erp/SiteCore/Handler/login.cs

using BizCom;
using SiteCore.Redis;
using SQLData;
using System;
using System.Collections.Generic;
using System.Data;
using System.Reflection;
using System.Text.RegularExpressions;
using System.Web;
using System.Web.SessionState;
using Utils;


namespace SiteCore.Handler
{
    public partial class login : BaseHandler, IHttpHandler, IRequiresSessionState
    {

        public void ProcessRequest(HttpContext context)
        {
            //if (CurrentUser == null)
            //{
            //    ReturnLoginMsg("操作己过期,请重新登录!");
            //    return;
            //}

            con = context;
            string methodName = GetString("t");

            Type type = this.GetType();
            MethodInfo method = type.GetMethod(methodName);
            if (method == null)
                throw new Exception("method is null");

            if (isLoginOut())
            {
                if (methodName != "erp_user_login" && methodName != "loginout" && methodName != "file_client_down_url")
                {
                    returnErrorMsg("操作己过期,请重新登录!");
                    return;
                }
            }

            try
            {
                method.Invoke(this, null);
                if (CurrentUser != null)
                {
                    LogOperate.Save(CurrentUser.UserID, CurrentUser.UserName, CurrentUser.User.LoginIP, methodName);
                }

                /*if (operate_Tag != "") WebLog.SysLog(CurrentUser.UserID,operate_Tag);
                else WebLog.SysLog(CurrentUser.UserID, methodName);*/
            }
            catch (Exception ex)
            {
                //WebLog.SysLog(CurrentUser.UserID, ex);
                returnErrorMsg("操作失败!" + ex.Message);
            }
            //if (methodName.IndexOf("get_") == -1)
            //{
            //    using (new SessionScope())
            //    {

            //    }
            //}
            //else
            //{
            //    try
            //    {
            //        method.Invoke(this, null);
            //    }
            //    catch (Exception ex)
            //    {
            //        XLog.SaveLog(CurrentUser.UserID, ex.Message);
            //        returnErrorMsg("操作失败!" + ex.Message);
            //    }
            //}

        }

        public void isAccLogin()
        {
            HttpCookie lcCookie = HttpContext.Current.Request.Cookies[webConfig.CookieName];
            if (lcCookie != null)
            {
                if (CurrentUser != null && CurrentUser.User.IsMultiLogin == 1)
                {
                    returnSuccessMsg("1");
                    return;
                }

                string name = HttpUtility.UrlDecode(lcCookie.Values["user"]);
                string ticket = lcCookie.Values["ticket"];
                string dl_ticket = erpRedis.RedisHelper.StringGet("dl_" + name);
                if (ticket != dl_ticket)
                    returnSuccessMsg("0");
                else
                    returnSuccessMsg("1");
                //if (String.IsNullOrEmpty(dl_ticket))
                //{
                //    erpRedis.RedisHelper.StringSet("dl_" + name, ticket);
                //    returnSuccessMsg("1");
                //}
                //else
                //{

                //}
                return;
            }
            returnSuccessMsg("0");
        }


        public void trans_user_role()
        {
            if (UrlPostParmsCheck("r"))
            {
                string user = CurrentUser.User.Account;
                string pwd = CurrentUser.User.PassWord;
                user = user.Split('_')[0];
                int r = GetPostInt("r");
                switch (r)
                {
                    case 1: user = user + "_kf"; break;
                    case 2: user = user + "_sj"; break;
                    case 3: user = user + "_sh"; break;
                    case 4: user = user + "_cw"; break;
                    default: break;
                }
                CeErpUser entity = CeErpUser.GetByLogin(user, pwd);
                if (entity != null)
                {
                    entity.LoginIP = CommonHelper.ClientIP;
                    entity.Ticket = WebHelper.getLoginTicket(entity.Account, entity.LoginIP);
                    if (entity.CurLoginTime.ToString() != "")
                        entity.PreLoginTime = Convert.ToDateTime(entity.CurLoginTime);
                    entity.CurLoginTime = DateTime.Now;
                    entity.Update();

                    HttpCookie cookie = new HttpCookie(webConfig.CookieName);
                    cookie.Values.Clear();
                    cookie.Values.Add("user", user);
                    cookie.Values.Add("ticket", entity.Ticket);
                    cookie.Path = "/";
                    //cookie.Domain = SiteDomain;
                    //if (chkWeek.Checked) cookie.Expires = DateTime.Now.AddDays(14);
                    cookie.Expires = DateTime.Now.AddDays(2);
                    HttpContext.Current.Response.Cookies.Add(cookie);
                    returnSuccessMsg(HttpUtility.UrlEncode(SecurityHelper.EncryptSymmetric(user + "|" + DateTime.Now.ToString("yyyy-MM-dd"))));
                    return;
                }
            }
            returnErrorMsg("无法切换,可能没有该角色!");
        }

        public static FrequencyControler LoginFrequency = new FrequencyControler("erplogin", 10, 4);
        public void erp_user_login()
        {
            if (LoginFrequency.IsTooFrequently(true))
            {
                returnErrorMsg("访问太频繁");
                return;
            }

