增加用户登陆判断，更新用户保存密码功能

2016-10-23 15:46:18 +08:00 · 2016-10-23 15:46:18 +08:00 · 9da2b60db1
parent f0930a0d3e
commit 9da2b60db1
10 changed files with 128 additions and 40 deletions
--- a/Bootstrap.Admin/Bootstrap.Admin.csproj
+++ b/Bootstrap.Admin/Bootstrap.Admin.csproj
@ -179,6 +179,7 @@
      <DependentUpon>Global.asax</DependentUpon>
    </Compile>
    <Compile Include="Models\HeaderBarModel.cs" />
+    <Compile Include="Models\LoginModel.cs" />
    <Compile Include="Models\ModelBase.cs" />
    <Compile Include="Models\NavigatorBarModel.cs" />
    <Compile Include="Models\PaginationOption.cs" />
--- a/Bootstrap.Admin/Content/js/Longbow.Common.js
+++ b/Bootstrap.Admin/Content/js/Longbow.Common.js
@ -96,7 +96,7 @@
    $.fn.extend({
        autoValidate: function (options) {
            // validate
-            $("#dataForm").validate({
+            $(this).validate({
                ignore: "ignore",
                rules: $.extend({}, options),
                unhighlight: function (element, errorClass, validClass) {
--- a/Bootstrap.Admin/Controllers/HomeController.cs
+++ b/Bootstrap.Admin/Controllers/HomeController.cs
@ -1,4 +1,6 @@
 using Bootstrap.Admin.Models;
+using Bootstrap.DataAccess;
+using Longbow.Security.Principal;
 using System.Web.Mvc;
 using System.Web.Security;

@ -22,18 +24,21 @@ namespace Bootstrap.Admin.Controllers
        /// <summary>
        /// 
        /// </summary>
-        /// <param name="username"></param>
+        /// <param name="userName"></param>
        /// <param name="password"></param>
        /// <param name="remember"></param>
        /// <returns></returns>
        [AllowAnonymous]
-        public ActionResult Login(string username, string password, string remember)
+        public ActionResult Login(string userName, string password, string remember)
        {
-            if (username == "Argo")
+            //UNDONE: 本方法有严重安全漏洞，发布前需要修正
+            var model = new LoginModel();
+            model.UserName = userName;
+            if (LgbPrincipal.IsAdmin(userName) || UserHelper.Authenticate(userName, password))
            {
-                FormsAuthentication.RedirectFromLoginPage(username, false);
+                FormsAuthentication.RedirectFromLoginPage(userName, false);
            }
-            return View();
+            return View(model);
        }
        /// <summary>
        /// 
--- a/Bootstrap.Admin/Models/LoginModel.cs
+++ b/Bootstrap.Admin/Models/LoginModel.cs
@ -0,0 +1,22 @@
+namespace Bootstrap.Admin.Models
+{
+    /// <summary>
+    /// 
+    /// </summary>
+    public class LoginModel
+    {
+        public LoginModel()
+        {
+            UserName = "Argo";
+            Password = "1111";
+        }
+        /// <summary>
+        /// 
+        /// </summary>
+        public string UserName { get; set; }
+        /// <summary>
+        /// 
+        /// </summary>
+        public string Password { get; set; }
+    }
+}
--- a/Bootstrap.Admin/Scripts/Login.js
+++ b/Bootstrap.Admin/Scripts/Login.js
@ -1,3 +1,15 @@
 $(function () {
    $(".container").autoCenter();
+
+    // validate
+    $('#login').autoValidate({
+        userName: {
+            required: true,
+            maxlength: 50
+        },
+        password: {
+            required: true,
+            maxlength: 50
+        }
+    });
 })
--- a/Bootstrap.Admin/Views/Admin/Users.cshtml
+++ b/Bootstrap.Admin/Views/Admin/Users.cshtml
@ -1,4 +1,4 @@
-@model Bootstrap.Admin.Models.NavigatorBarModel
+@model NavigatorBarModel
@{
    ViewBag.Title = "用户管理";
    Layout = "~/Views/Shared/_Default.cshtml";
@ -45,11 +45,11 @@
                <div class="form-group">
                    <label class="control-label col-sm-2" for="password">登录密码</label>
                    <div class="col-sm-4">
-                        <input type="text" class="form-control" id="password" name="password" maxlength="15" />
+                        <input type="password" class="form-control" id="password" name="password" maxlength="15" />
