jskim
/
moumiKnu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
knu project
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
69 MiB
 
 
 
 
 
 
Tag: Branch: Tree: 1420a4cf07
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1420a4cf07'
${ noResults }
moumiKnu/src_bak/kr/co/kihyun/beans/user/UserApproModify.java

154 lines
8.6 KiB
Raw Blame History

package kr.co.kihyun.beans.user;
//import kr.co.kihyun.tree.*;
//import java.sql.ResultSet;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.SQLException;
//import javax.servlet.ServletException;
//import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import kr.co.kihyun.beans.entity.SubmitReport;
//import kr.co.kihyun.lang.Encoder;
//import kr.co.kihyun.lang.MInteger;
//import kr.co.kihyun.lang.MLong;
import kr.co.kihyun.moumi.MoumiConfig;
import kr.co.kihyun.db.DBManager;
import kr.co.kihyun.lang.MString;
//import kr.co.kihyun.beans.user.HttpSSOLogin;
import kr.co.kihyun.text.html.ServletUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class UserApproModify extends DBManager
{
private static final Logger LOG = LoggerFactory.getLogger(UserApproModify.class);
public UserApproModify(HttpServletRequest req,HttpServletResponse res)
{
String userId=null;
String docID=null;
String deptID=null;
String userID=null;
String Appro=null;
String reportID=null;
String reportType=null;
String[] reportIDList = null;
String[] userIDList = null;
String strGubun = null;
String usID = HttpSSOLogin.getLoginID(req);
int sysAuth;
PrintWriter out=null;
try
{
res.setContentType("text/html;charset=UTF-8");
out = res.getWriter();
if(!HttpSSOLogin.isLogin(req))
{
String connURL = "location='/totsys/login/login.jsp';";
out.println(ServletUtil.getJavaScript(connURL));
return;
}
reportID=MString.checkNull(req.getParameter("reportID"),"null");
userId=MString.checkNull(req.getParameter("userID"),null);
reportType= MString.checkNull(req.getParameter("reportType"),"null");
strGubun = MString.checkNull(req.getParameter("strGubun"),"null");
userIDList = userId.split(",");
reportIDList = reportID.split(",");
SubmitReport submitReport = new SubmitReport();
submitReport.getSysAuth(usID);
sysAuth = submitReport.getAuthNum();
String tmpSysAuth = Integer.toString(sysAuth);
for(int i = 1; i < userIDList.length; i++){
//System.out.print("usID:::"+usID+"::::sysAuth::"+tmpSysAuth+"\n");
String tmpStr = userIDList[i].replace(" ","");
String tmpSysAuthRlpc = tmpSysAuth.replace(" ","");
String tmpGubun = strGubun.replace(" ","");
int j=0;
j = i-1;
if(usID.equals(tmpStr)){
String sql="UPDATE MOUMI_TOT_REPORT SET APPRO=? WHERE ID=?";
//System.out.println("user::sql:::::"+sql+"::strGubun:::"+strGubun+":::id:"+reportIDList[j]);
execUpdate(sql,strGubun,reportIDList[j]);
if(tmpGubun.equals("1")){
out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.approModify")));
}else{
out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.approCancel")));
}
out.println(ServletUtil.redirect("/totsys/repoper/mydocbox/endbox/report_list.jsp?reload=yes&reportID="+reportID+"&reportType="+reportType));
}else if(tmpSysAuthRlpc.equals("5")){
String sql="UPDATE MOUMI_TOT_REPORT SET APPRO=? WHERE ID=?";
//System.out.println("admin 5::sql:::::"+sql+"::strGubun:::"+strGubun+":::id:"+reportIDList[j]);
execUpdate(sql,strGubun,reportIDList[j]);
if(tmpGubun.equals("1")){
out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.approModify")));
}else{
out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.approCancel")));
}
out.println(ServletUtil.redirect("/totsys/repoper/mydocbox/endbox/report_list.jsp?reload=yes&reportID="+reportID+"&reportType="+reportType));
}else if(tmpSysAuthRlpc.equals("7")){
String sql="UPDATE MOUMI_TOT_REPORT SET APPRO=? WHERE ID=?";
//System.out.println("admin 7::sql:::::"+sql+"::strGubun:::"+strGubun+":::id:"+reportIDList[j]);
execUpdate(sql,strGubun,reportIDList[j]);
if(tmpGubun.equals("1")){
out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.approModify")));
}else{
out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.approCancel")));
}
out.println(ServletUtil.redirect("/totsys/repoper/mydocbox/endbox/report_list.jsp?reload=yes&reportID="+reportID+"&reportType="+reportType));
}else if(tmpSysAuthRlpc.equals("9")){
String sql="UPDATE MOUMI_TOT_REPORT SET APPRO=? WHERE ID=?";
//System.out.println("admin 9::sql:::::"+sql+"::strGubun:::"+strGubun+":::id:"+reportIDList[j]);
execUpdate(sql,strGubun,reportIDList[j]);
if(tmpGubun.equals("1")){
out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.approModify")));
}else{
out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.approCancel")));
}
out.println(ServletUtil.redirect("/totsys/repoper/mydocbox/endbox/report_list.jsp?reload=yes&reportID="+reportID+"&reportType="+reportType));
}else{
out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.approModifyNoPer")));
out.println(ServletUtil.redirect("/totsys/repoper/mydocbox/endbox/report_list.jsp?reload=yes&reportID="+reportID+"&reportType="+reportType));
}
}
//44.적절하지 않은 예외처리(광범위예외클래스)_CWE-754 Add by YOUNGJUN,CHO
}catch (IOException ioex){
ioex.printStackTrace();
out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.approModifyCancel")));
out.println(ServletUtil.redirect("/totsys/repoper/mydocbox/endbox/report_list.jsp?reload=yes&reportID="+reportID+"&reportType="+reportType));
}catch (SQLException sqlex){
sqlex.printStackTrace();
out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.approModifyCancel")));
out.println(ServletUtil.redirect("/totsys/repoper/mydocbox/endbox/report_list.jsp?reload=yes&reportID="+reportID+"&reportType="+reportType));
//++++++++++++++++++++++++++++++++++++++++++++++++
}catch (Exception e){
e.printStackTrace();
out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.approModifyCancel")));
//v2. 9.크로스사이트 스크립트 (PrintWrier) : Update by KWON,HAN
// out.println(ServletUtil.redirect("/totsys/repoper/mydocbox/endbox/report_list.jsp?reload=yes&reportID="+reportID+"&reportType="+reportType));
// 수정 : 외부 입력값 필터링
String callbackFunc = "/totsys/repoper/mydocbox/endbox/report_list.jsp?reload=yes&reportID="+reportID+"&reportType="+reportType;
String filtered_callbackFunc = callbackFunc.replaceAll("<","").replaceAll(">","").replaceAll(",","");
LOG.debug("v2 9.크로스사이트 스크립트 (PrintWrier) : UserApproModify.UserApproModify() filtered_callbackFunc={}, Not Test", filtered_callbackFunc);
out.println(ServletUtil.redirect(filtered_callbackFunc));
//========================================
}
finally {
execClose();
}
}
}