diff --git a/com/action/AdminAction.java b/com/action/AdminAction.java new file mode 100644 index 0000000..e51d842 --- /dev/null +++ b/com/action/AdminAction.java @@ -0,0 +1,249 @@ +package com.action; +/** + * 管理员登陆 增加 修改 删除 删除登陆日志 + */ +import java.io.IOException; +import java.util.List; +import java.util.StringTokenizer; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import com.bean.AdminBean; +import com.bean.SystemBean; +import com.util.Constant; +import com.util.MD5; + +public class AdminAction extends HttpServlet { + + /** + * Constructor of the object. + */ + public AdminAction() { + super(); + } + + /** + * Destruction of the servlet.
+ */ + public void destroy() { + super.destroy(); // Just puts "destroy" string in log + // Put your code here + } + + /** + * The doGet method of the servlet.
+ * + * This method is called when a form has its tag value method equals to get. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + doPost(request,response); + } + + /** + * The doPost method of the servlet.
+ * + * This method is called when a form has its tag value method equals to post. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + response.setContentType(Constant.CONTENTTYPE); + request.setCharacterEncoding(Constant.CHARACTERENCODING); + try{ + String method=request.getParameter("method").trim(); + AdminBean loginbean = new AdminBean(); + HttpSession session = request.getSession(); + session.setMaxInactiveInterval(1200); + SystemBean systembean = new SystemBean(); + String sysdir = systembean.getDir(); + if(method.equals("one")){//admin登录 + String username = request.getParameter("username"); + String password = request.getParameter("password"); + if(username == null||username.trim().equals("")){ + request.setAttribute("message", "请正确输入用户名!"); + request.getRequestDispatcher(sysdir+"/login.jsp").forward(request, response); + } + else if(password == null||password.trim().equals("")){ + request.setAttribute("message", "请输入密码!"); + request.getRequestDispatcher(sysdir+"/login.jsp").forward(request, response); + } + else{ + String md5password = MD5.MD5(password); + String agent = request.getHeader("user-agent"); + StringTokenizer st = new StringTokenizer(agent,";"); + String useros=st.nextToken(); + String loginip = request.getRemoteAddr(); + int flag = loginbean.adminLogin(username,md5password, password,useros,loginip); + switch (flag){ + case Constant.SUCCESS: + List list = loginbean.getAdminInfo(username); + session.setAttribute("user", username); + session.setAttribute("list", list); + request.getRequestDispatcher(sysdir+"/").forward(request, response); + break; + case Constant.NAME_ERROR: + request.setAttribute("message", "用户名错误!请确认管理权限!"); + request.getRequestDispatcher(sysdir+"/login.jsp").forward(request, response); + break; + case Constant.PASSWORD_ERROR: + request.setAttribute("message", "密码错误,请确认管理权限!"); + request.getRequestDispatcher(sysdir+"/login.jsp").forward(request, response); + break; + } + } + } + else if(method.equals("editpwd")){//admin edit password + String username2 = (String)session.getAttribute("user"); + if(username2 == null){ + request.getRequestDispatcher("error.jsp").forward(request, response); + } + else{ + String oldpwd = MD5.MD5(request.getParameter("oldpwd").trim()); + String newpwd = MD5.MD5(request.getParameter("newpwd").trim()); + String username = (String)session.getAttribute("user"); + int flag = loginbean.editPassword(username, oldpwd, newpwd); + switch (flag){ + case Constant.SUCCESS: + request.setAttribute("message", "密码修改成功!"); + request.getRequestDispatcher(sysdir+"/system/editpwd.jsp").forward(request, response); + break; + case Constant.PASSWORD_ERROR: + request.setAttribute("message", "原始密码错误,请确认权限!"); + request.getRequestDispatcher(sysdir+"/system/editpwd.jsp").forward(request, response); + break; + case Constant.SYSTEM_ERROR: + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher(sysdir+"/system/editpwd.jsp").forward(request, response); + break; + } + } + } + else if(method.equals("exit")){//admin exit + String username2 = (String)session.getAttribute("user"); + if(username2 == null){ + request.getRequestDispatcher("error.jsp").forward(request, response); + } + else{ + session.removeAttribute("user"); + session.removeAttribute("list"); + System.gc(); + request.getRequestDispatcher(sysdir+"/login.jsp").forward(request, response); + } + } + else if(method.equals("manager")){//add,update manager + String username2 = (String)session.getAttribute("user"); + if(username2 == null){ + request.getRequestDispatcher("error.jsp").forward(request, response); + } + else{ + + String username = request.getParameter("username").trim(); + String password = MD5.MD5(request.getParameter("password").trim()); + + + int flag = loginbean.addManager(username, password, "2", "1"); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "增加管理员成功!"); + request.getRequestDispatcher(sysdir+"/system/user.jsp").forward(request, response); + } + else if(flag == Constant.SAME_NAME){ + request.setAttribute("username", username); + request.setAttribute("message", "该用户名已经存在!"); + request.getRequestDispatcher(sysdir+"/system/user.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher(sysdir+"/system/user.jsp").forward(request, response); + } + + } + } + else if(method.equals("delm")){//delete manager + String username2 = (String)session.getAttribute("user"); + if(username2 == null){ + request.getRequestDispatcher("error.jsp").forward(request, response); + } + else{ + int id = Integer.parseInt(request.getParameter("id").trim()); + if(id == 1){ + request.setAttribute("message", "不能删除原始帐号!"); + request.getRequestDispatcher(sysdir+"/system/user.jsp").forward(request, response); + } + else{ + int flag = loginbean.delManager(id); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "删除成功!"); + request.getRequestDispatcher(sysdir+"/system/user.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher(sysdir+"/system/user.jsp").forward(request, response); + } + } + } + } + else if(method.equals("dellog")){//delete login note + String username2 = (String)session.getAttribute("user"); + if(username2 == null){ + request.getRequestDispatcher("error.jsp").forward(request, response); + } + else{ + String check[] = request.getParameterValues("checkit"); + if(check == null){ + request.setAttribute("message", "请选择要删除的记录!"); + request.getRequestDispatcher(sysdir+"/system/log.jsp").forward(request, response); + } + else{ + int id[]= new int[check.length]; + for(int i = 0;i + * + * @throws ServletException if an error occure + */ + public void init() throws ServletException { + // Put your code here + } + +} diff --git a/com/action/AfficheAction.java b/com/action/AfficheAction.java new file mode 100644 index 0000000..dfbdaf7 --- /dev/null +++ b/com/action/AfficheAction.java @@ -0,0 +1,160 @@ +package com.action; + +/** + * 网站公告 + * @author Administrator + * + */ + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import com.bean.AfficheBean; +import com.bean.SystemBean; +import com.util.Constant; +import com.util.Filter; + +public class AfficheAction extends HttpServlet { + + /** + * Constructor of the object. + */ + public AfficheAction() { + super(); + } + + /** + * Destruction of the servlet.
+ */ + public void destroy() { + super.destroy(); // Just puts "destroy" string in log + // Put your code here + } + + /** + * The doGet method of the servlet.
+ * + * This method is called when a form has its tag value method equals to get. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + doPost(request,response); + } + + /** + * The doPost method of the servlet.
+ * + * This method is called when a form has its tag value method equals to post. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + response.setContentType(Constant.CONTENTTYPE); + request.setCharacterEncoding(Constant.CHARACTERENCODING); + String sysdir = new SystemBean().getDir(); + HttpSession session = request.getSession(); + try{ + String username2 = (String)session.getAttribute("user"); + if(username2 == null){ + request.getRequestDispatcher("error.jsp").forward(request, response); + } + else{ + AfficheBean afficheBean = new AfficheBean(); + String method = request.getParameter("method").trim(); + if(method.equals("addAffiche")){//增加公告 + String title = Filter.escapeHTMLTags(request.getParameter("title").trim()); + String content = Filter.escapeHTMLTags(request.getParameter("content").trim()); + String adder = username2; + String ifhide = Filter.escapeHTMLTags(request.getParameter("ifhide").trim()); + int flag = afficheBean.addAffiche(title, content, adder, ifhide); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "操作成功!"); + request.getRequestDispatcher(sysdir+"/affiche/index.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中请稍后再试!"); + request.getRequestDispatcher(sysdir+"/affiche/index.jsp").forward(request, response); + } + } + else if(method.equals("editAffiche")){//修改公告 + String id=Filter.escapeHTMLTags(request.getParameter("id").trim()); + String title = Filter.escapeHTMLTags(request.getParameter("title").trim()); + String content = Filter.escapeHTMLTags(request.getParameter("content").trim()); + String adder = username2; + String ifhide = Filter.escapeHTMLTags(request.getParameter("ifhide").trim()); + int flag = afficheBean.updateAffiche(Integer.parseInt(id), title, content, adder, ifhide); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "操作成功!"); + request.getRequestDispatcher(sysdir+"/affiche/index.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中请稍后再试!"); + request.getRequestDispatcher(sysdir+"/affiche/index.jsp").forward(request, response); + } + } + else if(method.equals("hideAffiche")){ + String id = Filter.escapeHTMLTags(request.getParameter("id").trim()); + int flag = afficheBean.hideAffiche(Integer.parseInt(id)); + if(flag == Constant.SUCCESS){ + request.getRequestDispatcher(sysdir+"/affiche/index.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher(sysdir+"/affiche/index.jsp").forward(request, response); + } + } + else if(method.equals("delaffiche")){//删除公告 + String check[] = request.getParameterValues("checkit"); + if(check == null){ + request.setAttribute("message", "请选择要删除的记录!"); + request.getRequestDispatcher(sysdir+"/affiche/index.jsp").forward(request, response); + } + else{ + int id[]= new int[check.length]; + for(int i = 0;i + * + * @throws ServletException if an error occure + */ + public void init() throws ServletException { + // Put your code here + } + +} diff --git a/com/action/CommonAction.java b/com/action/CommonAction.java new file mode 100644 index 0000000..0e302b8 --- /dev/null +++ b/com/action/CommonAction.java @@ -0,0 +1,172 @@ +package com.action; + +/** + * 上传控制servlet中无法实现的功能由此操作 + * + * 通用操作控制 + * + */ +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + + +import com.bean.NewsBean; +import com.bean.SystemBean; +import com.util.Constant; +import com.util.Filter; + +public class CommonAction extends HttpServlet { + + /** + * Constructor of the object. + */ + public CommonAction() { + super(); + } + + /** + * Destruction of the servlet.
+ */ + public void destroy() { + super.destroy(); // Just puts "destroy" string in log + // Put your code here + } + + /** + * The doGet method of the servlet.
+ * + * This method is called when a form has its tag value method equals to get. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + doPost(request,response); + } + + /** + * The doPost method of the servlet.
+ * + * This method is called when a form has its tag value method equals to post. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + response.setContentType(Constant.CONTENTTYPE); + request.setCharacterEncoding(Constant.CHARACTERENCODING); + String sysdir = new SystemBean().getDir(); + HttpSession session = request.getSession(); + try{ + String username2 = (String)session.getAttribute("user"); + if(username2 == null){ + request.getRequestDispatcher("error.jsp").forward(request, response); + } + else{ + String method = request.getParameter("method").trim(); + + /********************************************** + * 新闻 + ************************************************/ + if(method.equals("DELNEWS")){//删除新闻 来自普通新闻页面index.jsp + String strDirPath = request.getSession().getServletContext().getRealPath("/"); + String check[] = request.getParameterValues("checkit"); + if(check == null){ + request.setAttribute("message", "请选择要删除的记录!"); + request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response); + } + else{ + int id2[]= new int[check.length]; + for(int i = 0;i + * + * @throws ServletException if an error occure + */ + public void init() throws ServletException { + // Put your code here + } + +} diff --git a/com/action/GuestBookAction.java b/com/action/GuestBookAction.java new file mode 100644 index 0000000..ff629b9 --- /dev/null +++ b/com/action/GuestBookAction.java @@ -0,0 +1,193 @@ +package com.action; + +/** + * + * 留言本 + */ + +import java.io.IOException; +import java.util.List; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import com.bean.GuestBookBean; +import com.bean.SystemBean; +import com.util.Constant; +import com.util.Filter; + +public class GuestBookAction extends HttpServlet { + + /** + * Constructor of the object. + */ + public GuestBookAction() { + super(); + } + + /** + * Destruction of the servlet.
+ */ + public void destroy() { + super.destroy(); // Just puts "destroy" string in log + // Put your code here + } + + /** + * The doGet method of the servlet.
