?? cerpsam.java
字號:
package com.huiton.cerp.pub.util.functions;/* author : zaj date : 2001/12/30 program : CerpSAM 說明:Cerp系統管理類,主要用于處理用戶登陸,認證*/import java.util.*;import java.sql.*;import javax.servlet.http.*;import com.huiton.mainframe.util.*;import com.huiton.mainframe.util.tracer.Debug;import com.huiton.mainframe.control.web.ModelManager;import com.huiton.mainframe.control.web.CustomerWebImpl;import com.huiton.pub.dbx.*;import com.huiton.cerp.pub.util.SubsystemKeys;public class CerpSAM{ private static final int times = 3; // times try to get pageQuery private static final int timeout = 30; // default timeout minutes private boolean hasObject = false; // flag of initialized pageQuery private PageQuery pageQuery = null; private ResultSet rs = null; private String sql = null; public CerpSAM() { created(); } // new instance public static CerpSAM newInstance() { CerpSAM cs = new CerpSAM() ; return cs ; } // create pageQuery if not initialized private boolean created() { try { for (int i=0; i<times && !hasObject ;i++) { pageQuery = new PageQuery("","sam"); hasObject = true; } return hasObject; } catch (Exception e) { return hasObject; } } // get timeout of the company private int getTimeout(String companyCode) { if (!created()) return timeout ; try { sql = "select time_out from scg_run_info " + " where company_code='" +companyCode+ "'"; rs = pageQuery.getData(sql); if (rs != null && rs.next()) { int time_out = rs.getInt(1); if (time_out>0) return time_out; } return timeout; } catch (Exception e) { return timeout ; } } // max number of users of the Company private int getMaxCompanyUser(String companyCode) { return 100; } // current online company user private int getCurrentCompanyUser(String companyCode) { if (!created()) return 0 ; try { sql = "select count(*) from sam_session " + " where company_code='" +companyCode + "'"; rs = pageQuery.getData(sql); if (rs != null && rs.next()) { return rs.getInt(1); } return 0; } catch (Exception e) { return 0; } } // current online users using this account private int getCurrentTheUser(String companyCode,String userCode) { if (!created()) return 0 ; try { sql = "select count(*) from sam_session " + " where company_code='" +companyCode + "' and user_code='" +userCode+ "'"; rs = pageQuery.getData(sql); if (rs != null && rs.next()) { return rs.getInt(1); } return 0; } catch (Exception e) { return 0; } } private boolean acceptIP(String standardIP,String clientIP) { standardIP = (standardIP==null ? "" : standardIP.trim()); clientIP = (clientIP==null ? "" : clientIP.trim()); if (standardIP.length()<1) // no restriction return true ; if (standardIP.equals(clientIP)) return true ; StringTokenizer standardST = new StringTokenizer(standardIP,"."); StringTokenizer clientST = new StringTokenizer(clientIP,"."); while (standardST.hasMoreElements()) { String sPart = (String)standardST.nextElement(); sPart = (sPart==null ? "" : sPart.trim()); if (clientST.hasMoreElements()) { String cPart = (String)clientST.nextElement(); cPart = (cPart==null ? "" : cPart.trim()); if (sPart.equals("*")) continue ; if (!sPart.equalsIgnoreCase(cPart)) return false ; }else { return false ; } } return true ; } //check password private boolean m_equals(String standPass,String userPass) { standPass = (standPass==null ? "" : standPass.trim()); userPass = (userPass==null ? "" : userPass.trim()); return standPass.equals(userPass); } // login process public boolean login(HttpServletRequest request,String companyCode,String userCode,String password,String year) { if (!created()) return false ; try { sql = "SELECT user_status,ip_addr,permit_num,user_pass, user_unique_no" + " FROM sam_user_auth " + " WHERE user_code = '" + userCode + "' and company_code = '" + companyCode + "'"; rs = pageQuery.getData(sql); // check if(rs!