/** * */ package top.phrack.ctf.controller; import java.util.ArrayList; import java.util.Calendar; import java.util.Date; import java.util.List; import java.util.UUID; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.RandomStringUtils; import org.apache.commons.lang.StringUtils; import org.apache.shiro.SecurityUtils; import org.apache.shiro.crypto.hash.SimpleHash; import org.apache.shiro.subject.Subject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mail.javamail.JavaMailSender; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.servlet.ModelAndView; import net.sf.json.JSONObject; import top.phrack.ctf.models.services.BannedIpServices; import top.phrack.ctf.models.services.CountryServices; import top.phrack.ctf.models.services.PassResetServices; import top.phrack.ctf.models.services.SubmissionServices; import top.phrack.ctf.models.services.UserServices; import top.phrack.ctf.pojo.Countries; import top.phrack.ctf.pojo.Passreset; import top.phrack.ctf.pojo.StatusMsg; import top.phrack.ctf.pojo.Users; import top.phrack.ctf.utils.CommonUtils; import top.phrack.ctf.utils.MailUtil; /** * 注册页面控制器 * * @author Jarvis * @date 2016年4月8日 */ @Controller public class RegisterController { private Logger log = LoggerFactory.getLogger(RegisterController.class); @Resource private UserServices userServices; @Resource private CountryServices countryServices; @Resource private PassResetServices passResetServices; @Autowired private JavaMailSender javaMailSender; @Autowired private HttpServletRequest request; @Autowired private MailUtil mailUtil; @Resource private BannedIpServices bannedIpServices; @Resource private SubmissionServices submissionServices; @RequestMapping(value = "/register",method = RequestMethod.GET) public ModelAndView doGetRegister() throws Exception { ModelAndView mv = new ModelAndView("register"); Subject currentUser = SecurityUtils.getSubject(); CommonUtils.setUserInfo(currentUser, userServices, submissionServices,mv); CommonUtils.setControllerName(request, mv); if (currentUser.isAuthenticated()||currentUser.isRemembered()) { return new ModelAndView("redirect:/home"); } List<Countries> cts = countryServices.SelectAllCountry(); mv.addObject("country",cts); mv.setViewName("register"); return mv; } @RequestMapping(value="register",method = RequestMethod.POST) public ModelAndView doPostRegister() throws Exception { ModelAndView mv = new ModelAndView("register"); int errorcounter; List<Countries> cts = countryServices.SelectAllCountry(); mv.addObject("country",cts); ArrayList<StatusMsg> states = new ArrayList<StatusMsg>(); Subject currentUser = SecurityUtils.getSubject(); CommonUtils.setUserInfo(currentUser, userServices,submissionServices, mv); CommonUtils.setControllerName(request, mv); String contextpath = request.getContextPath(); int serverport = request.getServerPort(); String basePath = null; if (serverport==80||serverport==443) { basePath = request.getScheme() + "://" + request.getServerName() + contextpath + "/"; } else { basePath = request.getScheme() + "://" + request.getServerName() + ":" + serverport + contextpath + "/"; } if (CommonUtils.CheckIpBanned(request, bannedIpServices)) { currentUser.logout(); } String email = request.getParameter("email"); String username = request.getParameter("username"); String organize = request.getParameter("organize"); String phone = request.getParameter("phone"); String countryid = request.getParameter("countryid"); String captchanum = request.getParameter("captcha"); String kaptchaCode = (String)request.getSession().getAttribute(com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY); if (captchanum==null || !captchanum.equalsIgnoreCase(kaptchaCode)) { StatusMsg state = new StatusMsg(); state.settype("danger"); state.setmsg("Wrong captcha!"); states.add(state); mv.addObject("stat",states); mv.setViewName("register"); return mv; } if (email==null||username==null) { StatusMsg state = new StatusMsg(); state.settype("danger"); state.setmsg("Invalid Parameter!"); states.add(state); mv.addObject("stat",states); mv.setViewName("register"); return mv; } email = CommonUtils.XSSFilter(email).toLowerCase(); username = CommonUtils.XSSFilter(username); if (organize==null) { organize = ""; } else { organize = CommonUtils.XSSFilter(organize); } errorcounter = 0; if (phone!