本项目的文件组织结构:https://github.com/OOMMYY/EM
一个数据库连接的javaBean 一个过滤脚本的工具类,其他的除了登录界面login.html外都是jsp界面
一:登录
login.html 包含提交登录信息的表单,特别要注意的是页面编码问题,在本项目中,所有的编码格式统一为UTF-8;
1 <html> 2 <style > 3 #login{ 4 position:absolute; 5 top:310px; 6 left:550px; 7 backgroud-color:blue; 8 <!--background-image: url(login.png);--> 9 } 10 #body{ 11 background-color: rgb(0,120,255); 12 <!--background-image: url(login.png);--> 13 } 14 h1 {font-size:3.75em;} 15 </style> 16 <head> 17 <meta http-equiv="content-type" content="text/html; charset=UTF-8"> 18 </head> 19 <body ID="body"> 20 <h1 align="center">欢迎登录人事管理系统</h1> 21 <div id="login"> 22 <form action="login.jsp" method="post"> 23 <p>user name: <input type="text" name="username" required="required" /></p> 24 <p>Password: <input type="password" name="password" required="required" /></p> 25 <p align="center"><input type="submit" value="login" /></p> 26 </form> 27 </div> 28 </body> 29 </html>
login.jsp 处理登录界面提交的表单
<%@ page language="java" contentType="text/html; charset=UTF-8"%> <%@ page import="java.util.*,java.text.*"%> <%@ page import="java.sql.*,util.*"%> <style> * {font-family: "宋体";font-size: 14px} </style> <center> <jsp:useBean id="db" scope="page" class="util.DB" /> <% Boolean flag=false; String username=request.getParameter("username"); String password=request.getParameter("password"); String sql = "select Password from users where EmployeeID ="+username; Connection conn = null; response.setContentType("text/html;charset=utf-8"); try { conn = db.getConn(); Statement pstmt = db.getStmt(conn); ResultSet rs = db.getRs(pstmt,sql); if(rs.next()){ String pwd=rs.getString("PassWord"); if(password.equals(pwd)){ out.println("登陆成功"); flag=true; } } if(!flag){ out.println("登陆失败"); } rs.close(); pstmt.close(); } catch (SQLException e) { e.printStackTrace(); } finally { try { conn.close(); } catch (SQLException e) { e.printStackTrace(); } } if(!flag) response.sendRedirect("login.html"); else{ session.setAttribute("ID",username); response.sendRedirect("menu.jsp"); } %> </center>
处理登录账户信息后确定用户是否合法,如果合法就转到menu.jsp;否则返回登录界面。
二:菜单导航
menu界面分三个部分,第一部分是:导航栏
第二部分是一个内置框架,用于信息显示
第三部分就是一张图片资源
menu.jsp
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%> 2 3 <%@ include file="/header.jsp"%><div id="logout"> 4 <%out.println("USERID:"+session.getAttribute("ID"));%> 5 <a href="<%=context%>/loginout.jsp">退出登录</a> 6 <a href="<%=context%>/multivaluequery.jsp" target="showframe">首页查询</a></div> 7 <img id="head" src="Picture.jpg" width="1210" height="60"/> //第三部分的图片加载 8 <style> 9 * {font-family: "宋体";font-size: 14px} 10 #menu{float:left;} 11 #showframe{height:500; 12 width:1200; 13 } 14 #logout{float:left; height:60px;width:10%;} 15 #head{ 16 float:right;height:60px; 17 width:90%; 18 font:25px/30px; 19 } 20 ul 21 { 22 list-style-type:none; 23 margin:0; 24 padding:0; 25 } 26 a:link,a:visited 27 { 28 display:block; 29 font-weight:bold; 30 color:#FFFFFF; 31 background-color:#bebebe; 32 width:120px; 33 text-align:center; 34 padding:4px; 35 text-decoration:none; 36 text-transform:uppercase; 37 } 38 a:hover,a:active 39 { 40 background-color:#cc0000; 41 } 42 </style> 43 <div id="menu"> 44 <jsp:useBean id="db" 45 scope="page" 46 class="util.DB" /> 47 <br> 48 <br> 49 <br> 50 <br> 51 <br> 52 <br><br><br> 53 <br><%String EmployeeID=""; %> 54 <a href="<%=context%>/personal_query.jsp?EmployeeID=<%=session.getAttribute("ID")%>"target=showframe > 个人信息查询</a>//第一部分导航栏 55 56 <% 57 58 String sql = "select * from v_EmployeeInformation"; 59 Connection conn = null; 60 response.setContentType("text/html;charset=utf-8"); //注意设置服务器返回客户端的字符编码格式,本项目统一采用UTF-8格式编码 61 try { 62 63 conn = db.getConn(); 64 Statement pstmt = db.getStmt(conn); 65 ResultSet r_rs=db.getRs(pstmt,"select * from v_roles where v_roles.EmployeeID="+session.getAttribute("ID")+";"); //查询合法用户的各项权限 66 while(r_rs.next()){ 67 int Auth_Authority=r_rs.getInt("Auth_Authority"); 68 int Auth_Info=r_rs.getInt("Auth_Info"); 69 int Auth_Job=r_rs.getInt("Auth_Job"); 70 int Auth_Attendance=r_rs.getInt("Auth_Attendance"); 71 int Auth_Training=r_rs.getInt("Auth_Training"); 72 int Auth_Evaluation=r_rs.getInt("Auth_Evaluation"); 73 int Auth_RP=r_rs.getInt("Auth_RP"); 74 int Auth_Role=r_rs.getInt("Auth_Role"); 75 int Auth_Encrypt=r_rs.getInt("Auth_Encrypt"); 76 if(Auth_Authority==1){ 77 session.setAttribute("Auth_Authority","1"); 78 out.println("<a href=\"" + context + "/userrole.jsp\" target=showframe >员工角色分配</a>"); //导航栏 79 } 80 if(Auth_Info==1){ 81 session.setAttribute("Auth_Info","1"); 82 } 83 // out.println("<a href=\"" + context + "/query.jsp\">信息管理</a><BR><br>"); //导航栏 84 if(Auth_Job==1){ 85 session.setAttribute("Auth_Job","1"); 86 } 87 out.println("<a href=\"" + context + "/query.jsp \" target=showframe >人事管理</a>"); //导航栏 88 if(Auth_Attendance==1){ 89 session.setAttribute("Auth_Attendance","1"); 90 } 91 out.println("<a href=\"" + context + "/attendance_query.jsp\"target=showframe >考勤管理</a>"); //导航栏 92 if(Auth_Training==1){ 93 session.setAttribute("Auth_Training","1"); 94 } 95 out.println("<a href=\"" + context + "/training_query.jsp\"target=showframe >培训管理</a>"); //导航栏 96 if(Auth_Evaluation==1){ 97 session.setAttribute("Auth_Evaluation","1"); 98 } 99 out.println("<a href=\"" + context + "/evaluation_query.jsp\"target=showframe >考核管理</a>"); 100 if(Auth_RP==1){ 101 session.setAttribute("Auth_RP","1"); 102 } 103 out.println("<a href=\"" + context + "/rewardandpunishment_query.jsp\"target=showframe >奖惩管理</a>"); 104 if(Auth_Role==1){ 105 session.setAttribute("Auth_Role","1"); 106 out.println("<a href=\"" + context + "/role_query.jsp\"target=showframe >角色管理</a>"); 107 } 108 if(Auth_Encrypt==1){ 109 session.setAttribute("Auth_Encrypt","1"); 110 out.println("<a href=\"" + context + "/password_query.jsp\"target=showframe >用户密码管理</a>"); 111 } 112 } 113 r_rs.close(); 114 pstmt.close(); 115 } catch (SQLException e) { 116 e.printStackTrace(); 117 } finally { 118 try { 119 conn.close(); 120 } catch (SQLException e) { 121 e.printStackTrace(); 122 } 123 } 124 %> 125 <br><br> 126 <br> 127 </div> 128 <iframe id="showframe" name="showframe" src="query.jsp" > //第二部分:内置框架 129 </iframe> 130 <p align="center"> 131 Copyright ©2015 </p> 132 <%@ include file="/footer.jsp"%>
