package frame.role; import java.util.ArrayList; import java.util.Collections; import java.util.List; import java.util.Map; import java.util.Random; import java.util.Set; import javax.servlet.http.HttpSession; import frame.config.Configer; import frame.data.Entity; import frame.data.EntitySet; import frame.object.http.HttpObject; import frame.object.http.Path; import frame.persist.DataCenter; import frame.persist.NamedSQL; import frame.persist.SQLRunner; import frame.util.Util; public class User extends HttpObject { public static String Error_NotExist = "USER_NotExist"; public static String Error_EmptyOrgCode = "USER_EmptyOrgCode"; public static String Error_InvalidUser = "USER_InvalidUser"; public static String Error_InvalidVCode = "USER_InvalidVCode"; public static String Error_EmptyVCodeOrPassword = "USER_EmptyVCodeOrPass"; public static String Error_MultiUser = "USER_MultiUser"; public static boolean isTest = false; public static final String Code_UserName = "username"; public static String Code_User_Dealer = "user_dealer"; public static String Code_User_Manufacturer = "user_manufacturer"; public static String SuperVCode; private static Random random; static { random = new Random(); SuperVCode = Configer.getParam("SuperVCode"); isTest = !Util.StringToBoolean(Configer.getParam("SendSMS")); } @Override protected void doReceive(Path path) throws Exception { if (Util.isEmptyStr(path.getOperator())) { String operator = path.getOperator(); if ("login".equalsIgnoreCase(operator)) { login(); } else if ("logout".equalsIgnoreCase(operator)) { logout(); } else if ("getvcade".equalsIgnoreCase(operator)) { getVcode(); } else if ("changePassword".equalsIgnoreCase(operator)) { changePassword(); } else if ("getinfo".equalsIgnoreCase(operator)) { getInfo(); } else if ("getMenu".equalsIgnoreCase(operator)) { getMenu(); } else if ("getStatistics".equalsIgnoreCase(operator)) { getStatistics(); } } else { writer.ReplyError("bad data message path:" + path.getPathString()); } } private void getVcode() throws Exception { String phone = request.getParameter("phone"); if (Util.isEmptyStr(phone)) { resultPool.error("电话号码为空"); return; } String vcode = ""; for (int i = 0; i < 6; i++) { int value = random.nextInt(9); if (value <= 0) { value = 1; } vcode = vcode + value; } //TODO sendsms //SendResult sendResult = Sendsms.sendVCode(phone, vcode); // if (sendResult.isSuccess()) { // HttpSession session = request.getSession(true); // session.setAttribute("vcode", vcode); // resultPool.success(); // } // else { // resultPool.error(sendResult.getMsg()); // } } private void login() throws Exception { HttpSession session = request.getSession(true); String orgCode = request.getParameter("org"); String phone = request.getParameter("phone"); String username = request.getParameter("username"); String password = request.getParameter("password"); String vcode = request.getParameter("vcode"); //1. 检查用户是否存在 NamedSQL namedSQL = NamedSQL.getInstance("getClientUserByPhoneOrName"); namedSQL.setParam("phone", phone, "empty_phone"); namedSQL.setParam("username", username, "empty_username"); Entity entity = SQLRunner.getEntity(namedSQL); if (entity == null) { resultPool.error(Error_NotExist, "user not exists"); return; } //2.检查是否需要公司码 boolean orgcheck = entity.getBoolean("orgcheck"); if (orgcheck && Util.isEmptyStr(orgCode)) { resultPool.error(Error_EmptyOrgCode, "empty org code"); return; } //3.验证码或密码是否正确 if (!Util.isEmptyStr(vcode)) { if (!vcode.equals(SuperVCode)) { String sourceVcode = (String)session.getAttribute("vcode"); if (!vcode.equals(sourceVcode)) { resultPool.error(Error_InvalidVCode, "invalid vcode"); return; } } } else if (!Util.isEmptyStr(password)) { if (!password.equals(entity.getString("password"))) { resultPool.error(Error_InvalidUser, "invalid username or password"); return; } } else { resultPool.error(Error_EmptyVCodeOrPassword, "empty vcode or password"); return; } //4、检查电话号码、公司码是否正确, 获取用户和公司信息 String orgFilter = Util.isEmptyStr(orgCode) ? "" : " and org.code = '" + orgCode + "'" ; String userFilter = Util.isEmptyStr(phone) ? "usr.name = '" + username + "' and usr.password = '" + password + "'" : "usr.phone = '" + phone + "'"; OnlineUser onlineUser = new OnlineUser(); namedSQL = NamedSQL.getInstance("getUser"); namedSQL.setParam("userfilter", userFilter); namedSQL.setParam("orgfilter", orgFilter); SQLRunner.getData(namedSQL, onlineUser); if (onlineUser.isEmpty()) { resultPool.error(Error_InvalidUser, "invalid username or password"); return; } if (!onlineUser.isOnlyOne()) { resultPool.error(Error_MultiUser, "multi user, need orgCode"); return; } session.setAttribute(OnlineUser.class.getSimpleName(), onlineUser); resultPool.success(); } private void logout() throws Exception { HttpSession session = request.getSession(true); session.invalidate(); resultPool.success(); } private void changePassword() throws Exception { String username = onlineUser.getName(); String password = request.getParameter("pass"); if (Util.isEmptyStr(username)) { resultPool.error("用户名丢失"); } else if (Util.isEmptyStr(password)) { resultPool.error("密码丢失"); } else { DataCenter.changePassword(username, password); resultPool.success(); } } private void getInfo() throws Exception { resultPool.addValue("user", onlineUser); } private void getMenu() throws Exception { NamedSQL namedSQL = NamedSQL.getInstance("getUserMenu"); namedSQL.setParam("rolecode", onlineUser.getRolecode()); EntitySet entitySet = SQLRunner.getEntitySet(namedSQL); resultPool.addValue("dataSet", entitySet); } @SuppressWarnings("unchecked") private void getStatistics() { List stacs = new ArrayList(); Statistics stac; Map visitor = (Map) request.getServletContext().getAttribute("visitor"); Set keySet = visitor.keySet(); for (String ip : keySet) { stac = visitor.get(ip); stacs.add(stac); } Collections.sort(stacs); resultPool.addValue(stacs); } }