三级等保整改

WebRoot/index.jsp

@@ -105,55 +105,198 @@
     }
     var loginSubmit = function () {
         var code=document.getElementById("userCaptcha").value;
-        if(code=='') {
-            Ext.Msg.show({
-                title: '错误信息',
-                msg: '请输入验证码！'
-            });
+        if(window.localStorage.getItem('userCode')){
+            var userCode = window.localStorage.getItem('userCode')
+            if (userCode>=5){
+                var userTime = window.localStorage.getItem('userTime')
+                var nowTime1 = parseInt(new Date().getTime()/1000)
+                var timeDiff1 = nowTime1-userTime
+                var timeDiff = 10-timeDiff1
+                if (timeDiff>0){
+                    window.alert("登录失败超过5次，请"+timeDiff+"秒后再重新登录！");
+                }else {
+                    window.localStorage.setItem('userCode','0')
+                    window.localStorage.setItem('userTime',0)
+                    if(code=='') {
+                        Ext.Msg.show({
+                            title: '错误信息',
+                            msg: '请输入验证码！'
+                        });
+                    }else {
+                        var basePath = $("#basePath").val();
+                        var queryJson = new Object();
+                        queryJson.V_LOGINNAME = $("#username").val();
+                        queryJson.V_PASSWORD = md5($("#password").val());
+                        queryJson.V_COMMAND = "LOGIN";
+                        queryJson.code =code;
+                        var qdata = "queryJson=" + JSON.stringify(queryJson);
+                        var qurl = basePath + "login/tolgin"
+                        $.ajax({
+                            type: 'POST',
+                            url: qurl,
+                            data: qdata,
+                            success: function (result) {
+                                var json = eval('(' + result + ')');
+                                // alert('ceshi')
+                                sessionStorage.setItem('V_LOGINNAME',$("#username").val());
+                                sessionStorage.setItem('V_PASSWORD',$("#password").val());
+                                if (json.login == 'true') {
+                                    if ($("#username").val() == "wjzn") {
+                                        location.href = basePath + "view/frontpage/index.html"
+                                    } else {
+                                        // location.href = basePath + "index_QrCode.jsp";
+                                        location.href = basePath + json.href
+                                    }
+                                } else {
+                                    if (json.login == 'false') {
+                                        CheckNumber();
+                                        Ext.Msg.show({
+                                            title: '错误信息',
+                                            msg: json.Msg === 'CODE WRONG' ? '验证码错误!'
+                                                : json.Msg === 'WRONG PASSWORD!!!' ? '密码输入错误!'
+                                                    : json.Msg === 'LOGIN NAME WRONG' ? '用户名输入错误!'
+                                                        : json.Msg === 'WRONG TIME' ? '密码已超过90天未修改，请及时修改!'
+                                                            : json.Msg
+                                        });
+                                        if(window.localStorage.getItem('userCode')){
+                                            var error_times = window.localStorage.getItem('userCode')
+                                            error_times++;
+                                            window.localStorage.setItem('userCode',error_times)
+                                            if (error_times==5){
+                                                var nowTime = parseInt(new Date().getTime()/1000)
+                                                window.localStorage.setItem('userTime',nowTime)
+                                            }
+                                        }else {
+                                            window.localStorage.setItem('userCode','1')
+                                        }
+                                    }
+                                }
+                            }
+                        });
+                    }
+                }
+            }else {
+                if(code=='') {
+                    Ext.Msg.show({
+                        title: '错误信息',
+                        msg: '请输入验证码！'
+                    });
+                }else {
+                    var basePath = $("#basePath").val();
+                    var queryJson = new Object();
+                    queryJson.V_LOGINNAME = $("#username").val();
+                    queryJson.V_PASSWORD = md5($("#password").val());
+                    queryJson.V_COMMAND = "LOGIN";
+                    queryJson.code =code;
+                    var qdata = "queryJson=" + JSON.stringify(queryJson);
+                    var qurl = basePath + "login/tolgin"
+                    $.ajax({
+                        type: 'POST',
+                        url: qurl,
+                        data: qdata,
+                        success: function (result) {
+                            var json = eval('(' + result + ')');
+                            // alert('ceshi')
+                            sessionStorage.setItem('V_LOGINNAME',$("#username").val());
+                            sessionStorage.setItem('V_PASSWORD',$("#password").val());
+                            if (json.login == 'true') {
+                                if ($("#username").val() == "wjzn") {
+                                    location.href = basePath + "view/frontpage/index.html"
+                                } else {
+                                    // location.href = basePath + "index_QrCode.jsp";
+                                    location.href = basePath + json.href
+                                }
+                            } else {
+                                if (json.login == 'false') {
+                                    CheckNumber();
+                                    Ext.Msg.show({
+                                        title: '错误信息',
