From d9da12ec0dad91c4d5777078a070ddf59198c2cc Mon Sep 17 00:00:00 2001 From: Siryuanshao Date: Mon, 14 Jan 2019 23:47:59 +0800 Subject: [PATCH] add src code --- WeChat/AddCart.java | 14 ++++++++ WeChat/Address.java | 20 +++++++++++ WeChat/Authentication.java | 12 +++++++ WeChat/BookInfo.java | 44 +++++++++++++++++++++++ WeChat/Buy.java | 20 +++++++++++ WeChat/CheckOrders.java | 35 ++++++++++++++++++ WeChat/Classify.java | 38 ++++++++++++++++++++ WeChat/ExecuteUpd.java | 22 ++++++++++++ WeChat/GetFrontInfo.java | 30 ++++++++++++++++ WeChat/GetJson.java | 38 ++++++++++++++++++++ WeChat/LoginDatabase.java | 72 ++++++++++++++++++++++++++++++++++++++ WeChat/ModifyStatus.java | 29 +++++++++++++++ WeChat/PersonInfo.java | 6 ++++ WeChat/sqlfilter.java | 24 +++++++++++++ 14 files changed, 404 insertions(+) create mode 100644 WeChat/AddCart.java create mode 100644 WeChat/Address.java create mode 100644 WeChat/Authentication.java create mode 100644 WeChat/BookInfo.java create mode 100644 WeChat/Buy.java create mode 100644 WeChat/CheckOrders.java create mode 100644 WeChat/Classify.java create mode 100644 WeChat/ExecuteUpd.java create mode 100644 WeChat/GetFrontInfo.java create mode 100644 WeChat/GetJson.java create mode 100644 WeChat/LoginDatabase.java create mode 100644 WeChat/ModifyStatus.java create mode 100644 WeChat/PersonInfo.java create mode 100644 WeChat/sqlfilter.java diff --git a/WeChat/AddCart.java b/WeChat/AddCart.java new file mode 100644 index 0000000..bc287d6 --- /dev/null +++ b/WeChat/AddCart.java @@ -0,0 +1,14 @@ +package WeChat; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +// 这个页面的作用是把清单加入永久的购物车中, 以及由购物车变成以及购买的状态 +@WebServlet(name = "Servlet") +public class AddCart extends HttpServlet { + +} diff --git a/WeChat/Address.java b/WeChat/Address.java new file mode 100644 index 0000000..0777310 --- /dev/null +++ b/WeChat/Address.java @@ -0,0 +1,20 @@ +package WeChat; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +// 这个界面的作用是对于该用户的地址进行管理 +@WebServlet(name = "Address") +public class Address extends HttpServlet { + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + + } + + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + + } +} diff --git a/WeChat/Authentication.java b/WeChat/Authentication.java new file mode 100644 index 0000000..6d304e7 --- /dev/null +++ b/WeChat/Authentication.java @@ -0,0 +1,12 @@ +package WeChat; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; + +public class Authentication { + // 用cookie验证用户身份 + public static boolean islegal(HttpServletRequest request){ + return true; + } +} diff --git a/WeChat/BookInfo.java b/WeChat/BookInfo.java new file mode 100644 index 0000000..8d4e9c0 --- /dev/null +++ b/WeChat/BookInfo.java @@ -0,0 +1,44 @@ +package WeChat; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.util.HashMap; + +// 首先明确我们这个目的是目标页面的分类功能,根据用户所需要返回所有该类别的图书 +@WebServlet(name = "BookInfo", urlPatterns = {"/BookInfo.do"}, loadOnStartup = 2) +public class BookInfo extends HttpServlet { + protected void doPost(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { + if (Authentication.islegal(request)) { + String bookid = request.getParameter("bookid"); + String fuzzy = request.getParameter("fuzzy"); + String bookname = request.getParameter("bookname"); + boolean isfuzzy = false; + if(fuzzy != null && fuzzy.equals("true") && bookname != null) isfuzzy = true; + // 防止sql注入 + if (isfuzzy || sqlfilter.isNumber(bookid)) { + String sql = ""; + if(!isfuzzy) sql = "select * from Book where BookId = " + bookid; + else sql = "select * from Book where BookName like '"+bookname+"%'"; + System.err.println(sql); + HashMap names = new HashMap<>(); + names.put("BookID","BookId"); + names.put("BookName","BookName"); + names.put("Author","Author"); + names.put("Price","Price"); + names.put("Introduce","Introduce"); + GetJson.Getinfo(request,response,sql,names); + } + } + } + protected void doGet(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { + doPost(request,response); + } +} diff --git a/WeChat/Buy.java b/WeChat/Buy.java new file mode 100644 index 0000000..7941b3d --- /dev/null +++ b/WeChat/Buy.java @@ -0,0 +1,20 @@ +package WeChat; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +// 这个就是表示用户下单 +@WebServlet(name = "Buy") +public class Buy extends HttpServlet { + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + + } + + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + + } +} diff --git