mws_common.h

Vc.Net入门与提高源码

// MWS_Common.h: this is the common header to the MantaWeb sample
// If defines the session database commands, and the MantaWebBase templated base class
// (c) 2000 Microsoft Corporation
// Copyright (c) Microsoft Corporation.  All rights reserved.
//
// This source code is only intended as a supplement to the
// Microsoft Classes Reference and related electronic
// documentation provided with the library.
// See these sources for detailed information regarding the
// Microsoft C++ Libraries products.

#pragma once

#include <atlstencil.h>
#include <atldbcli.h>

#define DB_MAX_STRLEN		50		// Max length of string in characters in database 
#define DB_MAX_DETAILSLEN	150		// Max details length (task and schedule)
#define MAX_MSG_LENGTH		4096	// Max mail message length
#define SESSION_TIME_OUT	15		// Session time out (in minutes)

namespace MantaWeb
{
	const char MANTAWEB_PERSISTANT_COOKIE_NAME[]	=	"MantaWebCookie";			// Persisted cookie
	const char MANTAWEB_SESSION_COOKIE_NAME[]		=	"MantaWebSessionCookie";	// Session cookie
	const char MANTAWEB_DATA_SOURCE_CACHE_NAME[]	=	"MantaWebDataSourceCache";	// Data source cache name

	// Our database connection string (connects to access database "C:\MantaWeb.mdb")
	const wchar_t MANTAWEB_CONNECTION_STRING[] = L"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\\MantaWeb.mdb;Persist Security Info=False";

	[
		db_command("SELECT [SessionID], [LastAccess] FROM ActiveUserTable WHERE [UserID]=?")
	]
	class CSessionData
	{
	public:
		[ db_column(1) ] GUID m_guidSessionID;
		[ db_column(2) ] DATE m_lastAccess;
		[ db_param(1) ] LONG m_lUserID;
	};

	// Note: the following SQL statement is MS Access specific (use of access function Date() and Time())
	[
		db_command("UPDATE ActiveUserTable SET [LastAccess]=Date()+Time() WHERE [SessionID]=?")
	]
	class CUpdateSessionData
	{
	public:
		[ db_param(1) ] GUID m_guidSessionID;
	};

	// Note: the following SQL statement is MS Access specific (SQL Server statement: "DELETE ActiveUserTable WHERE [SessionID]=?")
	[
		db_command("DELETE * FROM ActiveUserTable WHERE [SessionID]=?")
	]
	class CRemoveSessionData
	{
	public:
		[ db_param(1) ] GUID m_guidSessionID;
	};

	// Note: the following SQL statement is MS Access specific (use of access function Date() and Time())
	[
		db_command("INSERT INTO ActiveUserTable ([UserID], [LastAccess]) VALUES(?, Date()+Time())")
	]
	class CInsertSession
	{
	public:
		[ db_param(1) ] LONG m_lUserID;
	};
}

// class CMantaWebBase
// This is the base class all request handlers derive from
// Class provides session support, data source cache access, and other helper methods
template <class T> class CMantaWebBase
{
protected:
	CDataConnection m_dataConnection;	// Cached data connection

	// This version uses the session cookie
	bool ValidateSession()
	{
		// Get the cached data connection
		if (FAILED(GetDataConnection(&m_dataConnection)))
			return false;

		// Get the session data from the session cookie
		LPCSTR lpszLogin = GetLogin();
		LPCSTR lpszFirstName = GetFirstName();
		LPCSTR lpszLastName = GetLastName();
		LONG lUserID;
		GUID guidSessionID;

		// If all the session cookie lookups succeeded
		if (lpszLogin != NULL && lpszFirstName != NULL && lpszLastName != NULL &&
			GetUserID(&lUserID) && GetSessionID(&guidSessionID))
		{
			MantaWeb::CSessionData data;
			
			// Get the session id for this user
			data.m_lUserID = lUserID;
			if (data.OpenRowset(m_dataConnection, NULL) != S_OK)
				return false;
			if (data.MoveFirst() != S_OK)
				return false;
			data.Close();

			// If the session id does not match the one in the session cookie, return false
			if (guidSessionID != data.m_guidSessionID)
				return false;