                    </div>
                    <label class="control-label col-sm-2" for="confirm">确认密码</label>
                    <div class="col-sm-4">
-                        <input type="text" class="form-control" id="confirm" name="confirm" maxlength="5" />
+                        <input type="password" class="form-control" id="confirm" name="confirm" maxlength="15" />
                    </div>
                </div>
            </form>
--- a/Bootstrap.Admin/Views/Home/Login.cshtml
+++ b/Bootstrap.Admin/Views/Home/Login.cshtml
@ -1,29 +1,32 @@
-@{
-    ViewBag.Title = "系统登陆";
-    Layout = "~/Views/Shared/_Layout.cshtml";
-}
-@section css {
-    <link href="~/Content/css/site.css" rel="stylesheet" />
-}
-@section javascript {
-    <script src="~/Scripts/Login.js"></script>
-}
-<div class="container">
-    <form class="form-signin" method="post">
-        <h2 class="form-signin-heading">欢迎登陆本系统</h2>
-        <div class="login-wrap">
-            <div class="input-group">
-                <span class="glyphicon glyphicon-user input-group-addon"></span>
-                <input type="text" name="username" class="form-control" placeholder="用户名" value="Argo" autofocus />
-            </div>
-            <div class="input-group">
-                <span class="glyphicon glyphicon-lock input-group-addon"></span>
-                <input type="password" name="password" class="form-control" value="1234" placeholder="密码" />
-            </div>
-            <div class="checkbox">
-                <input id="remember" name="remember" type="checkbox" value="true" /><label for="remember">记住我</label>
-            </div>
-            <button class="btn btn-lg btn-login btn-block" type="submit">登 陆</button>
-        </div>
-    </form>
-</div>
+@model LoginModel
+@{
+    ViewBag.Title = "系统登陆";
+    Layout = "~/Views/Shared/_Layout.cshtml";
+}
+@section css {
+    <link href="~/Content/css/site.css" rel="stylesheet" />
+}
+@section javascript {
+    <script src="~/content/js/jquery.validate.js"></script>
+    <script src="~/content/js/messages_zh.js"></script>
+    <script src="~/Scripts/Login.js"></script>
+}
+<div class="container">
+    <form id="login" class="form-signin" method="post">
+        <h2 class="form-signin-heading">欢迎登陆本系统</h2>
+        <div class="login-wrap">
+            <div class="input-group">
+                <span class="glyphicon glyphicon-user input-group-addon"></span>
+                <input type="text" name="userName" class="form-control" placeholder="用户名" value="@Model.UserName" autofocus />
+            </div>
+            <div class="input-group">
+                <span class="glyphicon glyphicon-lock input-group-addon"></span>
+                <input type="password" name="password" class="form-control" value="@Model.Password" placeholder="密码" />
+            </div>
+            <div class="checkbox">
+                <input id="remember" name="remember" type="checkbox" value="true" /><label for="remember">记住我</label>
+            </div>
+            <button class="btn btn-lg btn-login btn-block" type="submit">登 陆</button>
+        </div>
+    </form>
+</div>
--- a/Bootstrap.Admin/Views/web.config
+++ b/Bootstrap.Admin/Views/web.config
@ -18,6 +18,7 @@
        <add namespace="System.Web.Routing" />
        <add namespace="Bootstrap.Admin" />
        <add namespace="Bootstrap.DataAccess" />
+        <add namespace="Bootstrap.Admin.Models" />
      </namespaces>
    </pages>
  </system.web.webPages.razor>
--- a/Bootstrap.Admin/Web.config
+++ b/Bootstrap.Admin/Web.config
@ -15,6 +15,7 @@
    <add key="PreserveLoginUrl" value="true"/>
    <add key="ClientValidationEnabled" value="true"/>
    <add key="UnobtrusiveJavaScriptEnabled" value="true"/>
+    <add key="Admins" value="Argo"/>
  </appSettings>

  <connectionStrings>
--- a/Bootstrap.DataAccess/UserHelper.cs
+++ b/Bootstrap.DataAccess/UserHelper.cs
@ -1,6 +1,7 @@
 using Longbow.Caching;