a/WeChat/CheckOrders.java b/WeChat/CheckOrders.java new file mode 100644 index 0000000..14978a2 --- /dev/null +++ b/WeChat/CheckOrders.java @@ -0,0 +1,35 @@ +package WeChat; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.util.HashMap; + +// 检查该用户处于某一个状态下的所有订单 +@WebServlet(name = "CheckOrders", urlPatterns = {"/CheckOrders.do"}, loadOnStartup = 2) +public class CheckOrders extends HttpServlet { + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + if(Authentication.islegal(request)){ + String UserID = request.getParameter("UserID"); + String Status = request.getParameter("status"); + if(sqlfilter.isNumber(UserID) && sqlfilter.isNumber(Status)) { + String sql = "????????"; + HashMap names = new HashMap<>(); + names.put("UserName","UserName"); + names.put("BookName","BookName"); + names.put("telephone","telephone"); + names.put("Address","Address"); + names.put("BookID","BookID"); + names.put("MessageID","MessageID"); + GetJson.Getinfo(request,response,sql,names); + } + } + } + + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + doPost(request, response); + } +} diff --git a/WeChat/Classify.java b/WeChat/Classify.java new file mode 100644 index 0000000..d29b29d --- /dev/null +++ b/WeChat/Classify.java @@ -0,0 +1,38 @@ +package WeChat; + +import org.json.simple.JSONArray; +import org.json.simple.JSONObject; + +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.PrintWriter; +import java.sql.ResultSet; +import java.sql.Statement; +import java.util.HashMap; + +// 首先明确我们这个目的是目标页面的分类功能,根据用户所需要返回所有该类别的图书 +@WebServlet(name = "Classify", urlPatterns = {"/Classify.do"}, loadOnStartup = 2) +public class Classify extends HttpServlet { + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + if(Authentication.islegal(request)){ + String booktype = request.getParameter("booktype"); + // 防止sql注入 + if(sqlfilter.isNumber(booktype)) { + String sql = "select * from Book where Type = " + booktype; + HashMap names = new HashMap<>(); + names.put("BookID","BookID"); + names.put("BookName","BookName"); + GetJson.Getinfo(request,response,sql,names); + } + } + } + + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + doPost(request,response); + } +} diff --git a/WeChat/ExecuteUpd.java b/WeChat/ExecuteUpd.java new file mode 100644 index 0000000..78ca894 --- /dev/null +++ b/WeChat/ExecuteUpd.java @@ -0,0 +1,22 @@ +package WeChat; + +import javax.servlet.ServletContext; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.rmi.ServerException; +import java.sql.ResultSet; +import java.sql.Statement; +import java.util.Map; + +public class ExecuteUpd { + public static void execute(HttpServletRequest request, String QueryString){ + ServletContext context = request.getServletContext(); + Statement state = (Statement)context.getAttribute("state"); + try{ + state.execute(QueryString); + }catch (Exception e){ + e.printStackTrace(); + } + } +} diff --git a/WeChat/GetFrontInfo.java b/WeChat/GetFrontInfo.java new file mode 100644 index 0000000..e75eec9 --- /dev/null +++ b/WeChat/GetFrontInfo.java @@ -0,0 +1,30 @@ +package WeChat; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.util.HashMap; + +// 得到首页信息 +@WebServlet(name = "GetFrontInfo", urlPatterns = {"/GetFrontInfo.do"}, loadOnStartup = 2) +public class GetFrontInfo extends HttpServlet { + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + // 其实我们只要返回BookID对应的名称就可以了 + // 然后根据书本名字就可以在对应的目录 + if(Authentication.islegal(request)){ + String sql = "select BookID,BookName,Introduce from Book where BookID in (select BookID from Display)"; + HashMap names = new HashMap<>(); + names.put("BookID","BookID"); + names.put("BookName","BookName"); + names.put("Introduce","Introduce"); + GetJson.Getinfo(request,response,sql,names); + } + } + + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + doPost(request, response); + } +} diff --git a/WeChat/GetJson.java b/WeChat/GetJson.java new file mode 100644 index 0000000..4756101 --- /dev/null +++ b/WeChat/GetJson.java @@ -0,0 +1,38 @@ +package WeChat; + +import org.json.simple.JSONObject; +import org.json.simple.JSONArray; +import javax.servlet.ServletContext; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.PrintWriter; +import java.rmi.ServerException; +import java.sql.ResultSet; +import java.sql.Statement; +import java.util.Map; + +public class GetJson { + public static void Getinfo(HttpServletRequest request, HttpServletResponse response, String QueryString, Map names) throws