📄 userdao.java
字号:
/**
* Execute finding password action
* @param
* request - HttpServletRequest
* @return success or fail message
* @throws SQLException
* @since 1.0
*/
public String findPasswd(HttpServletRequest request) throws Exception
{
String result = null;
Connection conn = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try
{
String userID = PageUtils.getParam(request,"userID");
String email = PageUtils.getParam(request,"email");
conn = dbManager.getConnection();
if (userID != null && userID.length() > 0)
{
pstmt = conn.prepareStatement(adapter.User_GetMailFromID);
pstmt.setString(1, userID);
rs = pstmt.executeQuery();
if (rs.next())
{
email = rs.getString(1);
}
else
{
result = "找回密码失败: 此用户名不存在。";
}
}
else if (email != null && email.length() > 0)
{
pstmt = conn.prepareStatement(adapter.User_GetIDFromMail);
pstmt.setString(1, email);
rs = pstmt.executeQuery();
if (rs.next())
{
userID = rs.getString(1);
}
else
{
result = "找回密码失败: 此Email不存在。";
}
}
else
{
throw new Exception("Invalid request parameter");
}
if (userID != null && email != null)
{
long setpwdExpire = System.currentTimeMillis() + 3*24*3600*1000; // In 3 days
String setID =
AppUtils.encode32(String.valueOf(setpwdExpire) + "|" + userID);
Timestamp stamp = new Timestamp(setpwdExpire);
ArrayList<Object> paramList = new ArrayList<Object>();
paramList.add(stamp);
paramList.add(userID);
this.execUpdateSql(adapter.User_ModSetpwdExpire, paramList, conn);
request.setAttribute("userID", userID);
request.setAttribute("email", email);
request.setAttribute("setID", setID);
result = "OK";
}
}
finally
{
dbManager.closeResultSet(rs);
dbManager.closePStatement(pstmt);
dbManager.closeConnection(conn);
}
return result;
}
/**
* Reset user password
* @param
* request - HttpServletRequest
* @return success or fail message
* @throws SQLException
* @since 1.0
*/
public String resetPasswd(HttpServletRequest request) throws Exception
{
String result = null;
Connection conn = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try
{
String setID = request.getParameter("sid");
String userID = request.getParameter("userID");
long setpwdExpired = Long.parseLong(setID);
if (setpwdExpired > System.currentTimeMillis())
{
conn = dbManager.getConnection();
pstmt = conn.prepareStatement(adapter.User_GetSetpwdExpire);
pstmt.setString(1, userID);
rs = pstmt.executeQuery();
if (rs.next())
{
Timestamp setpwdStamp = rs.getTimestamp(1);
if (setpwdStamp != null && setpwdStamp.getTime() == setpwdExpired) // Client & Server login id must be same
{
String pwd = request.getParameter("pwd");
String digest = AppUtils.digestData(pwd);
ArrayList<Object> paramList = new ArrayList<Object>();
paramList.add(digest);
paramList.add(userID);
this.execUpdateSql(adapter.User_ModPasswd, paramList, conn);
result = "OK";
}
else
{
ArrayList<Object> paramList = new ArrayList<Object>();
paramList.add(null);
paramList.add(userID);
this.execUpdateSql(adapter.User_ModSetpwdExpire, paramList, conn);
result = "找回密码失败: 请求参数无效,请重新执行找回密码操作。";
}
}
else
{
result = "找回密码失败: 用户名无效。";
}
}
else
{
result = "找回密码失败: 找回密码有效期已过。";
}
}
finally
{
dbManager.closeResultSet(rs);
dbManager.closePStatement(pstmt);
dbManager.closeConnection(conn);
}
return result;
}
/**
* Change user password
* @param
* request - HttpServletRequest
* @return success or fail message
* @throws SQLException
* @since 1.0
*/
public String changePasswd(HttpServletRequest request, UserInfo userinfo)
throws Exception
{
String result = null;
Connection conn = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try
{
String oldPasswd = PageUtils.getParam(request,"oldpwd");
String passwd = PageUtils.getParam(request,"pwd");
conn = dbManager.getConnection();
pstmt = conn.prepareStatement(adapter.User_Login);
pstmt.setString(1, userinfo.userID);
rs = pstmt.executeQuery();
if (rs.next())
{
String digest = AppUtils.digestData(oldPasswd);
String pwd = rs.getString(1);
if (pwd != null && pwd.equals(digest))
{
digest = AppUtils.digestData(passwd);
ArrayList<Object> paramList = new ArrayList<Object>();
paramList.add(digest);
paramList.add(userinfo.userID);
this.execUpdateSql(adapter.User_ModPasswd, paramList, conn);
result = "OK";
}
else
{
result = "修改密码失败: 原密码不正确。";
}
}
else
{
result = "修改密码失败,请重新尝试。";
}
}
finally
{
dbManager.closeResultSet(rs);
dbManager.closePStatement(pstmt);
dbManager.closeConnection(conn);
}
return result;
}
/**
* Check if user & password is valid and return its group ID
* @param
* request - HttpServletRequest
* @return true or false
* @throws SQLException
* @since 1.0
*/
public char getUserGroupID(String userID, String passwd) throws Exception
{
char result = 'G';
Connection conn = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try
{
conn = dbManager.getConnection();
pstmt = conn.prepareStatement(adapter.User_Login);
pstmt.setString(1, userID);
rs = pstmt.executeQuery();
if (rs.next())
{
String digest = AppUtils.digestData(passwd);
String pwd = rs.getString(1);
if (pwd != null && pwd.equals(digest))
{
result = rs.getString("groupID").charAt(0);
}
}
}
finally
{
dbManager.closeResultSet(rs);
dbManager.closePStatement(pstmt);
dbManager.closeConnection(conn);
}
return result;
}
/**
* Identify if a user has admin right
* @param
* userID - User ID
* @return true of false
* @throws Exception
* @since 1.0
*/
public boolean isAdminUser(UserInfo userinfo) throws Exception
{
if (userinfo == null) return false;
CacheManager cache = CacheManager.getInstance();
GroupVO aGroup = PageUtils.getGroupVO(userinfo, cache.getModerators());
if (aGroup.groupType == 'S')
return true;
else
return false;
}
/**
* Modify user admin group ID
* @param
* request - HttpServletRequest
* @return result message
* @throws SQLException
* @since 1.0
*/
public String modifyGroup(HttpServletRequest request) throws SQLException
{
String userID = PageUtils.getParam(request,"userID");
if (AppContext.getInstance().getAdminUser().equals(userID))
{
return "不能修改系统管理员的管理组属性";
}
String groupID = PageUtils.getParam(request,"groupID");
if (groupID.length() == 0)
groupID = "1";
ArrayList<Object> paramList = new ArrayList<Object>();
paramList.add(groupID);
paramList.add(userID);
this.execUpdateSql(adapter.User_ModGroupID, paramList);
return "OK";
}
/**
* Login to admin console
* @param
* userinfo - Session user info object
* pwd - User password
* @return result message
* @throws Exception
* @since 1.0
*/
public String doAdminLogin(UserInfo userinfo, String passwd) throws Exception
{
String result = null;
Connection conn = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try
{
conn = dbManager.getConnection();
pstmt = conn.prepareStatement(adapter.User_Login);
pstmt.setString(1, userinfo.userID);
rs = pstmt.executeQuery();
if (rs.next())
{
String digest = AppUtils.digestData(passwd);
String pwd = rs.getString(1);
if (pwd != null && pwd.equals(digest))
{
result = "OK";
userinfo.isAdminOn = true;
}
else
{
result = "用户名和密码不匹配";
}
}
else
{
result = "用户名不存在";
}
}
finally
{
dbManager.closeResultSet(rs);
dbManager.closePStatement(pstmt);
dbManager.closeConnection(conn);
}
return result;
}
/**
* Delete users by query conditions
* @param
* request - HttpServletRequest
* @return none
* @throws SQLException
* @since 1.0
*/
public void deleteUsers(HttpServletRequest request) throws Exception
{
// Update state
ArrayList<Object> paramValues = new ArrayList<Object>();
String whereSql = this.buildSearchWhereSql(request, paramValues);
whereSql = whereSql + " and userID <> ?";
paramValues.add(AppContext.getInstance().getAdminUser());
String removepost = PageUtils.getParam(request,"removepost");
ArrayList<HashMap> userList = null;
Connection conn = dbManager.getConnection();
try
{
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -