java/QYTDriving.git

parent: 954dd6d1 | 补丁 | 提交 | ignore whitespace

Pu Zhibing

2 天以前 bc11ec0e6b09d1da34abd970a2acf7b461127eca

修改安全漏洞

8个文件已修改

1个文件已添加

	management/guns-admin/src/main/java/com/stylefeng/guns/config/web/ShiroConfig.java	5 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TAppUserController.java	10 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TCarController.java	23 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TDriverController.java	38 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/system/LoginController.java	2 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/util/AESUtil.java	90 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	management/guns-admin/src/main/webapp/WEB-INF/view/common/_container.html	29 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	management/guns-admin/src/main/webapp/WEB-INF/view/login.html	10 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	management/guns-admin/src/main/webapp/static/modular/system/tDriver/tDriver.js	18 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史

 management/guns-admin/src/main/java/com/stylefeng/guns/config/web/ShiroConfig.java

@@ -102,7 +102,7 @@
    @Bean
    public CookieRememberMeManager rememberMeManager(SimpleCookie rememberMeCookie) {
        CookieRememberMeManager manager = new CookieRememberMeManager();
        manager.setCipherKey(Base64.decode("Z3VucwAAAAAAAAAAAAAAAA=="));
//        manager.setCipherKey(Base64.decode("Z3VucwAAAAAAAAAAAAAAAA=="));
        manager.setCookie(rememberMeCookie);
        return manager;
    }
@@ -112,7 +112,8 @@
     */
    @Bean
    public SimpleCookie rememberMeCookie() {
        SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
//        SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
        SimpleCookie simpleCookie = new SimpleCookie("");
        simpleCookie.setHttpOnly(true);
        simpleCookie.setMaxAge(7 * 24 * 60 * 60);//7天
        return simpleCookie;

 management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TAppUserController.java

@@ -2,7 +2,9 @@

import com.baomidou.mybatisplus.mapper.EntityWrapper;
import com.stylefeng.guns.core.base.controller.BaseController;
import com.stylefeng.guns.core.base.tips.SuccessTip;
import com.stylefeng.guns.core.log.LogObjectHolder;
import com.stylefeng.guns.core.util.ToolUtil;
import com.stylefeng.guns.modular.system.controller.resp.TAppUserResp;
import com.stylefeng.guns.modular.system.controller.util.ExcelUtil;
import com.stylefeng.guns.modular.system.enums.CouponStatusEnum;
@@ -214,6 +216,10 @@
    @RequestMapping(value = "/add")
    @ResponseBody
    public Object add(TAppUser tAppUser) {
        String avatar = tAppUser.getAvatar();
        if(ToolUtil.isNotEmpty(avatar) && !avatar.contains("png") && !avatar.contains("jpg")){
            return new SuccessTip(500,"请上传png/jpg格式的头像照片!");
        }
        tAppUserService.insert(tAppUser);
        return SUCCESS_TIP;
    }
@@ -257,6 +263,10 @@
    @RequestMapping(value = "/update")
    @ResponseBody
    public Object update(TAppUser tAppUser) {
        String avatar = tAppUser.getAvatar();
        if(ToolUtil.isNotEmpty(avatar) && !avatar.contains("png") && !avatar.contains("jpg")){
            return new SuccessTip(500,"请上传png/jpg格式的头像照片!");
        }
        tAppUserService.updateById(tAppUser);
        return SUCCESS_TIP;
    }

 management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TCarController.java

@@ -4,12 +4,10 @@
import com.baomidou.mybatisplus.plugins.Page;
import com.stylefeng.guns.core.base.controller.BaseController;
import com.stylefeng.guns.core.base.tips.ErrorTip;
import com.stylefeng.guns.core.base.tips.SuccessTip;
import com.stylefeng.guns.core.common.constant.factory.PageFactory;
import com.stylefeng.guns.core.shiro.ShiroKit;
import com.stylefeng.guns.core.util.DateUtil;
import com.stylefeng.guns.core.util.ExcelExportUtil;
import com.stylefeng.guns.core.util.SinataUtil;
import com.stylefeng.guns.core.util.WoUtil;
import com.stylefeng.guns.core.util.*;
import com.stylefeng.guns.modular.system.dao.CarInsuranceMapper;
import com.stylefeng.guns.modular.system.model.*;
import com.stylefeng.guns.modular.system.service.*;
@@ -361,6 +359,14 @@
    @RequestMapping(value = "/add")
    @ResponseBody
    public Object add(TCar tCar,@RequestParam String serverBox,Integer roleType,Integer companyType,Integer oneId,Integer twoId,Integer franchiseeId,String zcModel,String kcModel) {
        String carPhoto = tCar.getCarPhoto();
        if(ToolUtil.isNotEmpty(carPhoto) && !carPhoto.contains("png") && !carPhoto.contains("jpg")){
            return new SuccessTip(500,"请上传png/jpg格式的车辆照片!");
        }
        String drivingLicensePhoto = tCar.getDrivingLicensePhoto();
        if(ToolUtil.isNotEmpty(drivingLicensePhoto) && !drivingLicensePhoto.contains("png") && !drivingLicensePhoto.contains("jpg")){
            return new SuccessTip(500,"请上传png/jpg格式的行驶证照片!");
        }
        if (1 == roleType){  //平台
            if (2 == companyType.intValue()){
                if (SinataUtil.isNotEmpty(oneId)){
@@ -400,6 +406,7 @@
        }
        tCar.setInsertTime(new Date());
        tCar.setState(1);

