首页 新闻 赞助 找找看

求助~求解一段C# ASP.NET登录验证代码的逻辑

0
悬赏园豆:50 [待解决问题]

好吧,这是我多年以前写的代码,流程图被我弄丢了,有注释也看不懂……

记得当年测试登录总会有BUG,不知道是不是写的不好的缘故

        /*
         * 2XX*OK
         * 
         * 3XX*ACCESS CONTROL
         * 
         * 301*Offline
         * 302*Multi-user
         * 307*Temporary user
         * 
         * 4XX*ERROR
         * 
         * 401*Not logged in
         * 403*Password error
         * 404*User does not exist
         * 
         */
        /////
        /*
         *  Session["Random"]:strR
         *  Session["LoginState"]:str
         *  Session["LoginName"]:str
         *  Session["Permission1"]:int
         *  Session["Permission2"]:int
         *  Session["Permission3"]:int
         *  Session["Permission4"]:int
         *  Cookies["Info"]:
         *  {
         *  cookie["LoginState"]:strint
         *  cookie["LoginName"]:str
         *  cookie["LoginInfo"]:strR
         *  }
         *  Application[name+ip]:strR
         */
  1         /// <summary>
  2         /// 登录
  3         /// </summary>
  4         /// <param name="name">用户名</param>
  5         /// <param name="password">密码</param>
  6         public void login(string name, string password)
  7         {
  8             User user = BLL.getUserInfo(name, password);
  9             LoginInfo info;
 10             string myRandom;
 11             bool isFirstLogin=false;
 12             if ((info = BLL.getLoginInfo(name)) == null)
 13             {
 14                 myRandom = Guid.NewGuid().ToString("N");
 15                 isFirstLogin = true;
 16             }
 17             else
 18             {
 19                 myRandom = info.Random;
 20             }
 21             if (!isLogin(name))
 22             {
 23                 info = BLL.setLoginInfo(user.LoginName, user.LoginState, HttpUtility.HtmlEncode(Request.UserAgent), myRandom, Request.UserHostAddress);
 24                 Session["Random"] = info.Random ;
 25                 Session["LoginState"] = user.LoginState;
 26                 Session["LoginName"] = user.LoginName;
 27                 Session["Permission1"] = user.Permission1;
 28                 Session["Permission2"] = user.Permission2;
 29                 Session["Permission3"] = user.Permission3;
 30                 Session["Permission4"] = user.Permission4;
 31                 HttpCookie cookie = new HttpCookie("Info");
 32                 DateTime dt = info.Time;
 33                 cookie.Expires = dt.Add(new TimeSpan(7, 0, 0, 0));
 34                 cookie["LoginState"] = Session["LoginState"].ToString();
 35                 cookie["LoginName"] = user.LoginName;
 36                 cookie["LoginInfo"] = info.Random;
 37                 cookie["Token"] = info.Token;
 38                 Response.Cookies.Add(cookie);
 39                 Request.Cookies.Add(cookie);
 40                 Application.UnLock();
 41             }
 42             else
 43             {
 44                 if (isFirstLogin) {
 45                     throw new InvalidOperationException("登录状态异常");
 46                 }
 47                 Session["Random"] = info.Random;
 48                 Session["LoginState"] = (user.LoginState == 200) ? 302 : user.LoginState;
 49                 Session["LoginName"] = user.LoginName;
 50                 Session["Permission1"] = user.Permission1 - 1;
 51                 Session["Permission2"] = user.Permission2 - 1;
 52                 Session["Permission3"] = user.Permission3 - 1;
 53                 Session["Permission4"] = user.Permission4 - 1;
 54                 HttpCookie cookie = new HttpCookie("Info");
 55                 DateTime dt = DateTime.Now;
 56                 cookie.Expires = dt.Add(new TimeSpan(7, 0, 0, 0));
 57                 cookie["LoginState"] = Session["LoginState"].ToString();
 58                 cookie["LoginName"] = user.LoginName;
 59                 cookie["LoginInfo"] = info.Random;
 60                 cookie["Token"] = "302";
 61                 Response.Cookies.Add(cookie);
 62                 Request.Cookies.Add(cookie);
 63             }
 64             log("Login" + Session["LoginState"].ToString() + ":" + name, Request.UserHostAddress, Request.Browser.Type, Request.UserAgent, ((Request.UrlReferrer == null) ? "" : Request.UrlReferrer.ToString()), Request.RawUrl);
 65         }
 66         /// <summary>
 67         /// 检查登录状态
 68         /// </summary>
 69         public void checkLoginState(bool refurbish = false)
 70         {
 71             bool login = true;
 72             try
 73             {
 74                 if (!(Int32.Parse(Session["LoginState"].ToString())<400)) {
 75                     login = false;
 76                 }
 77             }
 78             catch (Exception)
 79             {
 80                 Session["LoginState"] = 401;
 81                 Session["LoginName"] = "NULL";
 82                 Session["Permission1"] = 1;
 83                 Session["Permission2"] = 1;
 84                 Session["Permission3"] = 1;
 85                 Session["Permission4"] = 1;
 86                 Session["Random"] = "";
 87                 login = false;
 88             }
 89             if ((!(Page.IsCallback || Page.IsPostBack) && (!login)) || refurbish)//当不是回发并没有登录或需要刷新
 90             {
 91                 try
 92                 {
 93                     if (Request.Cookies["Info"]["LoginState"] == "200" || Request.Cookies["Info"]["LoginState"] == "307")
 94                     {
