<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head lang="en">
    <meta charset="UTF-8">
    <title>系統(tǒng)登錄 - 超市訂單管理系統(tǒng)</title>
    <link type="text/css" rel="stylesheet" href="${pageContext.request.contextPath }/css/style.css" rel="external nofollow"  />
    <script type="text/javascript">
	/* if(top.location!=self.location){
	      top.location=self.location;
	 } */
    </script>
</head>
<body class="login_bg">
    <section class="loginBox">
        <header class="loginHeader">
            <h1>超市訂單管理系統(tǒng)</h1>
        </header>
        <section class="loginCont">
	        <form class="loginForm" action="${pageContext.request.contextPath }/login.do"  name="actionForm" id="actionForm"  method="post" >
				<div class="info">${error }</div>
				<div class="inputbox">
                    <label for="userCode">用戶名：</label>
					<input type="text" class="input-text" id="userCode" name="userCode" placeholder="請輸入用戶名" required/>
				</div>	
				<div class="inputbox">
                    <label for="userPassword">密碼：</label>
                    <input type="password" id="userPassword" name="userPassword" placeholder="請輸入密碼" required/>
                </div>	
				<div class="subBtn">
					
                    <input type="submit" value="登錄"/>
                    <input type="reset" value="重置"/>
                </div>	
			</form>
        </section>
    </section>
</body>
</html>

<!--設(shè)置歡迎界面-->
    <welcome-file-list>
        <welcome-file>login.jsp</welcome-file>
    </welcome-file-list>

public User getLoginUser(Connection connection, String userCode)throws Exception;

public User getLoginUser(Connection connection, String userCode) throws Exception {
		// TODO Auto-generated method stub
		PreparedStatement pstm = null;
		ResultSet rs = null;
		User user = null;
		if(null != connection){
			String sql = "select * from smbms_user where userCode=?";
			Object[] params = {userCode};
			rs = BaseDao.execute(connection, pstm, rs, sql, params);
			if(rs.next()){
				user = new User();
				user.setId(rs.getInt("id"));
				user.setUserCode(rs.getString("userCode"));
				user.setUserName(rs.getString("userName"));
				user.setUserPassword(rs.getString("userPassword"));
				user.setGender(rs.getInt("gender"));
				user.setBirthday(rs.getDate("birthday"));
				user.setPhone(rs.getString("phone"));
				user.setAddress(rs.getString("address"));
				user.setUserRole(rs.getInt("userRole"));
				user.setCreatedBy(rs.getInt("createdBy"));
				user.setCreationDate(rs.getTimestamp("creationDate"));
				user.setModifyBy(rs.getInt("modifyBy"));
				user.setModifyDate(rs.getTimestamp("modifyDate"));
			}
			//connection設(shè)成null不讓其關(guān)閉，是因為后面業(yè)務(wù)層還需要數(shù)據(jù)庫連接。
			BaseDao.closeResource(null, pstm, rs);
		}
		return user;
	}

public interface UserService {
	 //用戶登錄
	public User login(String userCode, String userPassword);
}

public class UserServiceImpl implements UserService{
	
	private UserDao userDao;
	public UserServiceImpl(){
		userDao = new UserDaoImpl();
	}
	public User login(String userCode, String userPassword) {
		// TODO Auto-generated method stub
		Connection connection = null;
		User user = null;
		try {
			connection = BaseDao.getConnection();
			user = userDao.getLoginUser(connection, userCode);
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}finally{
			BaseDao.closeResource(connection, null, null);
		}
		
		//匹配密碼
		if(null != user){
			if(!user.getUserPassword().equals(userPassword))
				user = null;
		}
		
		return user;
	}
}

public class LoginServlet extends HttpServlet {
    //servlet:控制層，接收用戶的請求，調(diào)用業(yè)務(wù)層代碼。

    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        //從前端獲取用戶名和密碼（接收用戶的請求）
        String userCode = req.getParameter("userCode");
        String userPassword = req.getParameter("userPassword");

        //接收請求后需處理業(yè)務(wù)，業(yè)務(wù)是：和數(shù)據(jù)庫中的數(shù)據(jù)進行對比，所以需調(diào)用業(yè)務(wù)層
        UserServiceImpl userService = new UserServiceImpl();
        User user = userService.login(userCode, userPassword);//這里已經(jīng)把登錄的人給查出來了

        if(user != null){//查有此人，可以登錄
            //將用戶的信息放入Session中
            req.getSession().setAttribute(Constant.USER_SESSION , user);
            //跳轉(zhuǎn)主頁(跳轉(zhuǎn)到另一個頁面，地址變了，所以用重定向)
            resp.sendRedirect("jsp/frame.jsp");

