Servlet code

6 years ago · 1ea3982d91
parent 23e954343e
commit 1ea3982d91
14 changed files with 424 additions and 0 deletions
--- a/Servlet/WeChat/AddCart.java
+++ b/Servlet/WeChat/AddCart.java
@ -0,0 +1,20 @@
+package WeChat;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+// 这个页面的作用是把清单加入永久的购物车中, 以及由购物车变成以及购买的状态
+@WebServlet(name = "Servlet")
+public class AddCart extends HttpServlet {
+    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+    }
+
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+    }
+}
--- a/Servlet/WeChat/Address.java
+++ b/Servlet/WeChat/Address.java
@ -0,0 +1,20 @@
+package WeChat;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+// 这个界面的作用是对于该用户的地址进行管理
+@WebServlet(name = "Address")
+public class Address extends HttpServlet {
+    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+    }
+
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+    }
+}
--- a/Servlet/WeChat/Authentication.java
+++ b/Servlet/WeChat/Authentication.java
@ -0,0 +1,12 @@
+package WeChat;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+public class Authentication {
+    // 用cookie验证用户身份
+    public static boolean islegal(HttpServletRequest request){
+        return true;
+    }
+}
--- a/Servlet/WeChat/BookInfo.java
+++ b/Servlet/WeChat/BookInfo.java
@ -0,0 +1,45 @@
+package WeChat;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.HashMap;
+
+// 首先明确我们这个目的是目标页面的分类功能，根据用户所需要返回所有该类别的图书
+@WebServlet(name = "BookInfo", urlPatterns = {"/BookInfo.do"}, loadOnStartup = 2)
+public class BookInfo extends HttpServlet {
+    protected void doPost(HttpServletRequest request,
+                          HttpServletResponse response)
+                          throws ServletException, IOException {
+        if (Authentication.islegal(request)) {
+            String bookid = request.getParameter("bookid");
+            String fuzzy = request.getParameter("fuzzy");
+            String bookname = request.getParameter("bookname");
+            boolean isfuzzy = false;
+            if(fuzzy != null && fuzzy.equals("true") && bookname != null) isfuzzy = true;
+            // 防止sql注入
+            if (isfuzzy || (bookid != null && sqlfilter.islegal(bookid))) {
+                String sql = "";
+                if(!isfuzzy) sql = "select * from Book where BookId = " + bookid;
+                else sql = "select * from Book where BookName like '"+bookname+"%'";
+                System.err.println(sql);
+                HashMap<String,String> names = new HashMap<>();
+                names.put("BookID","BookId");
+                names.put("BookName","BookName");
+                names.put("Author","Author");
+                names.put("Price","Price");
+                names.put("Introduce","Introduce");
+                names.put("Type","Type");
+                GetJson.Getinfo(request,response,sql,names);
+            }
+        }
+    }
+    protected void doGet(HttpServletRequest request,
+                          HttpServletResponse response)
+            throws ServletException, IOException {
+        doPost(request,response);
+    }
+}
--- a/Servlet/WeChat/Buy.java
+++ b/Servlet/WeChat/Buy.java
@ -0,0 +1,20 @@
+package WeChat;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+// 这个就是表示用户下单
+@WebServlet(name = "Buy")
+public class Buy extends HttpServlet {
+    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+    }
+
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+    }
+}
--- a/Servlet/WeChat/CheckOrders.java
+++ b/Servlet/WeChat/CheckOrders.java
@ -0,0 +1,39 @@
+package WeChat;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.HashMap;
+
+// 检查该用户的订单
+@WebServlet(name = "CheckOrders", urlPatterns = {"/CheckOrders.do"}, loadOnStartup = 2)
+public class CheckOrders extends HttpServlet {
+    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        if(Authentication.islegal(request)){
+            String UserID = request.getParameter("UserID");
+            String Statuetype = request.getParameter("status");
+            // 防止sql注入
+            if(UserID != null && sqlfilter.islegal(UserID)) {
+                String sql = "select MessageID,Book.BookID,UserName,BookName,'tel-phone',Address from User join Ordered on User.UserID = Ordered.UserID join Address on " +
+                        "Address.UserId = Ordered.UserID and Address.MessageID = Ordered.MessageID join Book on Ordered.BookID = Book.BookID where User.UserID = " +
+                        UserID;
+                if(Statuetype !=null && sqlfilter.isright(Statuetype)) sql += " and Status like '" + Statuetype + "%'";
+                HashMap<String,String> names = new HashMap<>();
+                names.put("UserName","UserName");
+                names.put("BookName","BookName");