 95                         string namec = Request.Cookies["Info"]["LoginName"];
 96                         string randomc = Request.Cookies["Info"]["LoginInfo"];
 97                         string tokenc = Request.Cookies["Info"]["Token"];
 98                         var info=BLL.getLoginInfo(namec);
 99                         if (info.Random == randomc &&
100                             info.Token == tokenc &&
101                             info.UserAgent == Request.UserAgent)
102                         {
103                             if (Convert.ToInt32(Session["LoginState"].ToString())>=400)
104                             {
105                                 Session["LoginState"] = 307;
106                                 if (info.IP == Request.UserHostAddress)
107                                 Session["LoginState"] = 306;
108                                 log("chkLogin" + Session["LoginState"].ToString() + ":" + namec, Request.UserHostAddress, Request.Browser.Type, Request.UserAgent, ((Request.UrlReferrer == null) ? "" : Request.UrlReferrer.ToString()), Request.RawUrl);
109                             }
110                             Session["LoginName"] = namec;
111                             User user = BLL.getUserInfo(namec);
112                             if (Session["LoginState"].ToString() == "200")
113                             {
114                                 Session["Permission1"] = user.Permission1;
115                                 Session["Permission2"] = user.Permission2;
116                                 Session["Permission3"] = user.Permission3;
117                                 Session["Permission4"] = user.Permission4;
118                             }
119                             else if (Session["LoginState"].ToString() == "302")
120                             {
121                                 Session["Permission1"] = user.Permission1 - 1;
122                                 Session["Permission2"] = user.Permission2 - 1;
123                                 Session["Permission3"] = user.Permission3 - 1;
124                                 Session["Permission4"] = user.Permission4 - 1;
125                             }
126                             else if (Session["LoginState"].ToString() == "306")
127                             {
128                                 Session["Permission1"] = user.Permission1 - 2;
129                                 Session["Permission2"] = user.Permission2 - 2;
130                                 Session["Permission3"] = user.Permission3 - 2;
131                                 Session["Permission4"] = user.Permission4 - 2;
132                             }
133                             else if (Session["LoginState"].ToString() == "307")
134                             {
135                                 Session["Permission1"] = user.Permission1 - 3;
136                                 Session["Permission2"] = user.Permission2 - 3;
137                                 Session["Permission3"] = user.Permission3 - 3;
138                                 Session["Permission4"] = user.Permission4 - 3;
139                             }
140                             info = BLL.setLoginInfo(namec, int.Parse(Session["LoginState"].ToString()), Request.UserAgent, randomc, Request.UserHostAddress);
141                             Session["Random"] = randomc;
142                             HttpCookie cookie = new HttpCookie("Info");
143                             cookie["LoginState"] = Session["LoginState"].ToString();
144                             cookie["LoginName"] = Session["LoginName"].ToString();
145                             cookie["LoginInfo"] =info.Random;
146                             cookie["Token"] = info.Token;
147                             Response.Cookies.Add(cookie);
148                             Request.Cookies.Add(cookie);
149                         }
150                         else {
151                             Request.Cookies.Clear();
152                             Response.Cookies.Clear();
153                             log("chkLogin Failed:" + namec + ":" + tokenc + ":" + randomc, Request.UserHostAddress, Request.Browser.Type, Request.UserAgent, ((Request.UrlReferrer == null) ? "" : Request.UrlReferrer.ToString()), Request.RawUrl);
154                         }
155                     }
156                 }
157                 catch (Exception)
158                 {
159                     Session["LoginState"] = 401;
160                     Session["LoginName"] = "NULL";
161                     Session["Permission1"] = 1;
162                     Session["Permission2"] = 1;
163                     Session["Permission3"] = 1;
164                     Session["Permission4"] = 1;
165                     Session["Random"] = "";
166                     login = false;
167                     Response.Cookies.Clear();
168                     Request.Cookies.Clear();
169                 }
170             }
171             BLL.freshLoginState();
172         }

 

能帮忙解释下代码逻辑、有无漏洞吗?

需要的话,我可以随时增补相关联的代码断,可能的话我也会直接把整个网站代码放上来。

DrLibrazy的主页 DrLibrazy | 初学一级 | 园豆:126
提问于:2012-07-11 14:56
< >
分享
所有回答(4)
0

重构吧。哥。

owsir | 园豆:481 (菜鸟二级) | 2012-07-11 17:02
0

哥 删除了,自己再写一个吧

Qlin | 园豆:2403 (老鸟四级) | 2012-07-12 09:38
0

同上……头疼……

wdwwtzy | 园豆:114 (初学一级) | 2012-07-12 17:37
0

同感 ,建议你自己重新写过吧  比我的代码还要烂    估计还是学生吧

落幕残情 | 园豆:34 (初学一级) | 2012-07-17 10:57
清除回答草稿
   您需要登录以后才能回答,未注册用户请先注册