//2020.8.3
距离项目结束还有4天,近期在整合代码,做了简单的注册页和登录页,但是在朋友的提醒下我发现这个登录页的安全性不够好,原因是在于我在登录页面做了登录验证,没有后续的二次验证,导致可以直接访问到财务页面.我没有使用servlet,而是直接在jsp页面內进行串接数据,也是一大失误,说到这里突然有点羡慕隔壁班学的spring,真的比servlet部署快太多。
下面是登录页代码
测试类:用于测试是否接收到数据库的信息
package com.etc.test;
import com.etc.dao.GoodsDao;
import com.etc.entity.Goods;
import java.util.List;
public class test {
public static void main(String args[]){
GoodsDao goodsDao = new GoodsDao();
List<Goods> list = goodsDao.quertAllGoods();
for(Goods goods : list) {
System.out.print(goods.getGoods_cost());
}
}
}
一个简单的工具类,用于链接数据库
package com.etc.util;
import com.sun.rowset.CachedRowSetImpl;
import javax.sql.rowset.CachedRowSet;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import javax.sql.rowset.CachedRowSet;
import com.sun.rowset.CachedRowSetImpl;
/*
* JDBC访问数据库
*
(1)注册驱动。
(2)建立连接(Connection)。
(3)创建数据库操作对象用于执行SQL的语句。
(4)执行语句。
(5)处理执行结果(ResultSet)。
(6)释放资源。
*/
public class DButil {
//1.加载并注册驱动程序
public static final String DRIVER = "com.mysql.jdbc.Driver";
//URL USER PASSWORD
public static final String URL="jdbc:mysql://localhost:3306/shopping?characterEncoding=UTF-8";
public static final String USER="root";
public static final String PASSWORD="lovezxp1314..";
/*
DriverManager类提供了getConnection方法,用来建立与数据库的连接。
调用getConnection()方法可返回一个数据库连接对象。
*/
//2.创建一个Connection getCon()方法
public Connection getCon() {
//创建Connection对象
Connection con = null;
try {
Class.forName(DRIVER);
//DriverManager类即可用来建立数据库连接。
con = DriverManager.getConnection(URL, USER, PASSWORD);
System.out.println("数据库连接成功");
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
return con;
}
//查询功能
/*
* sql语句
* Object ...param 可变参数
*/
//创建一个更新操作的方法 修改 删除 插入
/*
* int executeUpdate(String sql):
执行update、insert、delete,返回一个整数,表示执行SQL语句影响的数据行数。
*/
public int update(String sql,Object ...param ) {
//连接数据库
//创建Connection对象
Connection con = getCon();
//创建PreparedStatement
PreparedStatement ps = null;
//定义一个更新结果result变量
int result = 0;
try {
ps = con.prepareStatement(sql);
//for循环遍历sql的参数
for (int i = 0; i < param.length; i++) {
//补充sql的参数
ps.setObject(i + 1, param[i]);
}
//执行更新操作
result = ps.executeUpdate();
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
return result;
}
public CachedRowSet Query(String sql, Object...param) {
Connection con = getCon();
PreparedStatement ps = null;
ResultSet rs = null;
CachedRowSet crs = null;
try {
ps = con.prepareStatement(sql);
for(int i = 0 ; i<param.length ; i++ ) {
ps.setObject(i+1, param[i]);
}
rs = ps.executeQuery();
crs = new CachedRowSetImpl();
crs.populate(rs);
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
return crs;
}
}
user类
package com.etc.entity;
//用户
import com.etc.util.DButil;
import javax.sql.rowset.CachedRowSet;
import java.sql.SQLException;
public class User {
private Integer user_id;
private String user_name;
private String uer_password;
private String user_email;
private String user_address;
public String getUser_email() {
return user_email;
}
public void setUser_email(String user_email) {
this.user_email = user_email;
}
public String getUser_address() {
return user_address;
}
public User(Integer user_id, String user_name, String uer_password) {
this.user_id = user_id;
this.user_name = user_name;
this.uer_password = uer_password;
}
public void setUser_address(String user_address) {
this.user_address = user_address;
}
public Integer getUser_id() {
return user_id;
}
public void setUser_id(Integer user_id) {
this.user_id = user_id;
}
public String getUser_name() {
return user_name;
}
public void setUser_name(String user_name) {
