package kr.co.kihyun.beans.user; //import kr.co.kihyun.tree.*; //import java.sql.ResultSet; //import java.io.IOException; import java.io.IOException; import java.io.PrintWriter; import java.sql.SQLException; //import javax.servlet.ServletException; //import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; //import kr.co.kihyun.lang.Encoder; //import kr.co.kihyun.lang.MInteger; //import kr.co.kihyun.lang.MLong; import kr.co.kihyun.moumi.MoumiConfig; import kr.co.kihyun.db.DBManager; import kr.co.kihyun.lang.MString; //import kr.co.kihyun.beans.user.HttpSSOLogin; import kr.co.kihyun.text.html.ServletUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class UserModify extends DBManager { private static final Logger LOG = LoggerFactory.getLogger(UserModify.class); public UserModify(HttpServletRequest req,HttpServletResponse res) { String userId=null; PrintWriter out=null; String phone=null; String email=null; String deptID=null; String sysAuth=null; String rdDualPostYn=null; //2014.08.19 Add by KWON,HAN // String[] chkClearModYnValues=null; //2014.08.19 Add by KWON,HAN // boolean chkClearModYn = false; String rdModYn=null; //2014.08.19 Add by KWON,HAN try { res.setContentType("text/html;charset=UTF-8"); out = res.getWriter(); if(!HttpSSOLogin.isLogin(req)) { String connURL = "location='/totsys/login/login.jsp';"; out.println(ServletUtil.getJavaScript(connURL)); return; } userId=MString.checkNull(req.getParameter("userID"),null); phone=MString.checkNull(req.getParameter("phone"),"null"); email=MString.checkNull(req.getParameter("email"),"null"); deptID=MString.checkNull(req.getParameter("deptID"),"null"); sysAuth=MString.checkNull(req.getParameter("findOption"),"null"); //String sysAuth=MString.checkNull(req.getParameter("sysAuth"),"null"); //UI에서 값을 받아올것 rdDualPostYn=MString.checkNull(req.getParameter("rdDualPostYn"),null); //2014.08.19 Add by KWON,HAN // chkClearModYnValues=req.getParameterValues("chkClearModYn"); //2014.08.19 Add by KWON,HAN // chkClearModYn = chkClearModYnValues != null; rdModYn=MString.checkNull(req.getParameter("rdModYn"),null); //2014.08.19 Add by KWON,HAN if(userId.equals("null")) userId=null; if(phone.equals("null")) phone=null; // System.out.println("phone::"+phone); // System.out.println("email::"+email); // System.out.println("sysAuth::"+sysAuth); // System.out.println("rdDualPostYn::"+rdDualPostYn); //System.out.println("rdModYn::"+rdModYn); // System.out.println("userId::"+userId); //String sql="UPDATE MOUMI_MUSER SET PHONE=?,EMAIL=? WHERE ID=?"; //2014.08.19 Update by KWON,HAN // String sql="UPDATE MOUMI_MUSER SET PHONE=?,EMAIL=?,SYS_AUTH=? WHERE ID=?"; //추가할것 // // execUpdate(sql,phone,email,sysAuth,userId); // System.out.println("sql:::::"+sql+"::phone::"+phone+"::email::"+email+":::userId:"+userId+":::SYS_AUTH::"+sysAuth); // out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.modify"))); //----------------------------- String sql="UPDATE MOUMI_MUSER SET PHONE=?,EMAIL=?,SYS_AUTH=?, DUAL_POST_YN=NVL(?,DUAL_POST_YN), MOD_YN=NVL(?,MOD_YN), DEPT_ID=?, ORIGN_DEPT_ID = NULL WHERE ID=?"; //추가할것 execUpdate(sql,phone,email,sysAuth, rdDualPostYn, rdModYn, deptID, userId); //System.out.println("sql:::::"+sql); //+++++++++++++++++++++++++++++ out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.alter"))); //변경 되었습니다. out.println(ServletUtil.redirect("/totsys/sysadm/user/user_view.jsp?reload=yes&userID="+userId+"&sysAuth="+sysAuth)); //44.적절하지 않은 예외처리(광범위예외클래스)_CWE-754 Add by YOUNGJUN,CHO } catch (IOException ioex) { ioex.printStackTrace(); out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.notCoporationChangeAdmin"))); out.println(ServletUtil.redirect("/totsys/sysadm/user/user_view.jsp?reload=yes&userID="+userId+"&sysAuth="+sysAuth)); } catch (SQLException sqlex) { sqlex.printStackTrace(); out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.notCoporationChangeAdmin"))); out.println(ServletUtil.redirect("/totsys/sysadm/user/user_view.jsp?reload=yes&userID="+userId+"&sysAuth="+sysAuth)); //++++++++++++++++++++++++++++++++++++++++++++++++ } catch (Exception e) { e.printStackTrace(); out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.notCoporationChangeAdmin"))); //v2. 9.크로스사이트 스크립트 (PrintWrier) : Update by KWON,HAN // out.println(ServletUtil.redirect("/totsys/sysadm/user/user_view.jsp?reload=yes&userID="+userId+"&sysAuth="+sysAuth)); // 수정 : 외부 입력값 필터링 String callbackFunc = "/totsys/sysadm/user/user_view.jsp?reload=yes&userID="+userId+"&sysAuth="+sysAuth; String filtered_callbackFunc = callbackFunc.replaceAll("<","").replaceAll(">","").replaceAll(",",""); LOG.debug("v2 9.크로스사이트 스크립트 (PrintWrier) : UserModify.UserModify() filtered_callbackFunc={}, Not Test", filtered_callbackFunc); out.println(ServletUtil.redirect(filtered_callbackFunc)); //======================================== } finally { execClose(); } } }