+ * + * This method is called when a form has its tag value method equals to get. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + doPost(request,response); + } + + /** + * The doPost method of the servlet.
+ * + * This method is called when a form has its tag value method equals to post. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + request.setCharacterEncoding(Constant.CHARACTERENCODING); + response.setContentType(Constant.CONTENTTYPE); + //nikename, pic, email, qq, weburl, blogurl, expressions, content + String sysdir = new SystemBean().getDir(); + HttpSession session = request.getSession(); + String method = request.getParameter("method").trim(); + GuestBookBean guestBookBean = new GuestBookBean(); + if(method.equals("add")){//发表留言 + String member=(String)session.getAttribute("member"); + String nikename = Filter.escapeHTMLTags(request.getParameter("nikename").trim()); + String face ="images/nobody.gif"; + String email = Filter.escapeHTMLTags(request.getParameter("email").trim()); + String qq = Filter.escapeHTMLTags(request.getParameter("qq").trim()); + String weburl = Filter.escapeHTMLTags(request.getParameter("weburl").trim()); + String blogurl = Filter.escapeHTMLTags(request.getParameter("blogurl").trim()); + String expressions = "images/face/"+Filter.escapeHTMLTags(request.getParameter("face").trim())+".gif"; + String content = Filter.escapeHTMLTags(request.getParameter("content").trim()); + String ip = request.getRemoteAddr(); + + int guestbook=1; + int flag = guestBookBean.addGuestBook(nikename, face, email, qq, weburl, blogurl, expressions, content, ip,guestbook); + if(flag == 1){ + + request.setAttribute("message", "谢谢您的留言,请等候管理员回复!"); + request.getRequestDispatcher("guestbook.jsp").forward(request, response); + + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher("guestbook.jsp").forward(request, response); + } + } + else if(method.equals("delguestbook")){//删除留言 + try{ + String username2 = (String)session.getAttribute("user"); + if(username2 == null){ + request.getRequestDispatcher("error.jsp").forward(request, response); + } + else{ + String check[] = request.getParameterValues("checkit"); + if(check == null){ + request.setAttribute("message", "请选择要删除的记录!"); + request.getRequestDispatcher(sysdir+"/guestbook/index.jsp").forward(request, response); + } + else{ + int id[]= new int[check.length]; + for(int i = 0;i + * + * @throws ServletException if an error occure + */ + public void init() throws ServletException { + // Put your code here + } +} diff --git a/com/action/HzpAction.java b/com/action/HzpAction.java new file mode 100644 index 0000000..01e24c8 --- /dev/null +++ b/com/action/HzpAction.java @@ -0,0 +1,157 @@ +package com.action; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import com.bean.HzpBean; +import com.bean.NewsBean; +import com.util.Constant; + +public class HzpAction extends HttpServlet { + + /** + * Constructor of the object. + */ + public HzpAction() { + super(); + } + + /** + * Destruction of the servlet.
+ */ + public void destroy() { + super.destroy(); // Just puts "destroy" string in log + // Put your code here + } + + /** + * The doGet method of the servlet.
+ * + * This method is called when a form has its tag value method equals to get. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + doPost(request,response); + } + + /** + * The doPost method of the servlet.
+ * + * This method is called when a form has its tag value method equals to post. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + request.setCharacterEncoding(Constant.CHARACTERENCODING); + response.setContentType(Constant.CONTENTTYPE); + HttpSession session=request.getSession(); + HzpBean tb=new HzpBean(); + String method=request.getParameter("method").trim(); + ///////////////////////////////////////////////////////////////////// + if(method.equals("deltrave")){ + String id=request.getParameter("id").trim(); + int flag = tb.delTrave(id); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "操作成功!"); + request.getRequestDispatcher("admin/hzp/index.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher("admin/hzp/index.jsp").forward(request, response); + } + } + else if(method.equals("hotdeltrave")){ + String id=request.getParameter("id").trim(); + int flag = tb.delTrave(id); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "操作成功!"); + request.getRequestDispatcher("admin/hzp/hot.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher("admin/hzp/hot.jsp").forward(request, response); + } + } + else if(method.equals("tejiadeltrave")){ + String id=request.getParameter("id").trim(); + int flag = tb.delTrave(id); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "操作成功!"); + request.getRequestDispatcher("admin/hzp/tejia.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher("admin/hzp/tejia.jsp").forward(request, response); + } + } + else if(method.equals("tuijiandeltrave")){ + String id=request.getParameter("id").trim(); + int flag = tb.delTrave(id); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "操作成功!"); + request.getRequestDispatcher("admin/hzp/tuijian.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher("admin/hzp/tuijian.jsp").forward(request, response); + } + } + + else if(method.equals("addType")){ + String type=request.getParameter("type").trim(); + int flag=tb.addType(type); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "操作成功!"); + request.getRequestDispatcher("admin/hzp/type.jsp").forward(request, response); + } + else if(flag==Constant.DEFAULT_ERROR){ + request.setAttribute("message", "该分类已存在!"); + request.getRequestDispatcher("admin/hzp/type.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher("admin/hzp/type.jsp").forward(request, response); + } + } + else if(method.equals("delType")){ + String id=request.getParameter("id").trim(); + int flag=tb.delType(id); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "操作成功!"); + request.getRequestDispatcher("admin/hzp/type.jsp").forward(request, response); + } + + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher("admin/hzp/type.jsp").forward(request, response); + } + } + + } + + /** + * Initialization of the servlet.
+ * + * @throws ServletException if an error occure + */ + public void init() throws ServletException { + // Put your code here + } + +} diff --git a/com/action/LoginAction.java b/com/action/LoginAction.java new file mode 100644 index 0000000..4765477 --- /dev/null +++ b/com/action/LoginAction.java @@ -0,0 +1,163 @@ +package com.action; + +/** + * 前台会员登陆 退出 + * + */ + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import com.bean.MemberBean; +import com.util.Constant; +import com.util.Filter; + +public class LoginAction extends HttpServlet { + + /** + * Constructor of the object. + */ + public LoginAction() { + super(); + } + + /** + * Destruction of the servlet.
+ */ + public void destroy() { + super.destroy(); // Just puts "destroy" string in log + // Put your code here + } + + /** + * The doGet method of the servlet.
+ * + * This method is called when a form has its tag value method equals to get. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + doPost(request,response); + } + + /** + * The doPost method of the servlet.
+ * + * This method is called when a form has its tag value method equals to post. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + response.setContentType(Constant.CONTENTTYPE); + request.setCharacterEncoding(Constant.CHARACTERENCODING); + HttpSession session = request.getSession(); + MemberBean memberBean = new MemberBean(); + String method = Filter.escapeHTMLTags(request.getParameter("method").trim()); + if(method.equals("HEADUSERLOGIN")){//网页头部会员登陆 + String reg_user = Filter.escapeHTMLTags(request.getParameter("reg_user").trim()); + String reg_pwd = Filter.escapeHTMLTags(request.getParameter("reg_pwd").trim()); + String reg_type = Filter.escapeHTMLTags(request.getParameter("reg_type").trim()); + String lastip = request.getRemoteAddr(); + int flag = memberBean.memberLogin(reg_user, reg_pwd, reg_type); + if(flag == Constant.SUCCESS){//登陆成功 + String info = memberBean.getLastTimeIP(reg_user); + int flag2 = memberBean.upmemberLogin(reg_user, lastip); + if(flag2 == Constant.SUCCESS){ + session.setAttribute("member", reg_user); + session.setAttribute("type", reg_type); + session.setAttribute("info", info); + request.getRequestDispatcher("login1.jsp").forward(request, response); + } + else{ + session.setAttribute("member", reg_user); + session.setAttribute("type", reg_type); + session.setAttribute("info", info); + session.setAttribute("message", "登陆成功,登陆信息更新失败!"); + request.getRequestDispatcher("login1.jsp").forward(request, response); + } + } + else if(flag == Constant.NAME_ERROR){//用户名错误 + request.setAttribute("reg_user", reg_user); + request.setAttribute("message", "该用户名不存在或者已被管理员冻结!"); + request.getRequestDispatcher("login1.jsp").forward(request, response); + } + else if(flag == Constant.PASSWORD_ERROR){//密码错误 + request.setAttribute("reg_user", reg_user); + request.setAttribute("message", "密码错误!"); + request.getRequestDispatcher("login1.jsp").forward(request, response); + } + } + else if(method.equals("PAGEUSERLOGIN")){//登陆页面会员登陆 + String username = Filter.escapeHTMLTags(request.getParameter("username").trim()); + String password = Filter.escapeHTMLTags(request.getParameter("password").trim()); + String reg_type = Filter.escapeHTMLTags(request.getParameter("reg_type").trim()); + String lastip = request.getRemoteAddr(); + int flag = memberBean.memberLogin(username, password, reg_type); + if(flag == Constant.SUCCESS){//登陆成功 + String info = memberBean.getLastTimeIP(username); + int flag2 = memberBean.upmemberLogin(username, lastip); + if(flag2 == Constant.SUCCESS){ + session.setAttribute("member", username); + session.setAttribute("type", reg_type); + session.setAttribute("info", info); + request.getRequestDispatcher("member/index.jsp").forward(request, response); + } + else{ + session.setAttribute("member", username); + session.setAttribute("type", reg_type); + session.setAttribute("info", info); + session.setAttribute("message", "登陆成功,登陆信息更新失败!"); + request.getRequestDispatcher("member/index.jsp").forward(request, response); + } + } + else if(flag == Constant.NAME_ERROR){//用户名错误 + request.setAttribute("reg_user", username); + request.setAttribute("message", "该用户名不存在!"); + request.getRequestDispatcher("login.jsp").forward(request, response); + } + else if(flag == Constant.PASSWORD_ERROR){//密码错误 + request.setAttribute("reg_user", username); + request.setAttribute("message", "密码错误!"); + request.getRequestDispatcher("login.jsp").forward(request, response); + } + } + else if(method.equals("logout")){//从iframe页面退出登陆 + session.removeAttribute("member"); + session.removeAttribute("type"); + request.getRequestDispatcher("login1.jsp").forward(request, response); + } + else if(method.equals("pagelogout")||method.equals("memberexit")){//从网页退出登陆 + session.removeAttribute("member"); + session.removeAttribute("type"); + request.getRequestDispatcher("index.jsp").forward(request, response); + } + else{ + request.getRequestDispatcher("error.jsp").forward(request, response); + } + } + + /** + * Initialization of the servlet.
+ * + * @throws ServletException if an error occure + */ + public void init() throws ServletException { + // Put your code here + } + +} diff --git a/com/action/MemberAction.java b/com/action/MemberAction.java new file mode 100644 index 0000000..b6c7fa8 --- /dev/null +++ b/com/action/MemberAction.java @@ -0,0 +1,258 @@ +package com.action; + +/** + * 会员注册、修改资料等 + * @author Administrator + * + */ + + +import java.io.IOException; +import java.util.List; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import com.bean.MemberBean; +import com.bean.SystemBean; +import com.util.Constant; +import com.util.Filter; +import com.util.MD5; + +public class MemberAction extends HttpServlet { + + /** + * Constructor of the object. + */ + public MemberAction() { + super(); + } + + /** + * Destruction of the servlet.
+ */ + public void destroy() { + super.destroy(); // Just puts "destroy" string in log + // Put your code here + } + + /** + * The doGet method of the servlet.
+ * + * This method is called when a form has its tag value method equals to get. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + doPost(request,response); + } + + /** + * The doPost method of the servlet.
