Java電商專案--使用者模組
阿新 • • 發佈:2018-12-11
使用者模組功能:
1.登入
2.使用者名稱校驗
3.註冊
4.忘記密碼
5.提交問題答案
6.重置密碼
7.獲取使用者資訊
8.更新使用者資訊
9.退出登入
一、登入:
1、使用者名稱是否存在
2、如果存在則將密碼轉換為MD5加密形式
3、校驗使用者名稱和密碼是否正確
4、正確則將使用者放入到Session中
具體實現程式碼如下:
Controller層:
@Controller //WEB層(用於標註類本身的用途) @RequestMapping("/user/") //將請求地址的前面加上/user public class UserController { //按型別進行注入 //將iUserService注入進來 @Autowired private IUserService iUserService; //登陸功能 //訪問地址為login.do 訪問方式為POST @RequestMapping(value = "login.do",method = RequestMethod.POST) @ResponseBody //自動通過SpingMvc的json外掛將返回值轉換成json public ServerResponse<User> login(String username, String password, HttpSession session) { ServerResponse<User> response = iUserService.login(username, password); if (response.isSuccess()) //如果登陸成功,將使用者放入到Session中 session.setAttribute(Const.CURRENT_USER, response.getData()); return response; //將響應資訊返回到前端 } }
interface IUserService :
public interface IUserService {
ServerResponse<User> login(String username, String password);
}Service層:
//Service表示業務層 //建立iUserService物件,放入到容器中 @Service("iUserService") public class UserServiceImpl implements IUserService { @Autowired //注入userMapper private UserMapper userMapper; @Override public ServerResponse<User> login(String username, String password) { int resultCount = userMapper.checkUsername(username); //先查詢使用者名稱,看使用者名稱是否存在 if (resultCount == 0) //如果查不到的話,使用者不存在 return ServerResponse.createByErrorMessage("使用者名稱不存在"); String md5Password = MD5Util.MD5EncodeUtf8(password); //將密碼轉化為MD5 User user = userMapper.selectLogin(username, md5Password); //通過使用者名稱和密碼進行查詢 if (user == null) return ServerResponse.createByErrorMessage("密碼錯誤"); //將密碼設定為空 user.setPassword(org.apache.commons.lang3.StringUtils.EMPTY); return ServerResponse.createBySuccess("登入成功", user); } }
Dao層:
UserMapper:
public interface UserMapper { int checkUsername(String username); //查詢使用者名稱,看此使用者名稱是否存在 //@Param為傳入的引數起名字,這樣在Dao層可以獲得資料 User selectLogin(@Param("username") String username, @Param("password")String password); } <select id="checkUsername" resultType="int" parameterType="string" > select count(1) from mmall_user where username = #{username} </select> <select id="selectLogin" resultMap="BaseResultMap" parameterType="map"> SELECT <include refid="Base_Column_List" /> <!--只需要查詢我們需要的欄位--> from mmall_user where username = #{username} and password = #{password} </select>
二、退出登入:
將使用者從Session中 移除
具體實現程式碼如下:
Controller層:
@RequestMapping(value = "logout.do",method = RequestMethod.POST)
@ResponseBody
public ServerResponse<String> logout(HttpSession session){
session.removeAttribute(Const.CURRENT_USER);
return ServerResponse.createBySuccess();
}三、註冊:
1、使用者名稱是否存在
2、校驗郵箱是否存在
3、將密碼轉化為MD5形式
4、將使用者放入資料庫中
具體實現程式碼如下:
Controller層:
//註冊功能
@RequestMapping(value = "register.do",method = RequestMethod.POST)
@ResponseBody
public ServerResponse<String> register(User user){
return iUserService.register(user);
}
//校驗功能
@RequestMapping(value = "check_valid.do",method = RequestMethod.POST)
@ResponseBody
public ServerResponse<String> checkValid(String str,String type){
return iUserService.checkValid(str,type);
}
interface IUserService :
public interface IUserService {
ServerResponse<String> register(User user);
ServerResponse<String> checkValid(String str,String type);
}Service層:
//註冊
@Service("iUserService")
public class UserServiceImpl implements IUserService {
public ServerResponse<String> register(User user) {
@Autowired //注入userMapper
private UserMapper userMapper;
ServerResponse<String> vaildResponse =
this.checkValid(user.getUsername(),Const.USERNAME);
if(!vaildResponse.isSuccess()) //校驗使用者名稱
return vaildResponse;
vaildResponse = this.checkValid(user.getEmail(),Const.EMAIL);
if(!vaildResponse.isSuccess()) //校驗郵箱
return vaildResponse;
user.setRole(Const.Role.ROLE_CUSTOMER); //設定使用者角色
user.setPassword(MD5Util.MD5EncodeUtf8(user.getPassword())); //MD5加密
int resultCount = userMapper.insert(user); //插入使用者
if (resultCount == 0)
return ServerResponse.createByErrorMessage("註冊失敗");
return ServerResponse.createBySuccessMessage("註冊成功");
}
}
//校驗
public ServerResponse<String> checkValid(String str,String type){
if(org.apache.commons.lang3.StringUtils.isNotBlank(type)){ //type不是空,才開始校驗
