修改登陆校验

b9cedc1f · Quxl · dc733ac0 · b9cedc1f · b9cedc1f · b9cedc1f
Commit b9cedc1f authored Oct 30, 2018 by Quxl
4 changed files
--- a/src/main/java/com/egolm/film/api/user/UserReviewController.java
+++ b/src/main/java/com/egolm/film/api/user/UserReviewController.java
@@ -54,7 +54,7 @@ public class UserReviewController {
 		index = index == null ? 1 : index;
 		limit = limit == null ? 20 : limit;
 		LoginToken loginToken = tokenService.getToken();
-		Integer user_id = (Integer)loginToken.getId();
+		Long user_id = (Long)loginToken.getId();
 		Page page = new Page(index, limit, limitKey);
 		List<Map<String, Object>> list = reviewService.limitReviewList(user_id, page);
 		return Rjx.jsonOk().setData(list).setPage(page);
@@ -71,7 +71,7 @@ public class UserReviewController {
 	})
 	public Object getUnviewList(Long index, Long limit,  String[] limitKey) {
 		LoginToken loginToken = tokenService.getToken();
-		Integer user_id = (Integer)loginToken.getId();
+		Long user_id = (Long)loginToken.getId();
 		Page page = new Page(index, limit, limitKey);
 		List<Map<String, Object>> list = reviewService.limitUnviewList(user_id, page);
 		return Rjx.jsonOk().setData(list).setPage(page);
@@ -109,7 +109,7 @@ public class UserReviewController {
 	})
 	public Object getReviewRecordList(Long film_id) {
 		LoginToken loginToken = tokenService.getToken();
-		Integer user_id = (Integer)loginToken.getId();
+		Long user_id = (Long)loginToken.getId();
 		Integer round = reviewService.queryRound(user_id, film_id);
 		List<Fc_film_review> reviewList = reviewService.queryRoundReviewList(user_id, round, film_id);
 		return Rjx.jsonOk().setData(reviewList);
@@ -123,7 +123,7 @@ public class UserReviewController {
 	})
 	public Object getDoubtfulList(Long film_id) {
 		LoginToken loginToken = tokenService.getToken();
-		Integer user_id = (Integer)loginToken.getId();
+		Long user_id = (Long)loginToken.getId();
 		List<Fc_film_doubtful_point> doubtfulList = reviewService.queryDoubtfulList(user_id, film_id);
 		return Rjx.jsonOk().setData(doubtfulList);
 	}
@@ -182,7 +182,7 @@ public class UserReviewController {
 	@ApiOperation("查询统计数据")
 	public Object statistics() {
 		LoginToken loginToken = tokenService.getToken();
-		Integer user_id = (Integer)loginToken.getId();
+		Long user_id = (Long)loginToken.getId();
 		return reviewService.queryStatistics(user_id);
 	}
 	

--- a/src/main/java/com/egolm/film/api/user/service/UserReviewService.java
+++ b/src/main/java/com/egolm/film/api/user/service/UserReviewService.java
@@ -11,20 +11,20 @@ import com.egolm.film.bean.Fc_film_review;

 public interface UserReviewService {

-	List<Map<String, Object>> limitReviewList(Integer user_id, Page page);
+	List<Map<String, Object>> limitReviewList(Long user_id, Page page);

-	List<Map<String, Object>> limitUnviewList(Integer user_id, Page page);
+	List<Map<String, Object>> limitUnviewList(Long user_id, Page page);

 	Long queryMemberFilmIdByFilmId(Long film_id);

-	List<Fc_film_review> queryRoundReviewList(Integer user_id, Integer round, Long film_id);
+	List<Fc_film_review> queryRoundReviewList(Long user_id, Integer round, Long film_id);

-	List<Fc_film_doubtful_point> queryDoubtfulList(Integer user_id, Long film_id);
+	List<Fc_film_doubtful_point> queryDoubtfulList(Long user_id, Long film_id);
 	
 	Fc_film queryFilmById(Long film_id);

-	Integer queryRound(Integer user_id, Long film_id);
+	Integer queryRound(Long user_id, Long film_id);

-	Rjx queryStatistics(Integer user_id);
+	Rjx queryStatistics(Long user_id);

 }
--- a/src/main/java/com/egolm/film/api/user/service/impl/UserReviewServiceImpl.java
+++ b/src/main/java/com/egolm/film/api/user/service/impl/UserReviewServiceImpl.java
@@ -22,7 +22,7 @@ public class UserReviewServiceImpl implements UserReviewService {
 	private JdbcTemplate jdbcTemplate;

 	@Override
-	public List<Map<String, Object>> limitReviewList(Integer user_id, Page page) {
+	public List<Map<String, Object>> limitReviewList(Long user_id, Page page) {
 		String sql = ""
 				+ "	select "
 					+ "film.*, "
@@ -43,7 +43,7 @@ public class UserReviewServiceImpl implements UserReviewService {
 	}

 	@Override
-	public List<Map<String, Object>> limitUnviewList(Integer user_id, Page page) {
+	public List<Map<String, Object>> limitUnviewList(Long user_id, Page page) {
 		String sql = ""
 				+ "	select "
 					+ "film.*, "
@@ -70,13 +70,13 @@ public class UserReviewServiceImpl implements UserReviewService {
 	}

