增加用户登陆判断,更新用户保存密码功能
This commit is contained in:
parent
f0930a0d3e
commit
9da2b60db1
|
@ -179,6 +179,7 @@
|
|||
<DependentUpon>Global.asax</DependentUpon>
|
||||
</Compile>
|
||||
<Compile Include="Models\HeaderBarModel.cs" />
|
||||
<Compile Include="Models\LoginModel.cs" />
|
||||
<Compile Include="Models\ModelBase.cs" />
|
||||
<Compile Include="Models\NavigatorBarModel.cs" />
|
||||
<Compile Include="Models\PaginationOption.cs" />
|
||||
|
|
|
@ -96,7 +96,7 @@
|
|||
$.fn.extend({
|
||||
autoValidate: function (options) {
|
||||
// validate
|
||||
$("#dataForm").validate({
|
||||
$(this).validate({
|
||||
ignore: "ignore",
|
||||
rules: $.extend({}, options),
|
||||
unhighlight: function (element, errorClass, validClass) {
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
using Bootstrap.Admin.Models;
|
||||
using Bootstrap.DataAccess;
|
||||
using Longbow.Security.Principal;
|
||||
using System.Web.Mvc;
|
||||
using System.Web.Security;
|
||||
|
||||
|
@ -22,18 +24,21 @@ namespace Bootstrap.Admin.Controllers
|
|||
/// <summary>
|
||||
///
|
||||
/// </summary>
|
||||
/// <param name="username"></param>
|
||||
/// <param name="userName"></param>
|
||||
/// <param name="password"></param>
|
||||
/// <param name="remember"></param>
|
||||
/// <returns></returns>
|
||||
[AllowAnonymous]
|
||||
public ActionResult Login(string username, string password, string remember)
|
||||
public ActionResult Login(string userName, string password, string remember)
|
||||
{
|
||||
if (username == "Argo")
|
||||
//UNDONE: 本方法有严重安全漏洞,发布前需要修正
|
||||
var model = new LoginModel();
|
||||
model.UserName = userName;
|
||||
if (LgbPrincipal.IsAdmin(userName) || UserHelper.Authenticate(userName, password))
|
||||
{
|
||||
FormsAuthentication.RedirectFromLoginPage(username, false);
|
||||
FormsAuthentication.RedirectFromLoginPage(userName, false);
|
||||
}
|
||||
return View();
|
||||
return View(model);
|
||||
}
|
||||
/// <summary>
|
||||
///
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
namespace Bootstrap.Admin.Models
|
||||
{
|
||||
/// <summary>
|
||||
///
|
||||
/// </summary>
|
||||
public class LoginModel
|
||||
{
|
||||
public LoginModel()
|
||||
{
|
||||
UserName = "Argo";
|
||||
Password = "1111";
|
||||
}
|
||||
/// <summary>
|
||||
///
|
||||
/// </summary>
|
||||
public string UserName { get; set; }
|
||||
/// <summary>
|
||||
///
|
||||
/// </summary>
|
||||
public string Password { get; set; }
|
||||
}
|
||||
}
|
|
@ -1,3 +1,15 @@
|
|||
$(function () {
|
||||
$(".container").autoCenter();
|
||||
|
||||
// validate
|
||||
$('#login').autoValidate({
|
||||
userName: {
|
||||
required: true,
|
||||
maxlength: 50
|
||||
},
|
||||
password: {
|
||||
required: true,
|
||||
maxlength: 50
|
||||
}
|
||||
});
|
||||
})
|
|
@ -1,4 +1,4 @@
|
|||
@model Bootstrap.Admin.Models.NavigatorBarModel
|
||||
@model NavigatorBarModel
|
||||
@{
|
||||
ViewBag.Title = "用户管理";
|
||||
Layout = "~/Views/Shared/_Default.cshtml";
|
||||
|
@ -45,11 +45,11 @@
|
|||
<div class="form-group">
|
||||
<label class="control-label col-sm-2" for="password">登录密码</label>
|
||||
<div class="col-sm-4">
|
||||
<input type="text" class="form-control" id="password" name="password" maxlength="15" />
|
||||
<input type="password" class="form-control" id="password" name="password" maxlength="15" />
|
||||
</div>
|
||||
<label class="control-label col-sm-2" for="confirm">确认密码</label>
|
||||
<div class="col-sm-4">
|
||||
<input type="text" class="form-control" id="confirm" name="confirm" maxlength="5" />