三:功能实现
1、个人信息查询
本功能由实现了对员工信息表的增删改查,personl_query.jsp实现
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%> 2 3 <%@ include file="/header.jsp"%> 4 <style> 5 * {font-family: "宋体";font-size: 14px} 6 </style> 7 <center> 8 <jsp:useBean id="db" 9 scope="page" 10 class="util.DB" /> 11 12 <% 13 String emID=request.getParameter("EmployeeID"); 14 String sql = "select * from employees where EmployeeID="+emID+";"; 15 Connection conn = null; 16 response.setContentType("text/html;charset=utf-8"); 17 try { 18 19 conn = db.getConn(); 20 Statement pstmt = db.getStmt(conn); 21 ResultSet rs = db.getRs(pstmt,sql); 22 while (rs.next()) { 23 24 %> 25 <form id="form1" name="form1" method="post" 26 action="<%=context%>/employee_editHandler.jsp" 27 > 28 <table width="650" height="200" border="0" align="center"> 29 <tr> 30 <td width="150">EmployeeID:</td> 31 <td width="500"> 32 <input name="EmployeeID" type="text" value=<%=rs.getString("EmployeeID")%> size="40" maxlength="20" /> 33 </td> 34 </tr> 35 <tr> 36 <td>EmployeeName:</td> 37 <td> 38 <input name="EmployeeName" type="text" value=<%=rs.getString("EmployeeName")%> size="40" maxlength="40" /> 39 </td> 40 </tr> 41 <tr> 42 <td>Sex:</td> 43 <td> 44 <input name="Sex" type="text" value=<%=rs.getString("Sex")%> size="40" maxlength="20" /> 45 </td> 46 </tr> 47 <tr> 48 <td>BirthDay:</td> 49 <td> 50 <input name="BirthDay" type="text" value=<%=rs.getString("BirthDay")%> size="40" maxlength="20" /> 51 </td> 52 </tr> 53 <tr> 54 <td>Phone:</td> 55 <td> 56 <input name="Phone" type="text" value=<%=rs.getString("Phone")%> size="40" maxlength="20" /> 57 </td> 58 </tr> 59 <tr> 60 <td>DegreeID:</td> 61 <td> 62 <input name="DegreeID" type="text" value=<%=rs.getString("DegreeID")%> size="40" maxlength="20" /> 63 </td> 64 </tr> 65 <tr> 66 <td>HireDate:</td> 67 <td> 68 <input name="HireDate" type="text" value=<%=rs.getString("HireDate")%> size="40" maxlength="20" /> 69 </td> 70 </tr> 71 <tr> 72 <td>EmployeeTypeID:</td> 73 <td> 74 <input name="EmployeeTypeID" type="text" value=<%=rs.getString("EmployeeTypeID")%> size="40" maxlength="20" /> 75 </td> 76 </tr> 77 <tr> 78 <td>DepartmentID:</td> 79 <td> 80 <input name="DepartmentID" type="text" value=<%=rs.getString("DepartmentID")%> size="40" maxlength="20" /> 81 </td> 82 </tr> 83 <tr> 84 <td>Title:</td> 85 <td> 86 <input name="Title" type="text" value=<%=rs.getString("Title")%> size="40" maxlength="20" /> 87 </td> 88 </tr> 89 <tr> 90 <td>Salary:</td> 91 <td> 92 <input name="Salary" type="text" value=<%=rs.getString("Salary")%> size="40" maxlength="20" /> 93 </td> 94 </tr> 95 <tr> 96 <td>ManagerID:</td> 97 <td> 98 <input name="ManagerID" type="text" value=<%=rs.getString("ManagerID")%> size="40" maxlength="20" /> 99 </td> 100 </tr> 101 <tr> 102 103 <td> 104 105 </td> 106 </tr> 107 <tr> 108 <td></td> 109 <td> 110 <input type="submit" name="Submit" value="提交" /> 111 <input type="reset" name="Reset" value="重置" /> 112 </td> 113 </tr> 114 </table> 115 </form> 116 <% 117 } 118 rs.close(); 119 pstmt.close(); 120 } catch (SQLException e) { 121 e.printStackTrace(); 122 } finally { 123 try { 124 conn.close(); 125 } catch (SQLException e) { 126 e.printStackTrace(); 127 } 128 } 129 %> 130 <form action="personalPassword.jsp" method="post"> 131 <input type="submit" value="密码管理" name="button1"> 132 </form> 133 </center> 134 <%@ include file="/footer.jsp"%>
在本模块还加入了改密码的功能
personalPassword.jsp是改密码的界面,该界面会提交一个包含旧密码,新密码,确认密码的表单
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%> 2 <%@ include file="/header.jsp"%> 3 <style type="text/css"> 4 * {font-family: "宋体";font-size: 14px} 5 table{ 6 width:300; 7 } 8 </style> 9 <jsp:useBean id="db" scope="page" class="util.DB"/> 10 <center> 11 <br> 12 <form action="personalPasswordHandler.jsp?EmployeeID=<%=session.getAttribute("ID")%>" method="post"> 13 <h2>密码管理</h2><br> 14 <a >原密码:</a><input type="password" align="left" name="oldpassword"><br> 15 <a >新密码:</a><input type="password" align="left" name="newpassword0"><br> 16 <a >重新输入:</a><input type="password" align="left" name="newpassword1"><br> 17 <input type="submit" name="button3" value="确认"> 18 </form> 19 </center> 20 <%@ include file="footer.jsp"%>
personalPasswordHandler.jsp是处理用户输入,实现对数据库中password表进行更改的jsp
