package com.zky.manager; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.Statement; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; import com.zky.pub.Common; import com.zky.pub.DbConn; import com.zky.pub.HashFmlBuf; import com.zky.util.jdbc.HashFmlBufResultSetHandler; import com.zky.util.jdbc.JDBCUtils; /** 功能: 1、验证口令 checkPwd 2、获取菜单 getMenu 3、修改口令 modiPwd */ public class Login { private static final Logger log = Logger.getLogger(Login.class); //教师表的基本信息 public String frameworkid = null; //地市编码 public String optrid = null; //教师工号 public String empid=null; private String empname = null; //教师名称 private String emppwd = null; //教师口令 public String empstate = null; //教师口令状态 public String empstatedate = null; //教师状态修改时间 public String optrlvl = null; //教师级别 public String optrareaid = null; //区县标识 public String optrcontaddr = null; //联系地址 public String optrcontphone = null; //联系电话 public String optrcontmobphone = null; //手机 public String optrfaxnum = null; //传真 public String shiftid = null; //组长标识(暂时不用) public String acptsiteid = null; //学校标识 public String departlvlid = null; //级别 0,省分级 1,市级 2,区县级 3,学校 public String departid = null; //学校标识 private String departname = null; //学校名 private String empidbegindate = null; //工号启用时间 private String empidenddate = null; //工号停用时间 private String departtypeid = null; //学校类型 private String jobcode = null; //岗位编码 public String menuidlist = null;//模块标示 private String emppro = null; //管理员类型:MA-省分管理员;CM-市管理员;CU-区县管理员;NONE-不是管理员 private String parentdeptid = null; private String menu=null; public String menuitem = null; //菜单模板,生成导航条的时候使用 public String menuitemname=null; public String menuname=null; public String sanyuan=null; public String certname = null; public String certid = null; public String getMenuname() { return this.menuname; } public void setMenuname(String menuname) { this.menuname = menuname; } //标识该用户是否验证通过1:通过,0:未通过 private String passtag = "0"; public HashFmlBuf para_menu; public Login() { para_menu = new HashFmlBuf(); } public void setacpt(String as_acpt) { acptsiteid = as_acpt; } /** * 在 HashFmlBuf para_menu中查找传入的URL是否存在,拦截器使用 **/ public int checkUrl(String url) { for (int i=0;i= 0) { return 1; } } return -1; } /** * 功能: * 这里的操作员是指用户当前登录的操作员的信息 */ public void getOptr(HashFmlBuf para_out) { if (passtag.equals("1")) { para_out.fchg("FRAMEWORKID", 0, frameworkid); para_out.fchg("OPTRID", 0, optrid); para_out.fchg("SANYUAN", 0, sanyuan); para_out.fchg("CERTNAME", 0, certname); para_out.fchg("CERTID", 0, certid); para_out.fchg("EMPNAME", 0, empname); para_out.fchg("OPTRPWD", 0, emppwd); para_out.fchg("OPTRSTAT", 0, empstate); para_out.fchg("OPTRSTATDATE", 0, empstatedate); para_out.fchg("OPTRLVL", 0, optrlvl); para_out.fchg("OPTRAREAID", 0, optrareaid); para_out.fchg("OPTRCONTADDR", 0, optrcontaddr); para_out.fchg("OPTRCONTPHONE", 0, optrcontphone); para_out.fchg("OPTRCONTMOBPHONE", 0, optrcontmobphone); para_out.fchg("OPTRFAXNUM", 0, optrfaxnum); para_out.fchg("SHIFTID", 0, shiftid); para_out.fchg("ACPTSITEID", 0, acptsiteid); para_out.fchg("EMPIDBEGINDATE", 0, empidbegindate); para_out.fchg("EMPIDENDDATE", 0, empidenddate); para_out.fchg("DEPARTTYPEID", 0, departtypeid); para_out.fchg("JOBCODE",0,jobcode); para_out.fchg("MENUNAME",0,menuname); para_out.fchg("parentdeptid",0,parentdeptid); } else { para_out.fchg("FRAMEWORKID", 0, null); para_out.fchg("OPTRID", 0, null); para_out.fchg("SANYUAN", 0, null); para_out.fchg("CERTNAME", 0, null); para_out.fchg("CERTID", 0, null); para_out.fchg("OPTRGRP", 0, null); para_out.fchg("EMPNAME", 0, null); para_out.fchg("OPTRPWD", 0, null); para_out.fchg("OPTRSTAT", 0, null); para_out.fchg("OPTRSTATDATE", 0, null); para_out.fchg("OPTRLVL", 0, null); para_out.fchg("OPTRAREAID", 0, null); para_out.fchg("PLC", 0, null); para_out.fchg("OPTRCONTADDR", 0, null); para_out.fchg("OPTRCONTPHONE", 0, null); para_out.fchg("OPTRCONTMOBPHONE", 0, null); para_out.fchg("OPTRFAXNUM", 0, null); para_out.fchg("SHIFTID", 0, null); para_out.fchg("ACPTSITEID", 0, null); para_out.fchg("OPTRIDBEGINDATE", 0, null); para_out.fchg("OPTRIDENDDATE", 0, null); para_out.fchg("DEPARTTYPEID", 0, null); para_out.fchg("JOBCODE",0,null); para_out.fchg("MENUNAME",0,null); } } /** * 功能描述: * 验证传入的URL是否在该用户的权限之内,如果能找到 * 则返回TRUE,否则返回FALSE; */ public boolean checkPassURL(String as_url) { if (para_menu.find("WORKOBJECT", as_url) == -1) { return false; } return true; } /** *功能: * 验证是否通过口令校验 */ public boolean checkPasstag() { if (passtag.equals("1")) return true; else return false; } /** *功能: * 清除私有变量的所有数据 */ private void cleanLocalData() { frameworkid = null; optrid = null; empname = null; emppwd = null; empstate = null; empstatedate = null; optrlvl = null; optrareaid = null; optrcontaddr = null; optrcontphone = null; optrcontmobphone = null; optrfaxnum = null; shiftid = null; acptsiteid = null; departname = null; empidbegindate = null; empidenddate = null; departtypeid = null; jobcode = null; passtag = "0"; parentdeptid = null; sanyuan=null; certname = null; certid = null; } /** * 功能: * 验证员工工号是否存在,如果存在则取出相关的数据,存放到私有变量中 * @param * 员工工号 * * @param para_out - 输入参数可以是一个对象,该对象包含以下参数: * 1、成功标志checktag(char5) 00000:成功,00001:tuxedo失败 * 00002:工号不存在,00003:用户过期 * 2、错误原因errorinfo(char100) */ public int checkOptrid(String empid, HashFmlBuf para_out) { //定义变量 ResultSet rs; Connection conn = null; PreparedStatement prep = null; passtag = "0"; int i = 0; //清除输出缓冲区中的数据 //para_out.finit(); //获取输入参数 if (empid.trim().equals("")) { para_out.fchg("CHECKTAG", 0, "00001"); cleanLocalData(); para_out.fchg("ERRORINFO", 0, "操作员工号不能为空!"); return -1; } //如果已经存在该工号了,就不需要到数据库验证了 if (empid.trim().equals(optrid)) { para_out.fchg("CHECKTAG", 0, "00000"); return 0; } String ls_sql = "select frameworkid,empname,emppwd,empstate,empstatedate,emplvl,empcontaddr,empcontphone,empcontmobphone,empfaxnum,empidbegindate,empidenddate,sanyuan,certname,certid from tab_employee where empid = ?"; try { //连接数据库 conn = DbConn.getConn(); prep = conn.prepareStatement(ls_sql); prep.setString(1, empid); //执行sql语句 rs = prep.executeQuery(); //处理输出数据 while (rs.next()) { //frameworkid = rs.getString("frameworkid"); optrid = empid; empname = rs.getString("empname"); emppwd = rs.getString("emppwd"); empstate = rs.getString("empstate"); empstatedate = rs.getString("empstatedate"); optrlvl = rs.getString("emplvl"); sanyuan=rs.getString("sanyuan"); certname=rs.getString("certname"); certid=rs.getString("certid"); optrcontaddr = rs.getString("empcontaddr"); optrcontphone = rs.getString("empcontphone"); optrcontmobphone = rs.getString("empcontmobphone"); optrfaxnum = rs.getString("empfaxnum"); empidbegindate = rs.getString("empidbegindate"); empidenddate = rs.getString("empidenddate"); i++; } } catch (Exception e) { e.printStackTrace(); para_out.fchg("CHECKTAG", 0, "00001"); cleanLocalData(); para_out.fchg("ERRORINFO", 0, e.toString()); } finally { if (conn != null) { try { conn.close(); } catch (Exception e) { para_out.fchg("CHECKTAG", 0, "00001"); cleanLocalData(); para_out.fchg("ERRORINFO", 0, e.toString()); } } } //验证工号是否存在 if (i == 0) { para_out.fchg("CHECKTAG", 0, "00002"); cleanLocalData(); para_out.fchg("ERRORINFO", 0, "您输入的人员编号有误,请重新输入!"); return -1; } //判断工号是否启用和是否禁用 String ls_sysdate = ""; //先获取系统时间 try { //连接数据库 conn = DbConn.getConn(); Statement statement = conn.createStatement(); rs = statement.executeQuery( // "select now() as sys_date from dual"); "select now() as sys_date from dual"); if (rs.next()) { ls_sysdate = rs.getString("sys_date"); } } catch (Exception e) { para_out.fchg("CHECKTAG", 0, "00001"); cleanLocalData(); para_out.fchg("ERRORINFO", 0, e.toString()); } finally { if (conn != null) { try { conn.close(); } catch (Exception e) { para_out.fchg("CHECKTAG", 0, "00001"); cleanLocalData(); para_out.fchg("ERRORINFO", 0, e.toString()); } } } //判断工号是否过期 if (ls_sysdate.compareTo(empidbegindate) < 0 || ls_sysdate.compareTo(empidenddate) > 0) { para_out.fchg("CHECKTAG", 0, "00003"); cleanLocalData(); para_out.fchg("ERRORINFO", 0, "您的用户过期或还没有启用!"); return -1; } para_out.fchg("CHECKTAG", 0, "00000"); return 0; } /** * 功能: * 根据员工的工号和口令验证用户是否可以登录系统。 *

* 流程描述: *

* 1、验证输入的口令是否正确 * 2、根据optrid查询员工对应部门表 tab_empdept,获得员工部门号, * 根据部门号查询表tab_department获取部门名称departname、部门类型departtypeid. * * @param para_in - 输入参数可以是一个对象,该对象包含以下参数: * 1、optrid :员工工号 * 2、emppwd:员工口令 * 3、opername:操作名称 * @param para_out - 该对象中包含以下输出参数: * 1、成功标志checktag(char5) 00000:成功,00001:tuxedo失败 * 00002:工号与口令校验失败,00003:无部门,00004:口令过期 * 2、错误原因errorinfo(char100) * 3、操作员姓名optrname(char40) * 4、分公司编码frameworkid(char8) * 5、地域标示areaid(char8) * 6、对应部门数acptsitecnt(char5) * 7、对应部门acptsiteid(char15) * 8、部门类型acptsitetypeidchar(2) * 9、对应部门名称acptsitename(char40) */ public int checkPwd(String emppwd, HashFmlBuf para_out) { //清除输出缓冲区中的数据 para_out.finit(); //比较口令是否校验成功 if (encrypt_optr_password(emppwd).equals(this.emppwd) && certid.equals(this.certid)) { //if (encrypt_optr_password(emppwd).equals(this.emppwd) ) { //判断口令是否过期 //System.out.println(this.certid); // if (empstate.equals("")){ // para_out.fchg("CHECKTAG", 0, "00005"); // para_out.fchg("ERRORINFO", 0, "您需要进行UKEY验证!"); // return -1; // } if (empstate.equals("0")) { para_out.fchg("CHECKTAG", 0, "00004"); para_out.fchg("ERRORINFO", 0, "您的用户账号已经过期!"); return -1; } } else if(!encrypt_optr_password(emppwd).equals(this.emppwd)){ para_out.fchg("CHECKTAG", 0, "00002"); para_out.fchg("ERRORINFO", 0, "您输入的登录密码不正确!"); return -1; } else { para_out.fchg("ERRORINFO", 0, "您的UKEY登录信息不正确!"); return -1; } //判断岗位是否存在 //根据工号查询表 tab_empdept 获取部门 int j = 0; ResultSet rs; Connection conn = null; PreparedStatement prep = null; String sql = "select b.frameworkid,b.parentdeptid,b.areaid,b.departid,b.acptsiteid,b.departname,b.departtypeid,a.jobcode,a.emppro ,a.DEPARTLVLID adjustlvlid, b.DEPARTLVLID lvlid from tab_empdept a,tab_department b where a.departid=b.departid and a.empid = ?"; try { //连接数据库 conn = DbConn.getConn(); prep = conn.prepareStatement(sql); prep.setString(1, optrid); //prep.setString(2, frameworkid); //执行sql语句 rs = prep.executeQuery(); //处理输出数据 String lvlid ; while (rs.next()) { para_out.fchg("OPTRAREAID", j, rs.getString("areaid")); para_out.fchg("frameworkid", j, rs.getString("frameworkid")); para_out.fchg("departid", j, rs.getString("departid")); String acptsiteid = rs.getString("ACPTSITEID"); if (Common.isNull(acptsiteid)) { acptsiteid = rs.getString("departid"); } para_out.fchg("ACPTSITEID", j, acptsiteid); para_out.fchg("DEPARTNAME", j, rs.getString("departName")); para_out.fchg("DEPARTTYPEID", j, rs.getString("departTypeID")); para_out.fchg("JOBCODE", j, rs.getString("jobcode")); para_out.fchg("EMPPRO", j, Common.convertNull(rs.getString("emppro"))); //部门级别,如果调整不为空,则用调整级别。 lvlid = rs.getString("lvlid"); if(!Common.isNull(rs.getString("adjustlvlid"))){ lvlid = rs.getString("adjustlvlid"); } para_out.fchg("DEPARTLVLID", j, lvlid); para_out.fchg("parentdeptid", j, Common.convertNull(rs.getString("parentdeptid"))); j++; } } catch (Exception e) { e.printStackTrace(); para_out.fchg("CHECKTAG", 0, "00001"); para_out.fchg("ERRORINFO", 0, e.toString()); } finally { if (conn != null) { try { conn.close(); } catch (Exception e) { para_out.fchg("CHECKTAG", 0, "00001"); para_out.fchg("ERRORINFO", 0, e.toString()); } } } //判断部门是否存在 if (j == 0) { para_out.fchg("CHECKTAG", 0, "00003"); para_out.fchg("ERRORINFO", 0, "您没有对应的部门!"); return -1; } para_out.fchg("DEPTCOUNT", 0, Integer.toString(j)); if(j == 1 ){ acptsiteid = para_out.fget("ACPTSITEID",0); //对应营帐部门 departid = para_out.fget("departid",0); departname = para_out.fget("DEPARTNAME",0); departtypeid = para_out.fget("DEPARTTYPEID",0); emppro = para_out.fget("EMPPRO",0); jobcode = para_out.fget("JOBCODE",0); optrareaid = para_out.fget("OPTRAREAID",0); parentdeptid = para_out.fget("parentdeptid",0); frameworkid = para_out.fget("frameworkid",0); departlvlid = para_out.fget("DEPARTLVLID",0); } //填写返回数据 //para_out.fchg("FRAMEWORKID", 0, frameworkid); para_out.fchg("EMPNAME", 0, empname); para_out.fchg("CHECKTAG", 0, "00000"); //表示用户身份验证通过 passtag = "1"; return 0; } /** 功能: 根据当前操作员获取该操作员所对应的菜单项信息 流程描述: 1、根据optrid从td_m_optrjob中找出岗位编码(可能有多条记录) 2、根据岗位编码从tab_jobmenu中找出和该岗位所对应的菜单模板的编码。 3、根据菜单模板的编码从表tab_menuitem中获取菜单的信息,然后根据菜单项编码到表td _s_funcmodu和表tab_menu中查找对应信息(如果在tab_funcmodu中能够找到对应记录,? 表示是功能模块,要返回相对应的URL,如果在tab_menu中找到记录,则表示是菜单的一个 枝) 4、根据工号从额外调整表tab_empfunc中取该员工所对应的调整的功能模块 @param para_in - 输入参数为: optrid:工号 opername:操作名 @param para_out - 输出参数: 1、成功标志checktag(char5) 00000:成功 ,00001:失败 2、错误原因errorinfo(char100) 3、岗位菜单编码menuitem(char10) 4、岗位菜单名称menuitemname(char30) 5、菜单总数menucnt(char5) 6、菜单项编码menu_id(char10) 7、菜单项名称menu_name(char30) 8、菜单级别menulevel(char1) 9、上级菜单uplevel(char10) 10、工作对象workobject(char50) 11、快捷键shortcut(char20) 12、是否调整标志adjusttag(char1) 0:不调整 ,1:调整 13、调整类型adjusttype(char1) 0:减少,1: 增加 */ public int getMenu(HashFmlBuf para_out) { //定义变量 ResultSet rs; Connection conn = null; PreparedStatement prep = null; //清除输出缓冲区中的数据 para_out.finit(); //判断实例是否创建,如果没有创建则新创建一个 if (para_menu == null) { para_menu = new HashFmlBuf(); } //清除私有变量中的数据 para_menu.finit(); //根据当前工号所对应的岗位查找对应的菜单模板 String sql = "select distinct a.menuitem,b.menuitemname from tab_jobmenu a,tab_menuitem b where a.frameworkid=b.frameworkid and