以文本方式查看主题 - Foxtable(狐表) (http://foxtable.com/bbs/index.asp) -- 专家坐堂 (http://foxtable.com/bbs/list.asp?boardid=2) ---- 如何实现移动端多端登录 (http://foxtable.com/bbs/dispbbs.asp?boardid=2&id=173594) |
||
-- 作者:chen_sheng -- 发布时间:2021/12/7 12:01:00 -- 如何实现移动端多端登录 参考实例可以账号密码登录 及企业微信登录了 但是如何结合起来 可以实现企业微信、钉钉内打开免登,浏览器登录过来实现账号密码授权 如何结合 如何让登录更安全实现呢 http://www.foxtable.com/mobilehelp/topics/0154.htm
[此贴子已经被作者于2021/12/7 12:02:42编辑过]
|
||
-- 作者:有点蓝 -- 发布时间:2021/12/7 12:07:00 -- 使用不同的首页入口。比如微信访问首页:http://www.abc.com/qiye.htm, 钉钉访问首页:http://www.abc.com/ding.htm 企业微信、钉钉使用授权功能:http://www.foxtable.com/mobilehelp/topics/0237.htm
|
||
-- 作者:chen_sheng -- 发布时间:2021/12/7 12:52:00 -- 代码是否如下: Static UserTable As DataTable \'定义一个变量,用于存储用户随机身份ID,以及最后一次活动时间. Static ClearTime As Date If UserTable Is Nothing Then \'创建用于记录登录信息的临时表 ClearTime = Date.Now() Dim dtb As New DataTableBuilder("UserInfos") dtb.AddDef("UserName", Gettype(String), 16) dtb.AddDef("UserID",Gettype(String),16) dtb.AddDef("ActiveTime",Gettype(Date)) UserTable = dtb.Build(True) End If If (Date.Now - ClearTime).TotalMinutes >= 30 Then \'清除超过30分钟没有操作的登录信息 UserTable.DeleteFor("ActiveTime < #" & Date.Now.AddMinutes(-30) & "#") ClearTime = Date.Now() End If Dim wb As New weui \'身份验证 Dim UserName As String Dim Password As String Dim UserID As String If e.Path = "logon.htm" \'验证用户名和密码 If e.PostValues.ContainsKey("username") AndAlso e.PostValues.ContainsKey("password") Then Dim Verified As Boolean \'用于标记用户是否通过了身份验证 UserName = e.PostValues("username") Password = e.PostValues("password") If UserName = "张三" AndAlso Password = "888" Then \'实际使用的时候,请改为从数据库读取用户名和密码进行比较 Verified = True ElseIf Username = "李四" AndAlso Password="999" Then Verified = True End If If Verified Then UserID = Rand.NextString(16) \'生成随机用户ID UserName = EncryptText(UserName,"123","123") \'将用户名加密. Dim dr As DataRow = UserTable.Find("UserName = \'" & UserName & "\'") If dr IsNot Nothing Then \'如果是重复登录,删除以前的登录信息 dr.Delete() End If dr = UserTable.AddNew() dr("UserName") = UserName dr("UserID") = UserId dr("ActiveTime") = Date.Now \'记录登录时间 wb.AppendCookie("username",UserName) \'将用户名和UserID写入cookie wb.AppendCookie("userid",UserID) wb.InsertHTML("<meta http-equiv=\'Refresh\' c>") \'直接跳转到首页 e.WriteString(wb.Build) \'生成网页 Return \'必须的 End If End If Elseif e.Path = "qywx.htm" Elseif e.Path = "dding.htm" else\'其它页面从Cookie提取登录信息进行验证 UserName = e.Cookies("username") \'从cookie中获取用户名 UserID = e.Cookies("userid") \'从cookie中获取 随机ID Dim dr As DataRow = UserTable.Find("UserName = \'" & UserName & "\'") If dr IsNot Nothing AndAlso dr("UserID") = UserID Then \'如果通过验证,更新活动时候,继续访问其它页面. dr("ActiveTime") = Date.Now \'更新活动时间 Else \'如果验证失败 wb.InsertHTML("<meta http-equiv=\'Refresh\' c>") \'那么直接跳转到登录页面 e.WriteString(wb.Build) \'生成网页 Return \'必须的 End If End If \'开始生成网页 Select