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%> 2 <%@ include file="/header.jsp"%> 3 <style> 4 * { font-family: "宋体"; font-size: 14px} 5 </style> 6 <jsp:useBean id="db" 7 scope="page" 8 class="util.DB" /> 9 <% 10 Connection conn = null; 11 // request.setCharacterEncoding("gb2312"); 12 int result = 0; 13 request.setCharacterEncoding("utf-8"); 14 String oldpassword = request.getParameter("oldpassword"); 15 String newpassword0 = request.getParameter("newpassword0"); 16 String newpassword1 = request.getParameter("newpassword1"); 17 if(newpassword0.equals(newpassword1)){ 18 String sql_0 = "update users set password=? where EmployeeID="+request.getParameter("EmployeeID")+";"; 19 String sql_1="select password from users where EmployeeID="+request.getParameter("EmployeeID")+";"; 20 if (StringUtil.validateNull(oldpassword)) { 21 out.println("对不起,密码不能为空,请您重新输入!<br>"); 22 out.println("<a href=\"" + context + "/personalPassword.jsp\">返回</a><br>"); 23 } else { 24 try { 25 conn = db.getConn(); 26 Statement stmt=db.getStmt(conn); 27 //out.println(sql); 28 ResultSet rs=stmt.executeQuery(sql_1); 29 //out.print(sql_0); 30 //out.print(sql_0); 31 String pwd=""; 32 while(rs.next()){ 33 pwd=rs.getString("password"); 34 } 35 stmt.close(); 36 if(oldpassword.equals(pwd)){ 37 PreparedStatement pstmt = conn.prepareStatement(sql_0); 38 pstmt.setString(1, StringUtil.filterHtml(newpassword0)); 39 result = pstmt.executeUpdate(); 40 pstmt.close(); 41 } 42 else{ 43 result=0; 44 } 45 } catch (SQLException e) { 46 e.printStackTrace(); 47 } finally { 48 try { 49 conn.close(); 50 } catch (SQLException e) { 51 e.printStackTrace(); 52 } 53 } 54 } 55 } 56 else{ 57 result=0; 58 } 59 if (result == 0) { 60 out.println("对不起,密码编辑不成功,请您重新编辑!<BR>"); 61 out.println("<a href=\"" + context + "/personalPasswod.jsp\">返回</a><BR>"); 62 } else { 63 out.println("祝贺您,密码编辑成功。<BR>"); 64 out.println("<a href=\"" + context + "/personalPassword.jsp\">返回</a><BR>"); 65 } 66 %> 67 <%@ include file="/footer.jsp"%>
2、员工角色分配
这个模块实现对数据库userrole表的查询和编辑功能,uerrole.jsp把数据库中的userrole表查询一遍,返回并显示结果,这里面的连接数据库时分四步.1、加载数据库驱动;2、连接数据库;3、创建会话获得结果集;4、关闭结果集与会话,断开数据库连接。注意在整个过程中要对可能出现的异常情况进行处理,在该项目中,数据库的连接操作被封装在一个javaBean中(DB.java)DB.java
在jsp中进行数据库操作之前,先实例化DB <jsp:useBean id="db" scope="page" class="util.DB"/>
DB中对数据库进行操作的方法有:获得连接 getConn();获得会话 getStmt();获得数据集 getRS();关闭连接 closeConn();关闭会话 closeStmt();关闭数据集 closeRs();
1 package util; 2 import java.sql.*; 3 4 public class DB { 5 private Connection conn = null; 6 private Statement stmt = null; 7 private ResultSet rs = null; 8 9 public DB() { 10 11 } 12 13 public Connection getConn() { 14 15 try { 16 Class.forName("com.mysql.jdbc.Driver"); 17 conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/employeemanage?user=root&password="); 18 } catch (ClassNotFoundException e) { 19 e.printStackTrace(); 20 } catch (SQLException e) { 21 e.printStackTrace(); 22 } 23 24 return conn; 25 } 26 27 public Statement getStmt(Connection conn) { 28 29 try { 30 if(conn != null) { 31 stmt = conn.createStatement(); 32 } 33 } catch (SQLException e) { 34 e.printStackTrace(); 35 } 36 return stmt; 37 } 38 39 public ResultSet getRs(Statement stmt, String sql) { 40 41 try { 42 if(stmt != null) { 43 rs = stmt.executeQuery(sql); 44 } 45 } catch (SQLException e) { 46 e.printStackTrace(); 47 } 48 return rs; 49 } 50 51 public void closeConn(Connection conn) { 52 try { 53 if(conn != null) { 54 conn.close(); 55 conn = null; 56 } 57 } catch (SQLException e) { 58 e.printStackTrace(); 59 } 60 } 61 62 public void closeStmt(Statement stmt) { 63 try { 64 if(stmt != null) { 65 stmt.close(); 66 stmt = null; 67 } 68 } catch (SQLException e) { 69 e.printStackTrace(); 70 } 71 } 72 73 public void closeRs(ResultSet rs) { 74 try { 75 if(rs != null) { 76 rs.close(); 77 rs = null; 78 } 79 } catch (SQLException e) { 80 e.printStackTrace(); 81 } 82 } 83 }
员工角色表的显示userrole.jsp
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%> 2 <%@ include file="/header.jsp"%> 3 <style type="text/css"> 4 * {font-family: "宋体";font-size: 14px} 5 table{ 6 width:100; 7 } 8 </style> 9 <jsp:useBean id="db" scope="page" class="util.DB"/> 10 <center> 11 <br> 12 员工角色分配 13 14 15 <table> 16 <tr> 17 <th width=40 >员工ID</th><th width=40 >角色ID</th> 18 </tr> 19 20 <% 21 response.setContentType("text/html;charset=utf-8"); 22 Connection conn=null; 23 try{ 24 conn=db.getConn(); 25 Statement stmt=db.getStmt(conn); 26 ResultSet rs=stmt.executeQuery("select * from userrole;"); 27 while(rs.next()){ 28 %> 29 <form action="userrole_editHandler.jsp" method="post"> 30 <tr> 31 <td><input type="text" maxlength="10" readonly size="10" name="EmployeeID" value=<%=rs.getString("EmployeeID")%> /></td> 32 <td><input type="text" maxlength="10" size="10" name="RoleID" value=<%=rs.getString("RoleID") %> /></td> 33 <td><input type="submit" name="button3" value="确认修改"> </td> 34 </tr> 35 </form> 36 <% 37 } 38 rs.close(); 39 stmt.close(); 40 }catch(SQLException e){ 41 e.printStackTrace(); 42 } finally{ 43 try{ 44 conn.close(); 45 }catch(SQLException e){ 46 e.printStackTrace(); 47 } 48 } 49 %> 50 </table> 51 </center> 52 <%@ include file="footer.jsp"%>
对员工角色分派表编辑后进行数据库更新的处理页面:userrole_editHandler.jsp
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%> 2 <%@ include file="/header.jsp"%> 3 <style> 4 * { font-family: "宋体"; font-size: 14px} 5 </style> 6 <jsp:useBean id="db" 7 scope="page" 8 class="util.DB" /> 9 <% 10 Connection conn = null; 11 // request.setCharacterEncoding("gb2312"); 12 int result = 0; 13 request.setCharacterEncoding("utf-8"); 14 String EmployeeID = request.getParameter("EmployeeID"); 15 String RoleID = request.getParameter("RoleID"); 16 String sql = "update userrole set roleID=? where EmployeeID="+EmployeeID+";"; 17 if (StringUtil.validateNull(EmployeeID)) { 18 out.println("对不起,用户名不能为空,请您重新编辑!<br>"); 19 out.println("><a href=\"" + context + "/userrole.jsp\">返回</a><br>"); 20 } else if (StringUtil.validateNull(RoleID)) { 21 out.println("对不起,RoleID不能为空,请您重新输入!<br>"); 22 out.println("<a href=\"" + context + "/userrole.jsp\">返回</a><br>"); 23 } else { 24 try { 25 conn = db.getConn(); 26 Statement stmt=db.getStmt(conn); 27 //out.println(sql); 28 //stmt.executeUpdate(sql); 29 stmt.close(); 30 PreparedStatement pstmt = conn.prepareStatement(sql); 31 pstmt.setString(1, StringUtil.filterHtml(RoleID)); 32 result = pstmt.executeUpdate(); 33 pstmt.close(); 34 } catch (SQLException e) { 35 e.printStackTrace(); 36 } finally { 37 try { 38 conn.close(); 39 } catch (SQLException e) { 40 e.printStackTrace(); 41 } 42 } 43 44 45 if (result == 0) { 46 out.println("对不起,用户角色编辑不成功,请您重新编辑!<BR>"); 47 out.println("<a href=\"" + context + "/userrole.jsp\">返回</a><BR>"); 48 } else { 49 out.println("祝贺您,用户角色编辑成功。<BR>"); 50 out.println("<a href=\"" + context + "/userrole.jsp\">返回</a><BR>"); 51 } 52 } 53 %> 54 <%@ include file="/footer.jsp"%>