        tCarService.insert(tCar);

        //添加经营业务
@@ -443,6 +450,14 @@
    @RequestMapping(value = "/update")
    @ResponseBody
    public Object update(TCar tCar,@RequestParam String serverBox,Integer roleType,Integer companyType,Integer oneId,Integer twoId,Integer franchiseeId,String zcModel,String kcModel) {
        String carPhoto = tCar.getCarPhoto();
        if(ToolUtil.isNotEmpty(carPhoto) && !carPhoto.contains("png") && !carPhoto.contains("jpg")){
            return new SuccessTip(500,"请上传png/jpg格式的车辆照片!");
        }
        String drivingLicensePhoto = tCar.getDrivingLicensePhoto();
        if(ToolUtil.isNotEmpty(drivingLicensePhoto) && !drivingLicensePhoto.contains("png") && !drivingLicensePhoto.contains("jpg")){
            return new SuccessTip(500,"请上传png/jpg格式的行驶证照片!");
        }
        if (1 == roleType){  //平台
            if (2 == companyType.intValue()){
                if (SinataUtil.isNotEmpty(oneId)){

 management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TDriverController.java

@@ -9,6 +9,7 @@
import com.stylefeng.guns.core.log.LogObjectHolder;
import com.stylefeng.guns.core.shiro.ShiroKit;
import com.stylefeng.guns.core.shiro.ShiroUser;
import com.stylefeng.guns.core.util.ToolUtil;
import com.stylefeng.guns.modular.system.controller.resp.TDriverCommissionResp;
import com.stylefeng.guns.modular.system.controller.resp.TDriverResp;
import com.stylefeng.guns.modular.system.controller.util.ExcelUtil;
@@ -19,6 +20,7 @@
import com.stylefeng.guns.modular.system.enums.UserTypeEnum;
import com.stylefeng.guns.modular.system.model.*;
import com.stylefeng.guns.modular.system.service.*;
import com.stylefeng.guns.modular.system.util.AESUtil;
import com.stylefeng.guns.modular.system.util.DateUtil;
import com.stylefeng.guns.modular.system.util.RedisUtil;
//import com.stylefeng.guns.modular.system.util.bank.BankUtil;
@@ -360,6 +362,9 @@
        List<TDriver> tDrivers = tDriverService.selectList(wrapper);
        List<TDriverResp> tDriverResp = tDriverService.getTDriverResp(tDrivers);
        for (TDriverResp driverResp : tDriverResp) {
            driverResp.setIdcard(AESUtil.encrypt(driverResp.getIdcard()));
            driverResp.setName(AESUtil.encrypt(driverResp.getName()));
            driverResp.setPhone(AESUtil.encrypt(driverResp.getPhone()));
            TDriverWork tDriverWork = tDriverWorkService.selectOne(new EntityWrapper<TDriverWork>()
                    .eq("driverId", driverResp.getId())
                    .orderBy("workTime", false)
@@ -575,7 +580,22 @@
    @RequestMapping(value = "/add")
    @ResponseBody
    public Object add(TDriver tDriver) {