            //XLog.SaveLog(0, "123");
            if (!UrlPostParmsCheck("user,pwd"))
            {
                returnErrorMsg("参数有误！");
                return;
            }

            string account = GetPostString("user");
            string pwd = GetPostString("pwd");
            if (account == "" || pwd == "")
            {
                returnErrorMsg("请输入用户名或密码！");
                return;
            }

            string code = GetPostString("code");
            if (con.Session["vCode"] != null)
            {
                if (code == "" || code.ToLower() != con.Session["vCode"].ToString().ToLower())
                {
                    returnErrorMsg("验证码不正确!");
                    return;
                }
            }

            CeErpUser entity = CeErpUser.GetByLogin(account, SecurityHelper.EncryptSymmetric(pwd));
            string ip = WebHelper.GetIP();
            if (SiteInfo.isPassIp(ip) == false)
            {
                if (!(entity != null && entity.State == 5))
                {
                    returnErrorMsg("未授权的IP：" + ip);
                    return;
                }

            }

            if (!string.IsNullOrEmpty(erpRedis.RedisHelper.StringGet("lock_" + account)))
            {
                returnErrorMsg("账户于" + erpRedis.RedisHelper.StringGet("lock_" + account) + "锁定！");
                return;
            }

            //XLog.SaveLog(0, "456");

            if (entity == null)
            {
                if (con.Session["lerr" + account] != null)
                    con.Session["lerr" + account] = Convert.ToInt32(con.Session["lerr" + account]) + 1;
                else
                    con.Session["lerr" + account] = 1;

                con.Session["lerr"] = con.Session["lerr" + account];

                string errMsg = "";
                if (Convert.ToInt32(con.Session["lerr"]) > 5)
                {
                    erpRedis.RedisHelper.StringSet("lock_" + account, DateTime.Now.ToLongTimeString(), new TimeSpan(0, 10, 0));
                    errMsg = con.Session["lerr"] + "|账号或密码不正确！账户锁定10分钟。";
                }
                else
                {
                    errMsg = con.Session["lerr"] + "|账号或密码不正确！";
                }

                Log_Login.Save(account, ip, false, errMsg);

                returnErrorMsg(errMsg);
                return;
            }

            if (entity.State == 1)
            {
                returnErrorMsg("账户已被冻结！");
                Log_Login.Save(account, ip, false, "账户已被冻结！");
                return;
            }
            entity.LoginIP = ip;
            entity.Ticket = WebHelper.getLoginTicket(entity.Account + DateTime.Now.ToString("yyyyMMddHHmmssffff"));
            if (entity.CurLoginTime.ToString() != "")
            {
                entity.PreLoginTime = Convert.ToDateTime(entity.CurLoginTime);
            }
            entity.CurLoginTime = DateTime.Now;
            //查询上次登录时间是否为昨天，一天第一次登录清空设计师派单数据
            //DateTime ispre = Convert.ToDateTime(entity.CurLoginTime).AddDays(-1);
            //if(ispre.Day == Convert.ToDateTime(entity.PreLoginTime).Day)
            //{
            //    CeErpUserInfo userInfo = CeErpUserInfo.Get(entity.ID);
            //    userInfo.DayOrderPer = 0;
            //    userInfo.DayOrderReceive = 0;
            //    userInfo.OnDuty = 0;
            //    userInfo.Update();
            //}
            entity.Update();

            Log_Login.Save(account, ip, false, "登录成功！");
            string isFromClient = GetPostString("isFromClient");//C端登录
            if ("1" == isFromClient)
            {
                returnSuccessMsg(entity.ID.ToString());
                return;
            }

            HttpCookie cookie = new HttpCookie(webConfig.CookieName);
            cookie.Values.Clear();
            cookie.Values.Add("user", HttpUtility.UrlEncode(account));
            cookie.Values.Add("ticket", entity.Ticket);
            //cookie.Values.Add("mullogin", entity.IsMultiLogin.ToString());
            cookie.Path = "/";
            //cookie.Domain = SiteDomain;
            //if (chkWeek.Checked) cookie.Expires = DateTime.Now.AddDays(14);
            cookie.Expires = DateTime.Now.AddHours(18);
            HttpContext.Current.Response.Cookies.Add(cookie);

            erpRedis.RedisHelper.StringSet("dl_" + account, entity.Ticket, new TimeSpan(18, 0, 0));
            //erpRedis.RedisHelper.StringSet(user, con.Session.SessionID);
            //erpRedis.RedisHelper.StringSet("PUB_" + user, con.Session.SessionID);

            con.Session["vCode"] = null;
            con.Session["lerr"] = null;
            con.Session["userId"] = entity.ID;
            //WebUser.SetUser(account, entity.Ticket);
            con.Session["_t"] = DateTime.Now.ToString("yyyyMMddHHmmssffff");


            if (isSimplePwd(pwd))
                con.Session["isSimplePwd"] = 1;
            else
                con.Session["isSimplePwd"] = null;

            returnSuccessMsg("登录成功!");

            return;
        }

        private bool isSimplePwd(string pwd)
        {
            Match result = Regex.Match(pwd, "(?=.*[0-9])(?=.*[a-zA-Z])(?=.*[^a-zA-Z0-9]).{6,20}");
            if (result.Length > 0)
            {
                return false;
            }
            return true;
        }


        private bool isLoginOut()
        {
            ////人员是否已登录
            //if(con.Session["userId"] == null || con.Session["userId"].ToString() == "")
            //    return true;

