UpgradeAdminLoginOperation.jsp
5.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
<jsp:useBean id="rs" class="weaver.conn.RecordSet" scope="page" />
<%@ page import="java.io.*" %><%@ page import="java.util.*" %>
<%@ page import="org.json.JSONObject" %>
<%@ page import="weaver.system.UpgradeLoginControl" %>
<%@ page import="weaver.rsa.security.RSA" %>
<%@ page import="weaver.general.*" %>
<%
response.setHeader("cache-control", "no-cache");
response.setHeader("pragma", "no-cache");
response.setHeader("expires", "Mon 1 Jan 1990 00:00:00 GMT");
%><%
String flag = "0";
String requesttype = request.getParameter("requesttype");
if("1".equals(requesttype)) {
try{
BaseBean bean =new BaseBean();
String checkadmin =Util.null2String(bean.getPropValue("upgradesetting","checkadmin"));
if("1".equals(checkadmin)) {
String adminlogin = (String)request.getSession(true).getAttribute("weaver_uadminLogin") ;
if(adminlogin == null || !"1".equals(adminlogin)) {
flag = "1";
}
}
}catch(Exception e){}
out.print(flag);
} else {
JSONObject json = new JSONObject();
OrderProperties prop=new OrderProperties();
String filepath1=GCONST.getRootPath() +"WEB-INF"+ File.separatorChar+ "prop" + File.separatorChar+"upgradeloginsetting.properties";
prop.load(filepath1);
String loginstatus = Util.null2String(prop.getProperty("loginstatus")).trim();
int canloginchoice=Util.getIntValue(Util.null2String(prop.getProperty("canloginchoice").trim()));
if(canloginchoice<=0){
canloginchoice=10;
}
if ("".equals(loginstatus) || "0".equals(loginstatus)) {
}
if ("1".equals(loginstatus)) {
json.put("flag", 4);
} else {
String username = request.getParameter("username");
String user_password = request.getParameter("password");
BaseBean bean=new BaseBean();
String isrsaopen = Util.null2String(bean.getPropValue("openRSA","isrsaopen"));
if("1".equals(isrsaopen)){
RSA rsa = new RSA();
try{
user_password = rsa.decrypt(request,user_password);
}catch(Exception e){
new BaseBean().writeLog(e.toString());
e.printStackTrace();
}
}
//new BaseBean().writeLog("password:"+user_password);
boolean saltExists = false;
String sql = "";
if((rs.getDBType()).equalsIgnoreCase("oracle")) {
sql = "select 1 from USER_TAB_COLUMNS WHERE TABLE_NAME = UPPER('HrmResourceManager') AND COLUMN_NAME = 'SALT'";
} else if((rs.getDBType()).equalsIgnoreCase("sqlserver")) {
sql = "select 1 from syscolumns where id=object_id('HrmResourceManager') and name='salt'";
}
if(!sql.equals("")) {
rs.executeSql(sql);
if(rs.next()) {
saltExists = true;
}
} else {
saltExists = true;
}
if(saltExists) {
rs.executeSql("select password,salt from HrmResourceManager where loginid='" + username +"'");
String pswd = "";
if(rs.next()){
pswd = rs.getString(1);
if(pswd.length() != 0){
String salt = rs.getString("salt");
if (PasswordUtil.check(user_password, pswd, salt)) {
flag = "0";//正确
request.getSession(true).setAttribute("weaver_uadminLogin","1") ;
} else {
flag = "1";//用户名或密码错误
request.getSession(true).removeAttribute("weaver_uadminLogin");
}
} else {
flag = "1";//用户名或密码错误
request.getSession(true).removeAttribute("weaver_uadminLogin");
}
} else {
flag = "2";//用户名或密码错误
request.getSession(true).removeAttribute("weaver_uadminLogin");
}
} else {
rs.executeSql("select password from HrmResourceManager where loginid='" + username +"'");
String pswd = "";
if(rs.next()){
pswd = rs.getString(1);
if(pswd.length() != 0){
if (rs.getString("password").equals(Util.getEncrypt(user_password))) {
flag = "0";//正确
request.getSession(true).setAttribute("weaver_uadminLogin","1") ;
} else {
flag = "1";//用户名或密码错误
request.getSession(true).removeAttribute("weaver_uadminLogin");
}
} else {
flag = "1";//用户名或密码错误
request.getSession(true).removeAttribute("weaver_uadminLogin");
}
} else {
flag = "2";//用户名或密码错误
request.getSession(true).removeAttribute("weaver_uadminLogin");
}
}
if(!"2".equals(loginstatus)){
if ("0".equals(flag)) {//校验通过的
UpgradeLoginControl.logincount = 0;
//prop.put("loginstatus", "0");
json.put("count","0");
json.put("loginstatus",0);
}else if("2".equals(flag)){//账号错误不处理
new BaseBean().writeLog("账号错误");
json.put("loginstatus", 0);
json.put("count", UpgradeLoginControl.logincount);
} else {//校验失败处理
new BaseBean().writeLog("密码错误");
UpgradeLoginControl.logincount = UpgradeLoginControl.logincount + 1;
if (UpgradeLoginControl.logincount >canloginchoice-1) {
prop.put("loginstatus", "1");
flag = "4";
UpgradeLoginControl.logincount = 0;
prop.store(prop,filepath1);
}
json.put("loginstatus",1);
json.put("count",UpgradeLoginControl.logincount);
}
}else{
json.put("loginstatus",2);
}
}
json.put("canloginchoice", canloginchoice);
json.put("flag", flag);
response.getWriter().print(json.toString());
}
%>