        String avatar = tDriver.getAvatar();
        if(ToolUtil.isNotEmpty(avatar) && !avatar.contains("png") && !avatar.contains("jpg")){
            return new SuccessTip(500,"请上传png/jpg格式的头像图片!");
        }
        String driverLicense = tDriver.getDriverLicense();
        if(ToolUtil.isNotEmpty(driverLicense) && !driverLicense.contains("png") && !driverLicense.contains("jpg")){
            return new SuccessTip(500,"请上传png/jpg格式的驾驶证照片!");
        }
        String idcardFront = tDriver.getIdcardFront();
        if(ToolUtil.isNotEmpty(idcardFront) && !idcardFront.contains("png") && !idcardFront.contains("jpg")){
            return new SuccessTip(500,"请上传png/jpg格式的身份证正面照!");
        }
        String idcardBack = tDriver.getIdcardBack();
        if(ToolUtil.isNotEmpty(idcardBack) && !idcardBack.contains("png") && !idcardBack.contains("jpg")){
            return new SuccessTip(500,"请上传png/jpg格式的身份证背面照!");
        }
        int count = tDriverService.selectCount(new EntityWrapper<TDriver>().eq("phone", tDriver.getPhone()));
        if(count>0){
            return new SuccessTip(500,"该司机已存在!");
@@ -677,6 +697,22 @@
    @RequestMapping(value = "/update")
    @ResponseBody
    public Object update(TDriver tDriver) {
        String avatar = tDriver.getAvatar();
        if(ToolUtil.isNotEmpty(avatar) && !avatar.contains("png") && !avatar.contains("jpg")){
            return new SuccessTip(500,"请上传png/jpg格式的头像图片!");
        }
        String driverLicense = tDriver.getDriverLicense();
        if(ToolUtil.isNotEmpty(driverLicense) && !driverLicense.contains("png") && !driverLicense.contains("jpg")){
            return new SuccessTip(500,"请上传png/jpg格式的驾驶证照片!");
        }
        String idcardFront = tDriver.getIdcardFront();
        if(ToolUtil.isNotEmpty(idcardFront) && !idcardFront.contains("png") && !idcardFront.contains("jpg")){
            return new SuccessTip(500,"请上传png/jpg格式的身份证正面照!");
        }
        String idcardBack = tDriver.getIdcardBack();
        if(ToolUtil.isNotEmpty(idcardBack) && !idcardBack.contains("png") && !idcardBack.contains("jpg")){
            return new SuccessTip(500,"请上传png/jpg格式的身份证背面照!");
        }
        TDriver driver = tDriverService.selectOne(new EntityWrapper<TDriver>().eq("phone", tDriver.getPhone())
                .last("LIMIT 1"));
        if(Objects.nonNull(driver) && !tDriver.getId().equals(driver.getId())){

 management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/system/LoginController.java

@@ -18,6 +18,7 @@
import com.stylefeng.guns.modular.system.model.User;
import com.stylefeng.guns.modular.system.service.IMenuService;
import com.stylefeng.guns.modular.system.service.IUserService;
import com.stylefeng.guns.modular.system.util.AESUtil;
import com.stylefeng.guns.modular.system.util.AESUtils;
import com.stylefeng.guns.modular.system.util.RedisUtil;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
@@ -121,6 +122,7 @@
     */
    @RequestMapping(value = "/login", method = RequestMethod.POST)
    public String loginVali(String username, String password,String sms_code, String remember, Model model, HttpServletRequest request) {
        password = AESUtil.decrypt(password);
        Integer f = loginFailures.get(username);
        f = f == null ? 0 : f;
        // 校验账号，密码是否正确，如果错误，对次数进行加1

 management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/util/AESUtil.java

New file
@@ -0,0 +1,90 @@
package com.stylefeng.guns.modular.system.util;


import com.stylefeng.guns.core.util.ToolUtil;
import org.springframework.util.Base64Utils;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/**
 * 定义AES加密解密工具类
 */
public class AESUtil {

    private static final String KEY_ALGORITHM = "AES";//加密方式

    private static final String DEFAULT_CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";//默认的加密算法

    private static final String KEY = "xqT86jictTPpHMem";//密码

    private static final String IV_PARAMETER = "xqT86jicxqT86jic";//偏移量

    private static final String CHARSET = "UTF-8";//编码




    /**
     * 加密操作
     * @param content  待加密内容
     * @return
     * @throws Exception
     */
    public static String encrypt(String content) {
        try {
            if(ToolUtil.isEmpty(content)){
                return content;
            }
            Cipher cipher = Cipher.getInstance(DEFAULT_CIPHER_ALGORITHM);
            byte[] raw = KEY.getBytes(CHARSET);
            SecretKeySpec skeySpec = new SecretKeySpec(raw, KEY_ALGORITHM);
            IvParameterSpec iv = new IvParameterSpec(IV_PARAMETER.getBytes());
            cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
            byte[] encrypted = cipher.doFinal(content.getBytes(CHARSET));
            return Base64Utils.encodeToString(encrypted);
        }catch (Exception e){
            e.printStackTrace();
        }
        return content;
    }

    /**
     *解密操作
     * @param content 待解密内容
     * @return
     * @throws Exception
     */
    public static String decrypt(String content) {
        try {
            if(ToolUtil.isEmpty(content)){
                return content;
            }
            byte[] raw = KEY.getBytes(CHARSET);
            SecretKeySpec skeySpec = new SecretKeySpec(raw, KEY_ALGORITHM);
            Cipher cipher = Cipher.getInstance(DEFAULT_CIPHER_ALGORITHM);
            IvParameterSpec iv = new IvParameterSpec(IV_PARAMETER.getBytes());
            cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);

            byte[] encrypted1 = Base64Utils.decodeFromString(content);
            byte[] original = cipher.doFinal(encrypted1);
            String originalString = new String(original, CHARSET);
            return originalString;
        } catch (Exception ex) {
            ex.printStackTrace();
        }
        return content;
    }


    public static void main(String[] ages){
//        String encrypt = AESUtil.encrypt("19167181339");
//        System.err.println(encrypt);
        String travel = AESUtil.decrypt("tw1pslwtyVl58hz4A9HauCmgWtML1DKJKGIOxVhv9KE=");
        System.err.println(travel);