this.user_name = user_name;
}
public String getUer_password() {
return uer_password;
}
public void setUer_password(String uer_password) {
this.uer_password = uer_password;
}
public User(Integer user_id, String user_name, String uer_password,String user_email,String user_address) {
this.user_id = user_id;
this.user_name = user_name;
this.uer_password = uer_password;
this.user_email = user_email;
this.user_address = user_address;
}
}
商家类:我也不知道为什么组长要写成shopper hhh
package com.etc.entity;
public class Shopper {
private int shop_id;
private String shop_name;
private String shop_password;
private String shop_email;
private String shop_address;
private String shop_idcardnum;
private String shop_telnum;
public Shopper(int shop_id, String shop_name, String shop_password, String shop_email, String shop_address, String shop_idcardnum, String shop_telnum) {
this.shop_id = shop_id;
this.shop_name = shop_name;
this.shop_password = shop_password;
this.shop_email = shop_email;
this.shop_address = shop_address;
this.shop_idcardnum = shop_idcardnum;
this.shop_telnum = shop_telnum;
}
public int getShop_id() {
return shop_id;
}
public void setShop_id(int shop_id) {
this.shop_id = shop_id;
}
public String getShop_name() {
return shop_name;
}
public void setShop_name(String shop_name) {
this.shop_name = shop_name;
}
public String getShop_password() {
return shop_password;
}
public void setShop_password(String shop_password) {
this.shop_password = shop_password;
}
public String getShop_email() {
return shop_email;
}
public void setShop_email(String shop_email) {
this.shop_email = shop_email;
}
public String getShop_address() {
return shop_address;
}
public void setShop_address(String shop_address) {
this.shop_address = shop_address;
}
public String getShop_idcardnum() {
return shop_idcardnum;
}
public void setShop_idcardnum(String shop_idcardnum) {
this.shop_idcardnum = shop_idcardnum;
}
public String getShop_telnum() {
return shop_telnum;
}
public void setShop_telnum(String shop_telnum) {
this.shop_telnum = shop_telnum;
}
}
Goods类
package com.etc.entity;
import java.sql.Blob;
import java.util.Arrays;
import java.util.Comparator;
public class Goods {
private int goods_id;
private int shop_id;
private String shop_name;
private String goods_name;
private String goods_describe;
private double goods_star;
private Blob goods_photo;
private int goods_cost;
private int goods_sell_quantity;
private int goods_exist_quantity;
public Goods(int goods_id, String goods_name, String goods_describe, double goods_star, int goods_cost, int goods_sell_quantity, int goods_exist_quantity) {
this.goods_id = goods_id;
this.goods_name = goods_name;
this.goods_describe = goods_describe;
this.goods_star = goods_star;
this.goods_cost = goods_cost;
this.goods_sell_quantity = goods_sell_quantity;
this.goods_exist_quantity = goods_exist_quantity;
}
public Goods(int goods_id, String goods_name, int goods_cost, int goods_sell_quantity, int goods_exist_quantity) {
this.goods_id = goods_id;
this.goods_name = goods_name;
this.goods_cost = goods_cost;
this.goods_sell_quantity = goods_sell_quantity;
this.goods_exist_quantity = goods_exist_quantity;
}
public int getGoods_id() {
return goods_id;
}
public void setGoods_id(int goods_id) {
this.goods_id = goods_id;
}
public String getGoods_name() {
return goods_name;
}
public void setGoods_name(String goods_name) {
this.goods_name = goods_name;
}
public int getShop_id() {
return shop_id;
}
public void setShop_id(int shop_id) {
this.shop_id = shop_id;
}
public String getShop_name() {
