//通过remember cookie获取登录信息,并且登录
func (this *BaseController) loginViaRememberCookie() (success bool) {
username := this.Ctx.GetCookie(setting.CookieUserName)
if len(username) == 0 {
return false
}
defer func() {
if !success {
this.DeleteRememberCookie()
}
}()
user := models.User{Username: username}
if err := user.Read("Username"); err != nil {
return false
}
secret := utils.EncodeMd5(user.Salt + user.Password)
value, _ := this.Ctx.GetSecureCookie(secret, setting.CookieRememberName)
if value != username {
return false
}
this.User = &user
this.LogUserIn(&user, true)
return true
}
//登录用户
func (this *BaseController) LogUserIn(user *models.User, remember bool) {
this.SessionRegenerateID()
this.SetSession("AuthUsername", user.Username)
if remember {
secret := utils.EncodeMd5(user.Salt + user.Password)
days := 86400 * 30
this.Ctx.SetCookie(setting.CookieUserName, user.Username, days)
this.SetSecureCookie(secret, setting.CookieRememberName, user.Username, days)
}
}
func (this *BaseController) CheckRequestFrequency(minutes, warningLevel, banLevel int64) {
var key, denyKey string
key = "CRF-" + utils.EncodeMd5(this.Ctx.Input.Uri()+this.Ctx.Input.IP())
denyKey = "deny" + this.Ctx.Input.IP()
if !setting.Cache.IsExist(key) {
setting.Cache.Put(key, 1, minutes*60)
} else {
setting.Cache.Incr(key)
}
counterValue := cache.GetInt64(setting.Cache.Get(key))
//beego.Trace("CRF ", key, ": ", counterValue)
if counterValue >= banLevel {
setting.Cache.Put(denyKey, 1, 86400)
this.Abort("IPBan")
return
}
if counterValue >= warningLevel {
this.FlashWrite("warning", "你的提交频率不太正常,持续这样频率的反复提交可能导致你的ip被封锁!")
}
}
func (m *User) VerifyPassword(password string) bool {
if m.Password == utils.EncodeMd5(utils.EncodeMd5(password)+m.Salt) {
return true
}
return false
}
func (m *User) SetPassword(password string) error {
m.Salt = utils.GetRandomString(6)
m.Password = utils.EncodeMd5(utils.EncodeMd5(password) + m.Salt)
return nil
}
func (m *User) gravatarUrl(size int) (url string) {
hash := utils.EncodeMd5(strings.ToLower(m.Email))
url = fmt.Sprintf("http://gravatar.duoshuo.com/avatar/%s?d=identicon&size=%d", hash, size)
return url
}