3、人事管理
该部分实现了员工信息的增、删、改和按ID进行查询。本部分最主要的就是query.jsp
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%> 2 3 <%@ include file="/header.jsp"%> 4 <style> 5 * {font-family: "宋体";font-size: 14px} 6 </style> 7 <center> 8 <jsp:useBean id="db" 9 scope="page" 10 class="util.DB" /> 11 12 <% 13 14 String sql = "select * from v_EmployeeInformation"; 15 Connection conn = null; 16 response.setContentType("text/html;charset=utf-8"); 17 try { 18 19 conn = db.getConn(); 20 Statement pstmt = db.getStmt(conn); 21 ResultSet r_rs=db.getRs(pstmt,"select * from v_roles where v_roles.EmployeeID="+session.getAttribute("ID")+";"); 22 %> 23 <form action="employee_query.jsp" method="post"> 24 员工ID查询: 25 <input type="text" maxlength="4" size="10" name="text3" required="required"> 26 <input type="submit" name="button2"> 27 </form> 28 <% 29 if(session.getAttribute("Auth_Info")=="1"){ 30 out.println("<a href="+context+"/employee_add.jsp>添加员工</a>"); 31 } 32 %> 33 <% 34 ResultSet rs = db.getRs(pstmt,sql); 35 while (rs.next()) { 36 37 %> 38 <br><br> 39 <form action="employee_delete.jsp" method="get"> 40 <table width="600" border="1" bordercolor="000000" 41 style="table-layout: fixed; word-break: break-all"> 42 <tr> 43 <td width="100" bordercolor="ffffff"> 44 EmployeeID: 45 </td> 46 <%int temp=rs.getInt("EmployeeID"); %> 47 <td width="500" bordercolor="ffffff"><%=temp%></td> 48 </tr> 49 <tr> 50 <td bordercolor="ffffff"> 51 EmployeeName: 52 </td> 53 <td bordercolor="ffffff"><%=rs.getString("EmployeeName")%></td> 54 </tr> 55 <tr> 56 <td bordercolor="ffffff"> 57 sex: 58 </td> 59 <td bordercolor="ffffff"><%=rs.getString("sex")%></td> 60 </tr> 61 <tr> 62 <td bordercolor="ffffff"> 63 BirthDay: 64 </td> 65 <td bordercolor="ffffff"><%=rs.getString("Birthday")%></td> 66 </tr> 67 <tr> 68 <td bordercolor="ffffff"> 69 Phone: 70 </td> 71 <td bordercolor="ffffff"><%=rs.getString("Phone")%></td> 72 </tr> 73 <tr> 74 <td bordercolor="ffffff"> 75 HireDate: 76 </td> 77 <td bordercolor="ffffff"><%=rs.getString("HireDate")%></td> 78 </tr> 79 <tr> 80 <td bordercolor="ffffff"> 81 Title: 82 </td> 83 <td bordercolor="ffffff"><%=rs.getString("Title")%></td> 84 </tr> 85 <tr> 86 <td bordercolor="ffffff"> 87 Salary: 88 </td> 89 <td bordercolor="ffffff"><%=rs.getString("Salary")%></td> 90 </tr> 91 <tr> 92 <td bordercolor="ffffff"> 93 DegreeName: 94 </td> 95 <td bordercolor="ffffff"><%=rs.getString("DegreeName")%></td> 96 </tr> 97 <tr> 98 <td bordercolor="ffffff"> 99 DepartmentName: 100 </td> 101 <td bordercolor="ffffff"><%=rs.getString("DepartmentName")%></td> 102 </tr> 103 </table> 104 <%if(session.getAttribute("Auth_Info")=="1"){%> 105 <input type="hidden" name=EmployeeID ID=EmpolyeeID value=<%=temp%> /> 106 <input type="submit" value="delete" > 107 <br> 108 <%}%> 109 </form> 110 <form action="employee_edit.jsp" method="get"> 111 <%if(session.getAttribute("Auth_Info")=="1"){%> 112 <input type="hidden" name=EmployeeID ID=EmpolyeeID value=<%=temp%> /> 113 <input type="submit" value="Edit" > 114 <br> 115 <%}%> 116 </form> 117 <% 118 } 119 rs.close(); 120 pstmt.close(); 121 } catch (SQLException e) { 122 e.printStackTrace(); 123 } finally { 124 try { 125 conn.close(); 126 } catch (SQLException e) { 127 e.printStackTrace(); 128 } 129 } 130 %> 131 </center> 132 <%@ include file="/footer.jsp"%>
添加员工
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%> 2 <%@ include file="/header.jsp"%> 3 <style> 4 * { font-family: "宋体"; font-size: 14px } 5 </style> 6 7 <p align="center"> 8 添加员工 9 </p> 10 <p align="center"> 11 <a href="<%=context%>/query.jsp">查看员工信息</a> 12 </p> 13 <form id="form1" name="form1" method="post" 14 action="<%=context%>/addEmployeeHandler.jsp" 15 > 16 <table width="650" height="200" border="0" align="center"> 17 <tr> 18 <td width="150">EmployeeID:</td> 19 <td width="500"> 20 <input name="EmployeeID" type="text" id="EmployeeID" size="40" maxlength="20" /> 21 </td> 22 </tr> 23 <tr> 24 <td>EmployeeName:</td> 25 <td> 26 <input name="EmployeeName" type="text" id="EmployeeName" size="40" maxlength="40" /> 27 </td> 28 </tr> 29 <tr> 30 <td>Sex:</td> 31 <td> 32 <input name="Sex" type="text" id="Sex" size="40" maxlength="20" /> 33 </td> 34 </tr> 35 <tr> 36 <td>BirthDay:</td> 37 <td> 38 <input name="BirthDay" type="text" id="BirthDay" size="40" maxlength="20" /> 39 </td> 40 </tr> 41 <tr> 42 <td>Phone:</td> 43 <td> 44 <input name="Phone" type="text" id="Phone" size="40" maxlength="20" /> 45 </td> 46 </tr> 47 <tr> 48 <td>DegreeID:</td> 49 <td> 50 <input name="DegreeID" type="text" id="DegreeID" size="40" maxlength="20" /> 51 </td> 52 </tr> 53 <tr> 54 <td>HireDate:</td> 55 <td> 56 <input name="HireDate" type="text" id="HireDate" size="40" maxlength="20" /> 57 </td> 58 </tr> 59 <tr> 60 <td>EmployeeTypeID:</td> 61 <td> 62 <input name="EmployeeTypeID" type="text" id="EmployeeTypeID" size="40" maxlength="20" /> 63 </td> 64 </tr> 65 <tr> 66 <td>DepartmentID:</td> 67 <td> 68 <input name="DepartmentID" type="text" id="DepartmentID" size="40" maxlength="20" /> 69 </td> 70 </tr> 71 <tr> 72 <td>Title:</td> 73 <td> 74 <input name="Title" type="text" id="Title" size="40" maxlength="20" /> 75 </td> 76 </tr> 77 <tr> 78 <td>Salary:</td> 79 <td> 80 <input name="Salary" type="text" id="Salary" size="40" maxlength="20" /> 81 </td> 82 </tr> 83 <tr> 84 <td>ManagerID:</td> 85 <td> 86 <input name="ManagerID" type="text" id="ManagerID" size="40" maxlength="20" /> 87 </td> 88 </tr> 89 <tr> 90 91 <td> 92 93 </td> 94 </tr> 95 <tr> 96 <td></td> 97 <td> 98 <input type="submit" name="Submit" value="提交" /> 99 <input type="reset" name="Reset" value="重置" /> 100 </td> 101 </tr> 102 </table> 103 </form> 104 <%@ include file="/footer.jsp"%>
