LIOT/EMIS.Web/Controllers/AccountController.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Transactions;
using System.Web;
using System.Web.Mvc;
using System.Web.Security;
using DotNetOpenAuth.AspNet;
using Microsoft.Web.WebPages.OAuth;
using WebMatrix.WebData;
using EMIS.Web.Filters;
using EMIS.Web.Models;
using Bowin.Common;
using Bowin.Common.Utility;
using EMIS.ViewModel.Account;
using EMIS.CommonLogic.SystemServices;
using EMIS.ViewModel.SystemView;
using EMIS.ViewModel;
using EMIS.Web.Controls;
using EMIS.Utility.SSO;
using EMIS.Utility;
using EMIS.ViewModel.Students;
using EMIS.CommonLogic.Students;
using Bowin.Web.Controls.Mvc;
using System.IO;

namespace EMIS.Web.Controllers
{
    //[Authorize]
    [Authorization]
    public class AccountController : Controller
    {
        public IUserServices UserServices { get; set; }
        public IStudentsServices StudentsServices { get; set; }
        public IMailVerifyServices MailVerifyServices { get; set; }

        public IParameterServices ParameterServices { get; set; }
        //
        // GET: /Account/Login

        [AllowAnonymous]
        public ActionResult SSOLogin()
        {
            try
            {
                var loginID = UserServices.SSOLogin();

                this.LoginSureccessful(new LogOnModel
                {
                    UserName = loginID
                }, loginID);
                return RedirectToAction("SSOLoginJump", "Account", new { Remote_Login_User = loginID });
                //return RedirectToAction("SSOLoginJump", "Account", new { Remote_Login_User = loginID });
            }
            catch (Exception ex)
            {
                ViewBag.ErrorMessage = ex.Message;
                //filterContext.HttpContext.Response.Redirect(FormsAuthentication.LoginUrl);
            }
            return View();
        }

        [AllowAnonymous]
        public ActionResult SSOLoginJump()
        {
            var loginID = Request["Remote_Login_User"];

            Session.Add("Remote_Login_User", loginID);

            return RedirectToAction("Index", "Home");
        }

        [AllowAnonymous]
        public ActionResult Login(string returnUrl)
        {
            ViewBag.ReturnUrl = returnUrl;
            var model = this.GetUserCookies();
            if (model != null)
            {
                return View(model);
            }
            return View();
        }

        [HttpPost]
        [AllowAnonymous]
        public ActionResult GetLoginTip()
        {
            var loginTip = ParameterServices.GetParameterValue(CF_ParameterType.LoginTip);
            loginTip = Server.HtmlDecode(loginTip);

            return Json(loginTip);
        }

        //
        // POST: /Account/Login

        [HttpPost]
        [AllowAnonymous]
        public ActionResult Login(LogOnModel model, string returnUrl)
        {
            if (ModelState.IsValid)
            {
                try
                {
                    if (model.VerifyCode != Session["code"] as string)
                    {
                        ModelState.AddModelError("", "请输入正确的验证码！");
                        return View(model);
                    }
                    bool isLogin;
                    try
                    {
                        isLogin = UserServices.Login(model.UserName, model.Password);
                    }
                    catch (Exception ex)
                    {
                        ModelState.AddModelError("", ex.Message);
                        return View(model);
                    }
                    bool isCanLogin = UserServices.LoginHistory(model.UserName, isLogin);
                    if (!isCanLogin)
                    {
                        throw new Exception("当天登陆失败次数超过5次，请明天再试或联系管理员。");
                    }
                    if (isLogin)
                    {
                        try
                        {
                            this.LoginSureccessful(model, model.UserName);

                            var referrer = HttpContext.Request.UrlReferrer;
                            if (referrer != null)
                            {
                                var referrerUrl = HttpContext.Request.UrlReferrer.GetQueryStringByPath("targetUrl");