return shop_name;
}
public void setShop_name(String shop_name) {
this.shop_name = shop_name;
}
public String getGoods_describe() {
return goods_describe;
}
public void setGoods_describe(String goods_describe) {
this.goods_describe = goods_describe;
}
public double getGoods_star() {
return goods_star;
}
public void setGoods_star(double goods_star) {
this.goods_star = goods_star;
}
public double getGoods_cost() {
return goods_cost;
}
public void setGoods_cost(int goods_cost) {
this.goods_cost = goods_cost;
}
public int getGoods_sell_quantity() {
return goods_sell_quantity;
}
public void setGoods_sell_quantity(int goods_sell_quantity) {
this.goods_sell_quantity = goods_sell_quantity;
}
public int getGoods_exist_quantity() {
return goods_exist_quantity;
}
public void setGoods_exist_quantity(int goods_exist_quantity) {
this.goods_exist_quantity = goods_exist_quantity;
}
public Blob getGoods_photo() {
return goods_photo;
}
public void setGoods_photo(Blob goods_photo) {
this.goods_photo = goods_photo;
}
public Goods() {
super();
}
public Goods(int goods_id, String goods_name, int shop_id, String shop_name, int goods_cost,
int goods_sell_quantity, int goods_exist_quantity) {
super();
this.goods_id = goods_id;
this.goods_name = goods_name;
this.shop_id = shop_id;
this.shop_name = shop_name;
this.goods_cost = goods_cost;
this.goods_sell_quantity = goods_sell_quantity;
this.goods_exist_quantity = goods_exist_quantity;
}
public Goods(int goods_id, String goods_name, int shop_id, String shop_name, String goods_describe,
double goods_star, int goods_cost, int goods_sell_quantity, int goods_exist_quantity, Blob goods_photo) {
super();
this.goods_id = goods_id;
this.goods_name = goods_name;
this.shop_id = shop_id;
this.shop_name = shop_name;
this.goods_describe = goods_describe;
this.goods_star = goods_star;
this.goods_cost = goods_cost;
this.goods_sell_quantity = goods_sell_quantity;
this.goods_exist_quantity = goods_exist_quantity;
this.goods_photo = goods_photo;
}
public Goods(int goods_id) {
super();
this.goods_id = goods_id;
}
public Goods(int goods_id, String goods_name, int shop_id, String shop_name, String goods_describe,
double goods_star,int goods_cost, int goods_sell_quantity, int goods_exist_quantity) {
super();
this.goods_id = goods_id;
this.goods_name = goods_name;
this.shop_id = shop_id;
this.shop_name = shop_name;
this.goods_describe = goods_describe;
this.goods_star = goods_star;
this.goods_cost = goods_cost;
this.goods_sell_quantity = goods_sell_quantity;
this.goods_exist_quantity = goods_exist_quantity;
}
@Override
public String toString() {
return "Goods [goods_id=" + goods_id + ", goods_name=" + goods_name + ", shop_id=" + shop_id + ", shop_name="
+ shop_name + ", goods_describe=" + goods_describe + ", goods_star=" + goods_star + ", goods_cost="
+ goods_cost + ", goods_sell_quantity=" + goods_sell_quantity + ", goods_exist_quantity="
+ goods_exist_quantity + ", goods_photo=" + goods_photo + "]";
}
public int compareTo(Goods o) {
// TODO Auto-generated method stub
return 0;
}
/*Comparator for sorting the list by Student Name*/
public static Comparator<Goods> goodsName = new Comparator<Goods>() {
public int compare(Goods s1, Goods s2) {
String Name1 = s1.getGoods_name().toUpperCase();
String Name2 = s2.getGoods_name().toUpperCase();
//ascending order
return Name1.compareTo(Name2);
//descending order
//return StudentName2.compareTo(StudentName1);
}
};
/*Comparator for sorting the list by roll no*/
public static Comparator<Goods> GoodsIdAscending = new Comparator<Goods>() {
