java/SuperSaveDriving.git

			@@ -2,12 +2,15 @@

			import com.google.code.kaptcha.Constants;
			import com.stylefeng.guns.core.base.controller.BaseController;
			import com.stylefeng.guns.core.common.constant.Const;
			import com.stylefeng.guns.core.common.exception.InvalidKaptchaException;
			import com.stylefeng.guns.core.log.LogManager;
			import com.stylefeng.guns.core.log.factory.LogTaskFactory;
			import com.stylefeng.guns.core.node.MenuNode;
			import com.stylefeng.guns.core.shiro.ShiroKit;
			import com.stylefeng.guns.core.shiro.ShiroUser;
			import com.stylefeng.guns.core.shiro.factory.IShiro;
			import com.stylefeng.guns.core.shiro.factory.ShiroFactroy;
			import com.stylefeng.guns.core.util.ApiMenuFilter;
			import com.stylefeng.guns.core.util.KaptchaUtil;
			import com.stylefeng.guns.core.util.SinataUtil;
			@@ -16,6 +19,8 @@
			import com.stylefeng.guns.modular.system.service.IMenuService;
			import com.stylefeng.guns.modular.system.service.IUserService;
			import com.stylefeng.guns.modular.system.util.AESUtils;
			import com.stylefeng.guns.modular.system.util.RedisUtil;
			import org.apache.shiro.authc.SimpleAuthenticationInfo;
			import org.apache.shiro.authc.UsernamePasswordToken;
			import org.apache.shiro.subject.Subject;
			import org.springframework.beans.factory.annotation.Autowired;
			@@ -45,12 +50,11 @@

			@Autowired
			private IUserService userService;

			private Map<String, Long> loginTime = new HashMap<>();
			@Autowired
			private RedisUtil redisUtil;

			private Map<String, Integer> loginFailures = new HashMap<>();

			private List<String> ips = Arrays.asList("127.0.0.1");



			@@ -103,7 +107,8 @@
			* 跳转到登录页面
			*/
			@RequestMapping(value = "/login", method = RequestMethod.GET)
			public String login() {
			public String login(Model model) {
			model.addAttribute("number",0);
			if (ShiroKit.isAuthenticated() \|\| ShiroKit.getUser() != null) {
			return REDIRECT + "/";
			} else {
			@@ -115,53 +120,43 @@
			* 点击登录执行的动作
			*/
			@RequestMapping(value = "/login", method = RequestMethod.POST)
			public String loginVali(String username, String password, String remember, Model model, HttpServletRequest request) {
			String ip = request.getHeader("x-forwarded-for");
			if (ip != null && ip.length() != 0 && !"unknown".equalsIgnoreCase(ip)) {
			// 多次反向代理后会有多个ip值，第一个ip才是真实ip
			if (ip.indexOf(",") != -1) {
			ip = ip.split(",")[0];
			}
			}
			if (ip == null \|\| ip.length() == 0 \|\| "unknown".equalsIgnoreCase(ip)) {
			ip = request.getHeader("Proxy-Client-IP");
			}
			if (ip == null \|\| ip.length() == 0 \|\| "unknown".equalsIgnoreCase(ip)) {
			ip = request.getHeader("WL-Proxy-Client-IP");
			}
			if (ip == null \|\| ip.length() == 0 \|\| "unknown".equalsIgnoreCase(ip)) {
			ip = request.getHeader("HTTP_CLIENT_IP");
			}
			if (ip == null \|\| ip.length() == 0 \|\| "unknown".equalsIgnoreCase(ip)) {
			ip = request.getHeader("HTTP_X_FORWARDED_FOR");
			}
			if (ip == null \|\| ip.length() == 0 \|\| "unknown".equalsIgnoreCase(ip)) {
			ip = request.getHeader("X-Real-IP");
			}
			if (ip == null \|\| ip.length() == 0 \|\| "unknown".equalsIgnoreCase(ip)) {
			ip = request.getRemoteAddr();
			}
			if(!ips.contains(ip)){
			model.addAttribute("tips", "请在特定的网络下使用系统");
			return "/login.html";
			}

			public String loginVali(String username, String password,String sms_code, String remember, Model model, HttpServletRequest request) {
			Integer f = loginFailures.get(username);
			f = f == null ? 0 : f;
			Long t = loginTime.get(username);
			t = null == t ? 0 : t;
			if(System.currentTimeMillis() - t > (30 * 60 * 1000)){
			loginFailures.put(username, f = 1);
			loginTime.put(username, System.currentTimeMillis());
			}else{
			// 校验账号，密码是否正确，如果错误，对次数进行加1
			IShiro shiroFactory = ShiroFactroy.me();
			User user = userService.getByAccount(username);
			if(null == user){
			f++;
			loginFailures.put(username, f);
			}else {
			// 校验密码
			ShiroUser shiroUser1 = shiroFactory.shiroUser(user);
			SimpleAuthenticationInfo info = shiroFactory.info(shiroUser1, user, username);
			String pass = ShiroKit.md5(password, user.getSalt());
			if(!info.getCredentials().equals(pass)){
			f++;
			loginFailures.put(username, f);
			if(f<5){
			model.addAttribute("number", "3");
			}
			if(f==5){
			model.addAttribute("number", "5");
			}
			model.addAttribute("message","账号或密码错误!");
			return "/login.html";
			}
			}

			if(f > 5 && (System.currentTimeMillis() - t) <= (30 * 60 * 1000)){
			model.addAttribute("tips", "登录次数过多，请等30分钟再试！");
			return "/login.html";
			}
			// if(!"aaaa".equals(sms_code)){
			// String value = redisUtil.getValue(user.getPhone());
			// if(ToolUtil.isEmpty(value) \|\| !sms_code.equals(value)){
			// model.addAttribute("tips", "无效的验证码");
			// return "/login.html";
			// }
			// }


			//验证验证码是否正确
			if (KaptchaUtil.getKaptchaOnOff()) {
			String kaptcha = super.getPara("kaptcha").trim();
			@@ -170,7 +165,8 @@
			throw new InvalidKaptchaException();
			}
			}
			password = AESUtils.decrypt(password);

			model.addAttribute("number", "3");
			Subject currentUser = ShiroKit.getSubject();
			UsernamePasswordToken token = new UsernamePasswordToken(username, password.toCharArray());

			@@ -179,11 +175,12 @@
			// } else {
			// token.setRememberMe(false);
			// }

			token.setRememberMe(false);//关闭记住我功能

			currentUser.login(token);

			// 登录成功，错误次数值改0
			loginFailures.put(username, 0);

			ShiroUser shiroUser = ShiroKit.getUser();
			super.getSession().setAttribute("shiroUser", shiroUser);
			super.getSession().setAttribute("username", shiroUser.getAccount());