最近写一个小项目,要实现一个帐号一个人使用。后登陆的挤掉前面登陆的。新手不太懂,希望有人可以教教我。下面是登陆代码,听说只要在下面代码中加个判断就行了,可是我不太懂。新手分比较少import java.util.Map;import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import com.icss.helper.BatchSql;
import com.icss.service.BaseService;/**
* 登陆相关功能
* @author shixiaolong
* Jun 7, 2012
*/
public class LoginService extends BaseService{
/**
* @param request
* @return
*/
public int login(HttpServletRequest request){
String username = req.getValue(request, "username");
String password = req.getValue(request, "password");
String irand = req.getValue(request, "irand");//验证码
//首先判断账户是否存在
String sql="select count(1) from tbl_user where nickname=? and userstate=1 ";
int result = db.queryForInt(sql,new Object[]{username});
if(result!=1){
//用户不存在
return -1;
}
sql="select count(1) from tbl_user where nickname=? and password=fn_md5(?) and userstate=1 ";
result = db.queryForInt(sql,new Object[]{username,password});
if(result!=1){
//密码不正确
String pwwrong_flag = (String)request.getSession().getAttribute("pwwrong_flag");
if(pwwrong_flag==null||"".equals(pwwrong_flag)){
request.setAttribute("username", username);
this.recordLoginHisFail(username, request);
return -2;}
}
String rand = (String)request.getSession().getAttribute("rand");
if(!irand.equals(rand)){
request.setAttribute("username", username);
request.setAttribute("password", password);
this.recordLoginHisFail(username, request);
//验证码错误
return -3;
}
//设置session 时间 单位:秒
request.getSession().setMaxInactiveInterval(1800);
log.debug("该“"+req.getValue(request, "username")+"”用户登陆,会话有效时间为半个小时!");
//把用户信息放入session 中
sql="select * from tbl_user where nickname=? ";
Map user = db.queryForMap(sql,new Object[]{username});
request.getSession().setAttribute("user",user);
this.recordLoginHisSuccess(username, request);
///
String sql1="select count(*) from tbl_login_his where user_id=?";
result = db.queryForInt(sql1,new Object[]{username});
if(result==1){
return -4;
}
else{
return 1;}
}
/**
* 登陆流水成功
*/
public void recordLoginHisSuccess(String username,HttpServletRequest request){
String ipaddress = this.getIpAddr(request);
String sql="insert into tbl_login_his(user_id,login_date,is_success,ip_address) values(?,sysdate,1,?)";
int result = db.update(sql,new Object[]{username,ipaddress});
//如果登陆不成功,保存日志
if(result!=1){
log.error("----登陆流水入库失败---");
}
}
/**
* 登陆流水失败
*/
public void recordLoginHisFail(String username,HttpServletRequest request){
String ipaddress = this.getIpAddr(request);
String sql="insert into tbl_login_his(user_id,login_date,is_success,ip_address) values(?,sysdate,0,?)";
int result = db.update(sql,new Object[]{username,ipaddress});
//如果登陆不成功,保存日志
if(result!=1){
log.error("----登陆流水入库失败---");
}
}
/**
* 获取客户端的真实地址
* @param request
* @return
*/
public String getIpAddr(HttpServletRequest request) {
String ip = request.getHeader("x-forwarded-for");
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
return ip;
}
/**
* 退出登陆
* @return
*/
public String loginOff(HttpServletRequest request){
HttpSession session = request.getSession();
session.removeAttribute("user");
session.invalidate();
return "error";
}
public String loginOffbank(HttpServletRequest request){
HttpSession session = request.getSession();
session.removeAttribute("bank");
session.invalidate();
return "error";
}
/**
* 密码修改
* @return
*/
public int changePassword(HttpServletRequest request){
String new_password_1 = req.getValue(request, "new_password_1");
String new_password_2 = req.getValue(request, "new_password_2");
String current_password = req.getValue(request, "current_password");
