求助~求解一段C# ASP.NET登录验证代码的逻辑
0
悬赏园豆:50
[待解决问题]
好吧,这是我多年以前写的代码,流程图被我弄丢了,有注释也看不懂……
记得当年测试登录总会有BUG,不知道是不是写的不好的缘故
/* * 2XX*OK * * 3XX*ACCESS CONTROL * * 301*Offline * 302*Multi-user * 307*Temporary user * * 4XX*ERROR * * 401*Not logged in * 403*Password error * 404*User does not exist * */ ///// /* * Session["Random"]:strR * Session["LoginState"]:str * Session["LoginName"]:str * Session["Permission1"]:int * Session["Permission2"]:int * Session["Permission3"]:int * Session["Permission4"]:int * Cookies["Info"]: * { * cookie["LoginState"]:strint * cookie["LoginName"]:str * cookie["LoginInfo"]:strR * } * Application[name+ip]:strR */
1 /// <summary> 2 /// 登录 3 /// </summary> 4 /// <param name="name">用户名</param> 5 /// <param name="password">密码</param> 6 public void login(string name, string password) 7 { 8 User user = BLL.getUserInfo(name, password); 9 LoginInfo info; 10 string myRandom; 11 bool isFirstLogin=false; 12 if ((info = BLL.getLoginInfo(name)) == null) 13 { 14 myRandom = Guid.NewGuid().ToString("N"); 15 isFirstLogin = true; 16 } 17 else 18 { 19 myRandom = info.Random; 20 } 21 if (!isLogin(name)) 22 { 23 info = BLL.setLoginInfo(user.LoginName, user.LoginState, HttpUtility.HtmlEncode(Request.UserAgent), myRandom, Request.UserHostAddress); 24 Session["Random"] = info.Random ; 25 Session["LoginState"] = user.LoginState; 26 Session["LoginName"] = user.LoginName; 27 Session["Permission1"] = user.Permission1; 28 Session["Permission2"] = user.Permission2; 29 Session["Permission3"] = user.Permission3; 30 Session["Permission4"] = user.Permission4; 31 HttpCookie cookie = new HttpCookie("Info"); 32 DateTime dt = info.Time; 33 cookie.Expires = dt.Add(new TimeSpan(7, 0, 0, 0)); 34 cookie["LoginState"] = Session["LoginState"].ToString(); 35 cookie["LoginName"] = user.LoginName; 36 cookie["LoginInfo"] = info.Random; 37 cookie["Token"] = info.Token; 38 Response.Cookies.Add(cookie); 39 Request.Cookies.Add(cookie); 40 Application.UnLock(); 41 } 42 else 43 { 44 if (isFirstLogin) { 45 throw new InvalidOperationException("登录状态异常"); 46 } 47 Session["Random"] = info.Random; 48 Session["LoginState"] = (user.LoginState == 200) ? 302 : user.LoginState; 49 Session["LoginName"] = user.LoginName; 50 Session["Permission1"] = user.Permission1 - 1; 51 Session["Permission2"] = user.Permission2 - 1; 52 Session["Permission3"] = user.Permission3 - 1; 53 Session["Permission4"] = user.Permission4 - 1; 54 HttpCookie cookie = new HttpCookie("Info"); 55 DateTime dt = DateTime.Now; 56 cookie.Expires = dt.Add(new TimeSpan(7, 0, 0, 0)); 57 cookie["LoginState"] = Session["LoginState"].ToString(); 58 cookie["LoginName"] = user.LoginName; 59 cookie["LoginInfo"] = info.Random; 60 cookie["Token"] = "302"; 61 Response.Cookies.Add(cookie); 62 Request.Cookies.Add(cookie); 63 } 64 log("Login" + Session["LoginState"].ToString() + ":" + name, Request.UserHostAddress, Request.Browser.Type, Request.UserAgent, ((Request.UrlReferrer == null) ? "" : Request.UrlReferrer.ToString()), Request.RawUrl); 65 } 66 /// <summary> 67 /// 检查登录状态 68 /// </summary> 69 public void checkLoginState(bool refurbish = false) 70 { 71 bool login = true; 72 try 73 { 74 if (!(Int32.Parse(Session["LoginState"].ToString())<400)) { 75 login = false; 76 } 77 } 78 catch (Exception) 79 { 80 Session["LoginState"] = 401; 81 Session["LoginName"] = "NULL"; 82 Session["Permission1"] = 1; 83 Session["Permission2"] = 1; 84 Session["Permission3"] = 1; 85 Session["Permission4"] = 1; 86 Session["Random"] = ""; 87 login = false; 88 } 89 if ((!