                                if (!string.IsNullOrEmpty(referrerUrl))
                                {
                                    return Redirect(HttpContext.Server.UrlDecode(referrerUrl));
                                }
                            }
                            return RedirectToAction("Index", "Home");
                        }
                        catch (Exception ex)
                        {
                            ModelState.AddModelError("", ex.Message);
                            return View(model);
                        }
                    }
                    else
                    {

                        ModelState.AddModelError("", "密码错误或不存在该账户！（注意：如密码连续输入错误5次以上账号将被锁定）");

                        this.RemoveUserCookies(model);

                        return View(model);
                    }
                }
                catch (Exception ex)
                {
                    return RedirectToAction("MsgShow", "Common", new
                    {
                        WindowID = Request["WindowID"],
                        msg = ex.Message,
                        url = Url.Action("Login")
                    });
                    //this.RemoveUserCookies(model);
                    //ModelState.AddModelError("", "提供的用户名或密码不正确。");
                    //throw ex;
                }
            }

            return View(model);
        }

        
        /// <summary>
        /// 新增的登录页面
        /// </summary>
        /// <param name="returnUrl"></param>
        /// <returns></returns>
        [AllowAnonymous]
        public ActionResult NewLogin(string returnUrl)
        {
            ViewBag.ReturnUrl = returnUrl;
            var model = this.GetUserCookies();
            Session["FailCount"] = 0;
            if (model != null)
            {
                return View(model);
            }
            return View();
        }

        /// <summary>
        /// 新增的登录页面
        /// </summary>
        /// <param name="returnUrl"></param>
        /// <returns></returns>
        [HttpPost]
        [AllowAnonymous]
        public ActionResult NewLogin(LogOnModel model, string returnUrl)
        {
            if (ModelState.IsValid)
            {
                try
                {
                    int failCount = (int)Session["FailCount"];
                    if (model.VerifyCode != "NoCode")
                    {
                        if (model.VerifyCode != Session["code"] as string)
                        {

                            failCount++;
                            Session["FailCount"] = failCount;
                            model.Session = Session;
                            ModelState.AddModelError("", "请输入正确的验证码！");
                            return View(model);
                        }
                    }
                    bool isLogin;
                    try
                    {
                        isLogin = UserServices.Login(model.UserName, model.Password);
                    }
                    catch (Exception ex)
                    {
                        ModelState.AddModelError("", ex.Message);
                        return View(model);
                    }
                    if (isLogin)
                    {
                        try
                        {
                            this.LoginSureccessful(model, model.UserName);

                            var referrer = HttpContext.Request.UrlReferrer;
                            if (referrer != null)
                            {
                                var referrerUrl = HttpContext.Request.UrlReferrer.GetQueryStringByPath("targetUrl");

                                if (!string.IsNullOrEmpty(referrerUrl))
                                {
                                    return Redirect(HttpContext.Server.UrlDecode(referrerUrl));
                                }
                            }

                            return RedirectToAction("Index", "Home");
                        }
                        catch (Exception ex)
                        {
                            ModelState.AddModelError("", ex.Message);
                            return View(model);
                        }
                    }
                    else
                    {
                        failCount++;

                        //ViewBag.FailCount = failCount;

                        Session["FailCount"] = failCount;

                        model.Session = Session;
                        //model.FailCount = failCount;


                        ModelState.AddModelError("", "用户名或密码不正确请检查后重新输入！");

                        //this.RemoveUserCookies(model);

                        return View(model);
                    }
                }
                catch (Exception ex)
                {
                    //this.RemoveUserCookies(model);
                    //ModelState.AddModelError("", "提供的用户名或密码不正确。");
                    throw ex;
                }
            }

            return View(model);
        }
        [AllowAnonymous]
        public ActionResult GZZYLogin(string returnUrl)
        {
            ViewBag.ReturnUrl = returnUrl;
            var model = this.GetUserCookies();
            if (model != null)
            {
                return View(model);
            }
            return View();
        }