+ * + * This method is called when a form has its tag value method equals to post. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + response.setContentType(Constant.CONTENTTYPE); + request.setCharacterEncoding(Constant.CHARACTERENCODING); + HttpSession session = request.getSession(); + MemberBean memberBean = new MemberBean(); + String method = Filter.escapeHTMLTags(request.getParameter("method").trim()); + /********************************************* + * 会员注册通用(检查用户名 修改密码 reg2.jsp页面跳转) + *********************************************/ + if(method.equals("reg2")){//会员注册 reg2.jsp + String username = Filter.escapeHTMLTags(request.getParameter("username").trim()); + String password = Filter.escapeHTMLTags(request.getParameter("password").trim()); + String reg_type = Filter.escapeHTMLTags(request.getParameter("reg_type").trim()); + request.setAttribute("username", username); + request.setAttribute("password", password); + request.setAttribute("reg_type", reg_type); + if(username.trim().equals("admin")){ + request.setAttribute("username", username); + request.setAttribute("message", "非法的用户名,请重新选择!"); + request.getRequestDispatcher("reg2.jsp").forward(request, response); + } + else{ + int flag = memberBean.checkRegName(username); + if(flag == Constant.SUCCESS){ + if(reg_type.equals("person")){//如果是个人会员 + request.getRequestDispatcher("personreg.jsp").forward(request, response); + } + else if(reg_type.equals("co")){//如果是企业会员 + request.getRequestDispatcher("coreg.jsp").forward(request, response); + } + else{ + request.getRequestDispatcher("index.jsp").forward(request, response); + } + } + else if(flag == Constant.SAME_NAME){ + request.setAttribute("username", username); + request.setAttribute("message", "对不起,该用户名已存在,请重新选择!"); + request.getRequestDispatcher("reg2.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher("reg2.jsp").forward(request, response); + } + } + + + } + else if(method.equals("checksame")){//检查注册名是否可用 + String username = Filter.escapeHTMLTags(request.getParameter("username").trim()); + if(username.trim().equals("admin")){ + request.setAttribute("username", username); + request.setAttribute("message", "非法的用户名,请重新选择!"); + request.getRequestDispatcher("reg2.jsp").forward(request, response); + } + else{ + int flag = memberBean.checkRegName(username); + if(flag == Constant.SUCCESS){ + request.setAttribute("username", username); + request.setAttribute("message", "恭喜您,这个名字可以使用!"); + request.getRequestDispatcher("reg2.jsp").forward(request, response); + } + else if(flag == Constant.SAME_NAME){ + request.setAttribute("username", username); + request.setAttribute("message", "对不起,该用户名已存在,请重新选择!"); + request.getRequestDispatcher("reg2.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher("reg2.jsp").forward(request, response); + } + } + } + else if(method.equals("Editpwd")){//会员修改登陆密码 + String member=(String)session.getAttribute("member"); + String type=(String)session.getAttribute("type"); + if(member==null||type==null){ + response.sendRedirect("error.jsp"); + } + else{ + String oldpwd = MD5.MD5(request.getParameter("oldpwd").trim()); + String newpwd = MD5.MD5(request.getParameter("newpwd").trim()); + int flag = memberBean.editPassword(member, oldpwd, newpwd); + switch (flag){ + case Constant.SUCCESS: + request.setAttribute("message", "密码修改成功!"); + request.getRequestDispatcher("member/info/editpwd.jsp").forward(request, response); + break; + case Constant.PASSWORD_ERROR: + request.setAttribute("message", "原始密码错误,请确认权限!"); + request.getRequestDispatcher("member/info/editpwd.jsp").forward(request, response); + break; + case Constant.SYSTEM_ERROR: + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher("member/info/editpwd.jsp").forward(request, response); + break; + } + } + } + /********************************************* + * 个人会员注册、修改资料 + *********************************************/ + else if(method.equals("PREG")){//个人会员详细资料 + String username = Filter.escapeHTMLTags(request.getParameter("username").trim()); + String password = Filter.escapeHTMLTags(request.getParameter("password").trim()); + String type = "person"; + String realname = Filter.escapeHTMLTags(request.getParameter("realname").trim()); + String sex = Filter.escapeHTMLTags(request.getParameter("sex").trim()); + String sheng = Filter.escapeHTMLTags(request.getParameter("sheng").trim()); + String city = Filter.escapeHTMLTags(request.getParameter("city").trim()); + String bir = Filter.escapeHTMLTags(request.getParameter("bir").trim()); + String telphone = Filter.escapeHTMLTags(request.getParameter("telphone").trim()); + String email = Filter.escapeHTMLTags(request.getParameter("email").trim()); + String question = Filter.escapeHTMLTags(request.getParameter("question").trim()); + String answer = Filter.escapeHTMLTags(request.getParameter("answer").trim()); + String address = Filter.escapeHTMLTags(request.getParameter("address").trim()); + String lastip = request.getRemoteAddr(); + int off = 1; + int flag = memberBean.personReg(username, password, type, realname, sex, bir,sheng,city, telphone, email, question, answer, lastip, off,address); + if(flag == Constant.SUCCESS){ + List siteList = new SystemBean().getSiteInfo(); + String sitename = siteList.get(0).toString(); + request.setAttribute("message", "注册成功!恭喜您成为"+sitename+"的注册会员!"); + request.getRequestDispatcher("login.jsp").forward(request, response); + + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher("personreg.jsp").forward(request, response); + } + } + else if(method.equals("UPREGINFO")){//个人会员修改资料 + String member=(String)session.getAttribute("member"); + String type=(String)session.getAttribute("type"); + if(member==null||type==null){ + response.sendRedirect("error.jsp"); + } + else{ + String realname = Filter.escapeHTMLTags(request.getParameter("realname").trim()); + String sex = Filter.escapeHTMLTags(request.getParameter("sex").trim()); + String sheng = Filter.escapeHTMLTags(request.getParameter("sheng").trim()); + String city = Filter.escapeHTMLTags(request.getParameter("city").trim()); + String bir = Filter.escapeHTMLTags(request.getParameter("bir").trim()); + String telphone = Filter.escapeHTMLTags(request.getParameter("telphone").trim()); + String email = Filter.escapeHTMLTags(request.getParameter("email").trim()); + String question = Filter.escapeHTMLTags(request.getParameter("question").trim()); + String answer = Filter.escapeHTMLTags(request.getParameter("answer").trim()); + String address = Filter.escapeHTMLTags(request.getParameter("address").trim()); + int flag = memberBean.uppersonReg(member, realname, sex, bir, sheng, city, telphone, email, question, answer,address); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "操作成功!"); + request.getRequestDispatcher("member/info/info.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher("member/info/info.jsp").forward(request, response); + } + } + } + + else if(method.equals("lostpwd")){ + String username=request.getParameter("username"); + String question=request.getParameter("question"); + String answer=request.getParameter("answer"); + String reg_type=request.getParameter("reg_type"); + String info=memberBean.returnPwd(username, question, answer, reg_type); + if(info.trim().equals("error")){ + request.setAttribute("message", "信息错误!"); + request.getRequestDispatcher("login.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "您的新密码为"+info+",请登录后修改!"); + request.getRequestDispatcher("login.jsp").forward(request, response); + } + } + else{ + request.getRequestDispatcher("index.jsp").forward(request, response); + } + } + + /** + * Initialization of the servlet.
+ * + * @throws ServletException if an error occure + */ + public void init() throws ServletException { + // Put your code here + } + +} diff --git a/com/action/MemberManageAction.java b/com/action/MemberManageAction.java new file mode 100644 index 0000000..344fc51 --- /dev/null +++ b/com/action/MemberManageAction.java @@ -0,0 +1,178 @@ +package com.action; + +/** + * + * 网站后台管理注册会员 查询 冻结 删除会员 + */ + + +import java.io.IOException; +import java.util.List; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import com.bean.MemberManageBean; +import com.bean.SystemBean; +import com.util.Constant; +import com.util.Filter; +public class MemberManageAction extends HttpServlet { + + /** + * Constructor of the object. + */ + public MemberManageAction() { + super(); + } + + /** + * Destruction of the servlet.
+ */ + public void destroy() { + super.destroy(); // Just puts "destroy" string in log + // Put your code here + } + + /** + * The doGet method of the servlet.
+ * + * This method is called when a form has its tag value method equals to get. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + doPost(request,response); + } + + /** + * The doPost method of the servlet.
+ * + * This method is called when a form has its tag value method equals to post. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + response.setContentType(Constant.CONTENTTYPE); + request.setCharacterEncoding(Constant.CHARACTERENCODING); + String sysdir = new SystemBean().getDir(); + HttpSession session = request.getSession(); + try{ + String username2 = (String)session.getAttribute("user"); + if(username2 == null){ + request.getRequestDispatcher("error.jsp").forward(request, response); + } + else{ + String method = Filter.escapeHTMLTags(request.getParameter("method").trim()); + MemberManageBean mmBean = new MemberManageBean(); + if(method.equals("DELMEMBER")||method.equals("DELCO")||method.equals("DELTODAY") + ||method.equals("DELALLCLOSE")||method.equals("DELALLUSE")){//删除来自后台各个页面的会员 + String check[] = request.getParameterValues("checkit"); + if(check == null){ + if(method.equals("DELMEMBER")){//来自所有个人会员页面 + request.setAttribute("message", "请选择要删除的记录!"); + request.getRequestDispatcher(sysdir+"/member/person.jsp").forward(request, response); + } + else if(method.equals("DELCO")){//来自所有企业会员页面 + request.setAttribute("message", "请选择要删除的记录!"); + request.getRequestDispatcher(sysdir+"/member/co.jsp").forward(request, response); + } + else if(method.equals("DELTODAY")){//来自今日注册会员页面 + request.setAttribute("message", "请选择要删除的记录!"); + request.getRequestDispatcher(sysdir+"/member/today.jsp").forward(request, response); + } + else if(method.equals("DELALLCLOSE")){//来自所有冻结会员页面 + request.setAttribute("message", "请选择要删除的记录!"); + request.getRequestDispatcher(sysdir+"/member/close.jsp").forward(request, response); + } + else if(method.equals("DELALLUSE")){//来自所有在用会员页面 + request.setAttribute("message", "请选择要删除的记录!"); + request.getRequestDispatcher(sysdir+"/member/using.jsp").forward(request, response); + } + } + else{ + int id[]= new int[check.length]; + for(int i = 0;i + * + * @throws ServletException if an error occure + */ + public void init() throws ServletException { + // Put your code here + } + +} diff --git a/com/action/NewsAction.java b/com/action/NewsAction.java new file mode 100644 index 0000000..364d5b7 --- /dev/null +++ b/com/action/NewsAction.java @@ -0,0 +1,269 @@ +package com.action; + +/** + * 新闻管理-上传缩略图 + * + */ +import java.io.IOException; +import java.text.SimpleDateFormat; +import java.util.Calendar; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import com.bean.NewsBean; +import com.bean.SystemBean; +import com.bean.HzpBean; +import com.util.Constant; +import com.util.Filter; +import com.util.SmartFile; +import com.util.SmartUpload; + +public class NewsAction extends HttpServlet { + + private ServletConfig config; + /** + * Constructor of the object. + */ + public NewsAction() { + super(); + } + + final public void init(ServletConfig config) throws ServletException + { + this.config = config; + } + + final public ServletConfig getServletConfig() + { + return config; + } + /** + * Destruction of the servlet.
+ */ + public void destroy() { + super.destroy(); // Just puts "destroy" string in log + // Put your code here + } + + /** + * The doGet method of the servlet.
+ * + * This method is called when a form has its tag value method equals to get. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + doPost(request,response); + } + + /** + * The doPost method of the servlet.