+                                        msg: json.Msg === 'CODE WRONG' ? '验证码错误!'
+                                            : json.Msg === 'WRONG PASSWORD!!!' ? '密码输入错误!'
+                                                : json.Msg === 'LOGIN NAME WRONG' ? '用户名输入错误!'
+                                                    : json.Msg === 'WRONG TIME' ? '密码已超过90天未修改，请及时修改!'
+                                                        : json.Msg
+                                    });
+                                    if(window.localStorage.getItem('userCode')){
+                                        var error_times = window.localStorage.getItem('userCode')
+                                        error_times++;
+                                        window.localStorage.setItem('userCode',error_times)
+                                        if (error_times==5){
+                                            var nowTime = parseInt(new Date().getTime()/1000)
+                                            window.localStorage.setItem('userTime',nowTime)
+                                        }
+                                    }else {
+                                        window.localStorage.setItem('userCode','1')
+                                    }
+                                }
+                            }
+                        }
+                    });
+                }
+            }
         }else {
-            var basePath = $("#basePath").val();
-            var queryJson = new Object();
-            queryJson.V_LOGINNAME = $("#username").val();
-            queryJson.V_PASSWORD = md5($("#password").val());
-            queryJson.V_COMMAND = "LOGIN";
-            queryJson.code =code;
-            var qdata = "queryJson=" + JSON.stringify(queryJson);
-            var qurl = basePath + "login/tolgin"
-            $.ajax({
-                type: 'POST',
-                url: qurl,
-                data: qdata,
-                success: function (result) {
-                    var json = eval('(' + result + ')');
-                    // alert('ceshi')
-                    sessionStorage.setItem('V_LOGINNAME',$("#username").val());
-                    sessionStorage.setItem('V_PASSWORD',$("#password").val());
-                    if (json.login == 'true') {
-                        if ($("#username").val() == "wjzn") {
+            if(code=='') {
+                Ext.Msg.show({
+                    title: '错误信息',
+                    msg: '请输入验证码！'
+                });
+            }else {
+                var basePath = $("#basePath").val();
+                var queryJson = new Object();
+                queryJson.V_LOGINNAME = $("#username").val();
+                queryJson.V_PASSWORD = md5($("#password").val());
+                queryJson.V_COMMAND = "LOGIN";
+                queryJson.code =code;
+                var qdata = "queryJson=" + JSON.stringify(queryJson);
+                var qurl = basePath + "login/tolgin"
+                $.ajax({
+                    type: 'POST',
+                    url: qurl,
+                    data: qdata,
+                    success: function (result) {
+                        var json = eval('(' + result + ')');
+                        // alert('ceshi')
+                        sessionStorage.setItem('V_LOGINNAME',$("#username").val());
+                        sessionStorage.setItem('V_PASSWORD',$("#password").val());
+                        if (json.login == 'true') {
+                            if ($("#username").val() == "wjzn") {
                                 location.href = basePath + "view/frontpage/index.html"
+                            } else {
+                                // location.href = basePath + "index_QrCode.jsp";
+                                location.href = basePath + json.href
+                            }
                         } else {
-                            // location.href = basePath + "index_QrCode.jsp";
-                            location.href = basePath + json.href
-                        }
-                    } else {
-                        if (json.login == 'false') {
-                            CheckNumber();
-                            Ext.Msg.show({
-                                title: '错误信息',
-                                msg: json.Msg === 'CODE WRONG' ? '验证码错误!'
-                                    : json.Msg === 'WRONG PASSWORD!!!' ? '密码输入错误!'
-                                    : json.Msg === 'LOGIN NAME WRONG' ? '用户名输入错误!'
-                                            : json.Msg
-                            });
+                            if (json.login == 'false') {
+                                CheckNumber();
+                                Ext.Msg.show({
+                                    title: '错误信息',
+                                    msg: json.Msg === 'CODE WRONG' ? '验证码错误!'
+                                        : json.Msg === 'WRONG PASSWORD!!!' ? '密码输入错误!'
+                                            : json.Msg === 'LOGIN NAME WRONG' ? '用户名输入错误!'
+                                                : json.Msg === 'WRONG TIME' ? '密码已超过90天未修改，请及时修改!'
+                                                    : json.Msg
+                                });
+                                if(window.localStorage.getItem('userCode')){
+                                    var error_times = window.localStorage.getItem('userCode')
+                                    error_times++;
+                                    window.localStorage.setItem('userCode',error_times)
+                                    if (error_times==5){
+                                        var nowTime = parseInt(new Date().getTime()/1000)
+                                        window.localStorage.setItem('userTime',nowTime)
+                                    }
+                                }else {
+                                    window.localStorage.setItem('userCode','1')
+                                }
+                            }
                         }
                     }
-                }
-            });
+                });
+            }
         }
     };
-    $("#my_login").submit(function (e) {
-        loginSubmit();
-    });
+    // $("#my_login").submit(function (e) {
+    //     loginSubmit();
+    // });
 