        //
        // POST: /Account/Login

        [HttpPost]
        [AllowAnonymous]
        public ActionResult GZZYLogin(LogOnModel model, string returnUrl)
        {
            if (ModelState.IsValid)
            {
                try
                {
                    if (model.VerifyCode != Session["code"] as string)
                    {
                        ModelState.AddModelError("", "请输入正确的验证码！");
                        return View(model);
                    }
                    bool isLogin;
                    try
                    {
                        isLogin = UserServices.Login(model.UserName, model.Password);
                    }
                    catch (Exception ex)
                    {
                        ModelState.AddModelError("", ex.Message);
                        return View(model);
                    }
                    if (isLogin)
                    {
                        try
                        {
                            this.LoginSureccessful(model, model.UserName);

                            var referrer = HttpContext.Request.UrlReferrer;
                            if (referrer != null)
                            {
                                var referrerUrl = HttpContext.Request.UrlReferrer.GetQueryStringByPath("targetUrl");

                                if (!string.IsNullOrEmpty(referrerUrl))
                                {
                                    return Redirect(HttpContext.Server.UrlDecode(referrerUrl));
                                }
                            }

                            return RedirectToAction("Index", "Home");
                        }
                        catch (Exception ex)
                        {
                            ModelState.AddModelError("", ex.Message);
                            return View(model);
                        }
                    }
                    else
                    {
                        ModelState.AddModelError("", "用户名或密码不正确请检查后重新输入！");

                        this.RemoveUserCookies(model);

                        return View(model);
                    }
                }
                catch (Exception ex)
                {
                    //this.RemoveUserCookies(model);
                    //ModelState.AddModelError("", "提供的用户名或密码不正确。");
                    throw ex;
                }
            }

            return View(model);
        }
        //
        // POST: /Account/LogOff
        [NoSSO]
        public ActionResult LogOff()
        {
            var cookieName = EMIS.Utility.Const.LOCAL_SETTING_LOGIN_COOKIENAME;
            var logoffUrl = Url.Content(EMIS.Utility.Const.LOCAL_SETTING_LOGOFF_PAGE);
            HttpCookie cookie = new HttpCookie(cookieName);
            cookie.Value = "";
            cookie.Expires = DateTime.Now.AddDays(-1);
            Response.Clear();
            Response.AppendCookie(cookie);

            //if (Const.SSO_IS_SSO_LOGIN)
            //{
            //    SSO.SSOLogout();
            //}
            var url = Request.QueryString["url"];
            if (!string.IsNullOrEmpty(url))
            {
                logoffUrl = logoffUrl += "?url=" + url;
            }
            return Redirect(logoffUrl);
            //return Redirect("http://portal.gdsspt.cn/c/portal/logout?service=http://localhost:2583/Account/Login");
        }

        [AllowAnonymous]
        public ActionResult ForgotPassword(string loginID)
        {
            Random r = new Random(DateTime.Now.Second);
            ViewBag.VKey = r.Next().ToString().MD5();
            Session["__VKey"] = ViewBag.VKey;
            return View();
        }

        [AllowAnonymous]
        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult ForgotPassword()
        {
            if (Request.Form["VKey"].ToString() != Session["__VKey"].ToString())
            {
                throw new Exception("注意，您正从不安全的网站访问当前页面。");
            }
            if (Request.UrlReferrer.Host != Request.Url.Host)
            {
                throw new Exception("注意，您正从不安全的网站访问当前页面。");
            }
            var result = new ReturnMessage { IsSuccess = true, Message = "邮件发送成功，请查收。" };
            string loginID = Request.Form["LoginID"];
            string failUrl = Url.Content("~/Account/ForgotPassword?LoginID=" + loginID);
            string successUrl = Url.Content("~/Account/Login");
            var user = UserServices.GetUserByLoginID(loginID);
            if (user == null)
            {
                result.IsSuccess = false;
                result.Message = "用户名输入错误。";
                return Json(result);
            }
            var url = HttpContext.Request.Url.Scheme + "://" + HttpContext.Request.Url.Host + ":" + HttpContext.Request.Url.Port + Url.Content("~/").TrimEnd('/');
            try
            {
                var email = UserServices.GetUserEmail(user.UserID);

                if (email == null)
                {
                    result.IsSuccess = false;
                    result.Message = "用户并没有注册电子邮箱信息。";
                    return Json(result);
                }

