@ResponseBody
  @RequestMapping("/password.htm")
  public String password(
      ModelMap modelMap, String oldPassword, String newPassword, HttpServletRequest request) {
    Provider provider = SessionHelper.getProvider(request);
    oldPassword = CookieHelper.md5(oldPassword);
    if (!provider.getPassword().equals(oldPassword)) {
      return "旧密码错误,请重新输入!";
    } else {
      String newPwd = CookieHelper.md5(newPassword);

      Provider newProvider = new Provider();
      newProvider.setProviderId(provider.getProviderId());
      newProvider.setPassword(newPwd);
      try {
        providerService.update(newProvider);
        // recordEditAccountLog();
      } catch (Exception e) {
        LOGGER.error("修改供应商密码失败!", e);
        return "修改密码失败!";
      }

      // 更新SESSION
      provider.setPassword(newPwd);
      SessionHelper.setProvider(provider, request);
    }

    return "success";
  }
  private boolean manualLogin(HttpServletRequest request, HttpServletResponse response) {
    String userName = request.getParameter("userName");
    String password = request.getParameter("password");
    String captcha = request.getParameter("captcha");
    if (userName == null || password == null || !validateCaptcha(captcha, request)) {
      return false;
    }

    String adminLogin = request.getParameter("adminLogin");
    Provider provider = null;
    if ("1".equals(adminLogin)) {
      Admin loginAdmin = adminMapper.selectByName(userName);
      if (loginAdmin == null) {
        LOGGER.warn("not found admin user from database by name [{0}]", userName);
        return false;
      }

      provider = newProviderByAdmin(loginAdmin);
    } else {

      provider = providerService.findByUserName(userName);
      if (provider == null) {
        LOGGER.debug("not found provider user from database by name [{0}]", userName);
        return false;
      }
      provider.setUserName(userName);
    }
    // 设置配送区域
    provider.setDeliveryArea(genProviderDeliveryArea(provider));

    password = CookieHelper.md5(password);
    boolean login = doLogin(provider, password, false, request);

    if (login) {
      int cookieMaxAge = -1; // cookies auto-expire
      if (Boolean.parseBoolean(request.getParameter("autoLogin"))) {
        cookieMaxAge = Integer.parseInt(getProperty(COOKIE_MAX_AGE));
        CookieHelper.addCookies(
            provider.getProviderId().toString(),
            password,
            adminLogin,
            cookieMaxAge,
            request,
            response);
      }
    }

    return login;
  }
  @ResponseBody
  @RequestMapping("/login/check.htm")
  public String checkLogin(
      String userName,
      String password,
      String captcha,
      String adminLogin,
      HttpServletRequest request) {
    assert userName != null;
    assert password != null;
    assert captcha != null;

    Provider provider = null;
    if ("1".equals(adminLogin)) {
      Admin loginAdmin = adminMapper.selectByName(userName);
      provider = newProviderByAdmin(loginAdmin);
    } else {
      provider = providerService.findByUserName(userName);
    }

    password = CookieHelper.md5(password);

    if (provider == null) {
      return "用户名不存在!";
    }
    if (!provider.getPassword().equals(password)) {
      return "密码有误!";
    }
    if (!validateCaptcha(captcha, request)) {
      return "验证码有误!";
    }
    Boolean loginStatus = provider.getProviderStatus();
    if (loginStatus != null && loginStatus.booleanValue()) {
      return "账号被锁定,不能登录!";
    }

    // 登录合作方式校验
    //	    if (!"1".equals(adminLogin)) {
    //	    	Integer coopId = provider.getProviderCooperation();
    //	    	if (coopId == null || coopId.intValue() != 4) {
    //	    		return "不是第三方直发供应商,不能登录!";
    //	    	}
    //	    }

    return "success";
  }
  private boolean doLogin(
      Provider provider, String password, boolean pwdEncoded, HttpServletRequest request) {
    // validate user status
    if (Boolean.TRUE.equals(provider.getProviderStatus())) {
      LOGGER.debug("provider [{0}] is locked", provider.getUserName());
      return false;
    }

    // validate password
    String dbPassword = provider.getPassword();
    if (pwdEncoded) {
      dbPassword = CookieHelper.md5(dbPassword);
    }
    if (!password.equals(dbPassword)) {
      LOGGER.debug("login password [{0}] error", password);
      return false;
    }

    // save to session
    SessionHelper.setProvider(provider, request);

    return true;
  }