添加员工时的后台处理addEmployeeHandler.jsp
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%> 2 <%@ include file="/header.jsp"%> 3 <style> 4 * { font-family: "宋体"; font-size: 14px} 5 </style> 6 <jsp:useBean id="db" 7 scope="page" 8 class="util.DB" /> 9 <% 10 Connection conn = null; 11 // request.setCharacterEncoding("gb2312"); 12 int result = 0; 13 request.setCharacterEncoding("utf-8"); 14 String EmployeeID = request.getParameter("EmployeeID"); 15 String EmployeeName = request.getParameter("EmployeeName"); 16 String Sex = request.getParameter("Sex"); 17 String BirthDay = request.getParameter("BirthDay"); 18 String Phone = request.getParameter("Phone"); 19 String DegreeID= request.getParameter("DegreeID"); 20 String HireDate= request.getParameter("HireDate"); 21 String EmployeeTypeID= request.getParameter("EmployeeTypeID"); 22 String DepartmentID= request.getParameter("DepartmentID"); 23 String Title= request.getParameter("Title"); 24 String Salary= request.getParameter("Salary"); 25 String ManagerID= request.getParameter("ManagerID"); 26 String sql = "insert into employees (EmployeeID,EmployeeName,Sex,BirthDay,Phone,DegreeID,HireDate,EmployeeTypeID,DepartmentID,Title,Salary,ManagerID) values(?,?,?,?,?,?,?,?,?,?,?,?);"; 27 28 if (StringUtil.validateNull(EmployeeID)) { 29 out.println("对不起,不能为空,请您重新输入!<br>"); 30 out.println("><a href=\"" + context + "/employee_add.jsp\">添加新员工</a><br>"); 31 } else if (StringUtil.validateNull(EmployeeName)) { 32 out.println("对不起,不能为空,请您重新输入!<br>"); 33 out.println("<a href=\"" + context + "/employee_add.jsp\">添加新员工</a><br>"); 34 } else { 35 try { 36 conn = db.getConn(); 37 //Statement stmt=conn.createStatement(); 38 // result=stmt.executeUpdate(sql); 39 // stmt.close(); 40 PreparedStatement pstmt = conn.prepareStatement(sql); 41 pstmt.setString(1, StringUtil.filterHtml(EmployeeID)); 42 pstmt.setString(2, StringUtil.filterHtml(EmployeeName)); 43 pstmt.setString(3, StringUtil.filterHtml(request.getParameter("Sex"))); 44 pstmt.setString(4, StringUtil.filterHtml(request.getParameter("BirthDay"))); 45 pstmt.setString(5, StringUtil.filterHtml(request.getParameter("Phone"))); 46 pstmt.setString(6, StringUtil.filterHtml(request.getParameter("DegreeID"))); 47 pstmt.setString(7, StringUtil.filterHtml(request.getParameter("HireDate"))); 48 pstmt.setString(8, StringUtil.filterHtml(request.getParameter("EmployeeTypeID"))); 49 pstmt.setString(9, StringUtil.filterHtml(request.getParameter("DepartmentID"))); 50 pstmt.setString(10, StringUtil.filterHtml(request.getParameter("Title"))); 51 pstmt.setString(11, StringUtil.filterHtml(request.getParameter("Salary"))); 52 pstmt.setString(12, StringUtil.filterHtml(request.getParameter("ManagerID"))); 53 54 result = pstmt.executeUpdate(); 55 pstmt.close(); 56 } catch (SQLException e) { 57 e.printStackTrace(); 58 } finally { 59 try { 60 conn.close(); 61 } catch (SQLException e) { 62 e.printStackTrace(); 63 } 64 } 65 66 67 if (result == 0) { 68 out.println("对不起,员工信息添加不成功,请您重新输入!<BR>"); 69 out.println("<a href=\"" + context + "/employee_add.jsp\">添加新的员工信息</a><BR>"); 70 } else { 71 out.println("祝贺您,员工信息成功添加。<BR>"); 72 out.println("<a href=\"" + context + "/query.jsp\">查看所有员工信息</a><BR>"); 73 out.println("<a href=\"" + context + "/employee_add.jsp\">继续添加员工信息</a><BR>"); 74 } 75 } 76 %> 77 <%@ include file="/footer.jsp"%>
employee_delete.jsp后台进行删除操作
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%> 2 <%@ include file="/header.jsp"%> 3 <style> 4 * { font-family: "宋体"; font-size: 14px} 5 </style> 6 <jsp:useBean id="db" 7 scope="page" 8 class="util.DB" /> 9 <% 10 Connection conn = null; 11 request.setCharacterEncoding("utf-8"); 12 String EmployeeID = request.getParameter("EmployeeID"); 13 String sql = "delete from employees where EmployeeID="+EmployeeID+";"; 14 try{ 15 conn = db.getConn(); 16 Statement stmt=conn.createStatement(); 17 out.println("<br><br>删除成功"); 18 stmt.executeUpdate(sql); 19 stmt.close(); 20 } catch (SQLException e) { 21 e.printStackTrace(); 22 } finally { 23 try { 24 conn.close(); 25 } catch (SQLException e) { 26 e.printStackTrace(); 27 } 28 } 29 response.sendRedirect("query.jsp"); 30 %> 31 <%@ include file="/footer.jsp"%>
管理员编辑员工信息的界面emoployee_edit.jsp
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%> 2 3 <%@ include file="/header.jsp"%> 4 <style> 5 * {font-family: "宋体";font-size: 14px} 6 </style> 7 <center> 8 <jsp:useBean id="db" 9 scope="page" 10 class="util.DB" /> 11 12 <% 13 String emID=request.getParameter("EmployeeID"); 14 String sql = "select * from employees where EmployeeID="+emID+";"; 15 Connection conn = null; 16 response.setContentType("text/html;charset=utf-8"); 17 try { 18 19 conn = db.getConn(); 20 Statement pstmt = db.getStmt(conn); 21 ResultSet rs = db.getRs(pstmt,sql); 22 while (rs.next()) { 23 24 %> 25 <form id="form1" name="form1" method="post" 26 action="<%=context%>/employee_editHandler.jsp" 27 > 28 <table width="650" height="200" border="0" align="center"> 29 <tr> 30 <td width="150">EmployeeID:</td> 31 <td width="500"> 32 <input name="EmployeeID" type="text" value=<%=rs.getString("EmployeeID")%> size="40" maxlength="20" /> 33 </td> 34 </tr> 35 <tr> 36 <td>EmployeeName:</td> 37 <td> 38 <input