//        String decrypt = DESUtil.decrypt("xqT86jictTPpHMem", "uFT7jx9P7+t8n1IVQsxn7A==");
//        System.err.println(decrypt);
    }
}

 management/guns-admin/src/main/webapp/WEB-INF/view/common/_container.html

@@ -66,6 +66,7 @@
    <script type="text/javascript" charset="utf-8" src="${ctxPath}/djadmin/static/js/ueditor/jsp/ueditor.config.js"></script>
    <script type="text/javascript" charset="utf-8" src="${ctxPath}/djadmin/static/js/ueditor/jsp/ueditor.all.js"></script>
    <script type="text/javascript" charset="utf-8" src="${ctxPath}/djadmin/static/js/ueditor/jsp/lang/zh-cn/zh-cn.js"></script>
    <script src="${ctxPath}/djadmin/static/crypto-js/crypto-js.js"></script>
    <!--<style type="text/css">
        table{  
            width:100px;  
@@ -288,7 +289,35 @@
                }
            });
        }
        var key = CryptoJS.enc.Utf8.parse("xqT86jictTPpHMem");
        var iv = CryptoJS.enc.Utf8.parse("xqT86jicxqT86jic");

        //aes加密
        function encrypt(context) {
            var encrypted = '';
            if (typeof(context) == 'string') {

            }else if(typeof(context) == 'object'){
                context = JSON.stringify(context);
            }
            var srcs = CryptoJS.enc.Utf8.parse(context);
            encrypted = CryptoJS.AES.encrypt(srcs, key, {
                iv: iv,
                mode: CryptoJS.mode.CBC,
                padding: CryptoJS.pad.Pkcs7
            });
            return encrypted.toString();
        }
        // aes解密
        function decrypt(context) {
            var decrypt = CryptoJS.AES.decrypt(context, key, {
                iv: iv,
                mode: CryptoJS.mode.CBC,
                padding: CryptoJS.pad.Pkcs7
            });
            var decryptedStr = decrypt.toString(CryptoJS.enc.Utf8);
            return decryptedStr.toString();
        }
        // 页面加载完成后启动轮询
        $(document).ready(function() {
            // 延迟5秒后开始轮询，避免页面加载时的性能影响

 management/guns-admin/src/main/webapp/WEB-INF/view/login.html

@@ -115,8 +115,8 @@
            $("#kaptcha").attr('src', '${ctxPath}/djadmin/kaptcha?' + Math.floor(Math.random() * 100)).fadeIn();
        });
    });
    var key = CryptoJS.enc.Utf8.parse("c53fd327353a09a1");
    var iv = CryptoJS.enc.Utf8.parse("3a0565e3b1d8ae3d");
    var key = CryptoJS.enc.Utf8.parse("xqT86jictTPpHMem");
    var iv = CryptoJS.enc.Utf8.parse("xqT86jicxqT86jic");

    //aes加密
    function encrypt(context) {
@@ -145,9 +145,9 @@
        return decryptedStr.toString();
    }
    function login(){
        // let password = $('#password').val();
        // password = encrypt(password);
        // $('#password').val(password);
        let password = $('#password').val();
        password = encrypt(password);
        $('#password').val(password);
        $('#submit').submit();
    }


 management/guns-admin/src/main/webapp/static/modular/system/tDriver/tDriver.js

@@ -16,8 +16,16 @@
        {field: 'selectItem', radio: true},
            {title: '主键', field: 'id', visible: true, align: 'center', valign: 'middle'},
            {title: '编号', field: 'code', visible: true, align: 'center', valign: 'middle'},
            {title: '姓名', field: 'name', visible: true, align: 'center', valign: 'middle'},
            {title: '手机号', field: 'phone', visible: true, align: 'center', valign: 'middle'},
            {title: '姓名', field: 'name', visible: true, align: 'center', valign: 'middle',
                formatter: function (value, row) {
                    return decrypt(value);
                }
            },
            {title: '手机号', field: 'phone', visible: true, align: 'center', valign: 'middle',
                formatter: function (value, row) {
                    return decrypt(value);
                }
            },
            {title: '性别', field: 'sex', visible: true, align: 'center', valign: 'middle',
                formatter: function (value, row) {
                    if (row.sex === 1){
@@ -29,7 +37,11 @@
                    }
                }},
        {title: '驾驶证号码', field: 'driverLicenseNumber', visible: true, align: 'center', valign: 'middle'},
        {title: '身份证号码', field: 'idcard', visible: true, align: 'center', valign: 'middle'},
        {title: '身份证号码', field: 'idcard', visible: true, align: 'center', valign: 'middle',
            formatter: function (value, row) {
                return decrypt(value);
            }
        },
        {title: '身份证', field: 'source', visible: true, align: 'center', valign: 'middle',
            formatter: function (value, row) {
                if (null != row.idcardFront){