+ * + * This method is called when a form has its tag value method equals to post. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + request.setCharacterEncoding(Constant.CHARACTERENCODING); + response.setContentType(Constant.CONTENTTYPE); + String sysdir = new SystemBean().getDir(); + HttpSession session = request.getSession(); + String date=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(Calendar.getInstance().getTime()); + try{ + String username2 = (String)session.getAttribute("user"); + if(username2 == null){ + request.getRequestDispatcher("error.jsp").forward(request, response); + } + else{ + String method = null; + NewsBean newsBean = new NewsBean(); + HzpBean tb=new HzpBean(); + SmartUpload mySmartUpload = new SmartUpload();//init + int count = 0; + try{ + mySmartUpload.initialize(config,request,response); + mySmartUpload.upload(); + method = mySmartUpload.getRequest().getParameter("method").trim(); + if(method.equals("ADDNEWS")){//增加新闻 + String title = Filter.escapeHTMLTags(mySmartUpload.getRequest().getParameter("title").trim()); + String ifhide = Filter.escapeHTMLTags(mySmartUpload.getRequest().getParameter("ifhide").trim()); + String content = mySmartUpload.getRequest().getParameter("infoContent"); + if(content.length()>8000){ + request.setAttribute("message", "对不起,新闻内容不能超过8000个字符!"); + request.setAttribute("method", method); + request.getRequestDispatcher(sysdir+"/news/edit.jsp").forward(request, response); + } + else{ + SmartFile file = mySmartUpload.getFiles().getFile(0); + String fileExt=file.getFileExt(); + String path="/upload_file/news"; + count = mySmartUpload.save(path); + if(file.getFilePathName().trim().equals("")){//如果无缩略图 + int flag = newsBean.addNews(title, "无",content, username2, ifhide); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "增加新闻成功!"); + request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response); + } + } + else{ + int flag = newsBean.addNews(title, path+"/"+file.getFileName(),content, username2, ifhide); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "增加新闻成功!"); + request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response); + } + } + } + } + else if(method.equals("editnews")){//修改新闻 + String id = Filter.escapeHTMLTags(mySmartUpload.getRequest().getParameter("id").trim()); + String title = Filter.escapeHTMLTags(mySmartUpload.getRequest().getParameter("title").trim()); + String ifhide = Filter.escapeHTMLTags(mySmartUpload.getRequest().getParameter("ifhide").trim()); + String content = mySmartUpload.getRequest().getParameter("infoContent"); + SmartFile file = mySmartUpload.getFiles().getFile(0); + String fileExt=file.getFileExt(); + String path="/upload_file/news"; + count = mySmartUpload.save(path); + if(file.getFilePathName().trim().equals("")){//如果不修改缩略图 + int flag = newsBean.updateNews(Integer.parseInt(id), title, content, username2, ifhide); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "修改新闻成功!"); + request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response); + } + } + else{//如果修改缩略图 + int flag = newsBean.updateNewsWithPic(Integer.parseInt(id), title, path+"/"+file.getFileName(), content, username2, ifhide); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "修改新闻成功!"); + request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response); + } + } + } + ////////////////////////////////////////////////////////////////////////////宾馆 + else if(method.equals("addlvyou")){//增加 + /** + * String title = ""; + String dz=""; + String yb=""; + String dh=""; + String jd=""; + String content=""; + */ + String title = mySmartUpload.getRequest().getParameter("title"); + String dz = mySmartUpload.getRequest().getParameter("dz"); + String yb = mySmartUpload.getRequest().getParameter("yb"); + String dh = mySmartUpload.getRequest().getParameter("dh"); + String jd = mySmartUpload.getRequest().getParameter("jd"); + String content = mySmartUpload.getRequest().getParameter("infoContent"); + String flag11 = mySmartUpload.getRequest().getParameter("flag"); + if(content.length()>8000){ + request.setAttribute("message", "对不起,内容不能超过8000个字符!"); + request.setAttribute("method", method); + request.getRequestDispatcher(sysdir+"/hzp/add.jsp").forward(request, response); + } + else{ + SmartFile file = mySmartUpload.getFiles().getFile(0); + String fileExt=file.getFileExt(); + String path="/upload_file/sale"; + count = mySmartUpload.save(path); + String sql="insert into sale(title,url,dz,yb,dh,jd,content,addtime) " + + "values('"+title+"','"+path+"/"+file.getFileName()+"','"+dz+"','"+yb+"','"+dh+"','"+jd+"','"+content+"','"+date+"')"; + int flag = new NewsBean().exeUp(sql); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "操作成功!"); + request.getRequestDispatcher(sysdir+"/hzp/index.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher(sysdir+"/hzp/index.jsp").forward(request, response); + } + } + } + //update + else if(method.equals("uplvyou")){ + String id = mySmartUpload.getRequest().getParameter("id"); + String title = mySmartUpload.getRequest().getParameter("title"); + String dz = mySmartUpload.getRequest().getParameter("dz"); + String yb = mySmartUpload.getRequest().getParameter("yb"); + String dh = mySmartUpload.getRequest().getParameter("dh"); + String jd = mySmartUpload.getRequest().getParameter("jd"); + String content = mySmartUpload.getRequest().getParameter("infoContent"); + String flag11 = mySmartUpload.getRequest().getParameter("flag"); + if(content.length()>8000){ + request.setAttribute("message", "对不起,内容不能超过8000个字符!"); + request.setAttribute("method", method); + request.getRequestDispatcher(sysdir+"/hzp/add.jsp").forward(request, response); + } + else{ + SmartFile file = mySmartUpload.getFiles().getFile(0); + String fileExt=file.getFileExt(); + String path="/upload_file/sale"; + count = mySmartUpload.save(path); + String sql="update sale set title='"+title+"',url='"+path+"/"+file.getFileName()+"',dz='"+dz+"'," + + "yb='"+yb+"',dh='"+dh+"',jd='"+jd+"',content='"+content+"' where id='"+id+"'"; + int flag = new NewsBean().exeUp(sql); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "操作成功!"); + request.getRequestDispatcher(sysdir+"/hzp/index.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher(sysdir+"/hzp/index.jsp").forward(request, response); + } + } + } + + else{ + request.getRequestDispatcher("error.jsp").forward(request, response); + } + }catch(Exception ex){ + ex.printStackTrace(); + //request.getRequestDispatcher("error.jsp").forward(request, response); + } + } + }catch(Exception e){ + e.printStackTrace(); + request.getRequestDispatcher("error.jsp").forward(request, response); + } + } + + /** + * Initialization of the servlet.
+ * + * @throws ServletException if an error occure + */ + public void init() throws ServletException { + // Put your code here + } + +} diff --git a/com/action/NewsServlet.java b/com/action/NewsServlet.java new file mode 100644 index 0000000..766051d --- /dev/null +++ b/com/action/NewsServlet.java @@ -0,0 +1,268 @@ +package com.action; + +import java.io.IOException; +import java.io.PrintWriter; +import java.text.SimpleDateFormat; +import java.util.Calendar; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import com.bean.NewsBean; +import com.bean.SystemBean; +import com.util.Constant; +import com.util.Filter; + +public class NewsServlet extends HttpServlet { + + /** + * Constructor of the object. + */ + public NewsServlet() { + super(); + } + + /** + * Destruction of the servlet.
+ */ + public void destroy() { + super.destroy(); // Just puts "destroy" string in log + // Put your code here + } + + /** + * The doGet method of the servlet.
+ * + * This method is called when a form has its tag value method equals to get. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + doPost(request,response); + } + + /** + * The doPost method of the servlet.
+ * + * This method is called when a form has its tag value method equals to post. + * + * @param request the request send by the client to the server + * @param response the response send by the server to the client + * @throws ServletException if an error occurred + * @throws IOException if an error occurred + */ + public void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + response.setContentType(Constant.CONTENTTYPE); + request.setCharacterEncoding(Constant.CHARACTERENCODING); + String sysdir = new SystemBean().getDir(); + HttpSession session = request.getSession(); + String date=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(Calendar.getInstance().getTime()); + try{ + String username2 = (String)session.getAttribute("user"); + + String method = request.getParameter("method").trim(); + if(method.equals("addNews")){ + String title = request.getParameter("title"); + String fenlei = request.getParameter("fenlei"); + String infoContent = request.getParameter("infoContent"); + int flag = new NewsBean().exeUp("insert into news(title,fenlei,content,addtime,adder,visit) " + + "values('"+title+"','"+fenlei+"','"+infoContent+"','"+date+"','"+username2+"','0')"); + if(flag == Constant.SUCCESS){ + request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response); + } + } + else if(method.equals("upNews")){ + String id = request.getParameter("id"); + String title = request.getParameter("title"); + String fenlei = request.getParameter("fenlei"); + String infoContent = request.getParameter("infoContent"); + int flag = new NewsBean().exeUp("update news set title='"+title+"',fenlei='"+fenlei+"',content='"+infoContent+"' where id='"+id+"'"); + if(flag == Constant.SUCCESS){ + request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response); + } + } + else if(method.equals("delNews")){ + String id = request.getParameter("id"); + int flag = new NewsBean().exeUp("delete from news where id='"+id+"'"); + if(flag == Constant.SUCCESS){ + request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher(sysdir+"/news/index.jsp").forward(request, response); + } + } + else if(method.equals("addPrep")){ + String member=(String)session.getAttribute("member"); + String sid = request.getParameter("sid"); + String title = request.getParameter("title"); + String rs = request.getParameter("rs"); + String sj = request.getParameter("sj"); + String ts = request.getParameter("ts"); + String lxr = request.getParameter("lxr"); + String lxfs = request.getParameter("lxfs"); + int flag = new NewsBean().exeUp("insert into prep(title,rs,sj,ts,lxr,lxfs,addtime,member,zt,ddid) " + + "values('"+title+"','"+rs+"','"+sj+"','"+ts+"','"+lxr+"','"+lxfs+"','"+date+"','"+member+"','未提交','0')"); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "预订成功,稍后本站客服人员会与您取得联系。您可以在会员中心查看您的预订记录!"); + request.getRequestDispatcher("index.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher("index.jsp").forward(request, response); + } + } + else if(method.equals("upPrep")){ + String member=(String)session.getAttribute("member"); + String id = request.getParameter("id"); + String rs = request.getParameter("rs"); + String sj = request.getParameter("sj"); + String ts = request.getParameter("ts"); + String lxr = request.getParameter("lxr"); + String lxfs = request.getParameter("lxfs"); + int flag = new NewsBean().exeUp("update prep set rs='"+rs+"',sj='"+sj+"',ts='"+ts+"',lxr='"+lxr+"'," + + "lxfs='"+lxfs+"' where id='"+id+"'"); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "操作成功!"); + request.getRequestDispatcher("member/prep/index.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher("member/prep/index.jsp").forward(request, response); + } + } + else if(method.equals("delPrep")){ + String member=(String)session.getAttribute("member"); + String id = request.getParameter("id"); + int flag = new NewsBean().exeUp("delete from prep where id='"+id+"'"); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "操作成功!"); + request.getRequestDispatcher("member/prep/index.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher("member/prep/index.jsp").forward(request, response); + } + } + + + else if(method.equals("addDD")){ + String member=(String)session.getAttribute("member"); + String fkfs = request.getParameter("fkfs"); + String ddid=String.valueOf(System.currentTimeMillis()); + String sql="update prep set zt='已提交',ddid='"+ddid+"' where member='"+member+"' and ddid='0'"; + //System.out.println(sql); + NewsBean nb=new NewsBean();nb.exeUp(sql); + int flag = nb.exeUp("insert into dd(ddid,member,zt,fkfs,addtime) values('"+ddid+"','"+member+"','未发货','"+fkfs+"','"+date+"')"); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "操作成功!"); + request.getRequestDispatcher("member/prep/index.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher("member/prep/index.jsp").forward(request, response); + } + } + + else if(method.equals("fDD")){ + String ddid = request.getParameter("ddid"); + NewsBean nb=new NewsBean(); + int flag = nb.exeUp("update dd set zt='已发货' where ddid='"+ddid+"'"); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "操作成功!"); + request.getRequestDispatcher("admin/prep/prep.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher("admin/prep/prep.jsp").forward(request, response); + } + } + else if(method.equals("dDD")){ + String ddid = request.getParameter("ddid"); + NewsBean nb=new NewsBean(); + int flag = nb.exeUp("delete from dd where ddid='"+ddid+"'"); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "操作成功!"); + request.getRequestDispatcher("admin/prep/prep.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher("admin/prep/prep.jsp").forward(request, response); + } + } + else if(method.equals("dDD2")){ + String ddid = request.getParameter("ddid"); + NewsBean nb=new NewsBean(); + int flag = nb.exeUp("delete from dd where ddid='"+ddid+"'"); + if(flag == Constant.SUCCESS){ + request.setAttribute("message", "操作成功!"); + request.getRequestDispatcher("admin/prep/fh.jsp").forward(request, response); + } + else{ + request.setAttribute("message", "系统维护中,请稍后再试!"); + request.getRequestDispatcher("admin/prep/fh.jsp").forward(request, response); + } + } + ////////////////////////////////////////////////////////////////////////////////查询统计 + else if(method.equals("sDDrq")){ + String year=request.getParameter("year"); + String month=request.getParameter("month"); + String day=request.getParameter("day"); + String str=year+"-"+month+"-"+day; + String sql="select * from dd where addtime like '%"+str+"%' "; + request.setAttribute("sql", sql); + request.getRequestDispatcher("admin/prep/s1.jsp").forward(request, response); + } + else if(method.equals("sDDid")){ + String ddid=request.getParameter("ddid"); + request.setAttribute("ddid", ddid); + request.getRequestDispatcher("admin/prep/s2.jsp").forward(request, response); + } + else if(method.equals("sYye")){ + String year=request.getParameter("year"); + String month=request.getParameter("month"); + String day=request.getParameter("day"); + + String year2=request.getParameter("year2"); + String month2=request.getParameter("month2"); + String day2=request.getParameter("day2"); + String str=year+"-"+month+"-"+day+" "+"00:00:00"; + String str2=year2+"-"+month2+"-"+day2+" "+"23:59:59"; + String sql="select sale.dz,prep.* from sale,prep where prep.title=sale.title and prep.addtime>'"+str+"' and prep.addtime<'"+str2+"' order by prep.id desc"; + //String sql="select * from prep where addtime>'"+str+"' and addtime<'"+str2+"' "; + request.setAttribute("sql", sql); + request.getRequestDispatcher("admin/prep/s3.jsp").forward(request, response); + } + }catch(Exception e){ + e.printStackTrace(); + } + } + + /** + * Initialization of the servlet.