Case e.path Case "logon.htm" \'登录页面 wb.AddPageTitle("","pageheader","销售系统","由湛江辉迅基于Foxtable开发") If e.PostValues.ContainsKey("username") AndAlso e.PostValues.ContainsKey("password") Then \'判断是否是验证失败后的重新登录 wb.AddTopTips("","toptip1","用户名或密码错误!").msec = 2000 \'如果用户通过登录按钮访问,则给用户一个2秒的提示. End If wb.AddForm("","form1","logon.htm") With wb.AddInputGroup("form1","ipg1") .AddInput("username","户名","text") .AddInput("password","密码","password") End With With wb.AddButtonGroup("form1","btg1",True) .Add("btn1", "登录", "submit") End With Case "exit.htm" \'退出登录 wb.DeleteCookie("username") \'清除cookie中原来的用户名和UserID wb.DeleteCookie("UserID") wb.InsertHTML("<meta http-equiv=\'Refresh\' c>") \'然后直接跳转到登录页面 Case "", "default.htm" \'首页 wb.AddPageTitle("","pageheader","销售系统","由湛江辉迅基于Foxtable开发") With wb.AddGrid("","g1") .Add("c1","增加订单", "./images/button.png").Attribute = "" .Add("c2","客户管理", "./images/cell.png", "http://www.foxtable.com") .Add("c3","销售统计", "./images/toast.png", "http://www.foxtable.com") .Add("c4","Dialog", "./images/dialog.png", "http://www.foxtable.com") .Add("c5","Progress", "./images/progress.png", "http://www.foxtable.com") .Add("c6","Msg", "./images/msg.png", "http://www.foxtable.com") .Add("c7","Article", "./images/article.png", "http://www.foxtable.com") .Add("c8","ActionSheet", "./images/actionSheet.png", "http://www.foxtable.com") .Add("c9","Icons", "./images/icons.png", "http://www.foxtable.com") .Add("c10","Panel", "./images/panel.png", "http://www.foxtable.com") .Add("c11","Tab", "./images/tab.png", "http://www.foxtable.com") .Add("c12","退出", "./images/exit.png", "exit.htm") \'退出登录 End With End Select e.WriteString(wb.Build) \'生成网页
|
||
-- 作者:chen_sheng -- 发布时间:2021/12/7 12:55:00 -- 安全登录验证把其他页面登录都排除了,不这样做用安全登录模式会不会登录不了 |
||
-- 作者:有点蓝 -- 发布时间:2021/12/7 13:46:00 -- 差不多是这种逻辑。行不行测试过才知道 |
||
-- 作者:chen_sheng -- 发布时间:2021/12/7 15:56:00 -- 老拦截到登录界面 黄色部分的代码是不是有问题呀 ElseIf e.Path = "qywx.htm" Then Dim Multi As String = Functions.Execute("企业微信验证函数",e,e.path) If Multi > "" Then Dim Values() As String Values = Multi.split("|") uid = Values(0) uname = Values(1) wb.AppendCookie("uname",Values(1))
\' MessageBox.Show(uname)
cmd.CommandText = "s elect top 1 * from 用户 where username = \'" & uname & "\' and Password = \'" & Password & "\'" dt = cmd.ExecuteReader() If dt.DataRows.Count = 1 Then userid = Rand.NextString(16) \'生成随机用户ID username = EncryptText(uname,"123","321") \'将用户名加密 sqltext = "D ELETE FROM 在线用户 where username = \'" & username & "\'" cmd.CommandText = sqltext Count= cmd.ExecuteNonQuery() sqltext = "I NSERT INTO 在线用户(username,ActiveTime,userid) VALUES ( \'" & username & "\',\'" & ClearTime & "\',\'" & userid & "\') U PDATE 用户 SET UserID = \'" & userid & "\' ,ActiveTime = \'" & ClearTime & "\' WHERE UserName = \'" & DecryptText(username,"123","321") & "\' I