From aa9076304a11f2babde82841fda16df1c690752c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=BB=84=E6=B5=B7?= <10402852@qq.com> Date: Mon, 15 Jan 2024 10:18:41 +0800 Subject: [PATCH] 'commit' --- .../Collect/Controller/CollectController.java | 85 +++++++++++++++++++ .../QingLong/Collect/Model/CollectModel.java | 1 + .../Controller/LoginPersonController.java | 83 ------------------ 3 files changed, 86 insertions(+), 83 deletions(-) diff --git a/src/main/java/com/dsideal/QingLong/Collect/Controller/CollectController.java b/src/main/java/com/dsideal/QingLong/Collect/Controller/CollectController.java index a93b461a..07d64b9c 100644 --- a/src/main/java/com/dsideal/QingLong/Collect/Controller/CollectController.java +++ b/src/main/java/com/dsideal/QingLong/Collect/Controller/CollectController.java @@ -1741,4 +1741,89 @@ public class CollectController extends Controller { List list = cm.getSchoolNjList(bureau_id); renderJson(CommonUtil.renderJsonForLayUI(list)); } + + /** + * 功能:填报系统专用登录接口,后期可以扩展支持天喻平台对接 + * @param username + * @param password + */ + @Before({POST.class}) + public void doFillLogin(String username, String password) { + JSONObject resultJson = new JSONObject(); + String checkCodeKey = ""; + + if (StrKit.isBlank(username)) { + resultJson.put("success", false); + resultJson.put("msg", "用户名不允许为空!"); + renderJson(resultJson); + return; + } + if (StrKit.isBlank(password)) { + resultJson.put("success", false); + resultJson.put("msg", "密码不允许为空!"); + renderJson(resultJson); + return; + } + + //检查缓存中此账号错误了几次 + String PassWordKey = "WrongPassWord_" + username; + int ErrCnt = 4; //最多允许错几次 4+1 + int cntNum = 0; //错几次了 + + if (RedisKit.Exists(PassWordKey)) + cntNum = Integer.parseInt(RedisKit.Get(PassWordKey)); + if (cntNum > ErrCnt) { + resultJson.put("success", false); + resultJson.put("msg", "账号被停用5分钟,请稍后再试!"); + renderJson(resultJson); + return; + } + //与前端配合RSA通用加密解密 + try { + password = RsaUtils.decryptDataOnJava(password, RsaUtils.PRIVATEKEY); + } catch (Exception err) { + password = "!@#$%^&&*^*&(*)(*_)^%^$%$^%$^%"; + } + String passwordEncode = CommonUtil.getLdapPassword(password); + BaseModel bm = new BaseModel(); + Map loginMap = bm.getLoginInfoByUserName(username); + if (loginMap == null || !passwordEncode.equals(loginMap.get("password").toString())) { + //扩展支持连续输入用户名密码错误,停用账号5分钟功能 2022.06.07 + cntNum = 1; + if (RedisKit.Exists(PassWordKey)) + cntNum = Integer.parseInt(RedisKit.Get(PassWordKey)) + cntNum; + + int finalCntNum = cntNum; + RedisKit.incrBy(PassWordKey, finalCntNum); + RedisKit.Expire(PassWordKey, 60 * 5); + if (cntNum > ErrCnt) { + resultJson.put("success", false); + resultJson.put("msg", "密码连续输入" + (ErrCnt + 1) + "次全部错误,账号将被停用5分钟!"); + renderJson(resultJson); + return; + } + if (cntNum == ErrCnt) { + resultJson.put("success", false); + resultJson.put("msg", "用户名或密码连续错误,你还有1次机会,再次错误后账号将被封掉5分钟!"); + renderJson(resultJson); + return; + } + resultJson.put("success", false); + resultJson.put("msg", "用户名或密码错误!"); + renderJson(resultJson); + return; + } + //去掉限制 + RedisKit.Del(PassWordKey); + RedisKit.Del(checkCodeKey); + //防止用户攻击修改Cookie + Map _map = new HashMap<>(); + _map.put("person_id", loginMap.get("person_id")); + + SessionKit.set(getRequest(), getResponse(), "person_id", loginMap.get("person_id").toString()); + resultJson.put("success", true); + resultJson.put("person_id", loginMap.get("person_id").toString()); + renderJson(resultJson); + } + } diff --git a/src/main/java/com/dsideal/QingLong/Collect/Model/CollectModel.java