dcl/_session_8cpp_source.html

#include <dcl/Config.h>


#ifdef __WINNT__

#include <windows.h>

#endif


#include <time.h>


#include <dcl/Numeric.h>

#include <dcl/MD5.h>

#include <dcl/Files.h>


#include "User.h"

#include "Session.h"


#if __DCL_HAVE_THIS_FILE__

#undef __THIS_FILE__

static const char_t __THIS_FILE__[] = __T("fastpage/Session.cpp");

#endif


__DCL_BEGIN_NAMESPACE


const wchar_t* Session::SESSION_COOKIE_NAME = L"dclhscsid";


String Session::toString(uint64_t n)

{

    wchar_t sz[21];

    sz[20] = L'\0';

    int i = 20;


    do {

        i--;

        unsigned int r = (unsigned int)(n % 62);

        if (r <= 9)

            sz[i] = r + L'0';

        else if (10 <= r && r <= 35)

            sz[i] = r - 10 + L'A';

        else

            sz[i] = r - 36 + L'a';


        n /= 62;

    } while(n);


    String str(&sz[i], 20 - i);

    return str;

}


Session::Session(

    HttpServletContextEx& ctx,

    SQLQuery& q,

    int nServiceUserID

) : __ctx(ctx), __query(q)

{

    __nUserID = GUEST_USER_ID;

    __nRoleID = GUEST_ROLE_ID;


    __nSiteUserID = SYSTEM_USER_ID;

    __nMemberRoleID = GUEST_ROLE_ID;


    __nServiceUserID = nServiceUserID;

}


String Session::create(SQLQuery& q, int nUserID)

{

    // Guest 세션의 생성

    StringBuilder strRemoteAddr = __ctx.remoteAddr();

    strRemoteAddr += L":" + String::valueOf(__ctx.remotePort());

    String str = strRemoteAddr.toString()

        + DateTime::getCurrentLocalTime().toString();


    uint64_t ui64[2];

    MD5 md;

    md.update(str.data(), str.length() * sizeof(wchar_t));

    md.final((byte_t*)ui64);

/*

    String strSessionID = UInt64::toString(ui64[0], 32);

    strSessionID += UInt64::toString(ui64[1], 32);

*/

    StringBuilder strSessionID = toString(ui64[0]);

    strSessionID += toString(ui64[1]);


//  String strSessionID = MD5::final(str);


    HttpSetCookie cookie(

        SESSION_COOKIE_NAME,

        strSessionID,

        0, //time(NULL) + 365 * 24 * 60 * 60,

        L"/"//Files::dirname(__ctx.path())

    );


    __ctx.addHeader(cookie);


    q.prepare(L""

        "INSERT INTO DCL_SESSION(SESSION_ID, USER_ID, REMOTE_ADDR, LAST_ACCESS)"

        "\n  VALUES(:SESSION_ID, :USER_ID, :REMOTE_ADDR, CURRENT_TIMESTAMP)"

    );

    q.params()[0].setValue(strSessionID);

    q.params()[1].setValue(nUserID);

    q.params()[2].setValue(strRemoteAddr);


    q.execute();


    return strSessionID;

}


void Session::check()

{

    // Guest 세션에서 검사를 시작한다.

    __DCL_ASSERT(__nUserID == GUEST_USER_ID);


    SQLQuery& q = __query;


    ListedStringToStringMap::ConstIterator it =

        __ctx.__cookieMap.find(SESSION_COOKIE_NAME);

    if (it == __ctx.__cookieMap.end()) {

        // Guest session

        __strSessionID = create(q, __nUserID);

    }

    else {

        String strSessionID = (*it).value;

        // 세션이 유효한지 확인

        String sql = L""

            "SELECT S.USER_ID, U.USER_NAME, U.ROLE_ID, R.ROLE_NAME"

            "\n FROM DCL_SESSION AS S"

            "\n  INNER JOIN DCL_USER AS U ON (S.USER_ID = U.USER_ID)"

            "\n  INNER JOIN DCL_ROLE AS R ON (U.ROLE_ID = R.ROLE_ID)"

            "\n WHERE SESSION_ID = \'" + strSessionID + L'\'';

        __DCL_TRACE1(L"%ls\n", sql.data());

        q.execute(sql);


        q.fetch();

        if (q.eof()) {

            // 세션이 유효하지 않다. 새로운 Guest 세션을 생성한다.