=null&&phone.length()>0) { Pattern p = Pattern.compile("^(\\+){0,1}\\d+$"); Matcher matcher = p.matcher(phone); if (!matcher.find()) { StatusMsg state = new StatusMsg(); state.settype("danger"); state.setmsg("Invalid phone format!!"); states.add(state); mv.addObject("stat",states); errorcounter ++; } } else { phone = ""; } if (email.equals("")) { StatusMsg state = new StatusMsg(); state.settype("danger"); state.setmsg("Please input your e-mail!!"); states.add(state); mv.addObject("stat",states); errorcounter ++; } else { String emalPattern = "\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*"; Pattern pattern = Pattern.compile(emalPattern); Matcher matcher = pattern.matcher(email); if (!matcher.find()) { StatusMsg state = new StatusMsg(); state.settype("danger"); state.setmsg("Invalid mail format!!"); states.add(state); mv.addObject("stat",states); errorcounter ++; } else { email = CommonUtils.XSSFilter(email); if (userServices.getUserByEmail(email)!=null) { StatusMsg state = new StatusMsg(); state.settype("danger"); state.setmsg("This email has been used!!"); states.add(state); mv.addObject("stat",states); errorcounter ++; } } } if (username == null || username.equals("")) { StatusMsg state = new StatusMsg(); state.settype("danger"); state.setmsg("Please input your username!!"); states.add(state); mv.addObject("stat",states); errorcounter ++; } else { if (userServices.getUserByName(username)!=null) { StatusMsg state = new StatusMsg(); state.settype("danger"); state.setmsg("This username has been used!!"); states.add(state); mv.addObject("stat",states); errorcounter ++; } } if (countryid==null){ StatusMsg state = new StatusMsg(); state.settype("danger"); state.setmsg("Please select your country/location!!"); states.add(state); mv.addObject("stat",states); errorcounter ++; } else { if (!StringUtils.isNumeric(countryid)) { StatusMsg state = new StatusMsg(); state.settype("danger"); state.setmsg("Invalid Country!"); states.add(state); mv.addObject("stat",states); errorcounter ++; } else { if (Integer.valueOf(countryid)<1||Integer.valueOf(countryid)>250) { StatusMsg state = new StatusMsg(); state.settype("danger"); state.setmsg("Invalid Country!"); states.add(state); mv.addObject("stat",states); errorcounter ++; } } } if (errorcounter == 0) { Users aUser = new Users(); String salt = RandomStringUtils.randomAlphanumeric(64); String randompass = RandomStringUtils.randomAlphanumeric(10); Date currenttime = new Date(); aUser.setUsername(username); aUser.setEmail(email); aUser.setPassword(new SimpleHash("SHA-256",randompass,salt).toHex()); aUser.setPhone(phone); aUser.setOrganization(organize); aUser.setCountryid(Long.valueOf(countryid)); aUser.setIsenabled(true); aUser.setScore(Long.valueOf(0)); aUser.setSalt(salt); aUser.setRegtime(currenttime); aUser.setRole("user"); int result = userServices.insertNewUser(aUser); if (result!=0) { StatusMsg state = new StatusMsg(); state.settype("success"); state.setmsg("A password reset e-mail has been sent to your email address "+email+". Please check your inbox and verify your registration."); states.add(state); mv.addObject("stat",states); Passreset pr = new Passreset(); pr.setCreatetime(currenttime); pr.setExpireson(new Date(currenttime.getTime()+24*3600*1000)); String resettoken = UUID.randomUUID().toString(); pr.setResettoken(resettoken); pr.setUsed(false); aUser = userServices.getUserByEmail(email); pr.setUserid(aUser.getId()); String reseturl = basePath+"resetpass?token="+resettoken; passResetServices.insertNewtoken(pr); mailUtil.sendPasswordResetMail(email, reseturl,javaMailSender); mv.addObject("nextpage","login"); mv.setViewName("showinfo"); return mv; } else { StatusMsg state = new StatusMsg(); state.settype("danger"); state.setmsg("Unknown Error!Please try later."); states.add(state); mv.addObject("stat",states); } } mv.setViewName("register"); return mv; } }