@ResponseBody
@RequestMapping("/password.htm")
public String password(
ModelMap modelMap, String oldPassword, String newPassword, HttpServletRequest request) {
Provider provider = SessionHelper.getProvider(request);
oldPassword = CookieHelper.md5(oldPassword);
if (!provider.getPassword().equals(oldPassword)) {
return "旧密码错误,请重新输入!";
} else {
String newPwd = CookieHelper.md5(newPassword);
Provider newProvider = new Provider();
newProvider.setProviderId(provider.getProviderId());
newProvider.setPassword(newPwd);
try {
providerService.update(newProvider);
// recordEditAccountLog();
} catch (Exception e) {
LOGGER.error("修改供应商密码失败!", e);
return "修改密码失败!";
}
// 更新SESSION
provider.setPassword(newPwd);
SessionHelper.setProvider(provider, request);
}
return "success";
}
private boolean manualLogin(HttpServletRequest request, HttpServletResponse response) {
String userName = request.getParameter("userName");
String password = request.getParameter("password");
String captcha = request.getParameter("captcha");
if (userName == null || password == null || !validateCaptcha(captcha, request)) {
return false;
}
String adminLogin = request.getParameter("adminLogin");
Provider provider = null;
if ("1".equals(adminLogin)) {
Admin loginAdmin = adminMapper.selectByName(userName);
if (loginAdmin == null) {
LOGGER.warn("not found admin user from database by name [{0}]", userName);
return false;
}
provider = newProviderByAdmin(loginAdmin);
} else {
provider = providerService.findByUserName(userName);
if (provider == null) {
LOGGER.debug("not found provider user from database by name [{0}]", userName);
return false;
}
provider.setUserName(userName);
}
// 设置配送区域
provider.setDeliveryArea(genProviderDeliveryArea(provider));
password = CookieHelper.md5(password);
boolean login = doLogin(provider, password, false, request);
if (login) {
int cookieMaxAge = -1; // cookies auto-expire
if (Boolean.parseBoolean(request.getParameter("autoLogin"))) {
cookieMaxAge = Integer.parseInt(getProperty(COOKIE_MAX_AGE));
CookieHelper.addCookies(
provider.getProviderId().toString(),
password,
adminLogin,
cookieMaxAge,
request,
response);
}
}
return login;
}
@ResponseBody
@RequestMapping("/login/check.htm")
public String checkLogin(
String userName,
String password,
String captcha,
String adminLogin,
HttpServletRequest request) {
assert userName != null;
assert password != null;
assert captcha != null;
Provider provider = null;
if ("1".equals(adminLogin)) {
Admin loginAdmin = adminMapper.selectByName(userName);
provider = newProviderByAdmin(loginAdmin);
} else {
provider = providerService.findByUserName(userName);
}
password = CookieHelper.md5(password);
if (provider == null) {
return "用户名不存在!";
}
if (!provider.getPassword().equals(password)) {
return "密码有误!";
}
if (!validateCaptcha(captcha, request)) {
return "验证码有误!";
}
Boolean loginStatus = provider.getProviderStatus();
if (loginStatus != null && loginStatus.booleanValue()) {
return "账号被锁定,不能登录!";
}
// 登录合作方式校验
// if (!"1".equals(adminLogin)) {
// Integer coopId = provider.getProviderCooperation();
// if (coopId == null || coopId.intValue() != 4) {
// return "不是第三方直发供应商,不能登录!";
// }
// }
return "success";
}
private boolean doLogin(
Provider provider, String password, boolean pwdEncoded, HttpServletRequest request) {
// validate user status
if (Boolean.TRUE.equals(provider.getProviderStatus())) {
LOGGER.debug("provider [{0}] is locked", provider.getUserName());
return false;
}
// validate password
String dbPassword = provider.getPassword();
if (pwdEncoded) {
dbPassword = CookieHelper.md5(dbPassword);
}
if (!password.equals(dbPassword)) {
LOGGER.debug("login password [{0}] error", password);
return false;
}
// save to session
SessionHelper.setProvider(provider, request);
return true;
}