public int compare(Goods s1, Goods s2) {
int n1 = (int)s1.getGoods_cost();
int n2 = (int)s2.getGoods_cost();
/*For ascending order*/
return n1-n2;
/*For descending order*/
//rollno2-rollno1;
}};
/*Comparator for sorting the list by roll no*/
public static Comparator<Goods> GoodsIdDescending = new Comparator<Goods>() {
public int compare(Goods s1, Goods s2) {
int n1 = (int)s1.getGoods_cost();
int n2 = (int)s2.getGoods_cost();
/*For ascending order*/
return n2-n1;
/*For descending order*/
//rollno2-rollno1;
}};
}
UserDao
package com.etc.dao;
import com.etc.entity.Goods;
import com.etc.entity.Shopper;
import com.etc.entity.User;
import com.etc.util.DButil;
import javax.sql.rowset.CachedRowSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
public class UserDao{
//创建用户信息校验 根据用户名和密码查询用户信息
//创建一个DButl 对象
DButil dbutil= new DButil();
//创建用户信息校验方法
public Boolean checklogin(String username,String pwd) {
//编写jsp语句
//select * from tbl_user where userName="admin" and userPass="123456";
String sql = "select * from user where user_name= ? and user_password=?";
//创建结果缓冲集对象
CachedRowSet crs = null;
crs = dbutil.Query(sql, username,pwd);
//设计一个结果result
int result = 0;
try {
if(crs.next()) {
result = crs.getInt("user_id"); //查询用户的userId
}
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
return result>0;
}
public List<User> getUserinfo(){
List<User> list = new ArrayList<User>();
String sql = "SELECT user.user_name,user.user_password,user.user_id FROM user";
CachedRowSet crs = dbutil.Query(sql);
System.out.println("crs的长度"+crs.size());
try {
while(crs.next()) {
int userId = crs.getInt("user_id");
String userName = crs.getString("user_name");
String userPass = crs.getString("user_password");
User user = new User(userId,userName,userPass);
list.add(user);
}
} catch (Exception e) {
// TODO: handle exception
}
return list;
}
public Boolean shopchecklogin(String shopname,String pwd) {
//编写jsp语句
//select * from tbl_user where userName="admin" and userPass="123456";
String sql = "select * from shop where shop_name= ? and shop_password=?";
//创建结果缓冲集对象
CachedRowSet crs = null;
crs = dbutil.Query(sql, shopname,pwd);
//设计一个结果result
int result = 0;
try {
if(crs.next()) {
result = crs.getInt("shop_id"); //查询用户的userId
}
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
return result>0;
}
public Boolean shopDoubleCheck(String username){
String sql = "select * from shop where shop_name= ?";
CachedRowSet crs = null;
crs = dbutil.Query(sql, username);
//设计一个结果result
int result = 0;
try {
if(crs.next()) {
result = crs.getInt("shop_id");//查询用户的userId
if(crs.getString("shop_id")==username){
return false;
}else return true;
}
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
return result>0;
}
public int shopgetUserNumber() throws SQLException {
int UserNumber=0;
String sql = "SELECT COUNT(*) FROM shopping.`shop`";
CachedRowSet crs = null;
crs = dbutil.Query(sql);
if(crs.next()) {
UserNumber = crs.getInt(1);
}
return UserNumber;
}
public Boolean DoubleCheck(String username){
String sql = "select * from user where user_name= ?";
CachedRowSet crs = null;
crs = dbutil.Query(sql, username);
//设计一个结果result
int result = 0;
try {
if(crs.next()) {
result = crs.getInt("user_id");//查询用户的userId
if(crs.getString("user_id")==username){
return false;
}else return true;
}
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
return result>0;
}
public boolean addUser(User user) {
String sql = "insert into user values(?,?,?,?,?)";
//初始化一个result变量
int result = 0;