a.menuitem=b.menuitem and a.jobcode = ? and a.frameworkid=?"; try { //连接数据库 conn = DbConn.getConn(); prep = conn.prepareStatement(sql); prep.setString(1, jobcode); prep.setString(2, frameworkid); //执行sql语句 rs = prep.executeQuery(); //根据工号获取岗位编码,然后根据岗位编码查询该岗位对应的菜单模板 String menuitemname = ""; if (rs.next()) { //保存菜单模板,导航条使用 this.menuitem = rs.getString("menuitem"); menuitemname = rs.getString("menuitemname"); } prep.close(); rs.close(); StringBuffer menuSql = new StringBuffer(); menuSql.append("select distinct * from ("); menuSql.append("(select a.menuid,a.menuname as menuname,a.uplevel as upmenuid,b.web_workobject as workurl,a.menulevel "); menuSql.append(" from tab_menuitem a,tab_funcmodu b"); menuSql.append(" where a.menuid=b.funcmoducode(+) and"); menuSql.append(" not exists(select 1 from tab_empfunc c where a.menuid=c.funcmoducode and c.adjust='-' and c.empid=?) and "); menuSql.append(" a.menuitem=? and a.frameworkid=?)"); menuSql.append("union"); menuSql.append("(select a.funcmoducode as menuid,b.funcmoduname as menuname,a.uplevel as upmenuid,b.web_workobject as workurl,a.curlevel as menulevel"); menuSql.append(" from tab_empfunc a,tab_funcmodu b "); menuSql.append(" where a.funcmoducode=b.funcmoducode and "); menuSql.append(" not exists (select 1 from tab_menuitem c where a.funcmoducode=c.menuid and c.menuitem=? and c.frameworkid=?) and"); menuSql.append(" a.adjust='+' and a.empid =?)"); menuSql.append(") "); menuSql.append("order by menulevel,decode(workurl,null,0,1),menuid"); para_menu = (HashFmlBuf) JDBCUtils.query(conn, menuSql.toString(), new Object[]{optrid,menuitem,frameworkid,menuitem,frameworkid,optrid}, new HashFmlBufResultSetHandler()); int rowcount = para_menu.getRowCount(); //设置菜单模板名称和标识 para_menu.fchg("menuitem",0,menuitem); para_menu.fchg("menuitemname", 0, menuitemname); para_menu.setRowCount(rowcount); } catch (Exception e) { para_out.fchg("CHECKTAG", 0, "00001"); para_out.fchg("ERRORINFO", 0, e.toString()); } finally { if (conn != null) { try { conn.close(); } catch (Exception e) { } } } //把总记录条数添加上去 para_out.fchg("CHECKTAG", 0, "00000"); return 0; } public String modiPwd(String oldPwd, String newPwd) { String errorinfo = ""; if (passtag.equals("0")) { errorinfo = "没有登录,不可以修改口令!"; return errorinfo; } if (newPwd == null || newPwd.equals("")) { errorinfo = "新口令不可以为空!"; return errorinfo; } //判断老口令是否正确 if (encrypt_optr_password(oldPwd).equals(emppwd)) { } else { errorinfo = "原口令校验失败!"; return errorinfo; } newPwd = encrypt_optr_password(newPwd); String sql = "update tab_employee set emppwd = ? where empid = ?"; Connection conn = null; PreparedStatement pst = null; try{ conn = DbConn.getConn(); conn.setAutoCommit(false); pst = conn.prepareStatement(sql); pst.setString(1,newPwd); pst.setString(2,optrid); pst.executeUpdate(); //oracle数据库手动提交,mysql中 自动提交autoCommit(); conn.commit(); this.emppwd = newPwd; } catch (Exception e) { try { conn.rollback(); } catch (Exception e1) { } errorinfo = "修改口令失败!" + e.toString(); } finally { try { if (conn != null) conn.close(); if (pst != null) pst.close(); } catch (Exception e) { } } return errorinfo; } /** * 生成树 * @return List中存放了输出的JavaScript */ public List outXTree() { //如果没有登录,则直接返回空 if (passtag == "0") return null; List list = new ArrayList(); String tmpTreeStr = ""; list.add("