NSERT INTO 登录日志(username,[ActiveTime],userid,usernamex,Path) VALUES ( \'" & username & "\',\'" & ClearTime & "\',\'" & userid & "\', \'" & DecryptText(username,"123","321") & "\',\'" & e.Path & "\') " cmd.CommandText = sqltext Count= cmd.ExecuteNonQuery() wb.AppendCookie("username",username) \'将用户名和userid写入cookie wb.AppendCookie("userid",userid) \' wb.InsertHTML("<meta http-equiv=\'Refresh\' c>") \'直接跳转到首页 e.WriteString(wb.Build) \'生成网页 Return "" \'必须的 End If \'Else \'wb.InsertHTML("<h3 align=\'center\' style=\'margin-top:5px\'>错误</h3>") \'Return ""
e.AsyncExecute = True \'通知系统,将采用异步方式生成网页 Functions.AsyncExecute("qywx", e) \'异步调用函数生成网页 Return "" End If
|
||
-- 作者:有点蓝 -- 发布时间:2021/12/7 16:00:00 -- 必须有个跳转,不能去掉 \' wb.InsertHTML("<meta http-equiv=\'Refresh\' c>") \'直接跳转到首页
|
||
-- 作者:chen_sheng -- 发布时间:2021/12/7 16:58:00 -- 这种场景越来越多 bs不可避免的要考虑安全性 建议官方完善一下实例 这个方式我调试不通 |
||
-- 作者:有点蓝 -- 发布时间:2021/12/7 17:21:00 -- 完整代码发上来 |
||
-- 作者:chen_sheng -- 发布时间:2021/12/7 20:48:00 -- Dim Count As Integer Dim dt As DataTable Dim cmd As New SQLCommand cmd.C cmd.CommandTimeOut = 3000000 cmd.CommandText = "D ELETE FROM 在线用户 where datediff(minute,ActiveTime,GETDATE()) > 30 " Count= cmd.ExecuteNonQuery() Dim ClearTime As Date ClearTime = Date.Now() Dim wb As New weui Dim username As String Dim Password As String Dim userid As String Dim sqltext As String Dim uid As String Dim uname As String Dim ubm As String If e.Path = "logon.htm" Then \'验证用户名和密码 If e.PostValues.ContainsKey("username") AndAlso e.PostValues.ContainsKey("password") Then username = e.PostValues("username") Password = e.PostValues("password") cmd.CommandText = "s elect top 1 * from 用户 where username = \'" & username & "\' and Password = \'" & Password & "\'" dt = cmd.ExecuteReader() If dt.DataRows.Count = 1 Then userid = Rand.NextString(16) \'生成随机用户ID username = EncryptText(username,"123","321") \'将用户名加密 sqltext = "D ELETE FROM 在线用户 where username = \'" & username & "\'" cmd.CommandText = sqltext Count= cmd.ExecuteNonQuery() sqltext = "I NSERT INTO 在线用户(username,ActiveTime,userid) VALUES ( \'" & username & "\',\'" & ClearTime & "\',\'" & userid & "\') U PDATE 用户 SET UserID = \'" & userid & "\' ,ActiveTime = \'" & ClearTime & "\' WHERE UserName = \'" & DecryptText(username,"123","321") & "\' I NSERT INTO 登录日志(username,[ActiveTime],userid,usernamex,Path) VALUES ( \'" & username & "\',\'" & ClearTime & "\',\'" & userid & "\', \'" & DecryptText(username,"123","321") & "\',\'" & e.Path & "\') " cmd.CommandText = sqltext Count= cmd.ExecuteNonQuery() wb.AppendCookie("username",username) \'将用户名和userid写入cookie wb.AppendCookie("userid",userid) wb.InsertHTML("<meta http-equiv=\'Refresh\' c>") \'直接跳转到首页 e.WriteString(wb.Build) \'生成网页 Return "" \'必须的 End If End If ElseIf e.Path = "qywx.htm" Then Dim Multi As String = Functions.Execute("企业微信验证函数",e,e.path) If Multi > "" Then Dim Values() As String Values = Multi.split("|") uid = Values(0) uname = Values(1) wb.AppendCookie("uname",Values(1))