			@@ -102,7 +102,7 @@
			@Bean
			public CookieRememberMeManager rememberMeManager(SimpleCookie rememberMeCookie) {
			CookieRememberMeManager manager = new CookieRememberMeManager();
			manager.setCipherKey(Base64.decode("Z3VucwAAAAAAAAAAAAAAAA=="));
			// manager.setCipherKey(Base64.decode("Z3VucwAAAAAAAAAAAAAAAA=="));
			manager.setCookie(rememberMeCookie);
			return manager;
			}
			@@ -112,7 +112,8 @@
			*/
			@Bean
			public SimpleCookie rememberMeCookie() {
			SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
			// SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
			SimpleCookie simpleCookie = new SimpleCookie("");
			simpleCookie.setHttpOnly(true);
			simpleCookie.setMaxAge(7 * 24 * 60 * 60);//7天
			return simpleCookie;

			@@ -2,7 +2,9 @@

			import com.baomidou.mybatisplus.mapper.EntityWrapper;
			import com.stylefeng.guns.core.base.controller.BaseController;
			import com.stylefeng.guns.core.base.tips.SuccessTip;
			import com.stylefeng.guns.core.log.LogObjectHolder;
			import com.stylefeng.guns.core.util.ToolUtil;
			import com.stylefeng.guns.modular.system.controller.resp.TAppUserResp;
			import com.stylefeng.guns.modular.system.controller.util.ExcelUtil;
			import com.stylefeng.guns.modular.system.enums.CouponStatusEnum;
			@@ -214,6 +216,10 @@
			@RequestMapping(value = "/add")
			@ResponseBody
			public Object add(TAppUser tAppUser) {
			String avatar = tAppUser.getAvatar();
			if(ToolUtil.isNotEmpty(avatar) && !avatar.contains("png") && !avatar.contains("jpg")){
			return new SuccessTip(500,"请上传png/jpg格式的头像照片!");
			}
			tAppUserService.insert(tAppUser);
			return SUCCESS_TIP;
			}
			@@ -257,6 +263,10 @@
			@RequestMapping(value = "/update")
			@ResponseBody
			public Object update(TAppUser tAppUser) {
			String avatar = tAppUser.getAvatar();
			if(ToolUtil.isNotEmpty(avatar) && !avatar.contains("png") && !avatar.contains("jpg")){
			return new SuccessTip(500,"请上传png/jpg格式的头像照片!");
			}
			tAppUserService.updateById(tAppUser);
			return SUCCESS_TIP;
			}

			@@ -4,12 +4,10 @@
			import com.baomidou.mybatisplus.plugins.Page;
			import com.stylefeng.guns.core.base.controller.BaseController;
			import com.stylefeng.guns.core.base.tips.ErrorTip;
			import com.stylefeng.guns.core.base.tips.SuccessTip;
			import com.stylefeng.guns.core.common.constant.factory.PageFactory;
			import com.stylefeng.guns.core.shiro.ShiroKit;
			import com.stylefeng.guns.core.util.DateUtil;
			import com.stylefeng.guns.core.util.ExcelExportUtil;
			import com.stylefeng.guns.core.util.SinataUtil;
			import com.stylefeng.guns.core.util.WoUtil;
			import com.stylefeng.guns.core.util.*;
			import com.stylefeng.guns.modular.system.dao.CarInsuranceMapper;
			import com.stylefeng.guns.modular.system.model.*;
			import com.stylefeng.guns.modular.system.service.*;
			@@ -361,6 +359,14 @@
			@RequestMapping(value = "/add")
			@ResponseBody
			public Object add(TCar tCar,@RequestParam String serverBox,Integer roleType,Integer companyType,Integer oneId,Integer twoId,Integer franchiseeId,String zcModel,String kcModel) {
			String carPhoto = tCar.getCarPhoto();
			if(ToolUtil.isNotEmpty(carPhoto) && !carPhoto.contains("png") && !carPhoto.contains("jpg")){
			return new SuccessTip(500,"请上传png/jpg格式的车辆照片!");
			}
			String drivingLicensePhoto = tCar.getDrivingLicensePhoto();
			if(ToolUtil.isNotEmpty(drivingLicensePhoto) && !drivingLicensePhoto.contains("png") && !drivingLicensePhoto.contains("jpg")){
			return new SuccessTip(500,"请上传png/jpg格式的行驶证照片!");
			}
			if (1 == roleType){ //平台
			if (2 == companyType.intValue()){
			if (SinataUtil.isNotEmpty(oneId)){
			@@ -400,6 +406,7 @@
			}
			tCar.setInsertTime(new Date());
			tCar.setState(1);

			tCarService.insert(tCar);