name="EmployeeName" type="text" value=<%=rs.getString("EmployeeName")%> size="40" maxlength="40" /> 39 </td> 40 </tr> 41 <tr> 42 <td>Sex:</td> 43 <td> 44 <input name="Sex" type="text" value=<%=rs.getString("Sex")%> size="40" maxlength="20" /> 45 </td> 46 </tr> 47 <tr> 48 <td>BirthDay:</td> 49 <td> 50 <input name="BirthDay" type="text" value=<%=rs.getString("BirthDay")%> size="40" maxlength="20" /> 51 </td> 52 </tr> 53 <tr> 54 <td>Phone:</td> 55 <td> 56 <input name="Phone" type="text" value=<%=rs.getString("Phone")%> size="40" maxlength="20" /> 57 </td> 58 </tr> 59 <tr> 60 <td>DegreeID:</td> 61 <td> 62 <input name="DegreeID" type="text" value=<%=rs.getString("DegreeID")%> size="40" maxlength="20" /> 63 </td> 64 </tr> 65 <tr> 66 <td>HireDate:</td> 67 <td> 68 <input name="HireDate" type="text" value=<%=rs.getString("HireDate")%> size="40" maxlength="20" /> 69 </td> 70 </tr> 71 <tr> 72 <td>EmployeeTypeID:</td> 73 <td> 74 <input name="EmployeeTypeID" type="text" value=<%=rs.getString("EmployeeTypeID")%> size="40" maxlength="20" /> 75 </td> 76 </tr> 77 <tr> 78 <td>DepartmentID:</td> 79 <td> 80 <input name="DepartmentID" type="text" value=<%=rs.getString("DepartmentID")%> size="40" maxlength="20" /> 81 </td> 82 </tr> 83 <tr> 84 <td>Title:</td> 85 <td> 86 <input name="Title" type="text" value=<%=rs.getString("Title")%> size="40" maxlength="20" /> 87 </td> 88 </tr> 89 <tr> 90 <td>Salary:</td> 91 <td> 92 <input name="Salary" type="text" value=<%=rs.getString("Salary")%> size="40" maxlength="20" /> 93 </td> 94 </tr> 95 <tr> 96 <td>ManagerID:</td> 97 <td> 98 <input name="ManagerID" type="text" value=<%=rs.getString("ManagerID")%> size="40" maxlength="20" /> 99 </td> 100 </tr> 101 <tr> 102 103 <td> 104 105 </td> 106 </tr> 107 <tr> 108 <td></td> 109 <td> 110 <input type="submit" name="Submit" value="提交" /> 111 <input type="reset" name="Reset" value="重置" /> 112 </td> 113 </tr> 114 </table> 115 </form> 116 <% 117 } 118 rs.close(); 119 pstmt.close(); 120 } catch (SQLException e) { 121 e.printStackTrace(); 122 } finally { 123 try { 124 conn.close(); 125 } catch (SQLException e) { 126 e.printStackTrace(); 127 } 128 } 129 %> 130 </center> 131 <%@ include file="/footer.jsp"%>
编辑后employee_editHandler.jsp对数据库进行更新
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%> 2 <%@ include file="/header.jsp"%> 3 <style> 4 * { font-family: "宋体"; font-size: 14px} 5 </style> 6 <jsp:useBean id="db" 7 scope="page" 8 class="util.DB" /> 9 <% 10 Connection conn = null; 11 // request.setCharacterEncoding("gb2312"); 12 int result = 0; 13 request.setCharacterEncoding("utf-8"); 14 String EmployeeID = request.getParameter("EmployeeID"); 15 String EmployeeName = request.getParameter("EmployeeName"); 16 String Sex = request.getParameter("Sex"); 17 String BirthDay = request.getParameter("BirthDay"); 18 String Phone = request.getParameter("Phone"); 19 String DegreeID= request.getParameter("DegreeID"); 20 String HireDate= request.getParameter("HireDate"); 21 String EmployeeTypeID= request.getParameter("EmployeeTypeID"); 22 String DepartmentID= request.getParameter("DepartmentID"); 23 String Title= request.getParameter("Title"); 24 String Salary= request.getParameter("Salary"); 25 String ManagerID= request.getParameter("ManagerID"); 26 String sql_d = "delete from employees where EmployeeID="+EmployeeID+";"; 27 String sql ="insert into employees (EmployeeID,EmployeeName,Sex,BirthDay,Phone,DegreeID,HireDate,EmployeeTypeID,DepartmentID,Title,Salary,ManagerID) values(?,?,?,?,?,?,?,?,?,?,?,?);"; 28 29 if (StringUtil.validateNull(EmployeeID)) { 30 out.println("对不起,不能为空,请您重新输入!<br>"); 31 out.println("><a href=\"" + context + "/employee_edit.jsp\">重新编辑</a><br>"); 32 } else if (StringUtil.validateNull(EmployeeName)) { 33 out.println("对不起,不能为空,请您重新输入!<br>"); 34 out.println("<a href=\"" + context + "/employee_edit.jsp\">重新编辑</a><br>"); 35 } else { 36 try { 37 conn = db.getConn(); 38 Statement stmt=db.getStmt(conn); 39 // out.println(sql_d); 40 stmt.executeUpdate(sql_d); 41 stmt.close(); 42 PreparedStatement pstmt = conn.prepareStatement(sql); 43 pstmt.setString(1, StringUtil.filterHtml(EmployeeID)); 44 pstmt.setString(2, StringUtil.filterHtml(EmployeeName)); 45 pstmt.setString(3, StringUtil.filterHtml(request.getParameter("Sex"))); 46 pstmt.setString(4, StringUtil.filterHtml(request.getParameter("BirthDay"))); 47 pstmt.setString(5, StringUtil.filterHtml(request.getParameter("Phone"))); 48 pstmt.setString(6, StringUtil.filterHtml(request.getParameter("DegreeID"))); 49 pstmt.setString(7, StringUtil.filterHtml(request.getParameter("HireDate"))); 50 pstmt.setString(8, StringUtil.filterHtml(request.getParameter("EmployeeTypeID"))); 51 pstmt.setString(9, StringUtil.filterHtml(request.getParameter("DepartmentID"))); 52 pstmt.setString(10, StringUtil.filterHtml(request.getParameter("Title"))); 53 pstmt.setString(11, StringUtil.filterHtml(request.getParameter("Salary"))); 54 pstmt.setString(12, StringUtil.filterHtml(request.getParameter("ManagerID"))); 55 56 result = pstmt.executeUpdate(); 57 pstmt.close(); 58 } catch (SQLException e) { 59 e.printStackTrace(); 60 } finally { 61 try { 62 conn.close(); 63 } catch (SQLException e) { 64 e.printStackTrace(); 65 } 66 } 67 68 69 if (result == 0) { 70 out.println("对不起,员工信息编辑不成功,请您重新编辑!<BR>"); 71 out.println("<a href=\"" + context + "/employee_edit.jsp\">编辑员工信息</a><BR>"); 72 } else { 73 out.println("祝贺您,员工信息编辑成功。<BR>"); 74 out.println("<a href=\"" + context + "/query.jsp\">查看所有员工信息</a><BR>"); 75 } 76 } 77 %> 78 <%@ include file="/footer.jsp"%>
根据员工号进行查询employee_query.jsp