b/src/main/java/com/dsideal/QingLong/Collect/Model/CollectModel.java index 96f0f46b..4a79d8e1 100644 --- a/src/main/java/com/dsideal/QingLong/Collect/Model/CollectModel.java +++ b/src/main/java/com/dsideal/QingLong/Collect/Model/CollectModel.java @@ -2260,4 +2260,5 @@ public class CollectModel { String sql = "select * from t_collect_job_target where job_id=? and target_id=?"; return Db.findFirst(sql, job_id, person_id); } + } \ No newline at end of file diff --git a/src/main/java/com/dsideal/QingLong/LoginPerson/Controller/LoginPersonController.java b/src/main/java/com/dsideal/QingLong/LoginPerson/Controller/LoginPersonController.java index 68f87a7f..aec90ab7 100644 --- a/src/main/java/com/dsideal/QingLong/LoginPerson/Controller/LoginPersonController.java +++ b/src/main/java/com/dsideal/QingLong/LoginPerson/Controller/LoginPersonController.java @@ -30,89 +30,6 @@ public class LoginPersonController extends Controller { //实例化model LoginPersonModel model = new LoginPersonModel(); - /** - * 功能:填报系统专用登录接口,后期可以扩展支持天喻平台对接 - * @param username - * @param password - */ - @Before({POST.class}) - public void doFillLogin(String username, String password) { - JSONObject resultJson = new JSONObject(); - String checkCodeKey = ""; - - if (StrKit.isBlank(username)) { - resultJson.put("success", false); - resultJson.put("msg", "用户名不允许为空!"); - renderJson(resultJson); - return; - } - if (StrKit.isBlank(password)) { - resultJson.put("success", false); - resultJson.put("msg", "密码不允许为空!"); - renderJson(resultJson); - return; - } - - //检查缓存中此账号错误了几次 - String PassWordKey = "WrongPassWord_" + username; - int ErrCnt = 4; //最多允许错几次 4+1 - int cntNum = 0; //错几次了 - - if (RedisKit.Exists(PassWordKey)) - cntNum = Integer.parseInt(RedisKit.Get(PassWordKey)); - if (cntNum > ErrCnt) { - resultJson.put("success", false); - resultJson.put("msg", "账号被停用5分钟,请稍后再试!"); - renderJson(resultJson); - return; - } - //与前端配合RSA通用加密解密 - try { - password = RsaUtils.decryptDataOnJava(password, RsaUtils.PRIVATEKEY); - } catch (Exception err) { - password = "!@#$%^&&*^*&(*)(*_)^%^$%$^%$^%"; - } - String passwordEncode = CommonUtil.getLdapPassword(password); - BaseModel bm = new BaseModel(); - Map loginMap = bm.getLoginInfoByUserName(username); - if (loginMap == null || !passwordEncode.equals(loginMap.get("password").toString())) { - //扩展支持连续输入用户名密码错误,停用账号5分钟功能 2022.06.07 - cntNum = 1; - if (RedisKit.Exists(PassWordKey)) - cntNum = Integer.parseInt(RedisKit.Get(PassWordKey)) + cntNum; - - int finalCntNum = cntNum; - RedisKit.incrBy(PassWordKey, finalCntNum); - RedisKit.Expire(PassWordKey, 60 * 5); - if (cntNum > ErrCnt) { - resultJson.put("success", false); - resultJson.put("msg", "密码连续输入" + (ErrCnt + 1) + "次全部错误,账号将被停用5分钟!"); - renderJson(resultJson); - return; - } - if (cntNum == ErrCnt) { - resultJson.put("success", false); - resultJson.put("msg", "用户名或密码连续错误,你还有1次机会,再次错误后账号将被封掉5分钟!"); - renderJson(resultJson); - return; - } - resultJson.put("success", false); - resultJson.put("msg", "用户名或密码错误!"); - renderJson(resultJson); - return; - } - //去掉限制 - RedisKit.Del(PassWordKey); - RedisKit.Del(checkCodeKey); - //防止用户攻击修改Cookie - Map _map = new HashMap<>(); - _map.put("person_id", loginMap.get("person_id")); - - SessionKit.set(getRequest(), getResponse(), "person_id", loginMap.get("person_id").toString()); - resultJson.put("success", true); - resultJson.put("person_id", loginMap.get("person_id").toString()); - renderJson(resultJson); - } /**