			//添加经营业务
			@@ -443,6 +450,14 @@
			@RequestMapping(value = "/update")
			@ResponseBody
			public Object update(TCar tCar,@RequestParam String serverBox,Integer roleType,Integer companyType,Integer oneId,Integer twoId,Integer franchiseeId,String zcModel,String kcModel) {
			String carPhoto = tCar.getCarPhoto();
			if(ToolUtil.isNotEmpty(carPhoto) && !carPhoto.contains("png") && !carPhoto.contains("jpg")){
			return new SuccessTip(500,"请上传png/jpg格式的车辆照片!");
			}
			String drivingLicensePhoto = tCar.getDrivingLicensePhoto();
			if(ToolUtil.isNotEmpty(drivingLicensePhoto) && !drivingLicensePhoto.contains("png") && !drivingLicensePhoto.contains("jpg")){
			return new SuccessTip(500,"请上传png/jpg格式的行驶证照片!");
			}
			if (1 == roleType){ //平台
			if (2 == companyType.intValue()){
			if (SinataUtil.isNotEmpty(oneId)){

			@@ -9,6 +9,7 @@
			import com.stylefeng.guns.core.log.LogObjectHolder;
			import com.stylefeng.guns.core.shiro.ShiroKit;
			import com.stylefeng.guns.core.shiro.ShiroUser;
			import com.stylefeng.guns.core.util.ToolUtil;
			import com.stylefeng.guns.modular.system.controller.resp.TDriverCommissionResp;
			import com.stylefeng.guns.modular.system.controller.resp.TDriverResp;
			import com.stylefeng.guns.modular.system.controller.util.ExcelUtil;
			@@ -19,6 +20,7 @@
			import com.stylefeng.guns.modular.system.enums.UserTypeEnum;
			import com.stylefeng.guns.modular.system.model.*;
			import com.stylefeng.guns.modular.system.service.*;
			import com.stylefeng.guns.modular.system.util.AESUtil;
			import com.stylefeng.guns.modular.system.util.DateUtil;
			import com.stylefeng.guns.modular.system.util.RedisUtil;
			//import com.stylefeng.guns.modular.system.util.bank.BankUtil;
			@@ -360,6 +362,9 @@
			List<TDriver> tDrivers = tDriverService.selectList(wrapper);
			List<TDriverResp> tDriverResp = tDriverService.getTDriverResp(tDrivers);
			for (TDriverResp driverResp : tDriverResp) {
			driverResp.setIdcard(AESUtil.encrypt(driverResp.getIdcard()));
			driverResp.setName(AESUtil.encrypt(driverResp.getName()));
			driverResp.setPhone(AESUtil.encrypt(driverResp.getPhone()));
			TDriverWork tDriverWork = tDriverWorkService.selectOne(new EntityWrapper<TDriverWork>()
			.eq("driverId", driverResp.getId())
			.orderBy("workTime", false)
			@@ -575,7 +580,22 @@
			@RequestMapping(value = "/add")
			@ResponseBody
			public Object add(TDriver tDriver) {

			String avatar = tDriver.getAvatar();
			if(ToolUtil.isNotEmpty(avatar) && !avatar.contains("png") && !avatar.contains("jpg")){
			return new SuccessTip(500,"请上传png/jpg格式的头像图片!");
			}
			String driverLicense = tDriver.getDriverLicense();
			if(ToolUtil.isNotEmpty(driverLicense) && !driverLicense.contains("png") && !driverLicense.contains("jpg")){
			return new SuccessTip(500,"请上传png/jpg格式的驾驶证照片!");
			}
			String idcardFront = tDriver.getIdcardFront();
			if(ToolUtil.isNotEmpty(idcardFront) && !idcardFront.contains("png") && !idcardFront.contains("jpg")){
			return new SuccessTip(500,"请上传png/jpg格式的身份证正面照!");
			}
			String idcardBack = tDriver.getIdcardBack();
			if(ToolUtil.isNotEmpty(idcardBack) && !idcardBack.contains("png") && !idcardBack.contains("jpg")){
			return new SuccessTip(500,"请上传png/jpg格式的身份证背面照!");
			}
			int count = tDriverService.selectCount(new EntityWrapper<TDriver>().eq("phone", tDriver.getPhone()));
			if(count>0){
			return new SuccessTip(500,"该司机已存在!");
			@@ -677,6 +697,22 @@
			@RequestMapping(value = "/update")
			@ResponseBody
			public Object update(TDriver tDriver) {
			String avatar = tDriver.getAvatar();
			if(ToolUtil.isNotEmpty(avatar) && !avatar.contains("png") && !avatar.contains("jpg")){
			return new SuccessTip(500,"请上传png/jpg格式的头像图片!");
			}
			String driverLicense = tDriver.getDriverLicense();
			if(ToolUtil.isNotEmpty(driverLicense) && !driverLicense.contains("png") && !driverLicense.contains("jpg")){
			return new SuccessTip(500,"请上传png/jpg格式的驾驶证照片!");
			}
			String idcardFront = tDriver.getIdcardFront();
			if(ToolUtil.isNotEmpty(idcardFront) && !idcardFront.contains("png") && !idcardFront.contains("jpg")){
			return new SuccessTip(500,"请上传png/jpg格式的身份证正面照!");
			}
			String idcardBack = tDriver.getIdcardBack();
			if(ToolUtil.isNotEmpty(idcardBack) && !idcardBack.contains("png") && !idcardBack.contains("jpg")){
			return new SuccessTip(500,"请上传png/jpg格式的身份证背面照!");
			}
			TDriver driver = tDriverService.selectOne(new EntityWrapper<TDriver>().eq("phone", tDriver.getPhone())
			.last("LIMIT 1"));
			if(Objects.nonNull(driver) && !tDriver.getId().equals(driver.getId())){