     function CheckNumber(){
         $('#userCaptcha').val('')

YtIoT.iml

@@ -9,7 +9,6 @@
         <webroots>
           <root url="file://$MODULE_DIR$/WebRoot" relative="/" />
         </webroots>
-        <sourceRoots />
       </configuration>
     </facet>
   </component>

src/cn/com/usky/iot/auth/TokenAuthService.java

@@ -120,7 +120,8 @@ public final class TokenAuthService {
         }
 
         LOGGER.info("token认证成功 \n" + "token=" + token + "\n" + "tokenInfo=" + tokenJson);
-        tokenJson.put(Constants.USER_INFO, userInfo.get(0));
+        YtiotTAdmin ytiotTAdmin = userInfo.get(0);
+        tokenJson.put(Constants.USER_INFO,ytiotTAdmin);
         return new TokenAuthBO(TokenAuthEnum.SUCCESS, tokenJson);
     }
 

src/cn/com/usky/iot/controller/AlarmViewController.java

@@ -53,6 +53,7 @@ public class AlarmViewController {
             json.put("check", false);
             json.put("errMsg", "权限错误，请重新登录");
             mav.addObject("ret_str", json.toJSONString());
+            return mav;
         }
         mav.setViewName("return");
         //通过获取用户信息

src/cn/com/usky/iot/controller/login/LoginService.java

@@ -1,5 +1,7 @@
 package cn.com.usky.iot.controller.login;
 
+import cn.com.usky.iot.entity.YtiotTAdmin;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.util.List;
@@ -13,5 +15,5 @@ public interface LoginService {
      * @param userId
      * @return
      */
-    List getObjectByUserId(String userId);
+    List<YtiotTAdmin> getObjectByUserId(String userId);
 }

src/cn/com/usky/iot/controller/login/LoginServiceImpl.java

@@ -2,6 +2,7 @@ package cn.com.usky.iot.controller.login;
 
 import cn.com.usky.iot.admin.dao.YtiotTAdminDao;
 import cn.com.usky.iot.auth.TokenAuthService;
+import cn.com.usky.iot.entity.YtiotTAdmin;
 import cn.com.usky.utils.ListUtil;
 import cn.com.usky.utils.MD5Util;
 import com.alibaba.fastjson.JSONObject;
@@ -15,9 +16,12 @@ import org.springframework.orm.hibernate3.HibernateTemplate;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import java.io.UnsupportedEncodingException;
 import java.security.NoSuchAlgorithmException;
+import java.sql.Date;
 import java.sql.SQLException;
+import java.text.SimpleDateFormat;
 import java.util.List;
 