                MailVerifyServices.SendVerifyMail(url, user.UserID, email);

                return Json(result);
            }
            catch (Exception ex)
            {
                result.IsSuccess = false;
                result.Message = ex.Message;
                return Json(result);
            }
        }

        /// <summary>
        /// 新增忘记密码页面
        /// </summary>
        /// <param name="loginID"></param>
        /// <returns></returns>
        [AllowAnonymous]
        public ActionResult NewForgotPassword(string loginID)
        {
            return View();
        }

        /// <summary>
        /// 新增忘记密码页面
        /// </summary>
        /// <returns></returns>
        [AllowAnonymous]
        [HttpPost]
        public ActionResult NewForgotPassword()
        {
            var result = new ReturnMessage { IsSuccess = true, Message = "邮件发送成功，请查收。" };
            string loginID = Request.Form["LoginID"];
            string failUrl = Url.Content("~/Account/NewForgotPassword?LoginID=" + loginID);
            string successUrl = Url.Content("~/Account/NewLogin");
            var user = UserServices.GetUserByLoginID(loginID);
            if (user == null)
            {
                result.IsSuccess = false;
                result.Message = "用户名输入错误。";
                return Json(result);
            }
            var url = HttpContext.Request.Url.Scheme + "://" + HttpContext.Request.Url.Host + ":" + HttpContext.Request.Url.Port + Url.Content("~/").TrimEnd('/');
            try
            {
                var email = UserServices.GetUserEmail(user.UserID);

                if (email == null)
                {
                    result.IsSuccess = false;
                    result.Message = "用户并没有注册电子邮箱信息。";
                    return Json(result);
                }

                MailVerifyServices.SendVerifyMail(url, user.UserID, email);

                return Json(result);
            }
            catch (Exception ex)
            {
                result.IsSuccess = false;
                result.Message = ex.Message;
                return Json(result);
            }
        }

        public ActionResult ChangePassword()
        {
            return View();
        }

        [HttpPost]
        public ActionResult ChangePassword(ChangePasswordView changePasswordView)
        {
            try
            {
                var principal = ((EMIS.Utility.FormValidate.CustomPrincipal)HttpContext.User);
                var loginID = principal.LoginID;

                var user = UserServices.GetUserByLoginID(loginID);
                if (user.Password.ToLower() != changePasswordView.OldPassword.MD5().ToLower())
                {
                    return Json(new ReturnMessage()
                    {
                        IsSuccess = false,
                        Message = "保存失败：原密码验证失败"
                    });
                }

                UserServices.ChangePassword(changePasswordView, user.UserID);

                return Json(new ReturnMessage()
                {
                    IsSuccess = true,
                    Message = "密码已经成功修改！"
                });
            }
            catch (Exception ex)
            {
                return Json(new ReturnMessage()
                {
                    IsSuccess = false,
                    Message = "保存失败：" + ex.Message
                });
            }
        }

        public ActionResult GetTicket(string url)
        {
            FormsAuthenticationHelper fa = new FormsAuthenticationHelper();
            
            fa.GetTicket(System.Web.HttpContext.Current, url);

            return Json(true);
        }

        [HttpPost]
        [AllowAnonymous]
        public ActionResult AuthTicket(string ticket)
        {
            FormsAuthenticationHelper fa = new FormsAuthenticationHelper();

            EMIS.Utility.FormValidate.CustomPrincipal user = (EMIS.Utility.FormValidate.CustomPrincipal)fa.ValidateTitcket(System.Web.HttpContext.Current, ticket);

            return Json(user.LoginID);
        }

        [HttpGet]
        [AllowAnonymous]
        public ActionResult Regist()
        {
            Random r = new Random(DateTime.Now.Second);
            ViewBag.VKey = r.Next().ToString().MD5();
            Session["__VKey"] = ViewBag.VKey;
            return View(new RegistView());
        }