if(Const.USERNAME.equals(type)){ //判斷使用者名稱
int resultCount = userMapper.checkUsername(str);
if(resultCount > 0 )
return ServerResponse.createByErrorMessage("使用者名稱已存在");
}
if(Const.EMAIL.equals(type)){ //判斷email
int resultCount = userMapper.checkEmail(str);
if(resultCount > 0 )
return ServerResponse.createByErrorMessage("email已存在");
}
}else{
return ServerResponse.createByErrorMessage("引數錯誤");
}
return ServerResponse.createBySuccessMessage("校驗成功");
}
Dao層:
UserMapper:
public interface UserMapper {
int checkEmail(String email); //查詢郵箱,看此郵箱是否存在
int insert(User record);
}
<select id="checkEmail" resultType="int" parameterType="string" >
select count(1) from mmall_user
where email = #{email}
</select>
<insert id="insert" parameterType="com.mmall.pojo.User" >
insert into mmall_user (id, username, password,
email, phone, question,
answer, role, create_time,
update_time)
values (#{id,jdbcType=INTEGER}, #{username,jdbcType=VARCHAR}, #{password,jdbcType=VARCHAR},
#{email,jdbcType=VARCHAR}, #{phone,jdbcType=VARCHAR}, #{question,jdbcType=VARCHAR},
#{answer,jdbcType=VARCHAR}, #{role,jdbcType=INTEGER}, now(),
now())
</insert>
四、獲取使用者資訊:
1、判斷使用者是否登入
2、登入則將使用者資訊取出
具體實現程式碼如下:
Controller層:
@RequestMapping(value = "get_user_info.do",method = RequestMethod.POST)
@ResponseBody
public ServerResponse<User> getUserInfo(HttpSession session){
User user = (User) session.getAttribute(Const.CURRENT_USER);
if(user != null){
return ServerResponse.createBySuccess(user);
}
return ServerResponse.createByErrorMessage("使用者未登入,無法獲取當前使用者的資訊");
}
五、忘記密碼、重置密碼:
1、使用者名稱是否存在
2、根據使用者名稱查詢問題
3、答案正確則生成token
4、將token存入到guava cache本地快取中,有效期為12小時(防止橫向越權)
5、校驗使用者名稱是否存在
6、校驗token是否正確
7、正確則重新設定密碼
具體實現程式碼如下:
Controller層:
//忘記密碼的時候根據使用者名稱查詢問題
@RequestMapping(value = "forget_get_question.do",method = RequestMethod.POST)
@ResponseBody
public ServerResponse<String> forgetGetQuestion(String username){
return iUserService.selectQuestion(username); //返回提示問題
}
//檢查使用者回答的答案是否正確
@RequestMapping(value = "forget_check_answer.do",method = RequestMethod.POST)
@ResponseBody
public ServerResponse<String> forgetCheckAnswer(String username,String question,String answer){
return iUserService.checkAnswer(username,question,answer);
}
//忘記密碼中的重置密碼
@RequestMapping(value = "forget_reset_password.do",method = RequestMethod.POST)
@ResponseBody
public ServerResponse<String> forgetRestPassword(String username,String passwordNew,String forgetToken){
return iUserService.forgetResetPassword(username,passwordNew,forgetToken);
}
interface IUserService :
public interface IUserService {
ServerResponse selectQuestion(String username);
ServerResponse<String> checkAnswer(String username,String question,String answer);
ServerResponse<String> forgetResetPassword(String username,String passwordNew,String forgetToken);
}Service層:
//忘記密碼,查詢問題
public ServerResponse selectQuestion(String username){
ServerResponse validResponse = this.checkValid(username,Const.USERNAME); //先看下使用者是否存在
if(validResponse.isSuccess())
return ServerResponse.createByErrorMessage("使用者不存在");
String question = userMapper.selectQuestionByUsername(username); //存在的話根據使用者名稱查詢問題
if(org.apache.commons.lang3.StringUtils.isNotBlank(question)) //當問題不為空的時候返回
return ServerResponse.createBySuccess(question);
return ServerResponse.createByErrorMessage("找回密碼的問題是空的");
}
//檢查使用者回答的答案是否正確
public ServerResponse<String> checkAnswer(String username,String question,String answer){
int resultCount = userMapper.checkAnswer(username,question,answer);
if(resultCount > 0){ //說明問題及問題答案是這個使用者的,並且是正確的
String forgetToken = UUID.randomUUID().toString(); //宣告一個token
TokenCache.setKey(TokenCache.TOKEN_PREFIX + username,forgetToken);
return ServerResponse.createBySuccess(forgetToken);
}
return ServerResponse.createByErrorMessage("問題的答案錯誤");
}
//忘記密碼中的重置密碼
public ServerResponse<String> forgetResetPassword(String username,String passwordNew,String forgetToken) {
if (org.apache.commons.lang3.StringUtils.isBlank(forgetToken)) //先判斷是否攜帶了token
return ServerResponse.createByErrorMessage("引數錯誤,token需要傳遞");
ServerResponse validResponse = this.checkValid(username, Const.USERNAME);
if (validResponse.isSuccess()) //校驗一下使用者名稱
return ServerResponse.createByErrorMessage("使用者不存在");
