|
|
|
@ -132,6 +132,15 @@ public class userController { |
|
|
|
|
|
|
|
|
|
|
|
jdbcTemplate.update(sql); |
|
|
|
jdbcTemplate.update(sql); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// 修改客户花名册表 newbank.user_roster
|
|
|
|
|
|
|
|
String sql_ur = String.format( |
|
|
|
|
|
|
|
"update newbank.user_roster (userNo, userName, tel, changeTime, changer) " + |
|
|
|
|
|
|
|
"VALUES ('%s', '%s', sysdate(), 'system');", |
|
|
|
|
|
|
|
userName, tel |
|
|
|
|
|
|
|
); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
jdbcTemplate.update(sql_ur); |
|
|
|
|
|
|
|
|
|
|
|
return "100"; |
|
|
|
return "100"; |
|
|
|
// http://localhost:12709/updateUserInfo?
|
|
|
|
// http://localhost:12709/updateUserInfo?
|
|
|
|
// userNo=0004&passwd=&userName=Alex123&gender=3&birthday=20001010&docType=身份证&docNo=123123123&tel=123123123&addr=广西来宾
|
|
|
|
// userNo=0004&passwd=&userName=Alex123&gender=3&birthday=20001010&docType=身份证&docNo=123123123&tel=123123123&addr=广西来宾
|
|
|
|
@ -173,33 +182,54 @@ public class userController { |
|
|
|
public String userLogin(HttpServletRequest request) { |
|
|
|
public String userLogin(HttpServletRequest request) { |
|
|
|
|
|
|
|
|
|
|
|
// 接收客户编号和密码
|
|
|
|
// 接收客户编号和密码
|
|
|
|
String userNo = request.getParameter("userdNo"); |
|
|
|
String userNo_input = request.getParameter("userNo"); |
|
|
|
String passwd_input = request.getParameter("passwd"); |
|
|
|
String passwd_input = request.getParameter("passwd"); |
|
|
|
|
|
|
|
System.out.println( |
|
|
|
|
|
|
|
"-----\n" + |
|
|
|
|
|
|
|
"输入账号:" + userNo_input + "\t" + |
|
|
|
|
|
|
|
"输入密码:" + passwd_input |
|
|
|
|
|
|
|
); |
|
|
|
|
|
|
|
|
|
|
|
// 向数据库中查询编号是否存在
|
|
|
|
// 向数据库中查询编号是否存在
|
|
|
|
String sql_sel = String.format("select * from user_info where userNo = %s", userNo); |
|
|
|
String sql_sel = String.format("select ui.userNo, ui.passwd, ur.status "+ |
|
|
|
List<Map<String, Object>> sel_res = jdbcTemplate.queryForList(sql_sel); |
|
|
|
"from user_info ui, user_roster ur where ui.userNo = ur.userNo and ui.userNo = %s", userNo_input); |
|
|
|
|
|
|
|
|
|
|
|
System.out.println(sel_res); |
|
|
|
List<Map<String, Object>> sel_res = jdbcTemplate.queryForList(sql_sel); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// 判断账号是否存在
|
|
|
|
if (sel_res.size() != 0){ |
|
|
|
if (sel_res.size() != 0){ |
|
|
|
|
|
|
|
String userNo = (String) sel_res.get(0).get("userNo"); |
|
|
|
|
|
|
|
String passwd = (String) sel_res.get(0).get("passwd"); |
|
|
|
|
|
|
|
String status = (String) sel_res.get(0).get("status"); |
|
|
|
|
|
|
|
|
|
|
|
// 正确密码
|
|
|
|
System.out.println( |
|
|
|
String passwd_true = (String) sel_res.get(0).get("passwd"); |
|
|
|
"-----\n" + |
|
|
|
|
|
|
|
"账号:" + userNo + "\t" + |
|
|
|
|
|
|
|
"密码:" + passwd + "\t" + |
|
|
|
|
|
|
|
"状态:" + status + "\t" |
|
|
|
|
|
|
|
); |
|
|
|
// 判断密码是否正确
|
|
|
|
// 判断密码是否正确
|
|
|
|
if (passwd_input.equals(passwd_true)) { |
|
|
|
if (passwd_input.equals(passwd)) { |
|
|
|
|
|
|
|
// 判断账号状态
|
|
|
|
|
|
|
|
if (status.equals("2")) { |
|
|
|
|
|
|
|
System.out.println("账户已失效"); |
|
|
|
|
|
|
|
return "300"; |
|
|
|
|
|
|
|
} else { |
|
|
|
// 密码正确 登录成功
|
|
|
|
// 密码正确 登录成功
|
|
|
|
|
|
|
|
System.out.println("登录成功"); |
|
|
|
return "100"; |
|
|
|
return "100"; |
|
|
|
|
|
|
|
} |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
// 密码错误 登录失败
|
|
|
|
// 密码错误 登录失败
|
|
|
|
return "400"; |
|
|
|
System.out.println("密码错误"); |
|
|
|
|
|
|
|
return "200"; |
|
|
|
} |
|
|
|
} |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
// 编号不存在
|
|
|
|
// 账户不存在
|
|
|
|
|
|
|
|
System.out.println("账户不存在"); |
|
|
|
return "400"; |
|
|
|
return "400"; |
|
|
|
} |
|
|
|
} |
|
|
|
// 存在安全隐患
|
|
|
|
// 存在安全隐患
|
|
|
|
// http://localhost:12709/userLogin?userNo=9999&passwd=123456
|
|
|
|
// http://localhost:12709/userLogin?userNo=00000026&passwd=123123
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