ServerException, IOException { + response.setHeader("Content - Encoding","utf-8"); + response.setContentType("text/json; charset=utf-8"); + ServletContext context = request.getServletContext(); + PrintWriter out = response.getWriter(); + Statement state = (Statement)context.getAttribute("state"); + JSONArray jsonArray = new JSONArray(); + try{ + ResultSet rs=state.executeQuery(QueryString); + while(rs.next()){ + JSONObject jsonObject = new JSONObject(); + for (Map.Entry entry : names.entrySet()) { + jsonObject.put(entry.getKey(), rs.getString(entry.getValue())); + } + //对于图片的话,我们直接返回对应的图书封面的url就可以了 + jsonArray.add(jsonObject); + } + }catch (Exception e){ + e.printStackTrace(); + } + out.println(jsonArray); + } +} diff --git a/WeChat/LoginDatabase.java b/WeChat/LoginDatabase.java new file mode 100644 index 0000000..1640e34 --- /dev/null +++ b/WeChat/LoginDatabase.java @@ -0,0 +1,72 @@ +package WeChat; + +import java.io.IOException; +import java.sql.Connection; +import java.sql.DriverManager; +import java.sql.SQLException; +import java.sql.Statement; +import javax.servlet.ServletConfig; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +// 连接数据库的我们是服务开始的时候 +@WebServlet(name = "LoginDatabase", urlPatterns = {"/Startup.do"}, loadOnStartup = 1) +public class LoginDatabase extends HttpServlet { + private String mysql, url, user, passwd; + private Connection conn; + private Statement state; + private void initDataBase() throws ClassNotFoundException, SQLException { + Class.forName(mysql); + conn = DriverManager.getConnection(url,user,passwd); + state = conn.createStatement(); + } + private void closeDataBase(){ + if(state != null) { + try{ + state.close(); + }catch (Exception e) { + e.printStackTrace(); + } + } + if(conn != null) { + try{ + conn.close(); + }catch (Exception e) { + e.printStackTrace(); + } + } + } + public void init(ServletConfig config) throws ServletException{ + super.init(config); + ServletContext context=getServletContext(); + mysql = context.getInitParameter("mysql"); + url = context.getInitParameter("url"); + user = context.getInitParameter("user"); + passwd = context.getInitParameter("passwd"); + try{ + initDataBase(); + }catch (Exception e){ + e.printStackTrace(); + } + context.setAttribute("conn",conn); + context.setAttribute("state",state); + } + public void destroy(){ + closeDataBase(); + super.destroy(); + } + public void doGet(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { + response.sendRedirect("/index.html"); + } + public void doPost(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { + doGet(request, response); + } +} diff --git a/WeChat/ModifyStatus.java b/WeChat/ModifyStatus.java new file mode 100644 index 0000000..3ab6566 --- /dev/null +++ b/WeChat/ModifyStatus.java @@ -0,0 +1,29 @@ +package WeChat; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +@WebServlet(name = "ModifyStatus", urlPatterns = {"/ModifyStatus"}, loadOnStartup = 2) +public class ModifyStatus extends HttpServlet { + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + if(Authentication.islegal(request)){ + String OrderID = request.getParameter("OrderID"); + String Status = request.getParameter("Status"); + String Extra = request.getParameter("Extra"); + if(Extra == null) Extra = ""; + if(sqlfilter.isNumber(OrderID) && sqlfilter.isNumber(Status)){ + String sql = "update Info set Status='"+ Status + "' " + + ",Extra='" + Extra + "' where OrderID=" + OrderID; + ExecuteUpd.execute(request,sql); + } + } + } + + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + doPost(request, response); + } +} diff --git a/WeChat/PersonInfo.java b/WeChat/PersonInfo.java new file mode 100644 index 0000000..a515db3 --- /dev/null +++ b/WeChat/PersonInfo.java @@ -0,0 +1,6 @@ +package WeChat; + +public class PersonInfo { + //反正对应需要的个人信息 + +} diff --git a/WeChat/sqlfilter.java b/WeChat/sqlfilter.java new file mode 100644 index 0000000..57e3282 --- /dev/null +++ b/WeChat/sqlfilter.java @@ -0,0 +1,24 @@ +package WeChat; + +// 过滤掉奇奇怪怪的英文字符 +public class sqlfilter { + private static String danger="`~!@#$^&*()=|{}';'\\[].<>/?~!@#¥……&*——|{}"; + public static boolean isNumber(String text) { + if(text == null) return false; + int length = text.length(); + if(length>10) return false; + for(int i=0; i='0'&&digit<='9')) return false; + } + return true; + } + public static String filter(String sqlQue) { + StringBuffer ft = new StringBuffer(); + for (int i=0; i