils.notBlank(userName, "登陆账号不能为空");
String password = this.getPara("password");
AssertUtils.notBlank(password, "登陆密码不能为空");
String identifyingCode = this.getPara("identifyingCode");
String sql = selectUser;
loginUser = Db.findFirst(sql, BlConstant.SYS_STATUS_VALUE, userName);
if (loginUser != null) {
String status = loginUser.getStr("status");
AssertUtils.notBlank(status, "账户异常,请联系管理员");
if ("0".equals(status)) {
this.setAttr("userName", userName);
this.redirect("/admin/changePassword.html");
return;
}
String passwordFormat = "^(?![a-zA-Z]+$)(?![A-Z0-9]+$)(?![A-Z\\\\W_!@#$%^&*`~()-+=]+$)(?![a-z0-9]+$)(?![a-z\\\\W_!@#$%^&*`~()-+=]+$)(?![0-9\\\\W_!@#$%^&*`~()-+=]+$)[a-zA-Z0-9\\\\W_!@#$%^&*`~()-+=]{8,30}$";
Pattern pattern=Pattern.compile(passwordFormat);
Matcher matcher=pattern.matcher(password);
if(password.length()<8||!matcher.matches()){
String securityPass = AdminService.getUserPassword(loginUser.getStr(BlConstant.FIELD_SALT), password);
AssertUtils.isTrue(loginUser.getStr("password").equals(securityPass),"密码输入不正确,请重新输入");
this.redirect("/admin/changePassword.html");
return;
}
AssertUtils.isTrue(!"2".equals(status), "账户已被锁定");
}
if (BlConfig.DEV) {
if (loginUser == null) {
loginUser = new Record();
loginUser.set("userName", "测试用户");
loginUser.set(BlConstant.FIELD_UUID, userName);
loginUser.set(BlConstant.FIELD_USER_ID, userName);
loginUser.set(BlConstant.FIELD_CORDYS_USER_ID, userName);
loginUser.set(BlConstant.FIELD_EXPIRE_TIME, Long.MAX_VALUE);// 测试超时时间为最长
loginUser.set(BlConstant.FIELD_CORDYS_USER_ID, userName);
}
} else {
AssertUtils.notNull(loginUser, "登陆账号不存在或密码错误");
this.checkPassword(loginUser, userName, password);
if(EnvironmentUtils.me().getEnv().isWhiteListOnOff()){
// 判断条件
boolean conditions = StringUtils.isBlank(identifyingCode) && !checkIp();
// 如果是供应商或项目公司人员则不需要白名单限制
if(AdminService.checkRole(loginUser.getStr("uuid"), "qhyf1024")
|| AdminService.checkRole(loginUser.getStr("uuid"), "qhyf1050")
|| AdminService.checkRole(loginUser.getStr("uuid"), "qhyf1026")
|| AdminService.checkRole(loginUser.getStr("uuid"), "qhyf1052")
|| AdminService.checkRole(loginUser.getStr("uuid"), "qhyf1051")){
conditions = StringUtils.isBlank(identifyingCode) && false;
}
if(conditions){
mobile = loginUser.getStr("mobile");
AssertUtils.notBlank(mobile, "您不在办公区域且预留手机号码为空,不能登录系统");
String code =VerifyCodeUtil.getRandNum();
SmsUtils.sendSms(mobile, code);
this.setAttr("mobile", mobile);
this.setAttr("needPhoneCheck", "1");
AssertUtils.isTrue(false, "您的访问ip未在系统白名单呢,请用手机验证的方式登录");
}else if(StringUtils.isNotBlank(identifyingCode)){
mobile = loginUser.getStr("mobile");
String content = SmsUtils.querySendDetails(mobile, "").getSmsSendDetailDTOs().get(0).getContent();
String regex = "\\d*";
Pattern p = Pattern.compile(regex);
Matcher m = p.matcher(content);
while (m.find()) {
if (!"".equals(m.group())){
this.setAttr("mobile", mobile);
this.setAttr("needPhoneCheck", "2");
this.setAttr("countdown", countdown);
AssertUtils.isTrue(identifyingCode.equals(m.group()), "验证码错误");
}
}
}
}
loginUser.set(BlConstant.FIELD_EXPIRE_TIME, this.getQhyfService().getEnv().getLoginExpireTime());
}
//跨域登录,如果供应商在qhyf-bl服务器上登录,将自动跳转到供应商服务器,并登录
//1.先发送token给供应商服务器,并保存缓存
//2.再带有token参数响应重定向到供应商服务器
//3.供应商服务器根据token从缓存获取到用户信息,并登录
//4.删除供应商服务器的缓存,避免其他地方使用相同的url登录
if(AdminService.checkRole(loginUser.getStr("uuid"), "qhyf1024")){
SuppliersToken sToken = new SuppliersToken(loginUser);
sToken.postToken(EnvironmentUtils.me().getEnv().getSuppliersAddress() + "/admin/suppliersToken/");
redirect(EnvironmentUtils.me().getEnv().getSuppliersAddress() + "/admin/" + "?suppliersToken=" + sToken.getToken());
return;
}
if (AdminService.checkRole(loginUser.getStr("uuid"), "qhyf1051")) {
SuppliersToken sToken = new SuppliersToken(loginUser);
sToken.postToken(EnvironmentUtils.me().getEnv().getSuppliersAddress() + "/admin/suppliersToken/");
redirect(EnvironmentUtils.me().getEnv().getSuppliersAddress() + "/cfcaui/suppliersDocumentSeal.html" + "?suppliersToken=" + sToken.getToken());
return;
}
// 跨域登录,如果项目公司在qhyf-bl服务器上登录,将自动跳转到项目公司服务器,并登录
if (AdminService.checkRole(loginUser.getStr("uuid"), "qhyf1050")
|| AdminService.checkRole(loginUser.getStr("uuid"), "qhyf1026")) {
SuppliersToken xToken = new SuppliersToken(loginUser); // SuppliersToken在此处可以通用
xToken.postToken(EnvironmentUtils.me().getEnv().getXmgsAddress() + "/admin/suppliersToken/");
redirect(EnvironmentUtils.me().getEnv().getXmgsAddress() + "/admin/" + "?suppliersToken=" + xToken.getToken());
return;
}
if (AdminService.checkRole(loginUser.getStr("uuid"), "qhyf1052")) {
SuppliersToken sToken = new SuppliersToken(loginUser);
sToken.postToken(EnvironmentUtils.me().getEnv().getXmgsAddress() + "/admin/suppliersToken/");
redirect(EnvironmentUtils.me().getEnv().getXmgsAddress() + "/cfcaui/itemDocumentSeal.html" + "?suppliersToken=" + sToken.getToken());
return;
}
String nesid = AdminService.login(this, loginUser);
redirect("/admin/?token=" + nesid);
} catch (Exception e) {
logger.error("登录失败", e);
this.setAttr("loginUserId", userName);
this.setAttr("loginErrMsg", e.getMessage());
this.render("/admin/login.html");
// this.renderVerrorJson(1, e.getLocalizedMessage());
}
}
}
/**
* 获取Token
* @return
*/
@Rest(method = RestMethod.POST)
@ActionKey("/action/getToken")
public void getToken() {
int errcode = 0;
String errmsg= "";
Map<String,Object> token=new HashMap<String,Object>();
long expireTime = EnvironmentUtils.me().getEnv().getLoginExpireTime();
String userName = this.getPara("userName");
if(StringUtils.isBlank(userName)){
errcode = 1001;
errmsg = "用户名不能为空";
}else{
String password = this.getPara("password");
if(StringUtils.isBlank(password)){
errcode = 1002;
errmsg = "密码不能为空";
}else{
try {
Record loginUser = Db.findFirst(selectUser, BlConstant.SYS_STATUS_VALUE, userName);
if (loginUser != null) {
String status = loginUser.getStr("status");
if(StringUtils.isBlank(status)){
errcode = 1003;
errmsg = "账户异常";
}else if ("0".equals(status)) {
errcode = 1004;
errmsg = "账户未通过验证";
}else if("2".equals(status)){
errcode = 1005;
errmsg = "账户已被锁定";
}else if("1".equals(status) ){
this.checkPassword(loginUser, userName, password);
String nesid = AdminService.login(this, loginUser);
token.put("token", nesid);
token.put("expire", expireTime);
}
}else{
errcode = 1006;
errmsg = "登陆账号不存在或密码错误";
}
} catch (Exception e) {
logger.error("登陆处理异常:"+e.getMessage(),e);
errcode = 9999;
errmsg = "登陆处理异常:"+e.getMessage();
}
}
}
this.renderVerrorJson(errcode, errmsg, token);
}
/**
* 修改密码
*
* @param loginUser
* 登陆用户
* @param loginUserName