 /**
@@ -107,6 +111,8 @@ public class LoginServiceImpl implements LoginService {
             }
         });
         if (ListUtil.isBlank(password)) {
+//            HttpSession session = request.getSession();
+//            this.session.setAttribute("errorNumber", text);
             JSONObject jsonObject = new JSONObject();
             jsonObject.put("Msg", "WRONG PASSWORD!!!");
             jsonObject.put("ServerName", "www.jd-ioe.com/UskyIoT");
@@ -114,6 +120,27 @@ public class LoginServiceImpl implements LoginService {
             jsonObject.put("login", "false");
             return jsonObject.toString();
         }
+        long time = (long)90*86400000;
+        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+        String format1 = simpleDateFormat.format(new Date(System.currentTimeMillis() - time));
+        List password1 = hibernateTemplate.executeFind(new HibernateCallback() {
+            @Override
+            public Object doInHibernate(Session session)
+                    throws HibernateException, SQLException {
+                String sql = "select V_ADMIN_NAME,V_PASSWORD from ytiot_t_admin where V_LOGINNAME ='" + loginName +
+                        "' and V_PASSWORD='" + finalPwd + "' and D_STORETIME>'" + format1 + "'";
+                Query query = session.createSQLQuery(sql);
+                return query.list();
+            }
+        });
+        if (ListUtil.isBlank(password1)) {
+            JSONObject jsonObject = new JSONObject();
+            jsonObject.put("Msg", "WRONG TIME");
+            jsonObject.put("ServerName", "www.jd-ioe.com/UskyIoT");
+            jsonObject.put("check", "true");
+            jsonObject.put("login", "false");
+            return jsonObject.toString();
+        }
         JSONObject jsonObject = new JSONObject();
         jsonObject.put("chk", 1);
         jsonObject.put("href", "view/mainframe.jsp");
@@ -130,25 +157,27 @@ public class LoginServiceImpl implements LoginService {
         cookie.setHttpOnly(true);
         cookie.setPath(request.getContextPath());
         //有效期一个月
-        cookie.setMaxAge(60 * 60 * 24 * 30);
+        cookie.setMaxAge(60 * 10);
         response.addCookie(cookie);
         return jsonObject.toString();
     }
 
-/*
-    @Override
-    public List getObjectByUserId(String userId) {
-        return hibernateTemplate.executeFind(new HibernateCallback() {
-            @Override
-            public Object doInHibernate(Session session)
-                    throws HibernateException, SQLException {
-                String sql = "select UQ_ADMIN_ID from ytiot_t_admin where UQ_ADMIN_ID ='" + userId + "'";
-                Query query = session.createSQLQuery(sql);
-                return query.list();
-            }
-        });
-    }
-*/
+
+//    @Override
+//    public List<YtiotTAdmin> getObjectByUserId(String userId) {
+//        return hibernateTemplate.executeFind(new HibernateCallback() {
+//            @Override
+//            public List<YtiotTAdmin> doInHibernate(Session session)
+//                    throws HibernateException, SQLException {
+////                String sql = "select * from ytiot_t_admin where UQ_ADMIN_ID ='" + userId + "' and E_STATUS " +
+////                        "= '1'";
+//                String sql = "from YtiotTAdmin t where t.uqAdminId='" + userId + "' and t.EStatus='1'";
+//                Query query = session.createQuery(sql);
+//                return query.list();
+//            }
+//        });
+//    }
+
 
 
     @Override