			@@ -18,6 +18,7 @@
			import com.stylefeng.guns.modular.system.model.User;
			import com.stylefeng.guns.modular.system.service.IMenuService;
			import com.stylefeng.guns.modular.system.service.IUserService;
			import com.stylefeng.guns.modular.system.util.AESUtil;
			import com.stylefeng.guns.modular.system.util.AESUtils;
			import com.stylefeng.guns.modular.system.util.RedisUtil;
			import org.apache.shiro.authc.SimpleAuthenticationInfo;
			@@ -121,6 +122,7 @@
			*/
			@RequestMapping(value = "/login", method = RequestMethod.POST)
			public String loginVali(String username, String password,String sms_code, String remember, Model model, HttpServletRequest request) {
			password = AESUtil.decrypt(password);
			Integer f = loginFailures.get(username);
			f = f == null ? 0 : f;
			// 校验账号，密码是否正确，如果错误，对次数进行加1

New file
			@@ -0,0 +1,90 @@
			package com.stylefeng.guns.modular.system.util;


			import com.stylefeng.guns.core.util.ToolUtil;
			import org.springframework.util.Base64Utils;

			import javax.crypto.Cipher;
			import javax.crypto.spec.IvParameterSpec;
			import javax.crypto.spec.SecretKeySpec;

			/**
			* 定义AES加密解密工具类
			*/
			public class AESUtil {

			private static final String KEY_ALGORITHM = "AES";//加密方式

			private static final String DEFAULT_CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";//默认的加密算法

			private static final String KEY = "xqT86jictTPpHMem";//密码

			private static final String IV_PARAMETER = "xqT86jicxqT86jic";//偏移量

			private static final String CHARSET = "UTF-8";//编码




			/**
			* 加密操作
			* @param content 待加密内容
			* @return
			* @throws Exception
			*/
			public static String encrypt(String content) {
			try {
			if(ToolUtil.isEmpty(content)){
			return content;
			}
			Cipher cipher = Cipher.getInstance(DEFAULT_CIPHER_ALGORITHM);
			byte[] raw = KEY.getBytes(CHARSET);
			SecretKeySpec skeySpec = new SecretKeySpec(raw, KEY_ALGORITHM);
			IvParameterSpec iv = new IvParameterSpec(IV_PARAMETER.getBytes());
			cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
			byte[] encrypted = cipher.doFinal(content.getBytes(CHARSET));
			return Base64Utils.encodeToString(encrypted);
			}catch (Exception e){
			e.printStackTrace();
			}
			return content;
			}

			/**
			*解密操作
			* @param content 待解密内容
			* @return
			* @throws Exception
			*/
			public static String decrypt(String content) {
			try {
			if(ToolUtil.isEmpty(content)){
			return content;
			}
			byte[] raw = KEY.getBytes(CHARSET);
			SecretKeySpec skeySpec = new SecretKeySpec(raw, KEY_ALGORITHM);
			Cipher cipher = Cipher.getInstance(DEFAULT_CIPHER_ALGORITHM);
			IvParameterSpec iv = new IvParameterSpec(IV_PARAMETER.getBytes());
			cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);

			byte[] encrypted1 = Base64Utils.decodeFromString(content);
			byte[] original = cipher.doFinal(encrypted1);
			String originalString = new String(original, CHARSET);
			return originalString;
			} catch (Exception ex) {
			ex.printStackTrace();
			}
			return content;
			}


			public static void main(String[] ages){
			// String encrypt = AESUtil.encrypt("19167181339");
			// System.err.println(encrypt);
			String travel = AESUtil.decrypt("tw1pslwtyVl58hz4A9HauCmgWtML1DKJKGIOxVhv9KE=");
			System.err.println(travel);