            __strSessionID = create(q, __nUserID);

        }

        else {

            __strSessionID = strSessionID;

            __nUserID = q.fields()[0].asInteger();

            if (__nUserID != GUEST_USER_ID)

            {

                if (!q.fields()[1].isNull())

                    __strUserName = q.fields()[1].asString();

            }

            __nRoleID = __nMemberRoleID = q.fields()[2].asInteger();

            __strRoleName = q.fields()[3].asString();


            q.execute(L""

                "UPDATE DCL_SESSION "

                "\n SET LAST_ACCESS = CURRENT_TIMESTAMP "

                "\n WHERE SESSION_ID = \'" + __strSessionID + L'\''

            );

            q.execute(L""

                "UPDATE DCL_USER SET"

                "\n LAST_USE = CURRENT_TIMESTAMP"

                "\n WHERE USER_ID = " + String::valueOf(__nUserID)

            );

        }

    }

}


bool Session::login(const String& strSignID, const String& strPassword)

{

    __DCL_ASSERT(!__strSessionID.isEmpty());


    int nUserID = GUEST_USER_ID;

    SQLQuery& q = __query;


    q.prepare(L""

        "SELECT USER_ID, PASSWORD FROM DCL_USER "

        "   WHERE SIGN_ID = :SIGN_ID"

    );

    q.params().byName(L"SIGN_ID").setValue(strSignID);

    q.execute();

    q.fetch();

    if (q.eof())

        return false;


    if (q.fields().at(1).isNull()) {

        return false;

    }


    String password = q.fields()[1].asString();

    if (!(password.isEmpty() && strPassword.isEmpty())) {

        //      if (MD5::final(strInputPassword) != strPassword)

        if (strPassword != password)

            return false;

    }


    String strUserID = q.fields()[0].asString();


    q.execute(L""

        "UPDATE DCL_USER SET"

        "\n LAST_SIGNIN = CURRENT_TIMESTAMP, LAST_USE = CURRENT_TIMESTAMP"

        "\n WHERE USER_ID = " + strUserID

    );


    q.execute(L""

        "UPDATE DCL_SESSION SET USER_ID = " + strUserID + L""

        "   WHERE SESSION_ID = \'" + __strSessionID + L"\'"

    );


    // MySQL에서 UPDATE되는 값이 동일하면 UPDATE되지 않아서

    // affectedRows가 0이 된다.

    //  __DCL_ASSERT(q.affectedRows() > 0);


    return true;

}


void Session::logout()

{

    __DCL_ASSERT(!__strSessionID.isEmpty());


    if (__nUserID == GUEST_USER_ID)

        return;


    SQLQuery& q = __query;

    q.execute(L""

        "UPDATE DCL_SESSION SET USER_ID = " + String::valueOf(GUEST_USER_ID) + L""

        "   WHERE SESSION_ID = \'" + __strSessionID + L"\'"

    );

}


bool Session::getMemberRole(int nServiceUserID)

{

    SQLQuery& q = __query;

    q.execute(L""

        "SELECT ROLE_ID"

        "\n FROM DCL_USER_MEMBER"

        "\n WHERE USER_ID = " + String::valueOf(nServiceUserID) + L""

        "\n  AND MEMBER_ID = " + String::valueOf(__nUserID)

    );

    q.fetch();

    if (q.eof())

        return false;


    __nMemberRoleID = q.fields()[0].asInteger();


    return true;