        [HttpPost]
        [AllowAnonymous]
        public ActionResult GetSchoolAreaWithoutSocial(DropdownListBindType? bindType)
        {
            List<DropdownListItem> list = DictionaryHelper.GetDictionaryValue(DictionaryItem.CF_SchoolArea)
                .Where(x => x.RecordStatus > (int)SYS_STATUS.UNUSABLE && x.Value < 3)
                .Select(x => new DropdownListItem { Text = x.Name, Value = x.Value.ToString() }).ToList();
            DropdownListBindType dbt = bindType == null ? DropdownListBindType.SelectAll : bindType.Value;

            DropdownList.FormatDropdownItemList(dbt, list);

            return base.Json(list);
        }

        [HttpPost]
        [AllowAnonymous]
        [ValidateAntiForgeryToken]
        public ActionResult Regist(RegistView registView)
        {
            if (Request.Form["VKey"].ToString() != Session["__VKey"].ToString())
            {
                throw new Exception("注意，您正从不安全的网站访问当前页面。");
            }
            if (Request.UrlReferrer.Host != Request.Url.Host)
            {
                throw new Exception("注意，您正从不安全的网站访问当前页面。");
            }

            try
            {
                var accepts = new List<string> { ".jpg" };
                var postedFile = Request.Files["PhotoUrl"];
                if (postedFile != null && !string.IsNullOrEmpty(postedFile.FileName) && !accepts.Contains(Path.GetExtension(postedFile.FileName).ToLower()))
                {
                    throw new Exception("只允许上传.jpg格式的文件。");
                }
                if (postedFile != null && !string.IsNullOrEmpty(postedFile.FileName) && (postedFile.ContentLength > (200 * 1024) || postedFile.ContentLength < (50 * 1024)))
                {
                    throw new Exception("只允许上传50-200k大小的照片。");
                }
                string photoUrl = FileUploadHelper.UploadFile(postedFile);
                if (photoUrl != null)
                {
                    registView.PhotoUrl = photoUrl;
                }

                var userID = UserServices.StudentRegist(registView);

                this.LoginSureccessful(new LogOnModel { UserName = registView.UserName, Password = registView.PCode, RememberMe = false }, registView.UserName, userID);

                string scripts = "<script>alert('注册成功。'); window.top.location.href = '../Home/Index';</script>";
                return Content(scripts);
            }
            catch (Exception ex)
            {
                return RedirectToAction("MsgShow", "Common", new
                {
                    WindowID = Request["WindowID"],
                    msg = "注册失败：" + ex.Message
                });
            }
        }

        [HttpGet]
        public ActionResult FinishInfomation()
        {
            var user = (EMIS.Utility.FormValidate.CustomPrincipal)HttpContext.User;

            var registView = StudentsServices.GetRegistViewByUserID(user.UserID);

            return View(registView);
        }

        [HttpPost]
        public ActionResult FinishInfomation(RegistView registView)
        {
            try
            {
                var accepts = new List<string> { ".jpg" };
                var postedFile = Request.Files["PhotoUrl"];
                if (postedFile != null && !string.IsNullOrEmpty(postedFile.FileName) && !accepts.Contains(Path.GetExtension(postedFile.FileName).ToLower()))
                {
                    throw new Exception("只允许上传.jpg格式的文件。");
                }
                if (postedFile != null && !string.IsNullOrEmpty(postedFile.FileName) && (postedFile.ContentLength > (200 * 1024) || postedFile.ContentLength < (50 * 1024)))
                {
                    throw new Exception("只允许上传50-200k大小的照片。");
                }
                string photoUrl = FileUploadHelper.UploadFile(postedFile);
                if (photoUrl != null)
                {
                    registView.PhotoUrl = photoUrl;
                }
                UserServices.StudentRegist(registView);

                string scripts = "<script>alert('保存成功。'); window.top.location.href = '../Home/Index';</script>";
                return Content(scripts);
            }
            catch (Exception ex)
            {
                return RedirectToAction("MsgShow", "Common", new
                {
                    msg = "保存失败：" + ex.Message,
                    url = Url.Action("FinishInfomation")
                });
            }
        }
    }
}