+ * + * @throws ServletException if an error occure + */ + public void init() throws ServletException { + // Put your code here + } + +} diff --git a/com/bean/AdminBean.java b/com/bean/AdminBean.java new file mode 100644 index 0000000..ae25288 --- /dev/null +++ b/com/bean/AdminBean.java @@ -0,0 +1,284 @@ +package com.bean; + +/** + * + * 管理员登陆 修改密码 登陆记录查询 通用类文件 + * + */ + +import java.sql.ResultSet; +import java.sql.SQLException; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Calendar; +import java.util.List; + +import com.util.Constant; +import com.util.DBO; + +public class AdminBean { + + private List list; + private ResultSet rs = null; + private int EVERYPAGENUM = 2; + private int count = -1; + private int qq = 0; + private String sql="select count(*) from adminlog"; + private String sql2="select * from adminlog order by id desc "; + //声明时间变量 + String date=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(Calendar.getInstance().getTime()); + + //分页查询登陆日志 + public void setEVERYPAGENUM(int EVERYPAGENUM){ + this.EVERYPAGENUM=EVERYPAGENUM; + } + public int getMessageCount() { //得到信息总数 + DBO dbo=new DBO(); + dbo.open(); + try { + rs = dbo.executeQuery(sql); + rs.next(); + count = rs.getInt(1); + return count; + } catch (SQLException ex) { + ex.printStackTrace(); + return -1; + } finally { + dbo.close(); + } + } + public int getPageCount() { //得到共多少页(根据每页要显示几条信息) + if (count % EVERYPAGENUM == 0) { + return count / EVERYPAGENUM; + } else { + return count / EVERYPAGENUM + 1; + } + } + public List getMessage(int page) { //得到每页要显示的信息 + DBO dbo=new DBO(); + dbo.open(); + List list = new ArrayList(); + try { + rs = dbo.executeQuery(sql2); + for (int i = 0; i < (page - 1) * EVERYPAGENUM; i++) { + rs.next(); + } + for (int t = 0; t < EVERYPAGENUM; t++) { + if (rs.next()) { + qq++; + List list2=new ArrayList(); + list2.add(rs.getInt("id")); + list2.add(rs.getString("username")); + list2.add(rs.getString("password")); + list2.add(rs.getString("logintime")); + list2.add(rs.getString("loginip")); + list2.add(rs.getString("useros")); + list2.add(rs.getString("ok")); + list.add(list2); + } else { + break; //减少空循环的时间 + } + } + return list; + } catch (SQLException ex) { + ex.printStackTrace(); + return null; + } finally { + dbo.close(); + } + } + //管理员登录 更新登录次数 写登录日志 + public int adminLogin(String username,String md5password,String password,String useros,String loginip){ + String sql = "select * from admin where username = '"+username+"' and isuse='1'"; + String sql2 = "insert into adminlog(username,password,logintime,loginip,useros,ok) values('"+username+"','"+md5password+"','"+date+"','"+loginip+"','"+useros+"','true')"; + String sql3 = "insert into adminlog(username,password,logintime,loginip,useros,ok) values('"+username+"','"+password+"','"+date+"','"+loginip+"','"+useros+"','false')"; + String sql4 = "update admin set logintimes = logintimes+1 where username = '"+username+"' "; + DBO dbo = new DBO(); + String pwd; + dbo.open(); + try{ + rs = dbo.executeQuery(sql); + if(rs.next()){ + pwd = rs.getString("password"); + if(pwd.trim().equals(md5password)){ + dbo.executeUpdate(sql2); + dbo.executeUpdate(sql4); + return Constant.SUCCESS; + } + else{ + dbo.executeUpdate(sql3); + return Constant.PASSWORD_ERROR; + } + } + else{ + dbo.executeUpdate(sql3); + return Constant.NAME_ERROR; + } + }catch(Exception e){ + e.printStackTrace(); + return Constant.SYSTEM_ERROR; + }finally{ + dbo.close(); + } + } + + //查询管理员信息 + public List getAdminInfo(String username){ + String sql = "select * from admin where username='"+username+"' "; + DBO dbo = new DBO(); + dbo.open(); + list = new ArrayList(); + try{ + rs = dbo.executeQuery(sql); + rs.next(); + list.add(rs.getString("username")); + list.add(rs.getInt("flag")); + list.add(rs.getInt("logintimes")); + list.add(date); + list.add(rs.getString("quanxian")); + return list; + }catch(Exception e){ + e.printStackTrace(); + return list; + }finally{ + dbo.close(); + } + } + + //admin edit password + public int editPassword(String username,String oldpwd,String newpwd){ + String sql="select * from admin where username = '"+username+"' and password = '"+oldpwd+"'"; + String sql2="update admin set password = '"+newpwd+"' where username = '"+username+"'"; + DBO dbo = new DBO(); + dbo.open(); + try{ + rs = dbo.executeQuery(sql); + if(rs.next()){ + int i = dbo.executeUpdate(sql2); + if(i == 1){ + return Constant.SUCCESS; + } + else{ + return Constant.SYSTEM_ERROR; + } + } + else{ + return Constant.PASSWORD_ERROR; + } + }catch(Exception e){ + e.printStackTrace(); + return Constant.SYSTEM_ERROR; + }finally{ + dbo.close(); + } + } + + //add manager + public int addManager(String username,String password,String type,String isuse){ + String sql = "insert into admin(username,password,creattime,flag,isuse,logintimes,quanxian) values('"+username+"','"+password+"','"+date+"','"+type+"','"+isuse+"','0','111')"; + String sql2 = "select * from admin where username = '"+username+"'"; + DBO dbo = new DBO(); + dbo.open(); + try{ + rs = dbo.executeQuery(sql2); + if(rs.next()){ + return Constant.SAME_NAME; + } + else{ + int i = dbo.executeUpdate(sql); + if(i == 1)return Constant.SUCCESS; + else return Constant.SYSTEM_ERROR; + } + }catch(Exception e){ + e.printStackTrace(); + return Constant.SYSTEM_ERROR; + }finally{ + dbo.close(); + } + } + + //update manager + public int updateManager(String username,String password,String type,String isuse){ + String sql; + if(password.equals("")){ + sql = "update admin set flag = '"+type+"' ,isuse = '"+isuse+"' where username = '"+username+"'"; + } + else{ + sql = "update admin set password = '"+password+"' ,flag = '"+type+"' ,isuse = '"+isuse+"' where username = '"+username+"'"; + } + DBO dbo = new DBO(); + dbo.open(); + try{ + int i = dbo.executeUpdate(sql); + if(i == 1)return Constant.SUCCESS; + else return Constant.SYSTEM_ERROR; + }catch(Exception e){ + e.printStackTrace(); + return Constant.SYSTEM_ERROR; + }finally{ + dbo.close(); + } + } + + //get all manager + public List getAllManager(){ + String sql = "select * from admin where flag !='1' order by id asc"; + DBO dbo = new DBO(); + list = new ArrayList(); + dbo.open(); + try{ + rs = dbo.executeQuery(sql); + while(rs.next()){ + List list2 = new ArrayList(); + list2.add(rs.getInt(1)); + list2.add(rs.getString(2)); + list2.add(rs.getString(4)); + list2.add(rs.getInt(5)); + list2.add(rs.getInt(6)); + list2.add(rs.getInt(7)); + list.add(list2); + } + return list; + }catch(Exception e){ + e.printStackTrace(); + return list; + }finally{ + dbo.close(); + } + } + + //delete manager + public int delManager(int id){ + String sql = "delete from admin where id = '"+id+"'"; + DBO dbo = new DBO(); + dbo.open(); + try{ + int i = dbo.executeUpdate(sql); + if(i == 1)return Constant.SUCCESS; + else return Constant.SYSTEM_ERROR; + }catch(Exception e){ + e.printStackTrace(); + return Constant.SYSTEM_ERROR; + }finally{ + dbo.close(); + } + } + + //delete login note + public int delLog(int id[]){ + DBO dbo=new DBO(); + dbo.open(); + try{ + for(int i = 0;i" + + str.substring(str.indexOf("\n") + 1); + } + while (str.indexOf(" ") != -1) { + str = str.substring(0, str.indexOf(" ")) + " " + + str.substring(str.indexOf(" ") + 1); + } + return str; + } + + /////////////返回日期 当前日期传入0 一年之前传入-1 三年后传入3 + public static String getDate(int num){ + + SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd"); + Calendar c = Calendar.getInstance(); + c.add(Calendar.YEAR, num); + + return df.format(c.getTime()); + } + + /////////////数据库输出字符串的过滤 + public static String SQLStr(String str){ + + if(str != null && str.length()>1 && str.substring(0,1).equals("?")){ + str = str.substring(1); + } + + if(str == null || str.equals("") || str.equals(" ")){ + str = " "; + } + return str; + } + /////////////过滤空格 + public static String PageStr(String str){ + + if(str==null || str.trim().equals("") || str.equals(" ")||str.equals("null")){ + str = ""; + } + str = str.trim(); + return str; + } + /////////////格式化日期 + public static String formatRZ(String oldDate){ + + SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd"); + Date Date = new Date(oldDate); + return df.format(Date); + } + + ////////////汉化 + public static String toChineseAndTrim(String str){ + + if(str==null){ + str=""; + } + try{ + byte b[]=str.getBytes("iso-8859-1"); + str=new String(b); + str=str.trim(); + }catch(Exception e){ + e.printStackTrace(); + } + return str; + } +} \ No newline at end of file diff --git a/com/util/Constant.java b/com/util/Constant.java new file mode 100644 index 0000000..f283f55 --- /dev/null +++ b/com/util/Constant.java @@ -0,0 +1,18 @@ +package com.util; +/** + * 常量 + * @author Administrator + * + */ +public final class Constant { + + public final static String CONTENTTYPE="text/html;charset=gb2312"; + public final static String CHARACTERENCODING="gb2312"; + public final static int DEFAULT_ERROR=0; + public final static int SUCCESS=1; + public final static int NAME_ERROR=2; + public final static int PASSWORD_ERROR=3; + public final static int SYSTEM_ERROR=4; + public final static int SAME_NAME=5; + public final static String NONAME_ERROR="noname_error"; +} diff --git a/com/util/DBO.class b/com/util/DBO.class new file mode 100644 index 0000000..afa320d Binary files /dev/null and b/com/util/DBO.class differ diff --git a/com/util/DBO.java b/com/util/DBO.java new file mode 100644 index 0000000..e538a63 --- /dev/null +++ b/com/util/DBO.java @@ -0,0 +1,137 @@ +package com.util; + +import java.sql.*; +import java.sql.DriverManager; +import java.sql.ResultSet; +import java.sql.SQLException; + +import javax.activation.DataSource; +import java.sql.*; +import java.sql.DriverManager; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; +import javax.naming.Context; +import javax.naming.InitialContext; + +public class DBO { + + private Connection conn; + private Statement stmt; + private DataSource ds; + + public DBO() + { + } + + /** + 打开数据库 + */ + public void open() + { + try + { + Class.forName("com.mysql.jdbc.Driver"); + conn=DriverManager.getConnection("jdbc:mysql://localhost/wsdc?useUnicode=true&characterEncoding=gb2312","root","root"); + //Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver"); + //conn = DriverManager.getConnection("jdbc:microsoft:sqlserver://localhost:1433;databasename=xwfb","sa","123"); + stmt=conn.createStatement(); + System.out.println("打开数据库连接"); + } + catch (Exception ex) + { + System.err.println("打开数据库时出错: " + ex.getMessage()); + } + } + + /** + 关闭数据库,将连接返还给连接池 + */ + public void close() + { + try + { + + + // connMgr.freeConnection("java", conn); + conn.close(); + System.out.println ("释放连接"); + } + catch (SQLException ex) + { + System.err.println("返还连接池出错: " + ex.getMessage()); + } + } + + /** + 执行查询 + */ + public ResultSet executeQuery(String sql) throws SQLException + { + ResultSet rs = null; + + + rs = stmt.executeQuery(sql); + System.out.println ("执行查询"); + return rs; + } + + /** + 执行增删改 + */ + public int executeUpdate(String sql) throws SQLException + { + int ret = 0; + + + ret = stmt.executeUpdate(sql); + + System.out.println ("执行增删改"); + return ret; + } + + /** + 将SQL语句加入到批处理 + */ + public void addBatch(String sql) throws SQLException + { + stmt.addBatch(sql); + } + + /** + 执行批处理 + */ + public int [] executeBatch() throws SQLException + { + boolean isAuto=conn.getAutoCommit(); + + conn.setAutoCommit(false); + int [] updateCounts = stmt.executeBatch(); + +// conn.commit(); + +// conn.setAutoCommit(isAuto); + //conn.setAutoCommit(true); + return updateCounts; + } + public boolean getAutoCommit() throws SQLException + { + return conn.getAutoCommit(); + } + public void setAutoCommit(boolean auto) throws SQLException + { + conn.setAutoCommit(auto); + } + + public void commit() throws SQLException + { + conn.commit(); +// this.close(); + } + public void rollBack() throws SQLException + { + conn.rollback(); +// this.close(); + } + +} diff --git a/com/util/DBO.java.bak b/com/util/DBO.java.bak new file mode 100644 index 0000000..2552228 --- /dev/null +++ b/com/util/DBO.java.bak @@ -0,0 +1,137 @@ +package com.util; + +import java.sql.