String currentpassword = db.queryForString("select fn_md5(?) from dual",new Object[]{current_password});
Map user = (Map)request.getSession().getAttribute("user");
String userid = str.get(user, "USERID");
String old_password = str.get(user, "PASSWORD");
if(!currentpassword.equals(old_password)){
return -1;
}
if(!new_password_1.equals(new_password_2)){
request.setAttribute("current_password", current_password);
return -2;
}else{ String new_password = db.queryForString("select fn_md5(?) from dual",new Object[]{new_password_1});
BatchSql batchSql = new BatchSql();
String sql="update tbl_user set password = ? where userid = ? and userstate = 1 ";
batchSql.addBatch(sql,new Object[]{new_password,userid});
sql="insert into tbl_password_mod_log(userid,modify_date,old_password,new_password) " +
" values(?,sysdate,?,?)";
batchSql.addBatch(sql,new Object[]{userid,old_password,new_password});
int result = db.doInTransaction(batchSql);
if(result!=1){
log.debug("-------密码修改保存失败----------");
return -3;
}else{
sql="select * from tbl_user where userid=? ";
user = db.queryForMap(sql,new Object[]{userid});
request.getSession().setAttribute("user",user);
return 1;
}
}
}}
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import com.icss.helper.BatchSql;
import com.icss.service.BaseService;/**
* 登陆相关功能
* @author shixiaolong
* Jun 7, 2012
*/
public class LoginService extends BaseService{
/**
* @param request
* @return
*/
public int login(HttpServletRequest request){
String username = req.getValue(request, "username");
String password = req.getValue(request, "password");
String irand = req.getValue(request, "irand");//验证码
//首先判断账户是否存在
String sql="select count(1) from tbl_user where nickname=? and userstate=1 ";
int result = db.queryForInt(sql,new Object[]{username});
if(result!=1){
//用户不存在
return -1;
}
sql="select count(1) from tbl_user where nickname=? and password=fn_md5(?) and userstate=1 ";
result = db.queryForInt(sql,new Object[]{username,password});
if(result!=1){
//密码不正确
String pwwrong_flag = (String)request.getSession().getAttribute("pwwrong_flag");
if(pwwrong_flag==null||"".equals(pwwrong_flag)){
request.setAttribute("username", username);
this.recordLoginHisFail(username, request);
return -2;}
}
String rand = (String)request.getSession().getAttribute("rand");
if(!irand.equals(rand)){
request.setAttribute("username", username);
request.setAttribute("password", password);
this.recordLoginHisFail(username, request);
//验证码错误
return -3;
}
//设置session 时间 单位:秒
request.getSession().setMaxInactiveInterval(1800);
log.debug("该“"+req.getValue(request, "username")+"”用户登陆,会话有效时间为半个小时!");
//把用户信息放入session 中
sql="select * from tbl_user where nickname=? ";
Map user = db.queryForMap(sql,new Object[]{username});
request.getSession().setAttribute("user",user);
this.recordLoginHisSuccess(username, request);
///
String sql1="select count(*) from tbl_login_his where user_id=?";
result = db.queryForInt(sql1,new Object[]{username});
if(result==1){
return -4;
}
else{
return 1;}
}
/**
* 登陆流水成功
*/
public void recordLoginHisSuccess(String username,HttpServletRequest request){
String ipaddress = this.getIpAddr(request);
String sql="insert into tbl_login_his(user_id,login_date,is_success,ip_address) values(?,sysdate,1,?)";
int result = db.update(sql,new Object[]{username,ipaddress});
//如果登陆不成功,保存日志
if(result!=1){
log.error("----登陆流水入库失败---");
}
}
/**
* 登陆流水失败
*/
public void recordLoginHisFail(String username,HttpServletRequest request){
String ipaddress = this.getIpAddr(request);