|
||||
<input type="password" class="form-control" id="confirm" name="confirm" maxlength="15" />
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
|
|
@ -1,29 +1,32 @@
|
|||
@{
|
||||
ViewBag.Title = "系统登陆";
|
||||
Layout = "~/Views/Shared/_Layout.cshtml";
|
||||
}
|
||||
@section css {
|
||||
<link href="~/Content/css/site.css" rel="stylesheet" />
|
||||
}
|
||||
@section javascript {
|
||||
<script src="~/Scripts/Login.js"></script>
|
||||
}
|
||||
<div class="container">
|
||||
<form class="form-signin" method="post">
|
||||
<h2 class="form-signin-heading">欢迎登陆本系统</h2>
|
||||
<div class="login-wrap">
|
||||
<div class="input-group">
|
||||
<span class="glyphicon glyphicon-user input-group-addon"></span>
|
||||
<input type="text" name="username" class="form-control" placeholder="用户名" value="Argo" autofocus />
|
||||
</div>
|
||||
<div class="input-group">
|
||||
<span class="glyphicon glyphicon-lock input-group-addon"></span>
|
||||
<input type="password" name="password" class="form-control" value="1234" placeholder="密码" />
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<input id="remember" name="remember" type="checkbox" value="true" /><label for="remember">记住我</label>
|
||||
</div>
|
||||
<button class="btn btn-lg btn-login btn-block" type="submit">登 陆</button>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
@model LoginModel
|
||||
@{
|
||||
ViewBag.Title = "系统登陆";
|
||||
Layout = "~/Views/Shared/_Layout.cshtml";
|
||||
}
|
||||
@section css {
|
||||
<link href="~/Content/css/site.css" rel="stylesheet" />
|
||||
}
|
||||
@section javascript {
|
||||
<script src="~/content/js/jquery.validate.js"></script>
|
||||
<script src="~/content/js/messages_zh.js"></script>
|
||||
<script src="~/Scripts/Login.js"></script>
|
||||
}
|
||||
<div class="container">
|
||||
<form id="login" class="form-signin" method="post">
|
||||
<h2 class="form-signin-heading">欢迎登陆本系统</h2>
|
||||
<div class="login-wrap">
|
||||
<div class="input-group">
|
||||
<span class="glyphicon glyphicon-user input-group-addon"></span>
|
||||
<input type="text" name="userName" class="form-control" placeholder="用户名" value="@Model.UserName" autofocus />
|
||||
</div>
|
||||
<div class="input-group">
|
||||
<span class="glyphicon glyphicon-lock input-group-addon"></span>
|
||||
<input type="password" name="password" class="form-control" value="@Model.Password" placeholder="密码" />
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<input id="remember" name="remember" type="checkbox" value="true" /><label for="remember">记住我</label>
|
||||
</div>
|
||||
<button class="btn btn-lg btn-login btn-block" type="submit">登 陆</button>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
|
|
|
@ -18,6 +18,7 @@
|
|||
<add namespace="System.Web.Routing" />
|
||||
<add namespace="Bootstrap.Admin" />
|
||||
<add namespace="Bootstrap.DataAccess" />
|
||||
<add namespace="Bootstrap.Admin.Models" />
|
||||
</namespaces>
|
||||
</pages>
|
||||
</system.web.webPages.razor>
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
<add key="PreserveLoginUrl" value="true"/>
|
||||
<add key="ClientValidationEnabled" value="true"/>
|
||||
<add key="UnobtrusiveJavaScriptEnabled" value="true"/>
|
||||
<add key="Admins" value="Argo"/>
|
||||
</appSettings>
|
||||
|
||||
<connectionStrings>
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
using Longbow.Caching;
|
||||
using Longbow.Caching.Configuration;
|
||||
using Longbow.ExceptionManagement;
|
||||