			// If the session timed out
			if (SessionTimeOut(data.m_lastAccess))
			{
				// Remove the session from the table
				MantaWeb::CRemoveSessionData removeData;
				memcpy(&removeData.m_guidSessionID, &data.m_guidSessionID, sizeof(GUID));
				removeData.OpenRowset(m_dataConnection, NULL);
				removeData.Close();
				return false;
			}
			// Update the session with a new time stamp
			MantaWeb::CUpdateSessionData updateData;
			memcpy(&updateData.m_guidSessionID, &data.m_guidSessionID, sizeof(GUID));
			if (updateData.OpenRowset(m_dataConnection, NULL) != S_OK)
				return false;
			updateData.Close();
			return true;	// Session is valid	
		}
		return false;	// Session is not valid
	}

	// This version just uses the user id and the session id
	bool ValidateSession(LONG lUserID, GUID& sessionID)
	{
		// Get the cached data connection
		if (FAILED(GetDataConnection(&m_dataConnection)))
			return false;

		// Lookup the session id based on the user id
		MantaWeb::CSessionData data;
		data.m_lUserID = lUserID;
		if (data.OpenRowset(m_dataConnection, NULL) != S_OK)
			return false;
		if (data.MoveFirst() != S_OK)
			return false;
		data.Close();

		// If the session id's do not match, return false
		if (sessionID != data.m_guidSessionID)
			return false;

		// If the session timed out
		if (SessionTimeOut(data.m_lastAccess))
		{
			// Remove the session from the table
			MantaWeb::CRemoveSessionData removeData;
			memcpy(&removeData.m_guidSessionID, &data.m_guidSessionID, sizeof(GUID));
			removeData.OpenRowset(m_dataConnection, NULL);
			removeData.Close();
			return false;
		}
		// Update the session with a new time stamp
		MantaWeb::CUpdateSessionData updateData;
		memcpy(&updateData.m_guidSessionID, &data.m_guidSessionID, sizeof(GUID));
		if (updateData.OpenRowset(m_dataConnection, NULL) != S_OK)
			return false;
		updateData.Close();

		return true;	// Session is valid
	}

	bool SessionTimeOut(const DATE& dLastAccess)
	{
		// Check to see if the session has spanned more than 
		// SESSION_TIME_OUT minutes past the current time
		COleDateTime lastAccess(dLastAccess);
		COleDateTimeSpan expireSpan = COleDateTime::GetCurrentTime() - lastAccess;
		if (expireSpan.GetDays() == 0 && expireSpan.GetHours() == 0 && expireSpan.GetMinutes() < SESSION_TIME_OUT)
			return false;	// Session has not timed out
		return true;	// Session has timed out
	}

	HRESULT GetDataConnection(CDataConnection* pConnection)
	{
		// Get the cached data source connection.
		// If the connection is not cached, it will create a new one and cache it
		// using the supplied connection string.
		T* pT = static_cast<T*>(this);
		return GetDataSource(pT->m_spServiceProvider, MantaWeb::MANTAWEB_DATA_SOURCE_CACHE_NAME,
							 MantaWeb::MANTAWEB_CONNECTION_STRING, pConnection);
	}

	HTTP_CODE DatabaseError(LPCSTR lpszName, HRESULT hr)
	{
		// Return a database error message to the client
		T* pT = static_cast<T*>(this);
		
		// Clear the response
		pT->m_HttpResponse.ClearResponse();
		CString str;
		str.Format("0x%x", hr);
		// Respond with the error message
		pT->m_HttpResponse << "<HTML><HEAD><TITLE>Database Error</TITLE></HEAD><BODY>"
					       << "OLE DB ERROR:<BR>"
					       << ((lpszName) ? lpszName : "An OleDB call") << " returned: "
					       << str << "</BODY></HTML>";
		// Flush the response to client
		pT->m_HttpResponse.Flush();
		return HTTP_SUCCESS_NO_PROCESS;
	}

	HTTP_CODE ValidationError()
	{
		// Return a validation error message to the client
		T* pT = static_cast<T*>(this);

		// Clear the response
		pT->m_HttpResponse.ClearResponse();
		// Respond with the error message
		pT->m_HttpResponse << "<HTML><HEAD><TITLE>Validation Timeout</TITLE></HEAD><BODY>"
							  "You have attempted to access a restricted resource.<br><br>"
							  "Possible causes for seeing this error message:<br>"
							  "   1) Your authenticated session timed out (timeout is 15 minutes).<br>"
							  "   2) You need to login.<br><br>"
							  "</BODY></HTML>";