* 登陆用户名(邮箱、手机、id)
* @param password
* 密碼
* @return 密文
*/
private String checkPassword(Record loginUser, String loginUserName, String password) {
String salt = loginUser.getStr(BlConstant.FIELD_SALT);
if (StringUtils.isBlank(salt)) {
salt = this.getQhyfService().getEnv().getSalt();
logger.debug("用户[%s]未设置[salt],使用环境变量值[%s]", loginUserName, salt);
}
String passwordMd5 = loginUser.getStr("password");
String securityPass = AdminService.getUserPassword(salt, password);
if (BlConfig.DEV) {
logger.error("原密码为:[{}],salt:[{}]", password, salt);
}
AssertUtils.isTrue(securityPass.equals(passwordMd5), "密码错误");
return securityPass;
}
/**
* 白名单校验
* @return
* @throws ActiveRecordException
*/
private Boolean checkIp () throws Exception{
HttpServletRequest request = this.getRequest();
String hostIp = getV4IP(request);
logger.info("客户端外网IP为:[{}]", hostIp);
Record ip = Db.findFirst("SELECT * FROM `biz_ip_white_list` WHERE `status`=? AND `ip`=?", BlConstant.SYS_STATUS_VALUE, hostIp);
if(ip!=null){
logger.info("库中IP为:[{}]", ip.getStr("ip"));
return true;
}else{
return false;
}
}
/**
* 获取客户端外网IP地址
* @return
*/
private String getV4IP(HttpServletRequest request) throws Exception{
String forwarded = request.getHeader("X-Forwarded-For");
logger.info("X-Forwarded-For为:[{}]", forwarded);
String realip = request.getHeader("X-Real-IP");
logger.info("X-Real-IP为:[{}]", realip);
String ip ="";
//非代理服务器的情况
if(StringUtils.isEmpty(forwarded)&&StringUtils.isEmpty(realip)){
String chinaz = "http://ip.chinaz.com";
StringBuilder inputLine = new StringBuilder();
String read = "";
URL url = null;
HttpURLConnection urlConnection = null;
BufferedReader in = null;
url = new URL(chinaz);
urlConnection = (HttpURLConnection) url.openConnection();
in = new BufferedReader( new InputStreamReader(urlConnection.getInputStream(),"UTF-8"));
while((read=in.readLine())!=null){
inputLine.append(read+"\r\n");
}
if(in!=null){
in.close();
}
Pattern p = Pattern.compile("\\<dd class\\=\"fz24\">(.*?)\\<\\/dd>");
Matcher m = p.matcher(inputLine.toString());
if(m.find()){
String ipstr = m.group(1);
ip = ipstr;
}
}else{
if(forwarded != null && (!"unknown".equalsIgnoreCase(forwarded))){
ip = forwarded;
}
if(forwarded == null || forwarded.length() == 0 || "unknown".equalsIgnoreCase(forwarded)){
ip = realip;
}
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
if(ip.equals("127.0.0.1") || ip.equals("0:0:0:0:0:0:0:1")){
//根据网卡取本机配置的IP
InetAddress inet=null;
try {
inet = InetAddress.getLocalHost();
} catch (UnknownHostException e) {
e.printStackTrace();
}
ip= inet.getHostAddress();
}
}
//对于通过多个代理的情况,第一个IP为客户端真实IP,多个IP按照','分割
if(ip!=null && ip.length()>15){ //"***.***.***.***".length() = 15
if(ip.indexOf(",")>0){
ip = ip.substring(0,ip.indexOf(","));
}
}
}
return ip;
}
/**
* 重新发送手机验证信息
*/
private void resend(String mobile) {
try {
Integer totalCount = Integer.valueOf(SmsUtils.querySendDetails(mobile, "").getTotalCount());
if(totalCount<10){
String code =VerifyCodeUtil.getRandNum();
SmsUtils.sendSms(mobile, code);
this.setAttr("mobile", mobile);
this.setAttr("needPhoneCheck", "2");
AssertUtils.isTrue(false, "已重新发送,请查收");
}else{
AssertUtils.isTrue(false, "今日您已用手机验证多达十次以上,请明天再尝试登录");
}
} catch (ClientException e) {
e.printStackTrace();
}
}
}
浙公网安备 33010602011771号