diff --git a/Bootstrap.Admin/Bootstrap.Admin.csproj b/Bootstrap.Admin/Bootstrap.Admin.csproj
index 68d04223..7228aabf 100644
--- a/Bootstrap.Admin/Bootstrap.Admin.csproj
+++ b/Bootstrap.Admin/Bootstrap.Admin.csproj
@@ -179,6 +179,7 @@
Global.asax
+
diff --git a/Bootstrap.Admin/Content/js/Longbow.Common.js b/Bootstrap.Admin/Content/js/Longbow.Common.js
index cbd4c014..f3b3f04f 100644
--- a/Bootstrap.Admin/Content/js/Longbow.Common.js
+++ b/Bootstrap.Admin/Content/js/Longbow.Common.js
@@ -96,7 +96,7 @@
$.fn.extend({
autoValidate: function (options) {
// validate
- $("#dataForm").validate({
+ $(this).validate({
ignore: "ignore",
rules: $.extend({}, options),
unhighlight: function (element, errorClass, validClass) {
diff --git a/Bootstrap.Admin/Controllers/HomeController.cs b/Bootstrap.Admin/Controllers/HomeController.cs
index 3d46d086..db1e6cc8 100644
--- a/Bootstrap.Admin/Controllers/HomeController.cs
+++ b/Bootstrap.Admin/Controllers/HomeController.cs
@@ -1,4 +1,6 @@
using Bootstrap.Admin.Models;
+using Bootstrap.DataAccess;
+using Longbow.Security.Principal;
using System.Web.Mvc;
using System.Web.Security;
@@ -22,18 +24,21 @@ namespace Bootstrap.Admin.Controllers
///
///
///
- ///
+ ///
///
///
///
[AllowAnonymous]
- public ActionResult Login(string username, string password, string remember)
+ public ActionResult Login(string userName, string password, string remember)
{
- if (username == "Argo")
+ //UNDONE: 本方法有严重安全漏洞,发布前需要修正
+ var model = new LoginModel();
+ model.UserName = userName;
+ if (LgbPrincipal.IsAdmin(userName) || UserHelper.Authenticate(userName, password))
{
- FormsAuthentication.RedirectFromLoginPage(username, false);
+ FormsAuthentication.RedirectFromLoginPage(userName, false);
}
- return View();
+ return View(model);
}
///
///
diff --git a/Bootstrap.Admin/Models/LoginModel.cs b/Bootstrap.Admin/Models/LoginModel.cs
new file mode 100644
index 00000000..09fa588d
--- /dev/null
+++ b/Bootstrap.Admin/Models/LoginModel.cs
@@ -0,0 +1,22 @@
+namespace Bootstrap.Admin.Models
+{
+ ///
+ ///
+ ///
+ public class LoginModel
+ {
+ public LoginModel()
+ {
+ UserName = "Argo";
+ Password = "1111";
+ }
+ ///
+ ///
+ ///
+ public string UserName { get; set; }
+ ///
+ ///
+ ///
+ public string Password { get; set; }
+ }
+}
\ No newline at end of file
diff --git a/Bootstrap.Admin/Scripts/Login.js b/Bootstrap.Admin/Scripts/Login.js
index 82b492be..70b3dd70 100644
--- a/Bootstrap.Admin/Scripts/Login.js
+++ b/Bootstrap.Admin/Scripts/Login.js
@@ -1,3 +1,15 @@
$(function () {
$(".container").autoCenter();
+
+ // validate
+ $('#login').autoValidate({
+ userName: {
+ required: true,
+ maxlength: 50
+ },
+ password: {
+ required: true,
+ maxlength: 50
+ }
+ });
})
\ No newline at end of file
diff --git a/Bootstrap.Admin/Views/Admin/Users.cshtml b/Bootstrap.Admin/Views/Admin/Users.cshtml
index 2e9737b7..964cc8e6 100644
--- a/Bootstrap.Admin/Views/Admin/Users.cshtml
+++ b/Bootstrap.Admin/Views/Admin/Users.cshtml
@@ -1,4 +1,4 @@
-@model Bootstrap.Admin.Models.NavigatorBarModel
+@model NavigatorBarModel
@{
ViewBag.Title = "用户管理";
Layout = "~/Views/Shared/_Default.cshtml";
@@ -45,11 +45,11 @@
diff --git a/Bootstrap.Admin/Views/Home/Login.cshtml b/Bootstrap.Admin/Views/Home/Login.cshtml
index 969907c5..37d69252 100644
--- a/Bootstrap.Admin/Views/Home/Login.cshtml
+++ b/Bootstrap.Admin/Views/Home/Login.cshtml
@@ -1,29 +1,32 @@
-@{
- ViewBag.Title = "系统登陆";
- Layout = "~/Views/Shared/_Layout.cshtml";
-}
-@section css {
-
-}
-@section javascript {
-
-}
-
+@model LoginModel
+@{
+ ViewBag.Title = "系统登陆";