String token = TokenCache.getKey(TokenCache.TOKEN_PREFIX + username); //從快取中獲取使用者的token
if (org.apache.commons.lang3.StringUtils.isBlank(token)) //獲取到看token是否為空
return ServerResponse.createByErrorMessage("token無效或者過期");
if (org.apache.commons.lang3.StringUtils.equals(forgetToken, token)) { //比較token是否相等
String md5Password = MD5Util.MD5EncodeUtf8(passwordNew);
int rowCount = userMapper.updatePasswordByUsername(username, md5Password); //更新密碼
if (rowCount > 0) //如果個數大於1,則更新密碼成功
return ServerResponse.createBySuccessMessage("修改密碼成功");
}else {
return ServerResponse.createByErrorMessage("token錯誤,請重新獲取重置密碼的token");
}
return ServerResponse.createByErrorMessage("修改密碼失敗");
}Dao層:
UserMapper:
public interface UserMapper {
String selectQuestionByUsername(String username);
int checkAnswer(@Param("username")String username,@Param("question")String question,@Param("answer")String answer);
int updatePasswordByUsername(@Param("username")String username,@Param("passwordNew")String passwordNew);
}
<select id="selectQuestionByUsername" resultType="string" parameterType="string">
select
question
from mmall_user
where username = #{username}
</select>
<select id="checkAnswer" resultType="int" parameterType="map">
SELECT
count(1)
from mmall_user
where username=#{username}
and question = #{question}
and answer = #{answer}
</select>
<update id="updatePasswordByUsername" parameterType="map">
update mmall_user
SET password = #{passwordNew},update_time = now()
where username = #{username}
</update>
六、登入狀態下重置密碼:
1、從session中取出使用者
2、校驗舊密碼是否正確(防止橫向越權)
3、正確則修改密碼
具體實現程式碼如下:
Controller層:
//登陸狀態下的重置密碼
@RequestMapping(value = "reset_password.do",method = RequestMethod.POST)
@ResponseBody
public ServerResponse<String> resetPassword(HttpSession session,String passwordOld,String passwordNew){
User user = (User)session.getAttribute(Const.CURRENT_USER);
if(user == null)
return ServerResponse.createByErrorMessage("使用者未登入");
return iUserService.resetPassword(passwordOld,passwordNew,user); //重置密碼
}
interface IUserService :
public interface IUserService {
ServerResponse<String> resetPassword(String passwordOld,String passwordNew,User user);
}Service層:
//登陸狀態下的重置密碼
public ServerResponse<String> resetPassword(String passwordOld, String passwordNew,User user) {
//防止橫向越權,要校驗一下這個使用者的舊密碼,一定要指定是這個使用者.因為我們會查詢一個count(1),如果不指定id,那麼結果就是true啦count>0;
int resultCount = userMapper.checkPassword(MD5Util.MD5EncodeUtf8(passwordOld),user.getId());
if(resultCount == 0)
return ServerResponse.createByErrorMessage("舊密碼錯誤");
user.setPassword(MD5Util.MD5EncodeUtf8(passwordNew));
int updateCount = userMapper.updateByPrimaryKeySelective(user); //選擇性的更新,沒變化的就不動,變化了的就更新
if(updateCount > 0) //更新成功
return ServerResponse.createBySuccessMessage("密碼更新成功");
return ServerResponse.createByErrorMessage("密碼更新失敗");
}
Dao層:
UserMapper:
public interface UserMapper {
int checkPassword(@Param(value="password")String password,@Param("userId")Integer userId);
}
<select id="checkPassword" resultType="int" parameterType="map">
SELECT
count(1)
from mmall_user
where password = #{password}
and id = #{userId}
</select>七、更新使用者資訊:
1、判斷使用者是否登入
2、取出使用者的id和username
3、判斷郵箱是否重複
4、不重複則更新使用者資訊並將其放入到session中
具體實現程式碼如下:
Controller層:
//更新使用者資訊
@RequestMapping(value = "update_information.do",method = RequestMethod.POST)
@ResponseBody
public ServerResponse<User> update_information(HttpSession session,User user){
User currentUser = (User)session.getAttribute(Const.CURRENT_USER); //取出當前使用者
if(currentUser == null)
return ServerResponse.createByErrorMessage("使用者未登入");
user.setId(currentUser.getId());
user.setUsername(currentUser.getUsername()); //取出id和username
ServerResponse<User> response = iUserService.updateInformation(user);
if(response.isSuccess()){ //如果更新成功
response.getData().setUsername(currentUser.getUsername());
session.setAttribute(Const.CURRENT_USER,response.getData()); //將其放入到session中
}
return response;
}
interface IUserService :
public interface IUserService {
ServerResponse<User> updateInformation(User user);
}Service層:
//更新使用者資訊,更新完使用者資訊之後,將其放入到session中
public ServerResponse<User> updateInformation(User user){
//username是不能被更新的
//email也要進行一個校驗,校驗新的email是不是已經存在,並且存在的email如果相同的話,不能是我們當前的這個使用者的.