        }else{//查無此人，無法登錄
            //轉(zhuǎn)發(fā)會登錄頁面，順帶提示它，用戶名或密碼錯誤。（(跳轉(zhuǎn)到本頁面，只是在本頁面加了些信息（用戶名或密碼錯誤），地址沒變，所以用請求轉(zhuǎn)發(fā))）
            req.setAttribute("error" , "用戶名或密碼錯誤");//請求可以攜帶數(shù)據(jù)
            req.getRequestDispatcher("login.jsp").forward(req , resp);

        }

    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        doGet(req, resp);
    }
}

<!--servlet-->
    <servlet>
        <servlet-name>LoginServlet</servlet-name>
        <servlet-class>com.tong.servlet.user.LoginServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>LoginServlet</servlet-name>
        <url-pattern>/login.do</url-pattern>
    </servlet-mapping>

public class LogoutServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        req.getSession().removeAttribute(Constant.USER_SESSION);
        resp.sendRedirect(req.getContextPath() + "/login.jsp");
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        doGet(req, resp);
    }
}

<!--注銷-->
    <servlet>
        <servlet-name>LogoutServlet</servlet-name>
        <servlet-class>com.tong.servlet.user.LogoutServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>LogoutServlet</servlet-name>
        <url-pattern>/jsp/logout.do</url-pattern>
    </servlet-mapping>

public class SysFilter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) resp;

        //過濾器，從session中獲取用戶
        User user = (User) request.getSession().getAttribute(Constant.USER_SESSION);
        if(user == null){//session已經(jīng)被移除，或者用戶注銷，或還沒登錄
            response.sendRedirect("error.jsp");
        }else{
            chain.doFilter(req , resp);
        }
    }

    public void destroy() {

    }
}

<!--用戶登錄過濾器-->
    <filter>
        <filter-name>SysFilter</filter-name>
        <filter-class>com.tong.filter.SysFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>SysFilter</filter-name>
        <url-pattern>/jsp/*</url-pattern>
    </filter-mapping>

    //修改當前用戶密碼
	//增刪改返回的都是int類型，查找返回對應(yīng)的實體類；
	public int updatePwd(Connection connection, int id, String pwd)throws Exception;

public int updatePwd(Connection connection, int id, String pwd)
			throws Exception {
		// TODO Auto-generated method stub
		int flag = 0;
		PreparedStatement pstm = null;
		if(connection != null){
			String sql = "update smbms_user set userPassword= ? where id = ?";
			Object[] params = {pwd,id};
			flag = BaseDao.execute(connection, pstm, sql, params);
			BaseDao.closeResource(null, pstm, null);
		}
		return flag;
	}

//根據(jù)userId修改密碼
	public boolean updatePwd(int id, String pwd);

public boolean updatePwd(int id, String pwd) {
		boolean flag = false;//使用標志位，判斷密碼是否修改成功。
		Connection connection = null;
		try{
			connection = BaseDao.getConnection();
			if(userDao.updatePwd(connection,id,pwd) > 0)
				flag = true;
		}catch (Exception e) {
			e.printStackTrace();
		}finally{
			BaseDao.closeResource(connection, null, null);
		}
		return flag;
	}

//實現(xiàn)servlet復(fù)用
public class UserServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        String method = req.getParameter("method");
        if(method.equals("savepwd")){
            this.updatePwd(req , resp);
        }
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        doGet(req, resp);
    }

    public void updatePwd(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        //從session里拿Uer實體類
        Object o = req.getSession().getAttribute(Constant.USER_SESSION);
        String newPassword = req.getParameter("newPassword");

        boolean flag = false;
        if(o != null && newPassword != null && newPassword.length() != 0){//Uer實體類和新密碼newPassword都拿到了，開始調(diào)用業(yè)務(wù)層
            UserServiceImpl userService = new UserServiceImpl();
            flag = userService.updatePwd(((User) o).getId(), newPassword);
            if(flag){
                req.setAttribute("message" , "修改密碼成功，請退出，使用新密碼登錄");
                //密碼修改成功，當前session。因為密碼變了，session的內(nèi)容自然也變了，所以需要移除，又因為密碼變了需要重新登錄，所以session會重新創(chuàng)建
                req.getSession().removeAttribute(Constant.USER_SESSION);
            }else {
                req.setAttribute("message" , "密碼修改失敗");
            }
        }else{
            req.setAttribute("message" , "新密碼有問題");
        }

        req.getRequestDispatcher("pwdmodify.jsp").forward(req , resp);

    }
}