			// String decrypt = DESUtil.decrypt("xqT86jictTPpHMem", "uFT7jx9P7+t8n1IVQsxn7A==");
			// System.err.println(decrypt);
			}
			}

			@@ -66,6 +66,7 @@
			<script type="text/javascript" charset="utf-8" src="${ctxPath}/djadmin/static/js/ueditor/jsp/ueditor.config.js"></script>
			<script type="text/javascript" charset="utf-8" src="${ctxPath}/djadmin/static/js/ueditor/jsp/ueditor.all.js"></script>
			<script type="text/javascript" charset="utf-8" src="${ctxPath}/djadmin/static/js/ueditor/jsp/lang/zh-cn/zh-cn.js"></script>
			<script src="${ctxPath}/djadmin/static/crypto-js/crypto-js.js"></script>
			<!--<style type="text/css">
			table{
			width:100px;
			@@ -288,7 +289,35 @@
			}
			});
			}
			var key = CryptoJS.enc.Utf8.parse("xqT86jictTPpHMem");
			var iv = CryptoJS.enc.Utf8.parse("xqT86jicxqT86jic");

			//aes加密
			function encrypt(context) {
			var encrypted = '';
			if (typeof(context) == 'string') {

			}else if(typeof(context) == 'object'){
			context = JSON.stringify(context);
			}
			var srcs = CryptoJS.enc.Utf8.parse(context);
			encrypted = CryptoJS.AES.encrypt(srcs, key, {
			iv: iv,
			mode: CryptoJS.mode.CBC,
			padding: CryptoJS.pad.Pkcs7
			});
			return encrypted.toString();
			}
			// aes解密
			function decrypt(context) {
			var decrypt = CryptoJS.AES.decrypt(context, key, {
			iv: iv,
			mode: CryptoJS.mode.CBC,
			padding: CryptoJS.pad.Pkcs7
			});
			var decryptedStr = decrypt.toString(CryptoJS.enc.Utf8);
			return decryptedStr.toString();
			}
			// 页面加载完成后启动轮询
			$(document).ready(function() {
			// 延迟5秒后开始轮询，避免页面加载时的性能影响

			@@ -115,8 +115,8 @@
			$("#kaptcha").attr('src', '${ctxPath}/djadmin/kaptcha?' + Math.floor(Math.random() * 100)).fadeIn();
			});
			});
			var key = CryptoJS.enc.Utf8.parse("c53fd327353a09a1");
			var iv = CryptoJS.enc.Utf8.parse("3a0565e3b1d8ae3d");
			var key = CryptoJS.enc.Utf8.parse("xqT86jictTPpHMem");
			var iv = CryptoJS.enc.Utf8.parse("xqT86jicxqT86jic");

			//aes加密
			function encrypt(context) {
			@@ -145,9 +145,9 @@
			return decryptedStr.toString();
			}
			function login(){
			// let password = $('#password').val();
			// password = encrypt(password);
			// $('#password').val(password);
			let password = $('#password').val();
			password = encrypt(password);
			$('#password').val(password);
			$('#submit').submit();
			}

			@@ -16,8 +16,16 @@
			{field: 'selectItem', radio: true},
			{title: '主键', field: 'id', visible: true, align: 'center', valign: 'middle'},
			{title: '编号', field: 'code', visible: true, align: 'center', valign: 'middle'},
			{title: '姓名', field: 'name', visible: true, align: 'center', valign: 'middle'},
			{title: '手机号', field: 'phone', visible: true, align: 'center', valign: 'middle'},
			{title: '姓名', field: 'name', visible: true, align: 'center', valign: 'middle',
			formatter: function (value, row) {
			return decrypt(value);
			}
			},
			{title: '手机号', field: 'phone', visible: true, align: 'center', valign: 'middle',
			formatter: function (value, row) {
			return decrypt(value);
			}
			},
			{title: '性别', field: 'sex', visible: true, align: 'center', valign: 'middle',
			formatter: function (value, row) {
			if (row.sex === 1){
			@@ -29,7 +37,11 @@
			}
			}},
			{title: '驾驶证号码', field: 'driverLicenseNumber', visible: true, align: 'center', valign: 'middle'},
			{title: '身份证号码', field: 'idcard', visible: true, align: 'center', valign: 'middle'},
			{title: '身份证号码', field: 'idcard', visible: true, align: 'center', valign: 'middle',
			formatter: function (value, row) {
			return decrypt(value);
			}
			},
			{title: '身份证', field: 'source', visible: true, align: 'center', valign: 'middle',
			formatter: function (value, row) {
			if (null != row.idcardFront){