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%> 2 3 <%@ include file="/header.jsp"%> 4 <style> 5 * {font-family: "宋体";font-size: 14px} 6 </style> 7 <center> 8 <jsp:useBean id="db" 9 scope="page" 10 class="util.DB" /> 11 12 <% 13 String emID=request.getParameter("text3"); 14 String sql = "select * from v_EmployeeInformation where EmployeeID="+emID+";"; 15 Connection conn = null; 16 response.setContentType("text/html;charset=utf-8"); 17 try { 18 19 conn = db.getConn(); 20 Statement pstmt = db.getStmt(conn); 21 ResultSet rs = db.getRs(pstmt,sql); 22 while (rs.next()) { 23 24 %> 25 <br><br> 26 <table width="600" border="1" bordercolor="000000" 27 style="table-layout: fixed; word-break: break-all"> 28 <tr> 29 <td width="100" bordercolor="ffffff"> 30 EmployeeID: 31 </td> 32 <td width="500" bordercolor="ffffff"><%=rs.getInt("EmployeeID")%></td> 33 </tr> 34 <tr> 35 <td bordercolor="ffffff"> 36 EmployeeName: 37 </td> 38 <td bordercolor="ffffff"><%=rs.getString("EmployeeName")%></td> 39 </tr> 40 <tr> 41 <td bordercolor="ffffff"> 42 sex: 43 </td> 44 <td bordercolor="ffffff"><%=rs.getString("sex")%></td> 45 </tr> 46 <tr> 47 <td bordercolor="ffffff"> 48 BirthDay: 49 </td> 50 <td bordercolor="ffffff"><%=rs.getString("Birthday")%></td> 51 </tr> 52 <tr> 53 <td bordercolor="ffffff"> 54 Phone: 55 </td> 56 <td bordercolor="ffffff"><%=rs.getString("Phone")%></td> 57 </tr> 58 <tr> 59 <td bordercolor="ffffff"> 60 HireDate: 61 </td> 62 <td bordercolor="ffffff"><%=rs.getString("HireDate")%></td> 63 </tr> 64 <tr> 65 <td bordercolor="ffffff"> 66 Title: 67 </td> 68 <td bordercolor="ffffff"><%=rs.getString("Title")%></td> 69 </tr> 70 <tr> 71 <td bordercolor="ffffff"> 72 Salary: 73 </td> 74 <td bordercolor="ffffff"><%=rs.getString("Salary")%></td> 75 </tr> 76 <tr> 77 <td bordercolor="ffffff"> 78 DegreeName: 79 </td> 80 <td bordercolor="ffffff"><%=rs.getString("DegreeName")%></td> 81 </tr> 82 <tr> 83 <td bordercolor="ffffff"> 84 DepartmentName: 85 </td> 86 <td bordercolor="ffffff"><%=rs.getString("DepartmentName")%></td> 87 </tr> 88 89 </table> 90 <br> 91 <% 92 } 93 rs.close(); 94 pstmt.close(); 95 } catch (SQLException e) { 96 e.printStackTrace(); 97 } finally { 98 try { 99 conn.close(); 100 } catch (SQLException e) { 101 e.printStackTrace(); 102 } 103 } 104 %> 105 </center> 106 <%@ include file="/footer.jsp"%>
4、考勤管理
attendance_query.jsp实现考勤信息的查询输出
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%> 2 <%@ include file="/header.jsp"%> 3 <style> 4 * {font-family: "宋体";font-size: 14px} 5 </style> 6 <jsp:useBean id="db" scope="page" class="util.DB"/> 7 <center> 8 <br>出勤日志<br> 9 <table> 10 <tr> 11 <td>职工姓名</td><td>日期</td><td>出勤状态</td> 12 </tr> 13 <% 14 response.setContentType("text/html;charset=utf-8"); 15 Connection conn=null; 16 try{ 17 conn=db.getConn(); 18 Statement stmt=db.getStmt(conn); 19 ResultSet rs=stmt.executeQuery("select * from v_attendances;"); 20 while(rs.next()){ 21 %> 22 <tr> 23 <td><%=rs.getString("EmployeeName")%></td><td><%=rs.getString("Date") %></td><td><%=rs.getString("Status")%> 24 </tr> 25 <% 26 } 27 rs.close(); 28 stmt.close(); 29 }catch(SQLException e){ 30 e.printStackTrace(); 31 } finally{ 32 try{ 33 conn.close(); 34 }catch(SQLException e){ 35 e.printStackTrace(); 36 } 37 } 38 %> 39 </table> 40 </center> 41 <%@ include file="footer.jsp"%>
5、培训管理
主要部分training_query.jsp输出培训信息,并能够根据权限选择性输出管理培训信息的入口;添加培训信息training_add.jsp;编辑培训信息training_editHandler.jsp;后台更新数据库training_editHandler.jsp。
6、考核管理
这个部分的设计结构与培训管理模块一样,考核主界面evaluation_query.jsp。添加考核信息evaluation_addHandler.jsp;编辑考核信息evaluation_editHandler.jsp。
7、奖惩管理
本部分与上两部分模式一样,稍有不同的是本模块没有编辑功能,但是有删除功能。奖惩信息主界面rewardandpunishment_query.jsp,添加奖惩信息rewardandpunishment_addHandler.jsp,删除奖惩信息rewardandpunishment_deleteHandler.jsp;
8、角色管理
本部分有特点的是角色的各种权限信息用多选框显示出来了,不再是以文本框的形式输出了。角色管理主界面roler_query.jsp,修改角色的权限roler_editHandler.jsp,roler_addHandler.jsp处理添加角色及勾选相应拥有权限。
9、用户密码管理
本模块也是只有具有密码管理权限的用户才能够进来的界面。password_query.jsp是密码管理界面,password_editHandler.jsp修改员工密码后更新后台数据库。
四:退出登录、错误页的设置、防止恶意脚本注入的过滤操作
注销时使session失效
1 <%@ page language="java" import="java.util.*" pageEncoding="utf8"%> 2 3 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 4 <html> 5 <head> 6 <title>My JSP ‘loginout.jsp‘ starting page</title> 7 8 <meta http-equiv="pragma" content="no-cache"> 9 <meta http-equiv="cache-control" content="no-cache"> 10 <meta http-equiv="expires" content="0"> 11 <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> 12 <meta http-equiv="description" content="This is my page"> 13 <!-- 14 <link rel="stylesheet" type="text/css" href="styles.css"> 15 --> 16 17 </head> 18 <% String context=request.getContextPath();%> 19 <body> 20 <%session.invalidate(); %> 21 注销成功<br> 22 <a href="<%=context%>/login.html">返回</a> 23 </body> 24 </html>
错误页,在web.xml中进行设置
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%> 2 <html> 3 <head> 4 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> 5 <title>display 500 error</title> 6 </head> 7 <body> 8 对不起,亲爱的用户,您访问的网页发生不可预知的问题。<br> 9 请您访问其它网页,或者与我们的客服人员联系。<br> 10 </body> 11 </html>
功具类,其中有判断字符串是否为空,对字符串中的敏感符号进行替换,防止恶意脚本注入
1 package util; 2 3 public class StringUtil { 4 public static boolean validateNull(String args) { 5 if (args == null || args.length() == 0) { 6 return true; 7 } else { 8 return false; 9 } 10 } 11 12 public static String chanageNull(String source, String target) { 13 if (source == null || source.length() == 0 || source.equalsIgnoreCase("null")) { 14 return target; 15 } else { 16 return source; 17 } 18 } 19 20 21 public static String filterHtml(String input) { 22 if (input == null) { 23 return null; 24 } 25 if (input.length() == 0) { 26 return input; 27 } 28 input = input.replaceAll("&", "&"); 29 input = input.replaceAll("<", "<"); 30 input = input.replaceAll(">", ">"); 31 input = input.replaceAll(" ", " "); 32 input = input.replaceAll("‘", "'"); 33 input = input.replaceAll("\"", """); 34 return input.replaceAll("\n", "<br>"); 35 } 36 }