*; +import java.sql.DriverManager; +import java.sql.ResultSet; +import java.sql.SQLException; + +import javax.activation.DataSource; +import java.sql.*; +import java.sql.DriverManager; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; +import javax.naming.Context; +import javax.naming.InitialContext; + +public class DBO { + + private Connection conn; + private Statement stmt; + private DataSource ds; + + public DBO() + { + } + + /** + 打开数据库 + */ + public void open() + { + try + { + Class.forName("com.mysql.jdbc.Driver"); + conn=DriverManager.getConnection("jdbc:mysql://localhost/wsdc?useUnicode=true&characterEncoding=gb2312","root",""); + //Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver"); + //conn = DriverManager.getConnection("jdbc:microsoft:sqlserver://localhost:1433;databasename=xwfb","sa","123"); + stmt=conn.createStatement(); + System.out.println("打开数据库连接"); + } + catch (Exception ex) + { + System.err.println("打开数据库时出错: " + ex.getMessage()); + } + } + + /** + 关闭数据库,将连接返还给连接池 + */ + public void close() + { + try + { + + + // connMgr.freeConnection("java", conn); + conn.close(); + System.out.println ("释放连接"); + } + catch (SQLException ex) + { + System.err.println("返还连接池出错: " + ex.getMessage()); + } + } + + /** + 执行查询 + */ + public ResultSet executeQuery(String sql) throws SQLException + { + ResultSet rs = null; + + + rs = stmt.executeQuery(sql); + System.out.println ("执行查询"); + return rs; + } + + /** + 执行增删改 + */ + public int executeUpdate(String sql) throws SQLException + { + int ret = 0; + + + ret = stmt.executeUpdate(sql); + + System.out.println ("执行增删改"); + return ret; + } + + /** + 将SQL语句加入到批处理 + */ + public void addBatch(String sql) throws SQLException + { + stmt.addBatch(sql); + } + + /** + 执行批处理 + */ + public int [] executeBatch() throws SQLException + { + boolean isAuto=conn.getAutoCommit(); + + conn.setAutoCommit(false); + int [] updateCounts = stmt.executeBatch(); + +// conn.commit(); + +// conn.setAutoCommit(isAuto); + //conn.setAutoCommit(true); + return updateCounts; + } + public boolean getAutoCommit() throws SQLException + { + return conn.getAutoCommit(); + } + public void setAutoCommit(boolean auto) throws SQLException + { + conn.setAutoCommit(auto); + } + + public void commit() throws SQLException + { + conn.commit(); +// this.close(); + } + public void rollBack() throws SQLException + { + conn.rollback(); +// this.close(); + } + +} diff --git a/com/util/Filter.java b/com/util/Filter.java new file mode 100644 index 0000000..70da28a --- /dev/null +++ b/com/util/Filter.java @@ -0,0 +1,38 @@ +package com.util; +/** + * + * HTML符号过滤类 + * @author Administrator + * + */ +public final class Filter { + + public Filter(){ + + } + public static String escapeHTMLTags( String input ) { + + if( input == null || input.length() == 0 ) { + return input; + } + StringBuffer buf = new StringBuffer(); + char ch = ' '; + for( int i=0; i' ) { + buf.append( ">" ); + } + else if(ch=='&'){ + buf.append("&"); + } + else { + buf.append( ch ); + } + } + return buf.toString(); + } + +} diff --git a/com/util/Log.java b/com/util/Log.java new file mode 100644 index 0000000..34496d7 --- /dev/null +++ b/com/util/Log.java @@ -0,0 +1,35 @@ +package com.util; + +/** + * 日志 + */ +import java.io.BufferedWriter; +import java.io.File; +import java.io.FileNotFoundException; +import java.io.FileWriter; +import java.io.IOException; +import java.io.PrintWriter; + +public class Log { + + public void addLog(String str){ + try { + File file=new File("c://log.txt"); + FileWriter fw=new FileWriter(file,true); + BufferedWriter bw=new BufferedWriter(fw); + PrintWriter pw = new PrintWriter(bw); + pw.write(str); + bw.newLine();//断行 + bw.flush();//将数据更新至文件 + pw.close(); + fw.close();//关闭文件流 + } catch (FileNotFoundException e) { + System.out.println("警告:日志文件没找到!!!!"); + e.printStackTrace(); + } catch (IOException e) { + System.out.println("警告:日志文件IO错误!!!!"); + e.printStackTrace(); + } + } +} + diff --git a/com/util/MD5.java b/com/util/MD5.java new file mode 100644 index 0000000..aa9c899 --- /dev/null +++ b/com/util/MD5.java @@ -0,0 +1,35 @@ +package com.util; + +/** + *MD5密码加密类 + * + */ + +import java.security.*; +import java.security.spec.*; +public final class MD5 { + + public final static String MD5(String s){ + char hexDigits[] = { + '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', + 'e', 'f'}; + try { + byte[] strTemp = s.getBytes(); + MessageDigest mdTemp = MessageDigest.getInstance("MD5"); + mdTemp.update(strTemp); + byte[] md = mdTemp.digest(); + int j = md.length; + char str[] = new char[j * 2]; + int k = 0; + for (int i = 0; i < j; i++) { + byte byte0 = md[i]; + str[k++] = hexDigits[byte0 >>> 4 & 0xf]; + str[k++] = hexDigits[byte0 & 0xf]; + } + return new String(str); + } + catch (Exception e){ + return null; + } + } +} diff --git a/com/util/SmartFile.java b/com/util/SmartFile.java new file mode 100644 index 0000000..b0a1809 --- /dev/null +++ b/com/util/SmartFile.java @@ -0,0 +1,268 @@ +package com.util; +import java.io.ByteArrayInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.math.BigInteger; +import java.sql.ResultSet; +import java.sql.SQLException; +import javax.servlet.ServletException; + +public class SmartFile +{ + private SmartUpload m_parent; + private int m_startData; + private int m_endData; + private int m_size; + private String m_fieldname; + private String m_filename; + private String m_fileExt; + private String m_filePathName; + private String m_contentType; + private String m_contentDisp; + private String m_typeMime; + private String m_subTypeMime; + //private String m_contentString; + private boolean m_isMissing; + public static final int SAVEAS_AUTO = 0; + public static final int SAVEAS_VIRTUAL = 1; + public static final int SAVEAS_PHYSICAL = 2; + + SmartFile() + { + m_startData = 0; + m_endData = 0; + m_size = 0; + m_fieldname = "";//new String(""); + m_filename = "";//new String(); + m_fileExt = "";//new String(); + m_filePathName = "";//new String(""); + m_contentType = "";//new String(); + m_contentDisp = "";//new String(); + m_typeMime = "";//new String(); + m_subTypeMime = "";//new String(); + //m_contentString = "";//new String(); + m_isMissing = true; + } + + public void saveAs(String s) throws IOException,SmartUploadException + { + saveAs(s,0); + } + + public void saveAs(String s,int i) throws IOException,SmartUploadException + { + //Method invokes dubious new String() constructor; just use "" + //Creating a new java.lang.String object using the no-argument constructor wastes memory because the object so created will be functionally indistinguishable from the empty string constant "".\u00A0 Java guarantees that identical string constants will be represented by the same String object.\u00A0 Therefore, you should just use the empty string constant directly. + //String s1 = new String(); + String s1 = ""; + s1 = m_parent.getPhysicalPath(s,i); + if(s1 == null) + { + throw new IllegalArgumentException("There is no specified destination file (1140)."); + } + try + { + java.io.File file = new java.io.File(s1); + FileOutputStream fileoutputstream = new FileOutputStream(file); + fileoutputstream.write(m_parent.m_binArray,m_startData,m_size); + fileoutputstream.close(); + } + catch(IOException ioexception) + { + throw new SmartUploadException("File can't be saved (1120)."); + } + } + + public void fileToField(ResultSet resultset,String s) throws ServletException,IOException,SmartUploadException,SQLException + { + long l = 0L; + int i = 0x10000; + int j = 0; + int k = m_startData; + if(resultset == null) + { + throw new IllegalArgumentException("The RecordSet cannot be null (1145)."); + } + if(s == null) + { + throw new IllegalArgumentException("The columnName cannot be null (1150)."); + } + if(s.length() == 0) + { + throw new IllegalArgumentException("The columnName cannot be empty (1155)."); + } + l = BigInteger.valueOf(m_size).divide(BigInteger.valueOf(i)).longValue(); + j = BigInteger.valueOf(m_size).mod(BigInteger.valueOf(i)).intValue(); + try + { + for(int i1 = 1;(long)i1 < l;i1++) + { + resultset.updateBinaryStream(s,new ByteArrayInputStream(m_parent.m_binArray,k,i),i); + k = k != 0 ? k : 1; + k = i1 * i + m_startData; + } + + if(j > 0) + { + resultset.updateBinaryStream(s,new ByteArrayInputStream(m_parent.m_binArray,k,j),j); + } + } + catch(SQLException sqlexception) + { + byte abyte0[] = new byte[m_size]; + System.arraycopy(m_parent.m_binArray,m_startData,abyte0,0,m_size); + resultset.updateBytes(s,abyte0); + } + catch(Exception exception) + { + throw new SmartUploadException("Unable to save file in the DataBase (1130)."); + } + } + + public boolean isMissing() + { + return m_isMissing; + } + + public String getFieldName() + { + return m_fieldname; + } + + public String getFileName() + { + return m_filename; + } + + public String getFilePathName() + { + return m_filePathName; + } + + public String getFileExt() + { + return m_fileExt; + } + + public String getContentType() + { + return m_contentType; + } + + public String getContentDisp() + { + return m_contentDisp; + } + + public String getContentString() + { + String s = new String(m_parent.m_binArray,m_startData,m_size); + return s; + } + + public String getTypeMIME() throws IOException + { + return m_typeMime; + } + + public String getSubTypeMIME() + { + return m_subTypeMime; + } + + public int getSize() + { + return m_size; + } + + protected int getStartData() + { + return m_startData; + } + + protected int getEndData() + { + return m_endData; + } + + protected void setParent(SmartUpload smartupload) + { + m_parent = smartupload; + } + + protected void setStartData(int i) + { + m_startData = i; + } + + protected void setEndData(int i) + { + m_endData = i; + } + + protected void setSize(int i) + { + m_size = i; + } + + protected void setIsMissing(boolean flag) + { + m_isMissing = flag; + } + + protected void setFieldName(String s) + { + m_fieldname = s; + } + + protected void setFileName(String s) + { + m_filename = s; + } + + protected void setFilePathName(String s) + { + m_filePathName = s; + } + + protected void setFileExt(String s) + { + m_fileExt = s; + } + + protected void setContentType(String s) + { + m_contentType = s; + } + + protected void setContentDisp(String s) + { + m_contentDisp = s; + } + + protected void setTypeMIME(String s) + { + m_typeMime = s; + } + + protected void setSubTypeMIME(String s) + { + m_subTypeMime = s; + } + + public byte getBinaryData(int i) + { + if(m_startData + i > m_endData) + { + throw new ArrayIndexOutOfBoundsException("Index Out of range (1115)."); + } + if(m_startData + i <= m_endData) + { + return m_parent.m_binArray[m_startData + i]; + } + else + { + return 0; + } + } +} diff --git a/com/util/SmartFiles.java b/com/util/SmartFiles.java new file mode 100644 index 0000000..a7422f2 --- /dev/null +++ b/com/util/SmartFiles.java @@ -0,0 +1,74 @@ +package com.util; +import