}


__DCL_END_NAMESPACE

__THIS_FILE__
#define __THIS_FILE__
Definition _trace.h:14

Config.h

char_t
wchar_t char_t
Definition Config.h:247

byte_t
unsigned char byte_t
Definition Config.h:246

Files.h

MD5.h

r
IOException *size_t r
Definition MediaInfo.cpp:82

Numeric.h

__DCL_TRACE1
#define __DCL_TRACE1(fmt, arg1)
Definition Object.h:399

__DCL_ASSERT
#define __DCL_ASSERT(expr)
Definition Object.h:394

__T
#define __T(str)
Definition Object.h:60

Session.h

User.h

DateTime::toString
String toString() const
Definition DateTime.cpp:843

DateTime::getCurrentLocalTime
static DateTime getCurrentLocalTime()
Definition DateTime.cpp:954

HttpServletContextEx
Definition HttpServletEx.h:22

HttpSetCookie
Definition HttpHeader.h:35

MD5
Definition MD5.h:18

MD5::update
void update(const void *_p, size_t _n)
Definition MD5.cpp:70

MD5::final
void final(byte_t digest[16])
Definition MD5.cpp:75

SQLFields::at
_CONST SQLField & at(size_t _index) const
Definition SQL.inl:41

SQLParams::byName
SQLParam & byName(const wchar_t *_name) _CONST __DCL_THROWS1(InvalidIndexException *)
Definition SQLQuery.cpp:157

SQLQuery
Definition SQL.h:276

SQLQuery::prepare
void prepare(const String &_sql) __DCL_THROWS1(SQLException *)
Definition SQLQuery.cpp:282

SQLQuery::params
_CONST SQLParams & params() _CONST
Definition SQL.inl:106

SQLQuery::fields
_CONST SQLFields & fields() _CONST
Definition SQL.inl:101

SQLQuery::execute
void execute() __DCL_THROWS1(SQLException *)
Definition SQLQuery.cpp:316

SQLQuery::eof
bool eof() const
Definition SQL.inl:91

SQLQuery::fetch
void fetch() __DCL_THROWS1(SQLException *)
Definition SQLQuery.cpp:336

Session::getMemberRole
bool getMemberRole(int nServiceUserID)
Definition Session.cpp:223

Session::Session
Session(HttpServletContextEx &ctx, SQLQuery &q, int nServiceUserID)
Definition Session.cpp:48

Session::__nUserID
int __nUserID
Definition Session.h:33

Session::__strRoleName
String __strRoleName
Definition Session.h:36

Session::GUEST_ROLE_ID
@ GUEST_ROLE_ID
Definition Session.h:28

Session::SYSTEM_USER_ID
@ SYSTEM_USER_ID
Definition Session.h:20

Session::GUEST_USER_ID
@ GUEST_USER_ID
Definition Session.h:23

Session::__nRoleID
int __nRoleID
Definition Session.h:35

Session::__nSiteUserID
int __nSiteUserID
Definition Session.h:38

Session::__nServiceUserID
int __nServiceUserID
Definition Session.h:43

Session::__strSessionID
String __strSessionID
Definition Session.h:32

Session::__ctx
HttpServletContextEx & __ctx
Definition Session.h:41

Session::login
bool login(const String &strLoginID, const String &strPassword)
Definition Session.cpp:161

Session::__query
SQLQuery & __query
Definition Session.h:42

Session::check
void check()
Definition Session.cpp:106

Session::__strUserName
String __strUserName
Definition Session.h:34

Session::SESSION_COOKIE_NAME
static const wchar_t * SESSION_COOKIE_NAME
Definition Session.h:16

Session::create
String create(SQLQuery &q, int nUserID)
Definition Session.cpp:63

Session::logout
void logout()
Definition Session.cpp:209

Session::__nMemberRoleID
int __nMemberRoleID
Definition Session.h:39

Session::toString
static String toString(uint64_t n)
Definition Session.cpp:25