本文中缺少的源码及数据库可以在https://github.com/OOMMYY/EM 下载,直接导入MyEclipse即可
1. 表信息汇总
表名 |
说明 |
Employees |
员工信息表 |
EmployeeType |
职工类型表 |
Degrees |
学位类型表 |
Departments |
部门信息表 |
Attendances |
考勤信息表 |
AttendanceStatus |
出勤状态类型表 |
Evaluations |
考核信息表 |
EvaluationProjects |
考核项目信息表 |
Training |
培训信息表 |
EmployeeTraining |
员工培训表 |
RewardsAndPunishments |
员工奖惩信息表 |
Users |
系统用户信息表 |
UserRole |
用户角色信息表 |
Roles |
角色及权限信息表 |
2. 表结构详情
员工信息表(Employees)
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
EmployeeID |
INT |
NOT NULL |
PK |
员工ID |
EmployeeName |
NVARCHAR(20) |
NOT NULL |
|
员工姓名 |
Sex |
NCHAR(1) |
NOT NULL |
|
性别 |
BirthDay |
DATETIME |
NOT NULL |
|
生日 |
Phone |
VARCHAR(20) |
NOT NULL |
|
电话 |
DegreeID |
INT |
NOT NULL |
FK |
学位 |
HireDate |
DATETIME |
NOT NULL |
|
入职日期 |
EmployeeTypeID |
INT |
NOT NULL |
FK |
员工类型 |
DepartmentID |
INT |
NOT NULL |
FK |
所属部门 |
Title |
NVARCHAR(50) |
NOT NULL |
|
职位头衔 |
Salary |
MONEY |
NOT NULL |
|
薪酬 |
ManagerID |
INT |
NULL |
FK |
上司ID |
职工类型表(EmployeeType)
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
EmployeeTypeID |
INT |
NOT NULL |
PK |
类型ID |
EmployeeTypeName |
NVARCHAR(50) |
NOT NULL |
Unique |
类型名称 |
学位类型表(Degrees)
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
DegreeID |
INT |
NOT NULL |
PK |
类型ID |
DegreeName |
NVARCHAR(20) |
NOT NULL |
Unique |
学位名称 |
部门信息表(Departments)
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
DepartmentID |
INT |
NOT NULL |
PK |
部门ID |
DepartmentName |
NVARCHAR(50) |
NOT NULL |
Unique |
部门名称 |
ManagerID |
INT |
NULL |
FK |
部门经理ID |
考勤信息表(Attendances)
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
EmployeeID |
INT |
NOT NULL |
PK |
员工ID |
StatusID |
INT |
NOT NULL |
FK |
出勤类型ID |
Date |
DATETIME |
NOT NULL |
PK |
日期 |
出勤状态类型表(AttendanceStatus)
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
StatusID |
INT |
NOT NULL |
PK |
出勤类型ID |
Status |
NVARCHAR(50) |
NOT NULL |
Unique |
出勤类型名称 |
考核信息表(Evaluations)
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
EvaluationID |
INT |
NOT NULL |
PK |
考核ID |
EmployeeID |
INT |
NOT NULL |
FK |
员工ID |
EvaluationProjectID |
INT |
NOT NULL |
FK |
考核项目ID |
Date |
DATETIME |
NOT NULL |
|
日期 |
Result |
NVARCHAR(2) |
NOT NULL |
|
成绩 |
考核项目信息表(EvaluationProjects)
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
EP_ID |
INT |
NOT NULL |
PK |
考核项目ID |
ProjectName |
NVARCHAR(20) |
NOT NULL |
Unique |
项目名称 |
培训信息表(Training)
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
TrainingID |
INT |
NOT NULL |
PK |
培训ID |
BeginDate |
DATETIME |
NOT NULL |
|
开始日期 |
EndDate |
DATETIME |
NOT NULL |
|
结束日期 |
TrainingType |
NVARCHAR(20) |
NOT NULL |
|
培训类型 |
Description |
NVARCHAR(255) |
NULL |
|
详细描述 |
员工培训表(EmployeeTraining)
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
TraingingID |
INT |
NOT NULL |
PK FK |
培训ID |
EmployeeID |
INT |
NOT NULL |
PK FK |
员工ID |
员工奖惩信息表(RewardsAndPunishments)
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
RP_ID |
INT |
NOT NULL |
PF |
奖惩ID |
EmployeeID |
INT |
NOT NULL |
FK |
员工ID |
Type |
NCHAR(2) |
NOT NULL |
|
奖励/惩罚 |
Date |
DATETIME |
NOT NULL |
|
日期 |
Reason |
NVARCHAR(50) |
NOT NULL |
|
原因 |
Remark |
NVARCHAR(255) |
NULL |
|
备注(可选) |
系统用户信息表(Users)
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
EmployeeID |
INT |
NOT NULL |
PK FK |
员工ID |
Password |
VARCHAR(50) |
NOT NULL |
|
登录密码 |
用户角色信息表(UserRole)
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
EmployeeID |
INT |
NOT NULL |
PK FK |
员工ID |
RoleID |
INT |
NOT NULL |
PK FK |
角色ID |
角色及权限信息表(Roles)
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
RoleID |
INT |
NOT NULL |
PK |
角色ID |
RoleName |
NVARCHAR(50) |
NOT NULL |
Unique |
角色名称 |
Auth_Authority |
INT |
NOT NULL |
Default 0 |
权限管理权限 |
Auth_Info |
INT |
NOT NULL |
Default 0 |
信息管理权限 |
Auth_Job |
INT |
NOT NULL |
Default 0 |
人事管理权限 |
Auth_Attendance |
INT |
NOT NULL |
Default 0 |
考勤管理权限 |
Auth_Training |
INT |
NOT NULL |
Default 0 |
培训管理权限 |
Auth_Evaluation |
INT |
NOT NULL |
Default 0 |
考核管理权限 |
Auth_RP |
INT |
NOT NULL |
Default 0 |
奖惩管理权限 |
Auth_Role |
INT |
NOT NULL |
Default 0 |
角色管理权限 |
Auth_Encrypt |
INT |
NOT NULL |
Default 0 |
加密系统权限 |
本系统支持基于角色的访问控制。正如在业务模块的简介中所述,用户只有拥有某一业务模块的操作权限才能进行相关操作。而用户的权限来源于系统角色,即用户只能从所属的角色中获得若干权限,而本身无法被授权,授权只能对角色进行,即所谓“基于角色的访问控制”。具体的设计原则为:
1. 为每个模块设置独立的权限
业务模块和系统权限呈一一对应关系。拥有该业务模块的权限后,即可对该模块的数据进行全部操作(增、删、改、查等)。
业务模块和系统权限的对应关系如下表所示:
权限 |
模块 |
操作 |
页面 |
Auth_Job |
员工管理 |
添加员工 |
employee_add.jsp |
查询员工 |
employee_query.jsp |
||
修改员工 |
employee_edit.jsp |
||
删除员工 |
employee_delete.jsp |
||
Auth_Attendance |
考勤管理 |
查询考勤 |
attendance_query.jsp |
Auth_Job |
培训管理 |
添加培训 |
training_add.jsp |
查询培训 |
training_query.jsp |
||
编辑培训 |
training_edit.jsp |
||
添加员工培训 |
trainingdetails.jsp |
||
移除员工培训 |
|||
Auth_Evaluation |
考核管理 |
查询考核 |
evaluation_query.jsp |
添加考核 |
evaluation_add.jsp |
||
删除考核 |
evaluation_delete.jsp |
||
Auth_RP |
奖惩管理 |
查询奖励和惩罚 |
rewardandpunishment_query.jsp |
添加奖励或惩罚 |
rewardandpunishment_add.jsp |
||
删除奖励或惩罚 |
rewardandpunishment_delete.jsp |
||
Auth_Authority |
权限管理 |
查询权限信息 |
authority_query.jsp |
查询员工权限 |
authority_manage.jsp |
||
将员工添加进角色 |
|||
将员工从角色移除 |
|||
Auth_Role |
角色管理 |
查询角色权限 |
role_query.jsp |
添加角色 |
role_add.jsp |
||
删除角色 |
role_delete.jsp |
||
修改角色权限 |
role_edit.jsp |
2. 将系统角色作为权限授予和撤销的基本单位
l 用户没有任何权限
l 用户获得所属角色的权限
l 用户与角色、角色与权限均呈多对多关系
l 当用户属于多个角色时,其权限为各角色权限的并集
3. 角色管理和权限管理的分离
l 只拥有角色管理权限的用户,不能管理用户角色,而无法直接控制用户的权限。
l 只拥有权限管理权限的用户,只能将用户添加到现有的角色中或移除用户的当前角色,而无法控制角色的权限。