 using Longbow.Caching.Configuration;
 using Longbow.ExceptionManagement;
+using Longbow.Security;
 using System;
 using System.Collections.Generic;
 using System.Data;
@ -16,7 +17,6 @@ namespace Bootstrap.DataAccess
    public static class UserHelper
    {
        private const string UserDataKey = "UserData-CodeUserHelper";
-
        /// <summary>
        /// 查询所有用户
        /// </summary>
@ -49,6 +49,36 @@ namespace Bootstrap.DataAccess
            return string.IsNullOrEmpty(tId) ? ret : ret.Where(t => tId.Equals(t.ID.ToString(), StringComparison.OrdinalIgnoreCase));
        }
        /// <summary>
+        /// 
+        /// </summary>
+        /// <param name="userName"></param>
+        /// <returns></returns>
+        private static User RetrieveUsersByName(string userName)
+        {
+            User user = null;
+            string sql = "select ID, UserName, [Password], PassSalt from Users where UserName = @UserName";
+            DbCommand cmd = DBAccessManager.SqlDBAccess.CreateCommand(CommandType.Text, sql);
+            try
+            {
+                cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@UserName", userName, ParameterDirection.Input));
+                using (DbDataReader reader = DBAccessManager.SqlDBAccess.ExecuteReader(cmd))
+                {
+                    if (reader.Read())
+                    {
+                        user = new User()
+                        {
+                            ID = (int)reader[0],
+                            UserName = (string)reader[1],
+                            Password = (string)reader[2],
+                            PassSalt = (string)reader[3]
+                        };
+                    }
+                }
+            }
+            catch (Exception ex) { ExceptionManager.Publish(ex); }
+            return user;
+        }
+        /// <summary>
        /// 删除用户
        /// </summary>
        /// <param name="ids"></param>
@ -84,6 +114,8 @@ namespace Bootstrap.DataAccess
            bool ret = false;
            if (p.UserName.Length > 50) p.UserName.Substring(0, 50);
            if (p.Password.Length > 50) p.Password.Substring(0, 50);
+            p.PassSalt = LgbCryptography.GenerateSalt();
+            p.Password = LgbCryptography.ComputeHash(p.Password, p.PassSalt);
            string sql = p.ID == 0 ?
                "Insert Into Users (UserName, Password, PassSalt) Values (@UserName, @Password, @PassSalt)" :
                "Update Users set UserName = @UserName, Password = @Password, PassSalt = @PassSalt where ID = @ID";
@ -94,7 +126,7 @@ namespace Bootstrap.DataAccess
                    cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@ID", p.ID, ParameterDirection.Input));
                    cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@UserName", p.UserName, ParameterDirection.Input));
                    cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@Password", p.Password, ParameterDirection.Input));
-                    cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@PassSalt", DBNull.Value, ParameterDirection.Input));
+                    cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@PassSalt", p.PassSalt, ParameterDirection.Input));
                    DBAccessManager.SqlDBAccess.ExecuteNonQuery(cmd);
                }
                ret = true;
@ -106,6 +138,17 @@ namespace Bootstrap.DataAccess
            }
            return ret;
        }
+        /// <summary>
+        /// 验证用户登陆账号与密码正确
+        /// </summary>
+        /// <param name="userName"></param>
+        /// <param name="password"></param>
+        /// <returns></returns>
+        public static bool Authenticate(string userName, string password)
+        {
+            var user = RetrieveUsersByName(userName);
+            return user != null && user.Password == LgbCryptography.ComputeHash(password, user.PassSalt);
+        }
        // 更新缓存
        private static void ClearCache()
        {