java.io.IOException; +import java.util.Collection; +import java.util.Enumeration; +import java.util.Hashtable; + +public class SmartFiles +{ + //private SmartUpload m_parent; + private Hashtable m_files; + private int m_counter; + + SmartFiles() + { + m_files = new Hashtable(); + m_counter = 0; + } + + protected void addFile(SmartFile file) + { + if(file == null) + { + throw new IllegalArgumentException("newFile cannot be null."); + } + else + { + m_files.put(new Integer(m_counter),file); + m_counter++; + return; + } + } + + public SmartFile getFile(int i) + { + if(i < 0) + { + throw new IllegalArgumentException("File's index cannot be a negative value (1210)."); + } + SmartFile file = (SmartFile)m_files.get(new Integer(i)); + if(file == null) + { + throw new IllegalArgumentException("Files' name is invalid or does not exist (1205)."); + } + else + { + return file; + } + } + + public int getCount() + { + return m_counter; + } + + public long getSize() throws IOException + { + long l = 0L; + for(int i = 0;i < m_counter;i++) + { + l += getFile(i).getSize(); + } + return l; + } + + public Collection getCollection() + { + return m_files.values(); + } + + public Enumeration getEnumeration() + { + return m_files.elements(); + } +} diff --git a/com/util/SmartRequest.java b/com/util/SmartRequest.java new file mode 100644 index 0000000..8e13c21 --- /dev/null +++ b/com/util/SmartRequest.java @@ -0,0 +1,76 @@ +package com.util; +import java.util.Enumeration; +import java.util.Hashtable; + +public class SmartRequest +{ + private Hashtable m_parameters; + private int m_counter; + + SmartRequest() + { + m_parameters = new Hashtable(); + m_counter = 0; + } + + protected void putParameter(String s,String s1) + { + if(s == null) + { + throw new IllegalArgumentException("The name of an element cannot be null."); + } + if(m_parameters.containsKey(s)) + { + Hashtable hashtable = (Hashtable)m_parameters.get(s); + hashtable.put(new Integer(hashtable.size()),s1); + } + else + { + Hashtable hashtable1 = new Hashtable(); + hashtable1.put(new Integer(0),s1); + m_parameters.put(s,hashtable1); + m_counter++; + } + } + + public String getParameter(String s) + { + if(s == null) + { + throw new IllegalArgumentException("Form's name is invalid or does not exist (1305)."); + } + Hashtable hashtable = (Hashtable)m_parameters.get(s); + if(hashtable == null) + { + return null; + } + else + { + return(String)hashtable.get(new Integer(0)); + } + } + + public Enumeration getParameterNames() + { + return m_parameters.keys(); + } + + public String[] getParameterValues(String s) + { + if(s == null) + { + throw new IllegalArgumentException("Form's name is invalid or does not exist (1305)."); + } + Hashtable hashtable = (Hashtable)m_parameters.get(s); + if(hashtable == null) + { + return null; + } + String as[] = new String[hashtable.size()]; + for(int i = 0;i < hashtable.size();i++) + { + as[i] = (String)hashtable.get(new Integer(i)); + } + return as; + } +} diff --git a/com/util/SmartUpload.java b/com/util/SmartUpload.java new file mode 100644 index 0000000..b753ae4 --- /dev/null +++ b/com/util/SmartUpload.java @@ -0,0 +1,910 @@ +package com.util; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.util.Vector; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.servlet.jsp.JspWriter; +import javax.servlet.jsp.PageContext; + +public class SmartUpload +{ + protected byte m_binArray[]; + protected HttpServletRequest m_request; + protected HttpServletResponse m_response; + protected ServletContext m_application; + private int m_totalBytes; + private int m_currentIndex; + private int m_startData; + private int m_endData; + private String m_boundary; + private long m_totalMaxFileSize; + private long m_maxFileSize; + private Vector m_deniedFilesList; + private Vector m_allowedFilesList; + private boolean m_denyPhysicalPath; + + //private boolean m_forcePhysicalPath; + private String m_contentDisposition; + public static final int SAVE_AUTO = 0; + public static final int SAVE_VIRTUAL = 1; + public static final int SAVE_PHYSICAL = 2; + private SmartFiles m_files; + private SmartRequest m_formRequest; + + public SmartUpload() + { + m_totalBytes = 0; + m_currentIndex = 0; + m_startData = 0; + m_endData = 0; + m_boundary = ""; //new String(); + m_totalMaxFileSize = 0L; + m_maxFileSize = 0L; + m_deniedFilesList = new Vector(); + m_allowedFilesList = new Vector(); + m_denyPhysicalPath = false; + //m_forcePhysicalPath = false; + m_contentDisposition = ""; //new String(); + m_files = new SmartFiles(); + m_formRequest = new SmartRequest(); + } + + /** + * @deprecated Method init is deprecated + */ + public final void init(ServletConfig servletconfig) throws ServletException + { + m_application = servletconfig.getServletContext(); + } + + /** + * @deprecated Method service is deprecated + */ + public void service(HttpServletRequest httpservletrequest,HttpServletResponse httpservletresponse) throws ServletException,IOException + { + m_request = httpservletrequest; + m_response = httpservletresponse; + } + + public final void initialize(ServletConfig servletconfig,HttpServletRequest httpservletrequest,HttpServletResponse httpservletresponse) throws ServletException + { + m_application = servletconfig.getServletContext(); + m_request = httpservletrequest; + m_response = httpservletresponse; + } + + public final void initialize(PageContext pagecontext) throws ServletException + { + m_application = pagecontext.getServletContext(); + m_request = (HttpServletRequest)pagecontext.getRequest(); + m_response = (HttpServletResponse)pagecontext.getResponse(); + } + + /** + * @deprecated Method initialize is deprecated + */ + public final void initialize(ServletContext servletcontext,HttpSession httpsession,HttpServletRequest httpservletrequest,HttpServletResponse httpservletresponse,JspWriter jspwriter) throws ServletException + { + m_application = servletcontext; + m_request = httpservletrequest; + m_response = httpservletresponse; + } + + public void upload() throws ServletException,IOException,SmartUploadException + { + int i = 0; + //boolean flag = false; + boolean flag1 = false; + //boolean flag2 = false; + long l = 0L; + //String s = "";//new String(); + //String s2 = "";//new String(); + String s4 = ""; //new String(); + String s5 = ""; //new String(); + String s6 = ""; //new String(); + String s7 = ""; //new String(); + String s8 = ""; //new String(); + String s9 = ""; //new String(); + String s10 = ""; //new String(); + m_totalBytes = m_request.getContentLength(); + m_binArray = new byte[m_totalBytes]; + int j; + for(;i < m_totalBytes;i += j) + { + try + { + m_request.getInputStream(); + j = m_request.getInputStream().read(m_binArray,i,m_totalBytes - i); + } + catch(Exception exception) + { + throw new SmartUploadException("Unable to upload."); + } + } + + for(;!flag1 && m_currentIndex < m_totalBytes;m_currentIndex++) + { + if(m_binArray[m_currentIndex] == 13) + { + flag1 = true; + } + else + { + m_boundary = m_boundary + (char)m_binArray[m_currentIndex]; + + } + } + if(m_currentIndex == 1) + { + return; + } + for(m_currentIndex++;m_currentIndex < m_totalBytes;m_currentIndex = m_currentIndex + 2) + { + long now=new java.util.Date().getTime(); + String s1 = getDataHeader(); + m_currentIndex = m_currentIndex + 2; + boolean flag3 = s1.indexOf("filename") > 0; + String s3 = getDataFieldValue(s1,"name"); + if(flag3) + { + s6 = getDataFieldValue(s1,"filename"); + s4 = now+getFileName(s6); + s5 = getFileExt(s4); + s7 = getContentType(s1); + s8 = getContentDisp(s1); + s9 = getTypeMIME(s7); + s10 = getSubTypeMIME(s7); + } + getDataSection(); + if(flag3 && s4.length() > 0) + { + if(m_deniedFilesList.contains(s5)) + { + throw new SecurityException("The extension of the file is denied to be uploaded (1015)."); + } + if(!m_allowedFilesList.isEmpty() && !m_allowedFilesList.contains(s5)) + { + throw new SecurityException("The extension of the file is not allowed to be uploaded (1010)."); + } + if(m_maxFileSize > 0L && (long)((m_endData - m_startData) + 1) > m_maxFileSize) + { + throw new SecurityException("Size exceeded for this file : " + s4 + " (1105)."); + } + l += (m_endData - m_startData) + 1; + if(m_totalMaxFileSize > 0L && l > m_totalMaxFileSize) + { + throw new SecurityException("Total File Size exceeded (1110)."); + } + } + if(flag3) + { + SmartFile file = new SmartFile(); + file.setParent(this); + file.setFieldName(s3); + file.setFileName(s4); + file.setFileExt(s5); + file.setFilePathName(s6); + file.setIsMissing(s6.length() == 0); + file.setContentType(s7); + file.setContentDisp(s8); + file.setTypeMIME(s9); + file.setSubTypeMIME(s10); + if(s7.indexOf("application/x-macbinary") > 0) + { + m_startData = m_startData + 128; + } + file.setSize((m_endData - m_startData) + 1); + file.setStartData(m_startData); + file.setEndData(m_endData); + m_files.addFile(file); + } + else + { + String s11 = new String(m_binArray,m_startData,(m_endData - m_startData) + 1); + m_formRequest.putParameter(s3,s11); + } + if((char)m_binArray[m_currentIndex + 1] == '-') + { + break; + } + } + } + + public int save(String s) throws ServletException,IOException,SmartUploadException + { + return save(s,0); + } + + public int save(String s,int i) throws ServletException,IOException,SmartUploadException + { + int j = 0; + if(s == null) + { + s = m_application.getRealPath("/"); + //System.out.println("s == null,m_application.getRealPath:" + s); + } + if(s.indexOf("/") != -1) + { + if(s.charAt(s.length() - 1) != '/') + { + s = s + "/"; + //System.out.println("m_application.getRealPath::" + s); + } + } + else + { + if(s.charAt(s.length() - 1) != '\\') + { + s = s + "\\"; + //System.out.println("m_application.getRealPath" + s); + } + } + //System.out.println("m_application.getRealPath:::" + s); + FileNames = new String[m_files.getCount()]; + for(int k = 0;k < m_files.getCount();k++) + { + if(!m_files.getFile(k).isMissing()) + { + // System.out.println("s + m_files.getFile(k).getFileName():" + s + m_files.getFile(k).getFileName()); + m_files.getFile(k).saveAs(s + m_files.getFile(k).getFileName(),i); + FileNames[j] = s + m_files.getFile(k).getFileName(); + j++; + } + } + return j; + } + + //Add + private String[] FileNames; + public String[] getFileNames() + { + //Method may expose internal representation by returning array + //Returning an array value stored in one of the object's fields exposes the internal representation of the object.? For classes shared by other untrusted classes, this could potentially be a security issue.? Returning a new copy of the array is better approach in many situations. + String[] vFileNames = new String[FileNames.length]; + System.arraycopy(FileNames,0,vFileNames,0,FileNames.length); + return vFileNames; + } + + public int getSize() + { + return m_totalBytes; + } + + public byte getBinaryData(int i) + { + byte byte0; + try + { + byte0 = m_binArray[i]; + } + catch(Exception exception) + { + throw new ArrayIndexOutOfBoundsException("Index out of range (1005)."); + } + return byte0; + } + + public SmartFiles getFiles() + { + return m_files; + } + + public SmartRequest getRequest() + { + return m_formRequest; + } + + public void downloadFile(String s) throws ServletException,IOException,SmartUploadException + { + downloadFile(s,null,null); + } + + public void downloadFile(String s,String s1) throws ServletException,IOException,SmartUploadException,SmartUploadException + { + downloadFile(s,s1,null); + } + + public void downloadFile(String s,String s1,String s2) throws