Example 1 with StaffInfo
use of beans.dbaccess.StaffInfo in project MSEC by Tencent.
the class QueryStaffList method exec.
public QueryStaffListResponse exec(QueryStaffListRequest request) {
QueryStaffListResponse resp = new QueryStaffListResponse();
String result = checkIdentity();
if (!result.equals("success")) {
resp.setStatus(99);
resp.setMessage(result);
return resp;
}
DBUtil util = new DBUtil();
if (util.getConnection() == null) {
resp.setStatus(100);
resp.setMessage("db connect failed!");
return resp;
}
List<StaffInfo> staffInfoList;
//System.out.printf("name:%s, phone:%s\n", request.getStaff_name(), request.getStaff_phone());
String sql = "select staff_name, staff_phone from t_staff ";
List<Object> params = new ArrayList<Object>();
if (request.getStaff_name() != null && request.getStaff_name().length() > 0) {
sql += " where staff_name=? ";
params.add(request.getStaff_name());
} else if (request.getStaff_phone() != null && request.getStaff_phone().length() > 0) {
sql += " where staff_phone=? ";
params.add(request.getStaff_phone());
}
try {
staffInfoList = util.findMoreRefResult(sql, params, StaffInfo.class);
} catch (Exception e) {
resp.setStatus(100);
resp.setMessage("db query exception!");
e.printStackTrace();
return resp;
} finally {
util.releaseConn();
}
resp.setStaff_list((ArrayList<StaffInfo>) staffInfoList);
resp.setMessage("success");
resp.setStatus(0);
return resp;
}
Also used :
DBUtil(msec.org.DBUtil)
QueryStaffListResponse(beans.response.QueryStaffListResponse)
ArrayList(java.util.ArrayList)
StaffInfo(beans.dbaccess.StaffInfo)
Example 2 with StaffInfo
use of beans.dbaccess.StaffInfo in project MSEC by Tencent.
the class GetSalt method exec.
public GetSaltResponse exec(LoginRequest request) {
GetSaltResponse resp = new GetSaltResponse();
if (request.getStaff_name() == null || request.getStaff_name().length() < 1) {
resp.setStatus(100);
resp.setMessage("login name empty!");
return resp;
}
DBUtil util = new DBUtil();
if (util.getConnection() == null) {
resp.setStatus(100);
resp.setMessage("db connect failed!");
return resp;
}
List<StaffInfo> saltList;
String sql = "select salt from t_staff where staff_name=? ";
List<Object> params = new ArrayList<Object>();
params.add(request.getStaff_name());
try {
saltList = util.findMoreRefResult(sql, params, StaffInfo.class);
if (saltList.size() != 1) {
resp.setMessage("query salt failed");
resp.setStatus(100);
return resp;
}
String salt = saltList.get(0).getSalt();
String challenge = geneChallenge();
resp.setMessage("success");
resp.setChallenge(challenge);
resp.setSalt(salt);
resp.setStatus(0);
return resp;
} catch (Exception e) {
resp.setStatus(100);
resp.setMessage("db query exception!");
e.printStackTrace();
return resp;
} finally {
util.releaseConn();
}
}
Also used :
DBUtil(msec.org.DBUtil)
GetSaltResponse(beans.response.GetSaltResponse)
ArrayList(java.util.ArrayList)
StaffInfo(beans.dbaccess.StaffInfo)
Example 3 with StaffInfo
use of beans.dbaccess.StaffInfo in project MSEC by Tencent.
the class Login method exec.
