From e10efae34a92fdcb6451f1a6a823a72b8c394d43 Mon Sep 17 00:00:00 2001
From: yn147 <2270338776@qq.com>
Date: 星期四, 13 四月 2023 14:27:26 +0800
Subject: [PATCH] 密码加密
---
src/main/java/com/qxueyou/scc/sys/action/LoginController.java | 37 +++++++++++++++++++++++++------------
1 files changed, 25 insertions(+), 12 deletions(-)
diff --git a/src/main/java/com/qxueyou/scc/sys/action/LoginController.java b/src/main/java/com/qxueyou/scc/sys/action/LoginController.java
index 81ed905..859e5e5 100644
--- a/src/main/java/com/qxueyou/scc/sys/action/LoginController.java
+++ b/src/main/java/com/qxueyou/scc/sys/action/LoginController.java
@@ -24,6 +24,7 @@
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Controller;
+import org.springframework.util.DigestUtils;
import org.springframework.web.bind.annotation.*;
import com.qxueyou.scc.admin.teacher.service.ITeacherService;
@@ -183,8 +184,8 @@
// 鏌ヨ鐢ㄦ埛淇℃伅
String uuNumber=null;
String uuReNumber=null;
- String hql = "from User where deleteFlag is false and account = ? and password = ? ";
- List<Object> params = CollectionUtils.newList(account,password);
+ String hql = "from User where deleteFlag is false and account = ?";
+ List<Object> params = CollectionUtils.newList(account);
User user = commonDAO.findUnique(hql,params, User.class);
if (user == null ) {
return new Result(false, "鐢ㄦ埛璐︽埛銆佸瘑鐮侀敊璇�");
@@ -213,6 +214,12 @@
}
// 鎻掑叆鏃ュ織
insertLoginLog(request, user, account, "SYS-LOGIN");
+ String salt = user.getSalt();
+ String newPassword= DigestUtils.md5DigestAsHex((salt+password).getBytes());
+ //姣旇緝鐢ㄦ埛杈撳叆鐨勫瘑鐮佸姞瀵嗗悗鐨勫瓧绗︿覆鏄惁璺熸敞鍐屾椂濉啓鐨勫姞瀵嗗瘑鐮佺浉鍚�
+ if (!newPassword.equals(user.getPassword())) {
+ return new Result(false, "鐢ㄦ埛璐︽埛銆佸瘑鐮侀敊璇垨缂哄皯鍑瘉");
+ }
// 杩斿洖
return new Result(true, "楠岃瘉鎴愬姛",CollectionUtils.newObjectMap("uuNumber",uuNumber,"uuReNumber",uuReNumber));
}
@@ -374,16 +381,16 @@
List<Object> params = null;
// boolean flag=true;
if ("study".equals(logType)) {
- hql = "from User where deleteFlag is false and account = ? and password = ? ";
- params = CollectionUtils.newList(account, password);
+ hql = "from User where deleteFlag is false and account = ?";
+ params = CollectionUtils.newList(account);
}else if("portal".equals(logType)){
- hql = "from User where deleteFlag is false and mobilePhone = ? and password = ? ";
- params = CollectionUtils.newList(account, password);
+ hql = "from User where deleteFlag is false and mobilePhone = ?";
+ params = CollectionUtils.newList(account);
}else{
if(StringUtils.isEmpty(password)) {
return new Result(false, "鐢ㄦ埛瀵嗙爜涓嶈兘涓虹┖");
}
- hql = "from User where deleteFlag is false and account = ? and password = ? ";
+ hql = "from User where deleteFlag is false and account = ? and password = ?";
params = CollectionUtils.newList(account,password);
}
@@ -406,13 +413,19 @@
// request.getSession().removeAttribute("uuReNumber");
// }
+ if (user == null) {
+ return new Result(false, "鐢ㄦ埛璐︽埛涓嶅瓨鍦�");
+ }
// 鎻掑叆鏃ュ織
insertLoginLog(request, user, account, "SYS-LOGIN");
-
- //鑰冭瘯鐧诲綍浼氭帶鍒秄lag鍙橀噺 鍏朵粬鐧诲綍涓嶄細 榛樿true
- if (user == null) {
- return new Result(false, "鐢ㄦ埛璐︽埛銆佸瘑鐮侀敊璇垨缂哄皯鍑瘉");
- }
+ String salt = user.getSalt();
+ String newPassword= DigestUtils.md5DigestAsHex((salt+password).getBytes());
+ //姣旇緝鐢ㄦ埛杈撳叆鐨勫瘑鐮佸姞瀵嗗悗鐨勫瓧绗︿覆鏄惁璺熸敞鍐屾椂濉啓鐨勫姞瀵嗗瘑鐮佺浉鍚�
+ if("study".equals(logType) || "portal".equals(logType)){
+ if (!newPassword.equals(user.getPassword())) {
+ return new Result(false, "鐢ㄦ埛璐︽埛銆佸瘑鐮侀敊璇垨缂哄皯鍑瘉");
+ }
+ }
// 杩斿洖鐢ㄦ埛鍩烘湰淇℃伅
return this.loginValidate(user, 1, request, response, logType, platForm, organizationId);
--
Gitblit v1.8.0