String sql="insert into tbl_login_his(user_id,login_date,is_success,ip_address) values(?,sysdate,0,?)";
int result = db.update(sql,new Object[]{username,ipaddress});
//如果登陆不成功,保存日志
if(result!=1){
log.error("----登陆流水入库失败---");
}
}
/**
* 获取客户端的真实地址
* @param request
* @return
*/
public String getIpAddr(HttpServletRequest request) {
String ip = request.getHeader("x-forwarded-for");
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
return ip;
}
/**
* 退出登陆
* @return
*/
public String loginOff(HttpServletRequest request){
HttpSession session = request.getSession();
session.removeAttribute("user");
session.invalidate();
return "error";
}
public String loginOffbank(HttpServletRequest request){
HttpSession session = request.getSession();
session.removeAttribute("bank");
session.invalidate();
return "error";
}
/**
* 密码修改
* @return
*/
public int changePassword(HttpServletRequest request){
String new_password_1 = req.getValue(request, "new_password_1");
String new_password_2 = req.getValue(request, "new_password_2");
String current_password = req.getValue(request, "current_password");
String currentpassword = db.queryForString("select fn_md5(?) from dual",new Object[]{current_password});
Map user = (Map)request.getSession().getAttribute("user");
String userid = str.get(user, "USERID");
String old_password = str.get(user, "PASSWORD");
if(!currentpassword.equals(old_password)){
return -1;
}
if(!new_password_1.equals(new_password_2)){
request.setAttribute("current_password", current_password);
return -2;
}else{ String new_password = db.queryForString("select fn_md5(?) from dual",new Object[]{new_password_1});
BatchSql batchSql = new BatchSql();
String sql="update tbl_user set password = ? where userid = ? and userstate = 1 ";
batchSql.addBatch(sql,new Object[]{new_password,userid});
sql="insert into tbl_password_mod_log(userid,modify_date,old_password,new_password) " +
" values(?,sysdate,?,?)";
batchSql.addBatch(sql,new Object[]{userid,old_password,new_password});
int result = db.doInTransaction(batchSql);
if(result!=1){
log.debug("-------密码修改保存失败----------");
return -3;
}else{
sql="select * from tbl_user where userid=? ";
user = db.queryForMap(sql,new Object[]{userid});
request.getSession().setAttribute("user",user);
return 1;
}
}
}}
解决方案 »
- spring注入失败(100分在线等,能解决还可以考虑追加)
- 请教一下这个图是用什么图画的
- 求助:mybatis 动态建表的问题,要求表名随着月份变动的,在线等
- jdk代理与cglib代理问题
- 一个js的date问题
- 搜索引擎 开发技术.QQ群10523238
- struts中想用2个logic:iterator做嵌套循环,为什么总是报Cannot create iterator for this collection?
- 大家参与讨论 :关于操作系统和开发工具的选择问题。
- IIS+TOMCAT刷新回首页的问题
- WebLogic中如何配置URL?
- 菜鸟问题:java中的方法内参数如何互相调用
- webservice问题,java调用webservice方法报错
程序逻辑如下所示:
用户登录时,你这样写:Java code:
User user = dao.login(userName, password);// 数据库中判断用户名和密码
if (null != user) {// 表示用户存在
session.setAttribute("user", user);// 把用户放进session中
application.setAttribute(userName, session.getId());/* 把用户所在的sessionId放进application中,首先要明白一点,一个session对应一个浏览器,其次要注意一点,userName必须是唯一的*/
}当用户访问到其他url的时候,你可以在过滤器或你的拦截器中这样写:Java code:
User user = (User) session.getAttribute("user");// 从session中取出用户
if (null == user) {// 未登录或者登录已经过期
response.sendRedirect(request.getContextPath());// 跳转到首页或登录页面
}
String sessionId = (String) application.getAttribute(user.getUserName);
if (null == sessionId || !sessionId.equals(session.getId())) {/*这说明用户已经在其他电脑或其它浏览器登录了,那么之前登录的session就无效了,自动被后面的登录给踢掉*/
response.sendRedirect(request.getContextPath());// 跳转到首页或登录页面
}
chain.doFilter(request, response);// 通过验证,放行用户进入目标url
单点登录和用户的IP没有关系,lz不需要整的这么复杂,
只要好好使用session和application,这些问题都是小kiss!!