result = dbutil.update(sql, user.getUser_id(),user.getUser_name(),user.getUer_password(),user.getUser_email(),user.getUser_address());
return result>0;
}
public boolean addShoper(Shopper shopper) {
String sql = "insert into shop values(?,?,?,?,?,?,?)";
//初始化一个result变量
int result = 0;
result = dbutil.update(sql, shopper.getShop_id(),shopper.getShop_name(),shopper.getShop_password(),shopper.getShop_email(),shopper.getShop_address(),shopper.getShop_idcardnum(),shopper.getShop_telnum());
return result>0;
}
public int getUserNumber() throws SQLException {
int UserNumber=0;
String sql = "SELECT COUNT(*) FROM shopping.`user`";
CachedRowSet crs = null;
crs = dbutil.Query(sql);
if(crs.next()) {
UserNumber = crs.getInt(1);
}
return UserNumber;
}
}
GoodsDao
package com.etc.dao;
import java.util.ArrayList;
import java.util.List;
import java.sql.Connection;
import javax.sql.rowset.CachedRowSet;
import com.etc.entity.Goods;
import com.etc.util.DButil;
import org.omg.Messaging.SYNC_WITH_TRANSPORT;
public class GoodsDao {
byte[] bs= null;
DButil dbutil = new DButil();
Connection con = dbutil.getCon();
public List<Goods> queryAllGoodsLikeName(String like_name) {
List<Goods> list = new ArrayList<Goods>();
String sql ="select goods_name ,goods_photo ,goods_describe, "
+ " shop_name, goods_cost ,goods_star ,goods_sell_quantity "
+ " ,goods_exist_quantity ,goods_id ,shop_id from goods where"
+ " goods_name like N? ";
CachedRowSet crs = dbutil.Query(sql,"%"+like_name+"%");
System.out.println("crs的长度:"+crs.size());
try {
while(crs.next()) {
int goods_id = crs.getInt("goods_id");
String goods_name = crs.getString("goods_name");
String goods_describe = crs.getString("goods_describe");
int shop_id = crs.getInt("shop_id");
String shop_name = crs.getString("shop_name");
double goods_star = crs.getDouble("goods_star");
int goods_cost = crs.getInt("goods_cost");
int goods_sell_quantity = crs.getInt("goods_sell_quantity");
int goods_exist_quantity = crs.getInt("goods_exist_quantity");
Goods Goods = new Goods( goods_id, goods_name, shop_id, shop_name, goods_describe,
goods_star, goods_cost, goods_sell_quantity, goods_exist_quantity);
list.add(Goods);
System.out.println("listing serchered Goods ");
//System.out.println(Goods);
}
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
//System.out.println("listed serchered Goods");
return list;
}
public List<Goods> quertAllGoods(){
//1.创建一个列表对象
List<Goods> list = new ArrayList<Goods>();
//sql语句
String sql ="SELECT goods.goods_name,goods.goods_id,goods.goods_cost,goods.goods_exist_quantity,goods.goods_sell_quantity FROM goods";
CachedRowSet crs = dbutil.Query(sql);
System.out.println("crs的长度"+crs.size());
//4.读取crs中的数据
try {
while(crs.next()) {
int goodsid = crs.getInt("goods_id");
String goodsname = crs.getString("goods_name");
int goodscost = crs.getInt("goods_cost");
int goodssellquantity = crs.getInt("goods_sell_quantity");
int goodsexistquantity = crs.getInt("goods_exist_quantity");
Goods goods = new Goods(goodsid,goodsname,goodscost,goodssellquantity,goodsexistquantity);
list.add(goods);
}
} catch (Exception e) {
// TODO: handle exception
}
return list;
}
}
login.jsp
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>我要成为商家</title>
<meta name="description" content="">
<meta name="robots" content="all,follow">
<link rel="stylesheet" href="https://ajax.aspnetcdn.com/ajax/bootstrap/4.2.1/css/bootstrap.min.css">
<link rel="stylesheet" href="css/style.default.css" id="theme-stylesheet">
</head>
<body>
<div class="page login-page">
<div class="container d-flex align-items-center">