=null&&rs.next()) { // get user status String userStatus = rs.getString(1); userStatus = (userStatus==null ? "" : userStatus.trim()); userStatus = (userStatus.equals("") ? "Y" : userStatus); Debug.println("user_status=" + userStatus); // get ip addr String ipAddr = rs.getString(2); // get permit num int permitNum = rs.getInt(3); // password String userPass = rs.getString(4); // userUniqueNo String userUniqueNo = rs.getString(5); // check company users' number if (getMaxCompanyUser(companyCode) <= getCurrentCompanyUser(companyCode)) { request.setAttribute("flag",LoginStatusKeys.COMPANY_USER_OVERFLOW); return false ; } //check user status if (!userStatus.equalsIgnoreCase("Y")) { request.setAttribute("flag",LoginStatusKeys.STATUS_FORBID); return false ; } //check ip_addr Debug.println("standardIP=" + ipAddr + ",clientIP=" + request.getRemoteAddr()); if (!acceptIP(ipAddr,request.getRemoteAddr())) { request.setAttribute("flag",LoginStatusKeys.IP_FORBID); return false ; } //check user permit_num; Debug.println("permitNum=" + permitNum); if (permitNum>0 && permitNum <= getCurrentTheUser(companyCode,userCode)) { request.setAttribute("flag",LoginStatusKeys.USER_OVERFLOW); return false ; } // get pass to check if (m_equals(userPass,password)) { // 后續處理 CommonDate today = new CommonDate(); int visitTime = (int)(System.currentTimeMillis()/60000); int loginTime = visitTime; LookField lf = new LookField("",SubsystemKeys.SAM); sql = "company_code = '" + companyCode + "' AND user_unique_no = '" + userUniqueNo + "'"; // get userName String userName = lf.dLookup("body_name", "epd_address_book",sql); Debug.println("XXXXXXXXXXXXXXXXXXXXXX"+userName); //get user 部門 //以下關于部門的函數由cameran添加,用于提取用戶所在部門代碼2003-6-1 String userDept = lf.dLookup("dept_code", "epd_address_book", sql); userDept = (userDept==null ? "" : userDept.trim()); String userDeptName =lf.dLookup("dept_name", "sam_dept", "dept_code = '"+userDept+"'"); userDeptName = (userDeptName==null ? "" : userDeptName.trim()); Debug.println("XXXXXXXXXXXXXXXXXXXXXX"+userDept); //以上關于部門的函數由cameran添加,用于提取用戶所在部門代碼2003-6-1 // get user 語言 String language = lf.dLookup("language_type", "sam_user_info", sql); language = (language==null ? "" : language.trim()); language = (language.equals("") ? "zh" : language); // get defaultpage String defaultPage = lf.dLookup("default_page", "sam_user_info", sql); // get log no and insert into sam_access_log int logNo = 0; do { logNo = CerpGetNo.getNo(companyCode,"sam_access_log"); sql = "insert into sam_access_log(company_code," + "log_no, user_unique_no, login_date, login_time," + "logout_datetime, online_minutes, ip_addr, user_name)" + " values('" + companyCode + "'," + logNo + ",'" + userUniqueNo + "','" + today.getYMD() + "','" + today.getHM() + "','',0,'" + request.getRemoteAddr() + "','" + userName +"')"; Debug.println("sql="+sql); } while (!pageQuery.simpleUpdate(sql)); // get sessionCode and insert into sam_session String sessionCode = null; do { sessionCode = String.valueOf((long)(loginTime*java.lang.Math.random()*1000000)); sql = "insert sam_session(company_code,session_code,year, " + " user_unique_no,user_code,user_ip_addr, " + " visit_datetime, " + " login_datetime, log_no) values('" + companyCode + "','" + sessionCode + "','" + year + "','" + userUniqueNo + "','" + userCode + "','"+request.getRemoteAddr()+"', " + visitTime + ", " + loginTime + ", " + logNo + ")"; Debug.println("sql="+sql); } while (!pageQuery.simpleUpdate(sql)); //更新用戶權限和菜單 sql = "select prog_flag,menu_flag from sam_user_info " + " where company_code='" + companyCode + "' and user_unique_no='" + userUniqueNo + "'" ; rs = pageQuery.getData(sql); if (rs!=null && rs.next()) { SamUserRight sur = new SamUserRight(companyCode, userUniqueNo,rs.getString(1),rs.getString(2)); sur.update(); } // set session HttpSession session = request.getSession(); session.setAttribute("default_page", defaultPage); session.setAttribute("session_code",sessionCode); session.setAttribute("company_code",companyCode); session.setAttribute("user_code",userCode); session.setAttribute("user_name",userName); session.setAttribute("user_unique_no",userUniqueNo); session.setAttribute("language",language);?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -