logincheck.jsp

用Java WEB写的图书管理系统

<%@ page language="java" import="java.util.*,java.sql.*,book.*"
	pageEncoding="utf-8"%>
<%
	String path = request.getContextPath();
	String basePath = request.getScheme() + "://"
			+ request.getServerName() + ":" + request.getServerPort()
			+ path + "/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
	<body>
		<%
				String userName = request.getParameter("UserName");
				String tpassword = request.getParameter("UserPassword");
				String password = "";

				String sql = "SELECT password FROM user WHERE username = '"
						+ userName + "'";

				ResultSet rs = DbConnect.query(sql);

				try {
					while (rs.next()) {
						password = rs.getString("password");
					}
				} catch (SQLException e) {
					// TODO Auto-generated catch block
					e.printStackTrace();
				}

				if (password.equals("")) {
					String error = "用户名不存在！";
					session.setAttribute("error", error);
					response.sendRedirect("error.jsp");
				} else if (!password.equals(tpassword)) {
					String error = "密码错误！";
					session.setAttribute("error", error);
					response.sendRedirect("error.jsp");
				} else if (password.equals(tpassword)) {
					int authority = 0;
					String authoritySql = "SELECT value FROM user,module,authority,userhasauthority WHERE "
							+ "module.id = moduleid AND authority.id = authorityid AND userid = user.id "
							+ "AND modulename = '图书管理系统' AND username = '"
							+ userName + "'";

					rs = DbConnect.query(authoritySql);

					try {
						while (rs.next()) {
							authority = rs.getInt("value");
						}
					} catch (SQLException e) {
						// TODO Auto-generated catch block
						e.printStackTrace();
					}

					if (authority == 0) {
						String error = "你没有权限使用本系统！";
						session.setAttribute("error", error);
						response.sendRedirect("error.jsp");
					} else if (authority == 1) {
						session.setAttribute("admin", userName);
						response.sendRedirect("admin.jsp");
					} else if (authority == 2) {
						session.setAttribute("user", userName);
						response.sendRedirect("user.jsp");
					}
				}
		%>
	</body>
</html>