package com.spring.controller; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import com.alibaba.fastjson.*; import dao.CommDAO; import java.util.*; import util.Info; import util.DESUtil; import net.jntoo.db.Query; import javax.annotation.Resource; import javax.servlet.http.HttpSession; import util.Request; import com.spring.entity.Admins; import com.spring.service.AdminsService; import com.spring.entity.Yonghu; import com.spring.service.YonghuService; /** * 用户登录更新密码控制器 */ @Controller public class UserController extends BaseController{ @Resource private AdminsService adminsService; @Resource private YonghuService yonghuService; /** * 登录页面 * @return */ @RequestMapping("/login") public String Index() { return "login"; } /** * 退出 * @return */ @RequestMapping("/logout") public String Logout() { request.getSession().invalidate(); return showSuccess("退出成功" , "./"); } /** * 验证登录用户 * @param isAdmin * @param username * @param pwd * @param cx * @return */ protected String authLoginUser(boolean isAdmin,String username , String pwd,String cx) { if(username == null || "".equals(username) ){ return showError( "账号不允许为空" ); } if(pwd == null || "".equals(pwd) ){ return showError( "密码不允许为空" ); } if(cx == null){ return showError( "请选中登录类型" ); } String random; // 获取 token方式的验证码值 if(isAjax() && request.getParameter("captchToken") != null ){ random = DESUtil.decrypt("CaptchControllerPassword" , request.getParameter("captchToken")); }else{ random = (String) request.getSession().getAttribute("random"); } String pagerandom = request.getParameter("pagerandom") == null ? "" : request.getParameter("pagerandom"); if (request.getParameter("a") != null && !pagerandom.equals(random)) { return showError("验证码不正确" , 20); } if (cx.equals("管理员")) { Admins user = adminsService.login(username , pwd); if(user == null){ return showError("用户名或密码错误"); } session.setAttribute("id" , user.getId()); session.setAttribute("username" , user.getUsername()); session.setAttribute("cx" , cx); session.setAttribute("login" , cx); session.setAttribute("username", user.getUsername()); session.setAttribute("pwd", user.getPwd()); session.setAttribute("addtime", user.getAddtime()); JSONObject jsonObject = JSON.parseObject(JSON.toJSONString(user)); jsonObject.put("cx" , session.getAttribute("cx")); jsonObject.put("username" , session.getAttribute("username")); jsonObject.put("login" , session.getAttribute("login")); assign("session" , jsonObject); } if (cx.equals("用户")) { Yonghu user = yonghuService.login(username , pwd); if(user == null){ return showError("用户名或密码错误"); } session.setAttribute("id" , user.getId()); session.setAttribute("username" , user.getYonghuming()); session.setAttribute("cx" , cx); session.setAttribute("login" , cx); session.setAttribute("yonghuming", user.getYonghuming()); session.setAttribute("mima", user.getMima()); session.setAttribute("xingming", user.getXingming()); session.setAttribute("xingbie", user.getXingbie()); session.setAttribute("shouji", user.getShouji()); session.setAttribute("youxiang", user.getYouxiang()); session.setAttribute("shenfenzheng", user.getShenfenzheng()); session.setAttribute("touxiang", user.getTouxiang()); session.setAttribute("addtime", user.getAddtime()); JSONObject jsonObject = JSON.parseObject(JSON.toJSONString(user)); jsonObject.put("cx" , session.getAttribute("cx")); jsonObject.put("username" , session.getAttribute("username")); jsonObject.put("login" , session.getAttribute("login")); assign("session" , jsonObject); } if(session.getAttribute("username") == null){ return showError("账号或密码错误"); } String referer = request.getParameter("referer"); if(referer == null){ if(isAdmin){ referer = "./main.do"; }else{ referer = "./"; } } assign("token",createToken( session.getAttribute("cx"), session.getAttribute("login") , session.getAttribute("username"), _var.get("session") ) ); if(this.isAjax()) { return json(); }else{ return showSuccess("登录成功", referer); } } public String createToken(Object cx , Object login, Object username , Object session) { String SOURCE_STRING = "0123456789ABCDEFGHIGKLMNOPQRSTUVWXYZ"; String token = createRandomString(SOURCE_STRING,32); // 删除过期token new CommDAO().commOper("DELETE FROM token WHERE token_time<'"+ Info.getDateStr()+"'"); HashMap tokenMap = new HashMap(); tokenMap.put("token" , token); tokenMap.put("cx" , cx); tokenMap.put("login" , login); tokenMap.put("username" , username); tokenMap.put("valueid" , this.session.getAttribute("id")); // 10天的有效期 tokenMap.put("token_time" , Info.date("yyyy-MM-dd HH:mm:ss" , Info.time() + 86400 * 10)); tokenMap.put("session" , JSON.toJSONString(session)); Query.make("token").add(tokenMap); return token; } /** * 使用已有token 登录 * @return */ @RequestMapping("/tokenLogin") public String tokenLogin() { String token = request.getParameter("token"); HashMap tokenInfo = Query.make("token").where("token" , token).where("token_time" , ">" , Info.getDateStr()).find(); if(tokenInfo.isEmpty()) { return jsonError("token已失效"); } String cx = tokenInfo.get("login"); Object user = null; if(cx.equals("管理员")) { user = adminsService.find(tokenInfo.get("valueid")); } if(cx.equals("用户")) { user = yonghuService.find(tokenInfo.get("valueid")); } if(user == null){ return jsonError("没找到token中用户"); } tokenInfo.put("session" , JSON.toJSONString(user)); session.setAttribute("cx" , tokenInfo.get("cx")); session.setAttribute("login" , tokenInfo.get("login")); session.setAttribute("username" , tokenInfo.get("username")); session.setAttribute("id" , tokenInfo.get("valueid")); JSONObject session1 = JSON.parseObject(tokenInfo.get("session")); for( Map.Entry entry :session1.entrySet()) { session.setAttribute(entry.getKey() , entry.getValue()); } session1.put("cx",tokenInfo.get("cx")); session1.put("login",tokenInfo.get("login")); session1.put("username",tokenInfo.get("username")); assign("token" , token); assign("session" , session1); // 刷新token有效期 tokenInfo.put("token_time" , Info.date("yyyy-MM-dd HH:mm:ss" , Info.time() + 86400 * 10)); Query.make("token").where("token" , token).update(tokenInfo); return json(); } /** * 获取随机串 * @param source 源字符串 * @param length 随机串的长度 * @return 随机串 */ private String createRandomString(String source, int length) { if (this.isNullOrEmpty(source)) { return ""; } StringBuffer result = new StringBuffer(); Random random = new Random(); for(int index = 0; index < length; index++) { result.append(source.charAt(random.nextInt(source.length()))); } System.out.println(result.toString()); return result.toString(); } /** * 判断字符串是否为空 * @param target * @return true:空,false:非空 */ private boolean isNullOrEmpty(String target) { if (null == target || "".equals(target) || target.isEmpty()) { return true; } return false; } /** * 后台主页面 * @return */ @RequestMapping("/main") public String main() { return "main"; } /** * 后台初始页面 * @return */ @RequestMapping("/sy") public String sy() { return "sy"; } /** * 不一定有 * @return */ @RequestMapping("/mygo") public String mygo() { return "mygo"; } /** * 头部页面 * @return */ @RequestMapping("/top") public String top() { return "top"; } /** * 验证登录页面 * @return */ @RequestMapping("/authLogin") public String authLogin() { String username = Request.get("username"); String pwd = Request.get("pwd"); String cx = Request.get("cx"); return authLoginUser(false , username,pwd,cx); } /** * 验证后台登录 * @return */ @RequestMapping("/authAdminLogin") public String authAdminLogin() { String username = Request.get("username"); String pwd = Request.get("pwd"); String cx = Request.get("cx"); return authLoginUser(true , username,pwd,cx); } /** * 修改登录密码页面 * @return */ @RequestMapping("/mod") public String mod() { return "mod"; } /** * 保存修改密码 * @return */ @RequestMapping("/editPassword") public String editPassword() { String username = request.getSession().getAttribute("username").toString(); String cx = request.getSession().getAttribute("login").toString(); String oldPassword = Request.get("oldPassword"); String newPwd = Request.get("newPwd"); String newPwd2 = Request.get("newPwd2"); if(!newPwd.equals(newPwd2)){ return showError("两次密码不一致"); } if (cx.equals("管理员")) { Admins user = adminsService.login(username , oldPassword); if(user == null){ return showError("原密码不正确"); } adminsService.updatePassword(user.getId() , newPwd); } if (cx.equals("用户")) { Yonghu user = yonghuService.login(username , oldPassword); if(user == null){ return showError("原密码不正确"); } yonghuService.updatePassword(user.getId() , newPwd); } return showSuccess("修改密码成功" , "./mod.do"); } }