moumiKnu/src_bak/kr/co/kihyun/tree/UserRegist.java

package kr.co.kihyun.tree;

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.SQLException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import kr.co.kihyun.lang.MInteger;
import kr.co.kihyun.moumi.MoumiConfig;
import kr.co.kihyun.db.DBManager;
import kr.co.kihyun.lang.MString;
import kr.co.kihyun.beans.user.HttpSSOLogin;
import kr.co.kihyun.text.html.ServletUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class UserRegist extends DBManager {
    private static final Logger LOG = LoggerFactory.getLogger(UserRegist.class);
    
    public UserRegist(HttpServletRequest req,HttpServletResponse res) {
        
        String userId=null;
        PrintWriter out=null;
        
        try {
            res.setContentType("text/html;charset=UTF-8");
            out = res.getWriter();
            
            if(!HttpSSOLogin.isLogin(req)) {
                    String connURL = "location='/totsys/login/login.jsp';";
                    out.println(ServletUtil.getJavaScript(connURL));
                    return;
            }
            
            String deptId=MString.checkNull(req.getParameter("deptID"),"null");
            userId=MString.checkNull(req.getParameter("userID"),"null");
            String passwd=MString.checkNull(req.getParameter("passwd"),"null");
            String userName=MString.checkNull(req.getParameter("userName"),"null");
            String dutyName=MString.checkNull(req.getParameter("dutyName"),"null");
            String phone=MString.checkNull(req.getParameter("phone"),"null");
            String email=MString.checkNull(req.getParameter("email"),"null");
            
            if(deptId.equals("null")) {
                deptId=null;
            }
            if(userId.equals("null")) {
                userId=null;
            }
            if(passwd.equals("null")) {
                passwd=null;     
            }
            if(userName.equals("null")) {
                userName=null;
            }
            if(dutyName.equals("null")) {
                dutyName=null;
            }
            if(phone.equals("null")) {
                phone=null;       
            }
            if(email.equals("null")) {
                email=null;
            }
            if(deptId!=null && deptId.equals("ROOT")) {
                deptId=null;
            }

            int priority=MInteger.parseInt(req.getParameter("priority"));
            
            String sql="INSERT INTO MOUMI_MUSER (DEL_TYPE,DEPT_ID,DUTY_NAME,EMAIL,ID,NAME,PASSWD,PHONE,PRIORITY,SYS_AUTH) ";
            sql+="VALUES('N',?,?,?,?,?,?,?,?,2)";
            
            execUpdate(sql,deptId,dutyName,email,userId,userName,passwd,phone,priority);
            
            out.println(ServletUtil.alert("새로운 데이터가 추가되었습니다."));
            out.println(ServletUtil.redirect("/totsys/sysadm/user/user_view.jsp?reload=yes&userID="+userId));
            
        //44.적절하지 않은 예외처리(광범위예외클래스)_CWE-754 : Add by YOUNGJUN,CHO    
        } catch (IOException ioex) {
            ioex.printStackTrace();
            out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.notCoporationChangeAdmin")));
            out.println(ServletUtil.redirect("/totsys/sysadm/org/empty.jsp"));
        } catch (SQLException sqlex) {
            sqlex.printStackTrace();
            out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.notCoporationChangeAdmin")));
            out.println(ServletUtil.redirect("/totsys/sysadm/org/empty.jsp"));
        //++++++++++++++++++++++++++++++++++++++++++++++++    
        } catch (Exception e) {
            e.printStackTrace();
            out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.notCoporationChangeAdmin")));
            //v2. 9.크로스사이트 스크립트 (PrintWrier) : Update by KWON,HAN
//            out.println(ServletUtil.redirect("/totsys/sysadm/org/empty.jsp"));
            
            // 수정 : 외부 입력값 필터링
            String callbackFunc = "/totsys/sysadm/org/empty.jsp";
            String filtered_callbackFunc = callbackFunc.replaceAll("<","").replaceAll(">","").replaceAll("&","").replaceAll(",","");
            LOG.debug("v2 9.크로스사이트 스크립트 (PrintWrier) : UserRegist.UserRegist() filtered_callbackFunc={}, Not Test", filtered_callbackFunc);
            out.println(ServletUtil.redirect(filtered_callbackFunc));      
            //======================================== 
            
        } finally { 
            execClose(); 
        }
    }
}