+                names.put("tel-phone","tel-phone");
+                names.put("Address","Address");
+                names.put("BookID","BookID");
+                names.put("MessageID","MessageID");
+                GetJson.Getinfo(request,response,sql,names);
+            }
+        }
+    }
+
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        doPost(request, response);
+    }
+}
--- a/Servlet/WeChat/Classify.java
+++ b/Servlet/WeChat/Classify.java
@ -0,0 +1,40 @@
+package WeChat;
+
+import org.json.simple.JSONArray;
+import org.json.simple.JSONObject;
+
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.sql.ResultSet;
+import java.sql.Statement;
+import java.util.HashMap;
+
+// 首先明确我们这个目的是目标页面的分类功能，根据用户所需要返回所有该类别的图书
+@WebServlet(name = "Classify", urlPatterns = {"/Classify.do"}, loadOnStartup = 2)
+public class Classify extends HttpServlet {
+    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        if(Authentication.islegal(request)){
+            String booktype = request.getParameter("booktype");
+            // 防止sql注入
+            if(booktype != null && sqlfilter.islegal(booktype)) {
+                String sql = "select * from Book where Type = " + booktype;
+                HashMap<String,String> names = new HashMap<>();
+                names.put("BookID","BookId");
+                names.put("BookName","BookName");
+                names.put("Author","Author");
+                names.put("Price","Price");
+                GetJson.Getinfo(request,response,sql,names);
+            }
+        }
+    }
+
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        doPost(request,response);
+    }
+}
--- a/Servlet/WeChat/ExecuteUpd.java
+++ b/Servlet/WeChat/ExecuteUpd.java
@ -0,0 +1,22 @@
+package WeChat;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.rmi.ServerException;
+import java.sql.ResultSet;
+import java.sql.Statement;
+import java.util.Map;
+
+public class ExecuteUpd {
+    public static void Execute(HttpServletRequest request, String QueryString){
+        ServletContext context = request.getServletContext();
+        Statement state = (Statement)context.getAttribute("state");
+        try{
+            state.execute(QueryString);
+        }catch (Exception e){
+            e.printStackTrace();
+        }
+    }
+}
--- a/Servlet/WeChat/GetFrontInfo.java
+++ b/Servlet/WeChat/GetFrontInfo.java
@ -0,0 +1,29 @@
+package WeChat;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.HashMap;
+
+// 得到首页信息
+@WebServlet(name = "GetFrontInfo", urlPatterns = {"/GetFrontInfo.do"}, loadOnStartup = 2)
+public class GetFrontInfo extends HttpServlet {
+    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        // 其实我们只要返回BookID对应的名称就可以了
+        // 然后根据书本名字就可以在对应的目录
+        if(Authentication.islegal(request)){
+           String sql = "select Display.BookID,BookName from Book join Display on Display.BookID=Book.BookID";
+           HashMap<String,String> names = new HashMap<>();
+           names.put("BookID","BookId");
+           names.put("BookName","BookName");
+           GetJson.Getinfo(request,response,sql,names);
+        }
+    }
+
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        doPost(request, response);
+    }
+}
--- a/Servlet/WeChat/GetJson.java
+++ b/Servlet/WeChat/GetJson.java
@ -0,0 +1,38 @@
+package WeChat;
+
+import org.json.simple.JSONObject;
+import org.json.simple.JSONArray;
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.rmi.ServerException;
+import java.sql.ResultSet;
+import java.sql.Statement;
+import java.util.Map;
+
+public class GetJson {
+    public static void Getinfo(HttpServletRequest request, HttpServletResponse response, String QueryString, Map<String,String> names) throws ServerException, IOException {
+        response.setHeader("Content - Encoding","utf-8");
+        response.setContentType("text/json; charset=utf-8");
+        ServletContext context = request.getServletContext();
+        PrintWriter out = response.getWriter();
+        Statement state = (Statement)context.getAttribute("state");
+        JSONArray jsonArray = new JSONArray();
+        try{
+            ResultSet rs=state.executeQuery(QueryString);
+            while(rs.next()){
+                JSONObject jsonObject = new JSONObject();
+                for (Map.Entry<String, String> entry : names.entrySet()) {
+                    jsonObject.put(entry.getKey(), rs.getString(entry.getValue()));
+                }
+                //对于图片的话，我们直接返回对应的图书封面的url就可以了
+                jsonArray.add(jsonObject);
+            }
+        }catch (Exception e){
+            e.printStackTrace();
+        }
+        out.println(jsonArray);
+    }
+}
--- a/Servlet/WeChat/LoginDatabase.java