public LoginResponse exec(LoginRequest request) {
LoginResponse resp = new LoginResponse();
if (request.getStaff_name() == null && request.getTgt() == null) {
resp.setStatus(100);
resp.setMessage("login name /password empty!");
return resp;
}
DBUtil util = new DBUtil();
if (util.getConnection() == null) {
resp.setStatus(100);
resp.setMessage("db connect failed!");
return resp;
}
List<StaffInfo> staffInfoList;
String sql = "select staff_name, staff_phone,password,salt from t_staff where staff_name=? ";
List<Object> params = new ArrayList<Object>();
params.add(request.getStaff_name());
try {
staffInfoList = util.findMoreRefResult(sql, params, StaffInfo.class);
if (staffInfoList.size() != 1) {
resp.setMessage("user does NOT exist.");
resp.setStatus(100);
return resp;
}
//用加盐的二次密码hash作为key(数据库里存着)解密
StaffInfo staffInfo = staffInfoList.get(0);
JsTea tea = new JsTea(this.getServlet());
String p1 = tea.decrypt(request.getTgt(), staffInfo.getPassword());
///获取session里保存的challenge
String challenge = (String) (getHttpRequest().getSession().getAttribute(GetSalt.CHALLENGE_KEY_IN_SESSION));
if (p1.length() != 40) {
resp.setMessage("password error!");
resp.setStatus(100);
return resp;
}
//看解密处理的后面部分内容是否同challenge,放重放
if (!p1.substring(32).equals(challenge)) {
resp.setMessage("password error!!");
resp.setStatus(100);
return resp;
}
//根据解密出来的一次密码hash,现场生成二次加盐的hash,与数据库里保存的比较看是否相等
String p2 = AddNewStaff.geneSaltedPwd(p1.substring(0, 32), staffInfo.getSalt());
if (!p2.equals(staffInfo.getPassword())) {
resp.setMessage("password error!!!");
resp.setStatus(100);
return resp;
}
String ticket = "";
resp.setStaff_name(request.getStaff_name());
resp.setTicket(geneTicket(request.getStaff_name()));
resp.setMessage("success");
resp.setStatus(0);
return resp;
} catch (Exception e) {
resp.setStatus(100);
resp.setMessage("db query exception!");
e.printStackTrace();
return resp;
} finally {
util.releaseConn();
}
}
Also used :
LoginResponse(beans.response.LoginResponse)
ArrayList(java.util.ArrayList)
StaffInfo(beans.dbaccess.StaffInfo)
Example 4 with StaffInfo
use of beans.dbaccess.StaffInfo in project MSEC by Tencent.
the class ChangePassword method exec.
public JsonRPCResponseBase exec(LoginRequest request) {
JsonRPCResponseBase resp = new JsonRPCResponseBase();
if (request.getStaff_name() == null && request.getTgt() == null || request.getNew_password() == null) {
resp.setStatus(100);
resp.setMessage("login name /password empty!");
return resp;
}
String result = checkIdentity();
if (!result.equals("success")) {
resp.setStatus(99);
resp.setMessage(result);
return resp;
}
DBUtil util = new DBUtil();
if (util.getConnection() == null) {
resp.setStatus(100);
resp.setMessage("db connect failed!");
return resp;
}
List<StaffInfo> staffInfoList;
try {
String sql = "select staff_name, staff_phone,password,salt from t_staff " + " where staff_name=? ";
List<Object> params = new ArrayList<Object>();
params.add(request.getStaff_name());
staffInfoList = util.findMoreRefResult(sql, params, StaffInfo.class);
if (staffInfoList.size() != 1) {
resp.setMessage("user does NOT exist.");
resp.setStatus(100);
return resp;
}
//用加盐的二次密码hash作为key(数据库里存着)解密
StaffInfo staffInfo = staffInfoList.get(0);
JsTea tea = new JsTea(this.getServlet());
String p1 = tea.decrypt(request.getTgt(), staffInfo.getPassword());
///获取session里保存的challenge
String challenge = (String) (getHttpRequest().getSession().getAttribute(GetSalt.CHALLENGE_KEY_IN_SESSION));
if (p1.length() != 40) {
resp.setMessage("p1 error!");
resp.setStatus(100);
return resp;
}
//看解密处理的后面部分内容是否同challenge,放重放
if (!p1.substring(32).equals(challenge)) {
resp.setMessage("p1 error!!");
resp.setStatus(100);
return resp;
}
//根据解密出来的一次密码hash,现场生成二次加盐的hash,与数据库里保存的比较看是否相等
String p2 = AddNewStaff.geneSaltedPwd(p1.substring(0, 32), staffInfo.getSalt());
if (!p2.equals(staffInfo.getPassword())) {
resp.setMessage("p1 error!!!");
resp.setStatus(100);
return resp;
}
//当前密码验证成功,开始改密
sql = "update t_staff set password=? where staff_name=?";
params = new ArrayList<Object>();
params.add(request.getNew_password());
params.add(request.getStaff_name());
int updateNum = util.updateByPreparedStatement(sql, params);
if (updateNum != 1) {
resp.setMessage("update password failed");
resp.setStatus(100);
return resp;
}
resp.setMessage("success");
resp.setStatus(0);
return resp;
} catch (Exception e) {
resp.setStatus(100);
resp.setMessage("db query exception!");
e.printStackTrace();
return resp;
} finally {
util.releaseConn();
}
}Aggregations
StaffInfo (beans.dbaccess.StaffInfo)4
ArrayList (java.util.ArrayList)4
DBUtil (msec.org.DBUtil)2
GetSaltResponse (beans.response.GetSaltResponse)1
LoginResponse (beans.response.LoginResponse)1
QueryStaffListResponse (beans.response.QueryStaffListResponse)1