<div class="form-holder has-shadow">
<div class="row">
<!-- Logo & Information Panel-->
<div class="col-lg-6">
<div class="info d-flex align-items-center">
<div class="content">
<div class="logo">
<h1>欢迎登录</h1>
</div>
<p>华华</p>
</div>
</div>
</div>
<!-- Form Panel -->
<div class="col-lg-6 bg-white">
<div class="form d-flex align-items-center">
<div class="content">
<form method="get" action="dologin.jsp" class="form-validate" id="loginFrom">
<div class="form-group">
<input id="login-username" type="text" name="userName" required data-msg="请输入用户名" placeholder="用户名" value="admin" class="input-material">
</div>
<div class="form-group">
<input id="login-password" type="password" name="passWord" required data-msg="请输入密码" placeholder="密码" class="input-material">
</div>
<button id="login" type="submit" class="btn btn-primary">登录</button>
<div style="margin-top: -40px;">
<!-- <input type="checkbox" id="check1"/> <span>记住密码</span>
<input type="checkbox" id="check2"/> <span>自动登录</span> -->
<!--<div class="custom-control custom-checkbox " style="float: right;">
<input type="checkbox" class="custom-control-input" id="check2" >
<label class="custom-control-label" for="check2">自动登录</label>
</div>
-->
<div class="custom-control custom-checkbox " style="float: right;">
<input type="checkbox" class="custom-control-input" id="check1" >
<label class="custom-control-label" for="check1">记住密码 </label>
</div>
</div>
</form>
<br />
<small>没有账号?</small><a href="register.jsp" class="signup"> 注册</a></br>
<small>管理员</small><a href="shoplogin.jsp" class="signup">登录</a>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- JavaScript files-->
<script src="js/jquery.min.js"></script>
<script src="js/bootstrap.min.js"></script>
<script src="vendor/jquery-validation/jquery.validate.min.js"></script><!--表单验证-->
<!-- Main File-->
<script src="js/front.js"></script>
<script>
$(function(){
/*判断上次是否勾选记住密码和自动登录*/
var check1s=localStorage.getItem("check1");
var check2s=localStorage.getItem("check2");
var oldName=localStorage.getItem("userName");
var oldPass=localStorage.getItem("passWord");
if(check1s=="true"){
$("#login-username").val(oldName);
$("#login-password").val(oldPass);
$("#check1").prop('checked',true);
}else{
$("#login-username").val('');
$("#login-password").val('');
$("#check1").prop('checked',false);
}
if(check2s=="true"){
$("#check2").prop('checked',true);
$("#loginFrom").submit();
//location="http://127.0.0.1:8020/1/Bootstrap_Material/login/login.html"+oldName+"&passWord="+oldPass;//添加退出当前账号功能
}else{
$("#check2").prop('checked',false);
}
/*拿到刚刚注册的账号*/
if(localStorage.getItem("name")!=null){
$("#login-username").val(localStorage.getItem("name"));
}
/*登录*/
$("#login").click(function(){
var userName=$("#login-username").val();
var passWord=$("#login-password").val();
/*获取当前输入的账号密码*/
localStorage.setItem("userName",userName)
localStorage.setItem("passWord",passWord)
/*获取记住密码 自动登录的 checkbox的值*/
var check1 = $("#check1").prop('checked');
var check2 = $('#check2').prop('checked');
localStorage.setItem("check1",check1);
localStorage.setItem("check2",check2);
})
/*$("#check2").click(function(){
var flag=$('#check2').prop('checked');
if(flag){
var userName=$("#login-username").val();
var passWord=$("#login-password").val();
$.ajax({
type:"post",
url:"http://localhost:8080/huahua_war_exploded/huahua/finacial/moban-181118239560/dashboard2.jsp",
data:{"userName":userName,"passWord":passWord},
async:true,
success:function(res){
alert(res);
}
});
}
})*/
})
</script>
</body>
</html>