ServletException,IOException,SmartUploadException + { + downloadFile(s,s1,s2,65000); + } + + public void downloadFile(String s,String s1,String s2,int i) throws ServletException,IOException,SmartUploadException + { + if(s == null) + { + throw new IllegalArgumentException("File '" + s + "' not found (1040)."); + } + if(s.equals("")) + { + throw new IllegalArgumentException("File '" + s + "' not found (1040)."); + } + if(!isVirtual(s) && m_denyPhysicalPath) + { + throw new SecurityException("Physical path is denied (1035)."); + } + if(isVirtual(s)) + { + s = m_application.getRealPath(s); + } + java.io.File file = new java.io.File(s); + FileInputStream fileinputstream = new FileInputStream(file); + long l = file.length(); + //boolean flag = false; + int k = 0; + byte abyte0[] = new byte[i]; + if(s1 == null) + { + m_response.setContentType("application/x-msdownload"); + } + else + { + if(s1.length() == 0) + { + m_response.setContentType("application/x-msdownload"); + } + else + { + m_response.setContentType(s1); + } + } + m_response.setContentLength((int)l); + m_contentDisposition = m_contentDisposition != null ? m_contentDisposition : "attachment;"; + if(s2 == null) + { + m_response.setHeader("Content-Disposition",m_contentDisposition + " filename=" + getFileName(s)); + } + else + { + if(s2.length() == 0) + { + m_response.setHeader("Content-Disposition",m_contentDisposition); + } + else + { + m_response.setHeader("Content-Disposition",m_contentDisposition + " filename=" + s2); + } + } + while((long)k < l) + { + int j = fileinputstream.read(abyte0,0,i); + k += j; + m_response.getOutputStream().write(abyte0,0,j); + } + fileinputstream.close(); + } + + public void downloadField(ResultSet resultset,String s,String s1,String s2) throws ServletException,IOException,SQLException + { + if(resultset == null) + { + throw new IllegalArgumentException("The RecordSet cannot be null (1045)."); + } + if(s == null) + { + throw new IllegalArgumentException("The columnName cannot be null (1050)."); + } + if(s.length() == 0) + { + throw new IllegalArgumentException("The columnName cannot be empty (1055)."); + } + byte abyte0[] = resultset.getBytes(s); + if(s1 == null) + { + m_response.setContentType("application/x-msdownload"); + } + else + { + if(s1.length() == 0) + { + m_response.setContentType("application/x-msdownload"); + } + else + { + m_response.setContentType(s1); + } + } + m_response.setContentLength(abyte0.length); + if(s2 == null) + { + m_response.setHeader("Content-Disposition","attachment;"); + } + else + { + if(s2.length() == 0) + { + m_response.setHeader("Content-Disposition","attachment;"); + } + else + { + m_response.setHeader("Content-Disposition","attachment; filename=" + s2); + } + } + m_response.getOutputStream().write(abyte0,0,abyte0.length); + } + + public void fieldToFile(ResultSet resultset,String s,String s1) throws ServletException,IOException,SmartUploadException,SQLException + { + try + { + if(m_application.getRealPath(s1) != null) + { + s1 = m_application.getRealPath(s1); + } + InputStream inputstream = resultset.getBinaryStream(s); + FileOutputStream fileoutputstream = new FileOutputStream(s1); + int i; + while((i = inputstream.read()) != -1) + { + fileoutputstream.write(i); + } + fileoutputstream.close(); + } + catch(Exception exception) + { + throw new SmartUploadException("Unable to save file from the DataBase (1020)."); + } + } + + private String getDataFieldValue(String s,String s1) + { + String s2 = ""; // = new String(); + String s3 = ""; // = new String(); + int i = 0; + //boolean flag = false; + //boolean flag1 = false; + //boolean flag2 = false; + s2 = s1 + "=" + '"'; + i = s.indexOf(s2); + if(i > 0) + { + int j = i + s2.length(); + int k = j; + s2 = "\""; + int l = s.indexOf(s2,j); + if(k > 0 && l > 0) + { + s3 = s.substring(k,l); + } + } + return s3; + } + + private String getFileExt(String s) + { + String s1; // = new String(); + int i = 0; + int j = 0; + if(s == null) + { + return null; + } + i = s.lastIndexOf('.') + 1; + j = s.length(); + s1 = s.substring(i,j); + if(s.lastIndexOf('.') > 0) + { + return s1; + } + else + { + return ""; + } + } + + private String getContentType(String s) + { + String s1 = ""; // = new String(); + String s2 = ""; // = new String(); + int i = 0; + //boolean flag = false; + s1 = "Content-Type:"; + i = s.indexOf(s1) + s1.length(); + if(i != -1) + { + int j = s.length(); + s2 = s.substring(i,j); + } + return s2; + } + + private String getTypeMIME(String s) + { + //String s1 = new String(); + int i = 0; + i = s.indexOf("/"); + if(i != -1) + { + return s.substring(1,i); + } + else + { + return s; + } + } + + private String getSubTypeMIME(String s) + { + //String s1 = new String(); + //boolean flag = false; + int i = 0; + i = s.indexOf("/") + 1; + if(i != -1) + { + int j = s.length(); + return s.substring(i,j); + } + else + { + return s; + } + } + + private String getContentDisp(String s) + { + //String s1 = new String(); + String s1 = ""; + int i = 0; + int j = 0; + i = s.indexOf(":") + 1; + j = s.indexOf(";"); + s1 = s.substring(i,j); + return s1; + } + + private void getDataSection() + { + //boolean flag = false; + //String s = ""; + //String s = new String(); + int i = m_currentIndex; + int j = 0; + int k = m_boundary.length(); + m_startData = m_currentIndex; + m_endData = 0; + while(i < m_totalBytes) + { + if(m_binArray[i] == (byte)m_boundary.charAt(j)) + { + if(j == k - 1) + { + m_endData = ((i - k) + 1) - 3; + break; + } + i++; + j++; + } + else + { + i++; + j = 0; + } + } + m_currentIndex = m_endData + k + 3; + } + + private String getDataHeader() + { + //boolean flag = false; + int i = m_currentIndex; + int j = 0; + for(boolean flag1 = false;!flag1;) + { + if(m_binArray[m_currentIndex] == 13 && m_binArray[m_currentIndex + 2] == 13) + { + flag1 = true; + j = m_currentIndex - 1; + m_currentIndex = m_currentIndex + 2; + } + else + { + m_currentIndex++; + } + } + + String s = new String(m_binArray,i,(j - i) + 1); + return s; + } + + private String getFileName(String s) + { + //String s1 = ""; // = new String(); + //String s2 = ""; // = new String(); + //boolean flag = false; + //boolean flag1 = false; + //boolean flag2 = false; + int i = 0; + i = s.lastIndexOf('/'); + if(i != -1) + { + return s.substring(i + 1,s.length()); + } + i = s.lastIndexOf('\\'); + if(i != -1) + { + return s.substring(i + 1,s.length()); + } + else + { + return s; + } + } + + public void setDeniedFilesList(String s) throws ServletException,IOException,SQLException + { + //String s1 = ""; + if(s != null) + { + String s2 = ""; + for(int i = 0;i < s.length();i++) + { + if(s.charAt(i) == ',') + { + if(!m_deniedFilesList.contains(s2)) + { + m_deniedFilesList.addElement(s2); + } + s2 = ""; + } + else + { + s2 = s2 + s.charAt(i); + } + } + + //if(s2 != "") + if(!s2.equals("")) + { + m_deniedFilesList.addElement(s2); + } + } + else + { + m_deniedFilesList = null; + } + } + + public void setAllowedFilesList(String s) + { + //String s1 = ""; + if(s != null) + { + String s2 = ""; + for(int i = 0;i < s.length();i++) + { + if(s.charAt(i) == ',') + { + if(!m_allowedFilesList.contains(s2)) + { + m_allowedFilesList.addElement(s2); + } + s2 = ""; + } + else + { + s2 = s2 + s.charAt(i); + } + } + //if(s2 != "") + if(!s2.equals("")) + { + m_allowedFilesList.addElement(s2); + } + } + else + { + m_allowedFilesList = null; + } + } + + public void setDenyPhysicalPath(boolean flag) + { + m_denyPhysicalPath = flag; + } + + public void setForcePhysicalPath(boolean flag) + { + //m_forcePhysicalPath = flag; + } + + public void setContentDisposition(String s) + { + m_contentDisposition = s; + } + + public void setTotalMaxFileSize(long l) + { + m_totalMaxFileSize = l; + } + + public void setMaxFileSize(long l) + { + m_maxFileSize = l; + } + + protected String getPhysicalPath(String s,int i) throws IOException + { + String s1 = ""; //new String(); + String s2 = ""; //new String(); + String s3 = ""; //new String(); + boolean flag = false; + s3 = System.getProperty("file.separator"); + if(s == null) + { + throw new IllegalArgumentException("There is no specified destination file (1140)."); + } + if(s.equals("")) + { + throw new IllegalArgumentException("There is no specified destination file (1140)."); + } + if(s.lastIndexOf("\\") >= 0) + { + s1 = s.substring(0,s.lastIndexOf("\\")); + s2 = s.substring(s.lastIndexOf("\\") + 1); + } + if(s.lastIndexOf("/") >= 0) + { + s1 = s.substring(0,s.lastIndexOf("/")); + s2 = s.substring(s.lastIndexOf("/") + 1); + } + s1 = s1.length() != 0 ? s1 : "/"; + java.io.File file = new java.io.File(s1); + if(file.exists()) + { + flag = true; + } + if(i == 0) + { + if(isVirtual(s1)) + { + s1 = m_application.getRealPath(s1); + if(s1.endsWith(s3)) + { + s1 = s1 + s2; + } + else + { + s1 = s1 + s3 + s2; + } + return s1; + } + if(flag) + { + if(m_denyPhysicalPath) + { + throw new IllegalArgumentException("Physical path is denied (1125)."); + } + else + { + return s; + } + } + else + { + throw new IllegalArgumentException("This path does not exist (1135)."); + } + } + if(i == 1) + { + if(isVirtual(s1)) + { + s1 = m_application.getRealPath(s1); + if(s1.endsWith(s3)) + { + s1 = s1 + s2; + } + else + { + s1 = s1 + s3 + s2; + } + return s1; + } + if(flag) + { + throw new IllegalArgumentException("The path is not a virtual path."); + } + else + { + throw new IllegalArgumentException("This path does not exist (1135)."); + } + } + if(i == 2) + { + if(flag) + { + if(m_denyPhysicalPath) + { + throw new IllegalArgumentException("Physical path is denied (1125)."); + } + else + { + return s; + } + } + if(isVirtual(s1)) + { + throw new IllegalArgumentException("The path is not a physical path."); + } + else + { + throw new IllegalArgumentException("This path does not exist (1135)."); + } + } + else + { + return null; + } + } + + public void uploadInFile(String s) throws IOException,SmartUploadException + { + //boolean flag = false; + int i = 0; + int j = 0; + if(s == null) + { + throw new IllegalArgumentException("There is no specified destination file (1025)."); + } + if(s.length() == 0) + { + throw new IllegalArgumentException("There is no specified destination file (1025)."); + } + if(!isVirtual(s) && m_denyPhysicalPath) + { + throw new SecurityException("Physical path is denied (1035)."); + } + i = m_request.getContentLength(); + m_binArray = new byte[i]; + int k; + for(;j < i;j += k) + { + try + { + k = m_request.getInputStream().read(m_binArray,j,i - j); + } + catch(Exception exception) + { + throw new SmartUploadException("Unable to upload."); + } + } + + if(isVirtual(s)) + { + s = m_application.getRealPath(s); + } + try + { + java.io.File file = new java.io.File(s); + FileOutputStream fileoutputstream = new FileOutputStream(file); + fileoutputstream.write(m_binArray); + fileoutputstream.close(); + } + catch(Exception exception1) + { + throw new SmartUploadException("The Form cannot be saved in the specified file (1030)."); + } + } + + private boolean isVirtual(String s) + { + if(m_application.getRealPath(s) != null) + { + java.io.File file = new java.io.File(m_application.getRealPath(s)); + return file.exists(); + } + else + { + return false; + } + } +} diff --git a/com/util/SmartUploadException.java b/com/util/SmartUploadException.java new file mode 100644 index 0000000..599927d --- /dev/null +++ b/com/util/SmartUploadException.java @@ -0,0 +1,8 @@ +package com.util; +public class SmartUploadException extends Exception +{ + SmartUploadException(String s) + { + super(s); + } +}