/*********************************************************************************** * @@ Program Name : HttpDeptList.java Description : 기관에속한 부서들의 목록 Author : 강원중 Create Date : 2003-12-16 History : * @@ ***********************************************************************************/ package kr.co.kihyun.beans.user; import java.io.IOException; import java.io.PrintWriter; import java.sql.ResultSet; import java.sql.SQLException; //import java.util.ArrayList; import java.util.List; //import javax.jdo.JDOObjectNotFoundException; //import javax.jdo.PersistenceManager; //import javax.jdo.Transaction; //import javax.servlet.ServletException; //import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; //import kr.co.kihyun.beans.entity.MDept; //import kr.co.kihyun.beans.entity.MUser; //import kr.co.kihyun.beans.entity.UserPart; //import kr.co.kihyun.beans.entity.util.MPersistenceManager; //import kr.co.kihyun.beans.entity.util.PMF; //import kr.co.kihyun.beans.totsys.report.Report; import kr.co.kihyun.db.DBManager; //import kr.co.kihyun.lang.Encoder; //import kr.co.kihyun.moumi.MoumiConfig; //import kr.co.kihyun.lang.MString; //import kr.co.kihyun.text.html.ServletUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class HttpProveRecogSet extends DBManager { private List recogid; private ResultSet rs = null; private static final Logger LOG = LoggerFactory.getLogger(HttpProveRecogSet.class); private String[] ID = null; private String[] RECOG = null; private String[] RECOG_NUM = null; private String[] RECOG_USER_ID = null; private String[] REPORT_ID = null; private String[] RECOGFLAG = null; public HttpProveRecogSet(String docName,Long reportID,String reportType,String typeList,Long repoadminID,String userID,String GetID,HttpServletRequest req, HttpServletResponse res) throws SQLException, IOException { String[] reoogUserDList = null; String strUserID = null; Long maxId = null; String sql = null; String sql2 = null; Long tmpID = null; String usID = HttpSSOLogin.getLoginID(req); int sysAuth = HttpSSOLogin.getSysAuth(req); strUserID = userID; String RecogId = null; ResultSet rs = null; res.setContentType("text/html;charset=UTF-8"); PrintWriter out = res.getWriter(); try { tmpID = repoadminID; UpdateRecogRepoAdm(reportID,strUserID); SelectMaxId sm = new SelectMaxId(reportID); maxId = sm.getMaxId(); //System.out.println("::userID:::"+strUserID+" tmpID::"+tmpID+" maxId::::"+maxId); if(tmpID < maxId){ tmpID = tmpID + 1; UpdateTotReport(tmpID,reportID); }else{ UpdateTotReportFin(maxId,reportID); } //v2. 1.HTTP 응답분할 : Update by KWON,HAN // res.sendRedirect("/totsys/repoper/mydocbox/approve/report_list.jsp?reportID="+reportID+"&totperInfo=true&reportType=COMPLETE&doctName="+docName+"&repoadminID="+repoadminID); // 수정 : 외부 입력값 필터링 String filtered_docName = docName.replaceAll("\r","").replaceAll("\n",""); LOG.debug("v2 1.HTTP 응답분할 : HttpProveRecogSet.HttpProveRecogSet() filtered_docName={}, Not Test", filtered_docName); //v2. 3.신뢰되지 않는 URL 주소로 자동 접속 연결_CWE-601 : Update by KWON,HAN // res.sendRedirect("/totsys/repoper/mydocbox/approve/report_list.jsp?reportID="+reportID+"&totperInfo=true&reportType=COMPLETE&doctName="+filtered_docName+"&repoadminID="+repoadminID); // 다른 페이지 이동하는 URL 리스트를 만듬 String connURL = ""; String allowURL[] = { "/totsys/repoper/mydocbox/approve/report_list.jsp" }; connURL = allowURL[0] + "?reportID="+reportID+"&totperInfo=true&reportType=COMPLETE&doctName="+filtered_docName+"&repoadminID="+repoadminID; LOG.debug("v2 3.신뢰되지 않는 URL 주소로 자동 접속 연결_CWE-601 : HttpProveRecogSet.HttpProveRecogSet() connURL={} : Not Test", connURL); res.sendRedirect(connURL); return; }catch (Exception e){ e.printStackTrace(); } finally { try { if (pstmt != null) pstmt.close(); } catch (SQLException ex) { ex.printStackTrace(); } try { if (con != null) con.close(); } catch (SQLException ex) { ex.printStackTrace(); } try { if (rs != null) rs.close(); } catch (SQLException ex) { ex.printStackTrace(); } } } public void UpdateRecogRepoAdm(Long reportID,String strUserID) throws SQLException { String tmpUserID = null; String acceptFlag = null; ResultSet rs = null; PrintWriter out=null; try { tmpUserID = strUserID; acceptFlag = "Y"; String sql="UPDATE MOUMI_REPOADM SET RECOG = 2,ACCEPTFLAG=? WHERE REPORT_ID = ? AND RECOG_USER_ID = ?"; execUpdate(sql,acceptFlag,reportID,tmpUserID); return; }catch (Exception e){ e.printStackTrace(); } finally { if(null != rs) rs.close(); execClose(); } } public void UpdateTotReport(Long tmpID,Long reportID) throws SQLException { ResultSet rs = null; PrintWriter out=null; try { String sql="UPDATE MOUMI_TOT_REPORT SET CURRENT_REPOADM_ID = ? WHERE ID =?"; execUpdate(sql,tmpID,reportID); return; }catch (Exception e){ e.printStackTrace(); } finally { if(null != rs) rs.close(); execClose(); } } public void UpdateTotReportFin(Long maxId,Long reportID) throws SQLException { ResultSet rs = null; PrintWriter out=null; try { String sql="UPDATE MOUMI_TOT_REPORT SET CURRENT_REPOADM_ID = ?,PRSS = 6 WHERE ID =?"; execUpdate(sql,maxId,reportID); return; }catch (Exception e){ e.printStackTrace(); } finally { if(null != rs) rs.close(); execClose(); } } }