MessageBox.Show(uname)
cmd.CommandText = "s elect top 1 * from 用户 where username = \'" & uname & "\' and Password = \'" & Password & "\'" dt = cmd.ExecuteReader() If dt.DataRows.Count = 1 Then userid = Rand.NextString(16) \'生成随机用户ID username = EncryptText(uname,"123","321") \'将用户名加密 sqltext = "D ELETE FROM 在线用户 where username = \'" & username & "\'" cmd.CommandText = sqltext Count= cmd.ExecuteNonQuery() sqltext = "I NSERT INTO 在线用户(username,ActiveTime,userid) VALUES ( \'" & username & "\',\'" & ClearTime & "\',\'" & userid & "\') U PDATE 用户 SET UserID = \'" & userid & "\' ,ActiveTime = \'" & ClearTime & "\' WHERE UserName = \'" & DecryptText(username,"123","321") & "\' I NSERT INTO 登录日志(username,[ActiveTime],userid,usernamex,Path) VALUES ( \'" & username & "\',\'" & ClearTime & "\',\'" & userid & "\', \'" & DecryptText(username,"123","321") & "\',\'" & e.Path & "\') " cmd.CommandText = sqltext Count= cmd.ExecuteNonQuery()
wb.AppendCookie("uname",Values(1)) wb.AppendCookie("username",username) \'将用户名和userid写入cookie wb.AppendCookie("userid",userid) wb.InsertHTML("<meta http-equiv=\'Refresh\' c>") \'直接跳转到首页 e.WriteString(wb.Build) \'生成网页 Return "" \'必须的 End If \' Else \' wb.InsertHTML("<h3 align=\'center\' style=\'margin-top:5px\'>错误</h3>") \' Return ""
e.AsyncExecute = True \'通知系统,将采用异步方式生成网页 Functions.AsyncExecute("qywx", e) \'异步调用函数生成网页 Return "" End If Else \'其它页面从Cookie提取登录信息进行验证 username = e.Cookies("username") \'从cookie中获取用户名 userid = e.Cookies("userid") \'从cookie中获取 随机ID sqltext = "s elect Count(*) from 在线用户 where username = \'" & username & "\' and userid = \'" & userid & "\'" \'MessageBox.Show("其他页面查询用户信息的 sqltext " & sqltext ) cmd.CommandText = sqltext Count = cmd.ExecuteScalar If Count > 0 sqltext = "U PDATE [在线用户] SET [ActiveTime] = GETDATE() WHERE username = \'" & username & "\' And userid = \'" & userid & "\' I NSERT INTO 登录日志(username,[ActiveTime],userid,usernamex,Path) VALUES ( \'" & username & "\',\'" & ClearTime & "\',\'" & userid & "\', \'" & DecryptText(username,"123","321") & "\',\'" & e.Path & "\') " \'MessageBox.Show("其他页面查询到用户信息执行的 sqltext " & sqltext ) cmd.CommandText = sqltext Count= cmd.ExecuteScalar Else wb.InsertHTML("<meta http-equiv=\'Refresh\' c>") \'那么直接跳转到登录页面 e.WriteString(wb.Build) \'生成网页 Return "" \'必须的 End If End If Dim fl As String =ProjectPath & "web\\" & e.path If filesys.FileExists(fl) Dim idx As Integer = fl.LastIndexOf(".") Dim ext As String = fl.SubString(idx) Select Case ext Case ".jpg",".gif",".png",".bmp",".wmf",".js",".css" ,".html",".htm",".txt" e.WriteFile(fl) End Select End If |