 	@Override
-	public List<Fc_film_review> queryRoundReviewList(Integer user_id, Integer round, Long film_id) {
+	public List<Fc_film_review> queryRoundReviewList(Long user_id, Integer round, Long film_id) {
 		String sql = "SELECT fc_film_review.* FROM fc_film_review WHERE film_id = ? AND uid = ? AND round = ?";
 		return jdbcTemplate.queryForBeans(sql, Fc_film_review.class, film_id, user_id, round);
 	}

 	@Override
-	public List<Fc_film_doubtful_point> queryDoubtfulList(Integer user_id, Long film_id) {
+	public List<Fc_film_doubtful_point> queryDoubtfulList(Long user_id, Long film_id) {
 		String sql = "SELECT * FROM fc_film_doubtful_point WHERE uid = ? AND film_id = ?";
 		return jdbcTemplate.queryForBeans(sql, Fc_film_doubtful_point.class, user_id, film_id);
 	}
@@ -87,12 +87,12 @@ public class UserReviewServiceImpl implements UserReviewService {
 	}

 	@Override
-	public Integer queryRound(Integer user_id, Long film_id) {
+	public Integer queryRound(Long user_id, Long film_id) {
 		return jdbcTemplate.queryForInt("select round from fc_film_allot where film_id = ? and uid = ?", film_id, user_id);
 	}

 	@Override
-	public Rjx queryStatistics(Integer user_id) {
+	public Rjx queryStatistics(Long user_id) {
 		String sql0 = "SELECT count(*) as total FROM fc_view_allot WHERE uid = ?";
 		String sql1 = "SELECT count(*) as total FROM fc_view_allot WHERE uid = ? AND review_state = 4";
 		String sql2 = "SELECT count(*) as total FROM fc_view_allot WHERE uid = ? AND review_state = 2";

--- a/src/main/java/com/egolm/film/api/user/service/impl/UserTokenServiceImpl.java
+++ b/src/main/java/com/egolm/film/api/user/service/impl/UserTokenServiceImpl.java
 package com.egolm.film.api.user.service.impl;

-import java.util.List;
-import java.util.Map;
-
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpSession;

 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;

-import com.egolm.common.StringUtil;
 import com.egolm.common.jdbc.JdbcTemplate;
+import com.egolm.film.api.common.service.Messages;
 import com.egolm.film.api.user.service.UserTokenService;
+import com.egolm.film.bean.Fc_user;
+import com.egolm.film.config.Common;
 import com.egolm.film.config.WebMvcConfig;
 import com.egolm.film.config.XException;
 import com.egolm.film.model.LoginToken;
@@ -22,38 +21,40 @@ public class UserTokenServiceImpl implements UserTokenService {
 	@Autowired
 	private JdbcTemplate jdbcTemplate;
 	
+	@Autowired
+	private Messages messages;
+	
 	@Override
 	public LoginToken doLogin(String username, String password) {
 		HttpSession session = WebMvcConfig.getSession();
-		String md5String = StringUtil.toMD5HexString(password).toLowerCase();
-		String loginSql = "select * from fc_user where username = ? and password = ?";
-		List<Map<String, Object>> list = this.jdbcTemplate.queryForList(loginSql, username, md5String);
-		if(list != null) {
-			if(list.size() == 1) {
-				Map<String,Object> map = list.get(0);
-				Integer state = (Integer)map.get("state");
-				if(state == 1) {
-					Integer uid = (Integer)map.get("uid");
-					LoginToken token = new LoginToken(uid);
-					session.setAttribute(TOKEN_NAME, token);
-					Cookie cookie = WebMvcConfig.getCookie(JSESSIONID);
-					if(cookie != null) {
-						String sql = "update fc_user set token = ? where id = ?";
-						jdbcTemplate.executeUpdate(sql, cookie.getValue(), uid);
-					}
-					return token;
-				} else if(state == 2) {
-					throw new XException("用户已禁用");
-				} else {
-					throw new XException("用户状态未知");
+		Fc_user user = null;
+		try {
+			user = this.jdbcTemplate.queryForBean("select * from fc_user where username = ?", Fc_user.class, username);
+		} catch (Exception e) {
+			throw new XException(messages.get("err.user_pwd_err"));
+		}
+		Integer state = user.getState();
+		if(state == 1) {
+			String salt = user.getSalt();
+			String dbPwd = user.getPassword();
+			String encodePassword = Common.encodePassword(password, salt);
+			if(encodePassword.equals(dbPwd)) {
+				Long uid = user.getUid();
+				LoginToken token = new LoginToken(uid);
+				session.setAttribute(TOKEN_NAME, token);
+				Cookie cookie = WebMvcConfig.getCookie(JSESSIONID);
+				if(cookie != null) {
+					String sql = "update fc_user set token = ? where id = ?";
+					jdbcTemplate.executeUpdate(sql, cookie.getValue(), uid);
 				}
-			} else if(list.size() == 0) {
-				throw new XException("用户名或密码错误");
+				return token;
 			} else {
-				throw new XException("用户登陆信息重复,请联系管理员");
+				throw new XException(messages.get("err.user_pwd_err"));
 			}
+		} else if(state == 2) {
+			throw new XException(messages.get("err.user_disabled"));
 		} else {
-			throw new XException("用户名或密码错误");
+			throw new XException(messages.get("err"));
 		}
 	}