int resultCount = userMapper.checkEmailByUserId(user.getEmail(),user.getId());
if(resultCount > 0)
return ServerResponse.createByErrorMessage("email已存在,請更換email再嘗試更新");
User updateUser = new User();
updateUser.setId(user.getId());
updateUser.setEmail(user.getEmail());
updateUser.setPhone(user.getPhone());
updateUser.setQuestion(user.getQuestion());
updateUser.setAnswer(user.getAnswer());
int updateCount = userMapper.updateByPrimaryKeySelective(updateUser);
if(updateCount > 0)
return ServerResponse.createBySuccess("更新個人資訊成功",updateUser);
return ServerResponse.createByErrorMessage("更新個人資訊失敗");
}
Dao層:
UserMapper:
public interface UserMapper {
int checkEmailByUserId(@Param(value="email")String email,@Param(value="userId")Integer userId);
}
<select id="checkEmailByUserId" resultType="int" parameterType="map">
select count(1) from mmall_user
where email = #{email}
and id != #{userId}
</select>八、獲取使用者資訊(強制登入):
1、判斷使用者是否登入
2、如果未登入,則強制登入
3、登入則將使用者資訊取出
具體實現程式碼如下:
Controller層:
@RequestMapping(value = "get_information.do",method = RequestMethod.POST)
@ResponseBody
public ServerResponse<User> get_information(HttpSession session){
User currentUser = (User)session.getAttribute(Const.CURRENT_USER);
if(currentUser == null){
return ServerResponse.createByErrorCodeMessage(ResponseCode.NEED_LOGIN.getCode(),"未登入,需要強制登入status=10");
}
return iUserService.getInformation(currentUser.getId());
}interface IUserService :
public interface IUserService {
ServerResponse<User> getInformation(Integer userId);
}Service層:
public ServerResponse<User> getInformation(Integer userId){
User user = userMapper.selectByPrimaryKey(userId);
if(user == null){
return ServerResponse.createByErrorMessage("找不到當前使用者");
}
user.setPassword(org.apache.commons.lang3.StringUtils.EMPTY);
return ServerResponse.createBySuccess(user);
}Dao層:
UserMapper:
public interface UserMapper {
User selectByPrimaryKey(Integer id);
}
<select id="selectByPrimaryKey" resultMap="BaseResultMap" parameterType="java.lang.Integer" >
select
<include refid="Base_Column_List" />
from mmall_user
where id = #{id,jdbcType=INTEGER}
</select>
九、管理員登入:
1、判斷管理員是否存在
具體實現程式碼如下:
Controller層:
@Controller
@RequestMapping("/manage/user")
public class UserManageController {
@Autowired
private IUserService iUserService;
@RequestMapping(value="login.do",method = RequestMethod.POST)
@ResponseBody
public ServerResponse<User> login(String username, String password, HttpSession session){
ServerResponse<User> response = iUserService.login(username,password);
if(response.isSuccess()){
User user = response.getData();
if(user.getRole() == Const.Role.ROLE_ADMIN){
//說明登入的是管理員
session.setAttribute(Const.CURRENT_USER,user);
return response;
}else{
return ServerResponse.createByErrorMessage("不是管理員,無法登入");
}
}
return response;
}
}
interface IUserService :
public interface IUserService {
ServerResponse checkAdminRole(User user);
}Service層:
/**
* 校驗是否是管理員
* @param user
* @return
*/
public ServerResponse checkAdminRole(User user){
if(user != null && user.getRole().intValue() == Const.Role.ROLE_ADMIN){
return ServerResponse.createBySuccess();
}
return ServerResponse.createByError();
}