            //传过来的Ticket是否有效
            HttpCookie lcCookie = HttpContext.Current.Request.Cookies[webConfig.CookieName];
            if (lcCookie == null)
            {
                return true;
            }

            string name = lcCookie.Values["user"];
            string ticket = lcCookie.Values["ticket"];
            if (name == null || ticket == null || name == "" || ticket == "")
            {
                return true;
            }

            name = HttpUtility.UrlDecode(name);
            string dl_ticket = erpRedis.RedisHelper.StringGet("dl_" + name);
            if (ticket != dl_ticket)
            {
                return true;
            }

            return false;
        }

        public void loginout()
        {
            HttpCookie cookie = HttpContext.Current.Request.Cookies[webConfig.CookieName];
            string name = cookie.Values["user"];
            if (name != null && name != null)
            {
                name = HttpUtility.UrlDecode(name);
                bool b = erpRedis.RedisHelper.KeyDelete("dl_" + name);
                WebUser.RemoveUserCache(name);
                WebUser.RemovePermissionCache(name);
            }

            cookie.Expires = DateTime.Now.AddDays(-1d);
            HttpContext.Current.Response.Cookies.Add(cookie);

            cookie.Values.Clear();
            HttpContext.Current.Session["WEBUSER"] = null;
            con.Session["userId"] = null;
            con.Session["_t"] = null;
            returnSuccessMsg("退出成功!");
        }

        public static FrequencyControler DoFrequency = new FrequencyControler("xinyue", 10, 3);
        //定义访问控制器允许10秒内3次请求

        public void get_syslog()
        {
            DataStruct dStruct = GetPostStruct();
            dStruct.Order = "id desc";
            DataTable dt = WebCache.GetData("x_log", dStruct);
            string data = Utils.Serialization.JsonString.DataTable2MiniAjaxJson(dt);
            data = data.Replace("\\", "\\\\");
            writeGridJson(dStruct.TotalCount, data);
        }

        public void clear_syslog()
        {
            string sql = "truncate table x_log";
            DbHelper.DbConn.ExecuteNonQuery(sql);
            returnSuccessMsg("清空完成");
        }

        public void get_erp_ipWhitelist()
        {
            DataStruct dStruct = GetPostStruct();
            dStruct.Order = "id desc";
            List<string> lw = new List<string>();
            string ip = GetPostString("ip");
            if (ip.Length > 0) lw.Add(string.Format("ip_white_list like '%{0}%'", ip));
            string remark = GetPostString("remark");
            if (remark.Length > 0) lw.Add(string.Format("remark like '%{0}%'", remark));
            dStruct.MainWhere = string.Join(" and ", lw.ToArray());
            DataTable dt = WebCache.GetData("SiteInfo", dStruct);
            writeGridDataTableJson(dStruct.TotalCount, dt);
        }

        public void get_login_list()
        {
            DataStruct dStruct = GetPostStruct();
            dStruct.Order = "login_time desc";
            List<string> lw = new List<string>();
            lw.Add(string.Format("user_name != '{0}'", "xfd666"));
            string ip = GetPostString("ip");
            if (ip.Length > 0) lw.Add(string.Format("login_ip like '%{0}%'", ip));
            string name = GetPostString("uName");
            if (name.Length > 0) lw.Add(string.Format("user_name like '%{0}%'", name));
            string sTime = GetPostString("sTime");
            string eTime = GetPostString("eTime");
            if (sTime.Length > 0)
            {
                string dw = GetDateMinuteWhere("login_time", sTime, eTime);
                if (dw.Length > 0) lw.Add(dw);
            }
            dStruct.MainWhere = string.Join(" and ", lw.ToArray());
            DataTable dt = WebCache.GetData("Log_Login", dStruct);
            writeGridDataTableJson(dStruct.TotalCount, dt);
        }

        public void get_supplierlog()
        {
            DataStruct dStruct = GetPostStruct();
            dStruct.Order = "id desc";
            DataTable dt = WebCache.GetData("SupplierLog", dStruct);
            string data = Utils.Serialization.JsonString.DataTable2MiniAjaxJson(dt);
            data = data.Replace("\\", "\\\\");
            writeGridJson(dStruct.TotalCount, data);
        }

    }
}