(Page.IsCallback || Page.IsPostBack) && (!login)) || refurbish)//当不是回发并没有登录或需要刷新 90 { 91 try 92 { 93 if (Request.Cookies["Info"]["LoginState"] == "200" || Request.Cookies["Info"]["LoginState"] == "307") 94 { 95 string namec = Request.Cookies["Info"]["LoginName"]; 96 string randomc = Request.Cookies["Info"]["LoginInfo"]; 97 string tokenc = Request.Cookies["Info"]["Token"]; 98 var info=BLL.getLoginInfo(namec); 99 if (info.Random == randomc && 100 info.Token == tokenc && 101 info.UserAgent == Request.UserAgent) 102 { 103 if (Convert.ToInt32(Session["LoginState"].ToString())>=400) 104 { 105 Session["LoginState"] = 307; 106 if (info.IP == Request.UserHostAddress) 107 Session["LoginState"] = 306; 108 log("chkLogin" + Session["LoginState"].ToString() + ":" + namec, Request.UserHostAddress, Request.Browser.Type, Request.UserAgent, ((Request.UrlReferrer == null) ? "" : Request.UrlReferrer.ToString()), Request.RawUrl); 109 } 110 Session["LoginName"] = namec; 111 User user = BLL.getUserInfo(namec); 112 if (Session["LoginState"].ToString() == "200") 113 { 114 Session["Permission1"] = user.Permission1; 115 Session["Permission2"] = user.Permission2; 116 Session["Permission3"] = user.Permission3; 117 Session["Permission4"] = user.Permission4; 118 } 119 else if (Session["LoginState"].ToString() == "302") 120 { 121 Session["Permission1"] = user.Permission1 - 1; 122 Session["Permission2"] = user.Permission2 - 1; 123 Session["Permission3"] = user.Permission3 - 1; 124 Session["Permission4"] = user.Permission4 - 1; 125 } 126 else if (Session["LoginState"].ToString() == "306") 127 { 128 Session["Permission1"] = user.Permission1 - 2; 129 Session["Permission2"] = user.Permission2 - 2; 130 Session["Permission3"] = user.Permission3 - 2; 131 Session["Permission4"] = user.Permission4 - 2; 132 } 133 else if (Session["LoginState"].ToString() == "307") 134 { 135 Session["Permission1"] = user.Permission1 - 3; 136 Session["Permission2"] = user.Permission2 - 3; 137 Session["Permission3"] = user.Permission3 - 3; 138 Session["Permission4"] = user.Permission4 - 3; 139 } 140 info = BLL.setLoginInfo(namec, int.Parse(Session["LoginState"].ToString()), Request.UserAgent, randomc, Request.UserHostAddress); 141 Session["Random"] = randomc; 142 HttpCookie cookie = new HttpCookie("Info"); 143 cookie["LoginState"] = Session["LoginState"].ToString(); 144 cookie["LoginName"] = Session["LoginName"].ToString(); 145 cookie["LoginInfo"] =info.Random; 146 cookie["Token"] = info.Token; 147 Response.Cookies.Add(cookie); 148 Request.Cookies.Add(cookie); 149 } 150 else { 151 Request.Cookies.Clear(); 152 Response.Cookies.Clear(); 153 log("chkLogin Failed:" + namec + ":" + tokenc + ":" + randomc, Request.UserHostAddress, Request.Browser.Type, Request.UserAgent, ((Request.UrlReferrer == null) ? "" : Request.UrlReferrer.ToString()), Request.RawUrl); 154 } 155 } 156 } 157 catch (Exception) 158 { 159 Session["LoginState"] = 401; 160 Session["LoginName"] = "NULL"; 161 Session["Permission1"] = 1; 162 Session["Permission2"] = 1; 163 Session["Permission3"] = 1; 164 Session["Permission4"] = 1; 165 Session["Random"] = ""; 166 login = false; 167 Response.Cookies.Clear(); 168 Request.Cookies.Clear(); 169 } 170 } 171 BLL.freshLoginState(); 172 }
能帮忙解释下代码逻辑、有无漏洞吗?
需要的话,我可以随时增补相关联的代码断,可能的话我也会直接把整个网站代码放上来。
所有回答(4)
0
重构吧。哥。
0
哥 删除了,自己再写一个吧
0
同上……头疼……
0
同感 ,建议你自己重新写过吧 比我的代码还要烂 估计还是学生吧