+ Layout = "~/Views/Shared/_Layout.cshtml";
+}
+@section css {
+
+}
+@section javascript {
+
+
+
+}
+
diff --git a/Bootstrap.Admin/Views/web.config b/Bootstrap.Admin/Views/web.config
index c592950c..93645133 100644
--- a/Bootstrap.Admin/Views/web.config
+++ b/Bootstrap.Admin/Views/web.config
@@ -18,6 +18,7 @@
+
diff --git a/Bootstrap.Admin/Web.config b/Bootstrap.Admin/Web.config
index ac66f347..317d2174 100644
--- a/Bootstrap.Admin/Web.config
+++ b/Bootstrap.Admin/Web.config
@@ -15,6 +15,7 @@
+
diff --git a/Bootstrap.DataAccess/UserHelper.cs b/Bootstrap.DataAccess/UserHelper.cs
index 0ebbd348..50a64c58 100644
--- a/Bootstrap.DataAccess/UserHelper.cs
+++ b/Bootstrap.DataAccess/UserHelper.cs
@@ -1,6 +1,7 @@
using Longbow.Caching;
using Longbow.Caching.Configuration;
using Longbow.ExceptionManagement;
+using Longbow.Security;
using System;
using System.Collections.Generic;
using System.Data;
@@ -16,7 +17,6 @@ namespace Bootstrap.DataAccess
public static class UserHelper
{
private const string UserDataKey = "UserData-CodeUserHelper";
-
///
/// 查询所有用户
///
@@ -49,6 +49,36 @@ namespace Bootstrap.DataAccess
return string.IsNullOrEmpty(tId) ? ret : ret.Where(t => tId.Equals(t.ID.ToString(), StringComparison.OrdinalIgnoreCase));
}
///
+ ///
+ ///
+ ///
+ ///
+ private static User RetrieveUsersByName(string userName)
+ {
+ User user = null;
+ string sql = "select ID, UserName, [Password], PassSalt from Users where UserName = @UserName";
+ DbCommand cmd = DBAccessManager.SqlDBAccess.CreateCommand(CommandType.Text, sql);
+ try
+ {
+ cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@UserName", userName, ParameterDirection.Input));
+ using (DbDataReader reader = DBAccessManager.SqlDBAccess.ExecuteReader(cmd))
+ {
+ if (reader.Read())
+ {
+ user = new User()
+ {
+ ID = (int)reader[0],
+ UserName = (string)reader[1],
+ Password = (string)reader[2],
+ PassSalt = (string)reader[3]
+ };
+ }
+ }
+ }
+ catch (Exception ex) { ExceptionManager.Publish(ex); }
+ return user;
+ }
+ ///
/// 删除用户
///
///
@@ -84,6 +114,8 @@ namespace Bootstrap.DataAccess
bool ret = false;
if (p.UserName.Length > 50) p.UserName.Substring(0, 50);
if (p.Password.Length > 50) p.Password.Substring(0, 50);
+ p.PassSalt = LgbCryptography.GenerateSalt();
+ p.Password = LgbCryptography.ComputeHash(p.Password, p.PassSalt);
string sql = p.ID == 0 ?
"Insert Into Users (UserName, Password, PassSalt) Values (@UserName, @Password, @PassSalt)" :
"Update Users set UserName = @UserName, Password = @Password, PassSalt = @PassSalt where ID = @ID";
@@ -94,7 +126,7 @@ namespace Bootstrap.DataAccess
cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@ID", p.ID, ParameterDirection.Input));
cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@UserName", p.UserName, ParameterDirection.Input));
cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@Password", p.Password, ParameterDirection.Input));
- cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@PassSalt", DBNull.Value, ParameterDirection.Input));
+ cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@PassSalt", p.PassSalt, ParameterDirection.Input));
DBAccessManager.SqlDBAccess.ExecuteNonQuery(cmd);
}
ret = true;
@@ -106,6 +138,17 @@ namespace Bootstrap.DataAccess
}
return ret;
}
+ ///
+ /// 验证用户登陆账号与密码正确
+ ///
+ ///
+ ///
+ ///
+ public static bool Authenticate(string userName, string password)
+ {
+ var user = RetrieveUsersByName(userName);
+ return user != null && user.Password == LgbCryptography.ComputeHash(password, user.PassSalt);
+ }
// 更新缓存
private static void ClearCache()
{