+++ b/Servlet/WeChat/LoginDatabase.java
@ -0,0 +1,72 @@
+package WeChat;
+
+import java.io.IOException;
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.SQLException;
+import java.sql.Statement;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+// 连接数据库的我们是服务开始的时候
+@WebServlet(name = "LoginDatabase", urlPatterns = {"/Startup.do"}, loadOnStartup = 1)
+public class LoginDatabase extends HttpServlet {
+    private String mysql, url, user, passwd;
+    private Connection conn;
+    private Statement state;
+    private void initDataBase() throws ClassNotFoundException, SQLException {
+        Class.forName(mysql);
+        conn = DriverManager.getConnection(url,user,passwd);
+        state = conn.createStatement();
+    }
+    private void closeDataBase(){
+        if(state != null) {
+            try{
+                state.close();
+            }catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+        if(conn != null) {
+            try{
+                conn.close();
+            }catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+    }
+    public void init(ServletConfig config) throws ServletException{
+        super.init(config);
+        ServletContext context=getServletContext();
+        mysql = context.getInitParameter("mysql");
+        url = context.getInitParameter("url");
+        user = context.getInitParameter("user");
+        passwd = context.getInitParameter("passwd");
+        try{
+            initDataBase();
+        }catch (Exception e){
+            e.printStackTrace();
+        }
+        context.setAttribute("conn",conn);
+        context.setAttribute("state",state);
+    }
+    public void destroy(){
+        closeDataBase();
+        super.destroy();
+    }
+    public void doGet(HttpServletRequest request,
+                      HttpServletResponse response)
+                      throws ServletException, IOException {
+        response.sendRedirect("/index.html");
+    }
+    public void doPost(HttpServletRequest request,
+                      HttpServletResponse response)
+                      throws ServletException, IOException {
+        doGet(request, response);
+    }
+}
--- a/Servlet/WeChat/ModifyStatus.java
+++ b/Servlet/WeChat/ModifyStatus.java
@ -0,0 +1,35 @@
+package WeChat;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.lang.module.ModuleFinder;
+import java.util.HashMap;
+
+@WebServlet(name = "ModifyStatus", urlPatterns = {"/ModifyStatus"}, loadOnStartup = 2)
+public class ModifyStatus extends HttpServlet {
+    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        if(Authentication.islegal(request)){
+            String UserID = request.getParameter("UserID");
+            String BookID = request.getParameter("BookID");
+            String MessageID = request.getParameter("MessageID");
+            String Modify = request.getParameter("NewStatus");
+            // 防止sql注入
+            // 反正我觉得大概是没人用了，就无所谓吧?
+            if(UserID != null && sqlfilter.islegal(UserID) && MessageID !=null
+                && sqlfilter.islegal(BookID) && MessageID != null && sqlfilter.islegal(MessageID)) {
+                Modify = sqlfilter.filter(Modify);
+                String sql = "update Ordered set Status="+ Modify + " where UserID='" +
+                        UserID + "' and BookID='" + BookID +"' and MessageID='" + MessageID+"'";
+                ExecuteUpd.Execute(request,sql);
+            }
+        }
+    }
+
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        doPost(request, response);
+    }
+}
--- a/Servlet/WeChat/PersonInfo.java
+++ b/Servlet/WeChat/PersonInfo.java
@ -0,0 +1,5 @@
+package WeChat;
+
+public class PersonInfo {
+    //反正对应返回你们所需要的信息
+}
--- a/Servlet/WeChat/sqlfilter.java
+++ b/Servlet/WeChat/sqlfilter.java
@ -0,0 +1,27 @@
+package WeChat;
+
+// 过滤掉奇奇怪怪的英文字符
+public class sqlfilter {
+    private static String danger="`~!@#$^&*()=|{}';'\\[].<>/?~！@#￥……&*——|{}";
+    public static boolean islegal(String text) {
+        int length = text.length();
+        if(length>5) return false;
+        for(int i=0; i<length; i++){
+            char digit = text.charAt(i);
+            if(!(digit>='0'&&digit<='9')) return false;
+        }
+        return true;
+    }
+    public static boolean isright(String Status){
+        if(Status.equals("待付款")||Status.equals("待收货")||Status.equals("待发货")||Status.equals("待评价")) return true;
+        else return false;
+    }
+    public static String filter(String sqlQue) {
+        StringBuffer ret = new StringBuffer();
+        for (int i = 0; i < sqlQue.length(); i++) {
+            char sign = sqlQue.charAt(i);
+            if (danger.indexOf(sign) == -1) ret.append(sign);
+        }
+        return ret.toString();
+    }
+}