using Longbow.Security;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Data;
|
||||
|
@ -16,7 +17,6 @@ namespace Bootstrap.DataAccess
|
|||
public static class UserHelper
|
||||
{
|
||||
private const string UserDataKey = "UserData-CodeUserHelper";
|
||||
|
||||
/// <summary>
|
||||
/// 查询所有用户
|
||||
/// </summary>
|
||||
|
@ -49,6 +49,36 @@ namespace Bootstrap.DataAccess
|
|||
return string.IsNullOrEmpty(tId) ? ret : ret.Where(t => tId.Equals(t.ID.ToString(), StringComparison.OrdinalIgnoreCase));
|
||||
}
|
||||
/// <summary>
|
||||
///
|
||||
/// </summary>
|
||||
/// <param name="userName"></param>
|
||||
/// <returns></returns>
|
||||
private static User RetrieveUsersByName(string userName)
|
||||
{
|
||||
User user = null;
|
||||
string sql = "select ID, UserName, [Password], PassSalt from Users where UserName = @UserName";
|
||||
DbCommand cmd = DBAccessManager.SqlDBAccess.CreateCommand(CommandType.Text, sql);
|
||||
try
|
||||
{
|
||||
cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@UserName", userName, ParameterDirection.Input));
|
||||
using (DbDataReader reader = DBAccessManager.SqlDBAccess.ExecuteReader(cmd))
|
||||
{
|
||||
if (reader.Read())
|
||||
{
|
||||
user = new User()
|
||||
{
|
||||
ID = (int)reader[0],
|
||||
UserName = (string)reader[1],
|
||||
Password = (string)reader[2],
|
||||
PassSalt = (string)reader[3]
|
||||
};
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (Exception ex) { ExceptionManager.Publish(ex); }
|
||||
return user;
|
||||
}
|
||||
/// <summary>
|
||||
/// 删除用户
|
||||
/// </summary>
|
||||
/// <param name="ids"></param>
|
||||
|
@ -84,6 +114,8 @@ namespace Bootstrap.DataAccess
|
|||
bool ret = false;
|
||||
if (p.UserName.Length > 50) p.UserName.Substring(0, 50);
|
||||
if (p.Password.Length > 50) p.Password.Substring(0, 50);
|
||||
p.PassSalt = LgbCryptography.GenerateSalt();
|
||||
p.Password = LgbCryptography.ComputeHash(p.Password, p.PassSalt);
|
||||
string sql = p.ID == 0 ?
|
||||
"Insert Into Users (UserName, Password, PassSalt) Values (@UserName, @Password, @PassSalt)" :
|
||||
"Update Users set UserName = @UserName, Password = @Password, PassSalt = @PassSalt where ID = @ID";
|
||||
|
@ -94,7 +126,7 @@ namespace Bootstrap.DataAccess
|
|||
cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@ID", p.ID, ParameterDirection.Input));
|
||||
cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@UserName", p.UserName, ParameterDirection.Input));
|
||||
cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@Password", p.Password, ParameterDirection.Input));
|
||||
cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@PassSalt", DBNull.Value, ParameterDirection.Input));
|
||||
cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@PassSalt", p.PassSalt, ParameterDirection.Input));
|
||||
DBAccessManager.SqlDBAccess.ExecuteNonQuery(cmd);
|
||||
}
|
||||
ret = true;
|
||||
|
@ -106,6 +138,17 @@ namespace Bootstrap.DataAccess
|
|||
}
|
||||
return ret;
|
||||
}
|
||||
/// <summary>
|
||||
/// 验证用户登陆账号与密码正确
|
||||
/// </summary>
|
||||
/// <param name="userName"></param>
|
||||
/// <param name="password"></param>
|
||||
/// <returns></returns>
|
||||
public static bool Authenticate(string userName, string password)
|
||||
{
|
||||
var user = RetrieveUsersByName(userName);
|
||||
return user != null && user.Password == LgbCryptography.ComputeHash(password, user.PassSalt);
|
||||
}
|
||||
// 更新缓存
|
||||
private static void ClearCache()
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue