本项目的文件组织结构:https://github.com/OOMMYY/EM
一个数据库连接的javaBean 一个过滤脚本的工具类,其他的除了登录界面login.html外都是jsp界面
一:登录
login.html 包含提交登录信息的表单,特别要注意的是页面编码问题,在本项目中,所有的编码格式统一为UTF-8;
1 <html>
2 <style >
3 #login{
4 position:absolute;
5 top:310px;
6 left:550px;
7 backgroud-color:blue;
8 <!--background-image: url(login.png);-->
9 }
10 #body{
11 background-color: rgb(0,120,255);
12 <!--background-image: url(login.png);-->
13 }
14 h1 {font-size:3.75em;}
15 </style>
16 <head>
17 <meta http-equiv="content-type" content="text/html; charset=UTF-8">
18 </head>
19 <body ID="body">
20 <h1 align="center">欢迎登录人事管理系统</h1>
21 <div id="login">
22 <form action="login.jsp" method="post">
23 <p>user name: <input type="text" name="username" required="required" /></p>
24 <p>Password: <input type="password" name="password" required="required" /></p>
25 <p align="center"><input type="submit" value="login" /></p>
26 </form>
27 </div>
28 </body>
29 </html>
login.jsp 处理登录界面提交的表单
<%@ page language="java" contentType="text/html; charset=UTF-8"%>
<%@ page import="java.util.*,java.text.*"%>
<%@ page import="java.sql.*,util.*"%>
<style>
* {font-family: "宋体";font-size: 14px}
</style>
<center>
<jsp:useBean id="db"
scope="page"
class="util.DB" />
<%
Boolean flag=false;
String username=request.getParameter("username");
String password=request.getParameter("password");
String sql = "select Password from users where EmployeeID ="+username;
Connection conn = null;
response.setContentType("text/html;charset=utf-8");
try {
conn = db.getConn();
Statement pstmt = db.getStmt(conn);
ResultSet rs = db.getRs(pstmt,sql);
if(rs.next()){
String pwd=rs.getString("PassWord");
if(password.equals(pwd)){
out.println("登陆成功");
flag=true;
}
}
if(!flag){
out.println("登陆失败");
}
rs.close();
pstmt.close();
} catch (SQLException e) {
e.printStackTrace();
} finally {
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if(!flag)
response.sendRedirect("login.html");
else{
session.setAttribute("ID",username);
response.sendRedirect("menu.jsp");
}
%>
</center>
处理登录账户信息后确定用户是否合法,如果合法就转到menu.jsp;否则返回登录界面。
二:菜单导航
menu界面分三个部分,第一部分是:导航栏
第二部分是一个内置框架,用于信息显示
第三部分就是一张图片资源
menu.jsp
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%>
2
3 <%@ include file="/header.jsp"%><div id="logout">
4 <%out.println("USERID:"+session.getAttribute("ID"));%>
5 <a href="<%=context%>/loginout.jsp">退出登录</a>
6 <a href="<%=context%>/multivaluequery.jsp" target="showframe">首页查询</a></div>
7 <img id="head" src="Picture.jpg" width="1210" height="60"/> //第三部分的图片加载
8 <style>
9 * {font-family: "宋体";font-size: 14px}
10 #menu{float:left;}
11 #showframe{height:500;
12 width:1200;
13 }
14 #logout{float:left; height:60px;width:10%;}
15 #head{
16 float:right;height:60px;
17 width:90%;
18 font:25px/30px;
19 }
20 ul
21 {
22 list-style-type:none;
23 margin:0;
24 padding:0;
25 }
26 a:link,a:visited
27 {
28 display:block;
29 font-weight:bold;
30 color:#FFFFFF;
31 background-color:#bebebe;
32 width:120px;
33 text-align:center;
34 padding:4px;
35 text-decoration:none;
36 text-transform:uppercase;
37 }
38 a:hover,a:active
39 {
40 background-color:#cc0000;
41 }
42 </style>
43 <div id="menu">
44 <jsp:useBean id="db"
45 scope="page"
46 class="util.DB" />
47 <br>
48 <br>
49 <br>
50 <br>
51 <br>
52 <br><br><br>
53 <br><%String EmployeeID=""; %>
54 <a href="<%=context%>/personal_query.jsp?EmployeeID=<%=session.getAttribute("ID")%>"target=showframe > 个人信息查询</a>//第一部分导航栏
55
56 <%
57
58 String sql = "select * from v_EmployeeInformation";
59 Connection conn = null;
60 response.setContentType("text/html;charset=utf-8"); //注意设置服务器返回客户端的字符编码格式,本项目统一采用UTF-8格式编码
61 try {
62
63 conn = db.getConn();
64 Statement pstmt = db.getStmt(conn);
65 ResultSet r_rs=db.getRs(pstmt,"select * from v_roles where v_roles.EmployeeID="+session.getAttribute("ID")+";"); //查询合法用户的各项权限
66 while(r_rs.next()){
67 int Auth_Authority=r_rs.getInt("Auth_Authority");
68 int Auth_Info=r_rs.getInt("Auth_Info");
69 int Auth_Job=r_rs.getInt("Auth_Job");
70 int Auth_Attendance=r_rs.getInt("Auth_Attendance");
71 int Auth_Training=r_rs.getInt("Auth_Training");
72 int Auth_Evaluation=r_rs.getInt("Auth_Evaluation");
73 int Auth_RP=r_rs.getInt("Auth_RP");
74 int Auth_Role=r_rs.getInt("Auth_Role");
75 int Auth_Encrypt=r_rs.getInt("Auth_Encrypt");
76 if(Auth_Authority==1){
77 session.setAttribute("Auth_Authority","1");
78 out.println("<a href=\"" + context + "/userrole.jsp\" target=showframe >员工角色分配</a>"); //导航栏
79 }
80 if(Auth_Info==1){
81 session.setAttribute("Auth_Info","1");
82 }
83 // out.println("<a href=\"" + context + "/query.jsp\">信息管理</a><BR><br>"); //导航栏
84 if(Auth_Job==1){
85 session.setAttribute("Auth_Job","1");
86 }
87 out.println("<a href=\"" + context + "/query.jsp \" target=showframe >人事管理</a>"); //导航栏
88 if(Auth_Attendance==1){
89 session.setAttribute("Auth_Attendance","1");
90 }
91 out.println("<a href=\"" + context + "/attendance_query.jsp\"target=showframe >考勤管理</a>"); //导航栏
92 if(Auth_Training==1){
93 session.setAttribute("Auth_Training","1");
94 }
95 out.println("<a href=\"" + context + "/training_query.jsp\"target=showframe >培训管理</a>"); //导航栏
96 if(Auth_Evaluation==1){
97 session.setAttribute("Auth_Evaluation","1");
98 }
99 out.println("<a href=\"" + context + "/evaluation_query.jsp\"target=showframe >考核管理</a>");
100 if(Auth_RP==1){
101 session.setAttribute("Auth_RP","1");
102 }
103 out.println("<a href=\"" + context + "/rewardandpunishment_query.jsp\"target=showframe >奖惩管理</a>");
104 if(Auth_Role==1){
105 session.setAttribute("Auth_Role","1");
106 out.println("<a href=\"" + context + "/role_query.jsp\"target=showframe >角色管理</a>");
107 }
108 if(Auth_Encrypt==1){
109 session.setAttribute("Auth_Encrypt","1");
110 out.println("<a href=\"" + context + "/password_query.jsp\"target=showframe >用户密码管理</a>");
111 }
112 }
113 r_rs.close();
114 pstmt.close();
115 } catch (SQLException e) {
116 e.printStackTrace();
117 } finally {
118 try {
119 conn.close();
120 } catch (SQLException e) {
121 e.printStackTrace();
122 }
123 }
124 %>
125 <br><br>
126 <br>
127 </div>
128 <iframe id="showframe" name="showframe" src="query.jsp" > //第二部分:内置框架
129 </iframe>
130 <p align="center">
131 Copyright ©2015 </p>
132 <%@ include file="/footer.jsp"%>
三:功能实现
1、个人信息查询
本功能由实现了对员工信息表的增删改查,personl_query.jsp实现
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%>
2
3 <%@ include file="/header.jsp"%>
4 <style>
5 * {font-family: "宋体";font-size: 14px}
6 </style>
7 <center>
8 <jsp:useBean id="db"
9 scope="page"
10 class="util.DB" />
11
12 <%
13 String emID=request.getParameter("EmployeeID");
14 String sql = "select * from employees where EmployeeID="+emID+";";
15 Connection conn = null;
16 response.setContentType("text/html;charset=utf-8");
17 try {
18
19 conn = db.getConn();
20 Statement pstmt = db.getStmt(conn);
21 ResultSet rs = db.getRs(pstmt,sql);
22 while (rs.next()) {
23
24 %>
25 <form id="form1" name="form1" method="post"
26 action="<%=context%>/employee_editHandler.jsp"
27 >
28 <table width="650" height="200" border="0" align="center">
29 <tr>
30 <td width="150">EmployeeID:</td>
31 <td width="500">
32 <input name="EmployeeID" type="text" value=<%=rs.getString("EmployeeID")%> size="40" maxlength="20" />
33 </td>
34 </tr>
35 <tr>
36 <td>EmployeeName:</td>
37 <td>
38 <input name="EmployeeName" type="text" value=<%=rs.getString("EmployeeName")%> size="40" maxlength="40" />
39 </td>
40 </tr>
41 <tr>
42 <td>Sex:</td>
43 <td>
44 <input name="Sex" type="text" value=<%=rs.getString("Sex")%> size="40" maxlength="20" />
45 </td>
46 </tr>
47 <tr>
48 <td>BirthDay:</td>
49 <td>
50 <input name="BirthDay" type="text" value=<%=rs.getString("BirthDay")%> size="40" maxlength="20" />
51 </td>
52 </tr>
53 <tr>
54 <td>Phone:</td>
55 <td>
56 <input name="Phone" type="text" value=<%=rs.getString("Phone")%> size="40" maxlength="20" />
57 </td>
58 </tr>
59 <tr>
60 <td>DegreeID:</td>
61 <td>
62 <input name="DegreeID" type="text" value=<%=rs.getString("DegreeID")%> size="40" maxlength="20" />
63 </td>
64 </tr>
65 <tr>
66 <td>HireDate:</td>
67 <td>
68 <input name="HireDate" type="text" value=<%=rs.getString("HireDate")%> size="40" maxlength="20" />
69 </td>
70 </tr>
71 <tr>
72 <td>EmployeeTypeID:</td>
73 <td>
74 <input name="EmployeeTypeID" type="text" value=<%=rs.getString("EmployeeTypeID")%> size="40" maxlength="20" />
75 </td>
76 </tr>
77 <tr>
78 <td>DepartmentID:</td>
79 <td>
80 <input name="DepartmentID" type="text" value=<%=rs.getString("DepartmentID")%> size="40" maxlength="20" />
81 </td>
82 </tr>
83 <tr>
84 <td>Title:</td>
85 <td>
86 <input name="Title" type="text" value=<%=rs.getString("Title")%> size="40" maxlength="20" />
87 </td>
88 </tr>
89 <tr>
90 <td>Salary:</td>
91 <td>
92 <input name="Salary" type="text" value=<%=rs.getString("Salary")%> size="40" maxlength="20" />
93 </td>
94 </tr>
95 <tr>
96 <td>ManagerID:</td>
97 <td>
98 <input name="ManagerID" type="text" value=<%=rs.getString("ManagerID")%> size="40" maxlength="20" />
99 </td>
100 </tr>
101 <tr>
102
103 <td>
104
105 </td>
106 </tr>
107 <tr>
108 <td></td>
109 <td>
110 <input type="submit" name="Submit" value="提交" />
111 <input type="reset" name="Reset" value="重置" />
112 </td>
113 </tr>
114 </table>
115 </form>
116 <%
117 }
118 rs.close();
119 pstmt.close();
120 } catch (SQLException e) {
121 e.printStackTrace();
122 } finally {
123 try {
124 conn.close();
125 } catch (SQLException e) {
126 e.printStackTrace();
127 }
128 }
129 %>
130 <form action="personalPassword.jsp" method="post">
131 <input type="submit" value="密码管理" name="button1">
132 </form>
133 </center>
134 <%@ include file="/footer.jsp"%>
在本模块还加入了改密码的功能
personalPassword.jsp是改密码的界面,该界面会提交一个包含旧密码,新密码,确认密码的表单
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%>
2 <%@ include file="/header.jsp"%>
3 <style type="text/css">
4 * {font-family: "宋体";font-size: 14px}
5 table{
6 width:300;
7 }
8 </style>
9 <jsp:useBean id="db" scope="page" class="util.DB"/>
10 <center>
11 <br>
12 <form action="personalPasswordHandler.jsp?EmployeeID=<%=session.getAttribute("ID")%>" method="post">
13 <h2>密码管理</h2><br>
14 <a >原密码:</a><input type="password" align="left" name="oldpassword"><br>
15 <a >新密码:</a><input type="password" align="left" name="newpassword0"><br>
16 <a >重新输入:</a><input type="password" align="left" name="newpassword1"><br>
17 <input type="submit" name="button3" value="确认">
18 </form>
19 </center>
20 <%@ include file="footer.jsp"%>
personalPasswordHandler.jsp是处理用户输入,实现对数据库中password表进行更改的jsp
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%>
2 <%@ include file="/header.jsp"%>
3 <style>
4 * { font-family: "宋体"; font-size: 14px}
5 </style>
6 <jsp:useBean id="db"
7 scope="page"
8 class="util.DB" />
9 <%
10 Connection conn = null;
11 // request.setCharacterEncoding("gb2312");
12 int result = 0;
13 request.setCharacterEncoding("utf-8");
14 String oldpassword = request.getParameter("oldpassword");
15 String newpassword0 = request.getParameter("newpassword0");
16 String newpassword1 = request.getParameter("newpassword1");
17 if(newpassword0.equals(newpassword1)){
18 String sql_0 = "update users set password=? where EmployeeID="+request.getParameter("EmployeeID")+";";
19 String sql_1="select password from users where EmployeeID="+request.getParameter("EmployeeID")+";";
20 if (StringUtil.validateNull(oldpassword)) {
21 out.println("对不起,密码不能为空,请您重新输入!<br>");
22 out.println("<a href=\"" + context + "/personalPassword.jsp\">返回</a><br>");
23 } else {
24 try {
25 conn = db.getConn();
26 Statement stmt=db.getStmt(conn);
27 //out.println(sql);
28 ResultSet rs=stmt.executeQuery(sql_1);
29 //out.print(sql_0);
30 //out.print(sql_0);
31 String pwd="";
32 while(rs.next()){
33 pwd=rs.getString("password");
34 }
35 stmt.close();
36 if(oldpassword.equals(pwd)){
37 PreparedStatement pstmt = conn.prepareStatement(sql_0);
38 pstmt.setString(1, StringUtil.filterHtml(newpassword0));
39 result = pstmt.executeUpdate();
40 pstmt.close();
41 }
42 else{
43 result=0;
44 }
45 } catch (SQLException e) {
46 e.printStackTrace();
47 } finally {
48 try {
49 conn.close();
50 } catch (SQLException e) {
51 e.printStackTrace();
52 }
53 }
54 }
55 }
56 else{
57 result=0;
58 }
59 if (result == 0) {
60 out.println("对不起,密码编辑不成功,请您重新编辑!<BR>");
61 out.println("<a href=\"" + context + "/personalPasswod.jsp\">返回</a><BR>");
62 } else {
63 out.println("祝贺您,密码编辑成功。<BR>");
64 out.println("<a href=\"" + context + "/personalPassword.jsp\">返回</a><BR>");
65 }
66 %>
67 <%@ include file="/footer.jsp"%>
2、员工角色分配
这个模块实现对数据库userrole表的查询和编辑功能,uerrole.jsp把数据库中的userrole表查询一遍,返回并显示结果,这里面的连接数据库时分四步.1、加载数据库驱动;2、连接数据库;3、创建会话获得结果集;4、关闭结果集与会话,断开数据库连接。注意在整个过程中要对可能出现的异常情况进行处理,在该项目中,数据库的连接操作被封装在一个javaBean中(DB.java)DB.java
在jsp中进行数据库操作之前,先实例化DB <jsp:useBean id="db" scope="page" class="util.DB"/>
DB中对数据库进行操作的方法有:获得连接 getConn();获得会话 getStmt();获得数据集 getRS();关闭连接 closeConn();关闭会话 closeStmt();关闭数据集 closeRs();
1 package util;
2 import java.sql.*;
3
4 public class DB {
5 private Connection conn = null;
6 private Statement stmt = null;
7 private ResultSet rs = null;
8
9 public DB() {
10
11 }
12
13 public Connection getConn() {
14
15 try {
16 Class.forName("com.mysql.jdbc.Driver");
17 conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/employeemanage?user=root&password=");
18 } catch (ClassNotFoundException e) {
19 e.printStackTrace();
20 } catch (SQLException e) {
21 e.printStackTrace();
22 }
23
24 return conn;
25 }
26
27 public Statement getStmt(Connection conn) {
28
29 try {
30 if(conn != null) {
31 stmt = conn.createStatement();
32 }
33 } catch (SQLException e) {
34 e.printStackTrace();
35 }
36 return stmt;
37 }
38
39 public ResultSet getRs(Statement stmt, String sql) {
40
41 try {
42 if(stmt != null) {
43 rs = stmt.executeQuery(sql);
44 }
45 } catch (SQLException e) {
46 e.printStackTrace();
47 }
48 return rs;
49 }
50
51 public void closeConn(Connection conn) {
52 try {
53 if(conn != null) {
54 conn.close();
55 conn = null;
56 }
57 } catch (SQLException e) {
58 e.printStackTrace();
59 }
60 }
61
62 public void closeStmt(Statement stmt) {
63 try {
64 if(stmt != null) {
65 stmt.close();
66 stmt = null;
67 }
68 } catch (SQLException e) {
69 e.printStackTrace();
70 }
71 }
72
73 public void closeRs(ResultSet rs) {
74 try {
75 if(rs != null) {
76 rs.close();
77 rs = null;
78 }
79 } catch (SQLException e) {
80 e.printStackTrace();
81 }
82 }
83 }
员工角色表的显示userrole.jsp
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%>
2 <%@ include file="/header.jsp"%>
3 <style type="text/css">
4 * {font-family: "宋体";font-size: 14px}
5 table{
6 width:100;
7 }
8 </style>
9 <jsp:useBean id="db" scope="page" class="util.DB"/>
10 <center>
11 <br>
12 员工角色分配
13
14
15 <table>
16 <tr>
17 <th width=40 >员工ID</th><th width=40 >角色ID</th>
18 </tr>
19
20 <%
21 response.setContentType("text/html;charset=utf-8");
22 Connection conn=null;
23 try{
24 conn=db.getConn();
25 Statement stmt=db.getStmt(conn);
26 ResultSet rs=stmt.executeQuery("select * from userrole;");
27 while(rs.next()){
28 %>
29 <form action="userrole_editHandler.jsp" method="post">
30 <tr>
31 <td><input type="text" maxlength="10" readonly size="10" name="EmployeeID" value=<%=rs.getString("EmployeeID")%> /></td>
32 <td><input type="text" maxlength="10" size="10" name="RoleID" value=<%=rs.getString("RoleID") %> /></td>
33 <td><input type="submit" name="button3" value="确认修改"> </td>
34 </tr>
35 </form>
36 <%
37 }
38 rs.close();
39 stmt.close();
40 }catch(SQLException e){
41 e.printStackTrace();
42 } finally{
43 try{
44 conn.close();
45 }catch(SQLException e){
46 e.printStackTrace();
47 }
48 }
49 %>
50 </table>
51 </center>
52 <%@ include file="footer.jsp"%>
对员工角色分派表编辑后进行数据库更新的处理页面:userrole_editHandler.jsp
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%>
2 <%@ include file="/header.jsp"%>
3 <style>
4 * { font-family: "宋体"; font-size: 14px}
5 </style>
6 <jsp:useBean id="db"
7 scope="page"
8 class="util.DB" />
9 <%
10 Connection conn = null;
11 // request.setCharacterEncoding("gb2312");
12 int result = 0;
13 request.setCharacterEncoding("utf-8");
14 String EmployeeID = request.getParameter("EmployeeID");
15 String RoleID = request.getParameter("RoleID");
16 String sql = "update userrole set roleID=? where EmployeeID="+EmployeeID+";";
17 if (StringUtil.validateNull(EmployeeID)) {
18 out.println("对不起,用户名不能为空,请您重新编辑!<br>");
19 out.println("><a href=\"" + context + "/userrole.jsp\">返回</a><br>");
20 } else if (StringUtil.validateNull(RoleID)) {
21 out.println("对不起,RoleID不能为空,请您重新输入!<br>");
22 out.println("<a href=\"" + context + "/userrole.jsp\">返回</a><br>");
23 } else {
24 try {
25 conn = db.getConn();
26 Statement stmt=db.getStmt(conn);
27 //out.println(sql);
28 //stmt.executeUpdate(sql);
29 stmt.close();
30 PreparedStatement pstmt = conn.prepareStatement(sql);
31 pstmt.setString(1, StringUtil.filterHtml(RoleID));
32 result = pstmt.executeUpdate();
33 pstmt.close();
34 } catch (SQLException e) {
35 e.printStackTrace();
36 } finally {
37 try {
38 conn.close();
39 } catch (SQLException e) {
40 e.printStackTrace();
41 }
42 }
43
44
45 if (result == 0) {
46 out.println("对不起,用户角色编辑不成功,请您重新编辑!<BR>");
47 out.println("<a href=\"" + context + "/userrole.jsp\">返回</a><BR>");
48 } else {
49 out.println("祝贺您,用户角色编辑成功。<BR>");
50 out.println("<a href=\"" + context + "/userrole.jsp\">返回</a><BR>");
51 }
52 }
53 %>
54 <%@ include file="/footer.jsp"%>
3、人事管理
该部分实现了员工信息的增、删、改和按ID进行查询。本部分最主要的就是query.jsp
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%>
2
3 <%@ include file="/header.jsp"%>
4 <style>
5 * {font-family: "宋体";font-size: 14px}
6 </style>
7 <center>
8 <jsp:useBean id="db"
9 scope="page"
10 class="util.DB" />
11
12 <%
13
14 String sql = "select * from v_EmployeeInformation";
15 Connection conn = null;
16 response.setContentType("text/html;charset=utf-8");
17 try {
18
19 conn = db.getConn();
20 Statement pstmt = db.getStmt(conn);
21 ResultSet r_rs=db.getRs(pstmt,"select * from v_roles where v_roles.EmployeeID="+session.getAttribute("ID")+";");
22 %>
23 <form action="employee_query.jsp" method="post">
24 员工ID查询:
25 <input type="text" maxlength="4" size="10" name="text3" required="required">
26 <input type="submit" name="button2">
27 </form>
28 <%
29 if(session.getAttribute("Auth_Info")=="1"){
30 out.println("<a href="+context+"/employee_add.jsp>添加员工</a>");
31 }
32 %>
33 <%
34 ResultSet rs = db.getRs(pstmt,sql);
35 while (rs.next()) {
36
37 %>
38 <br><br>
39 <form action="employee_delete.jsp" method="get">
40 <table width="600" border="1" bordercolor="000000"
41 style="table-layout: fixed; word-break: break-all">
42 <tr>
43 <td width="100" bordercolor="ffffff">
44 EmployeeID:
45 </td>
46 <%int temp=rs.getInt("EmployeeID"); %>
47 <td width="500" bordercolor="ffffff"><%=temp%></td>
48 </tr>
49 <tr>
50 <td bordercolor="ffffff">
51 EmployeeName:
52 </td>
53 <td bordercolor="ffffff"><%=rs.getString("EmployeeName")%></td>
54 </tr>
55 <tr>
56 <td bordercolor="ffffff">
57 sex:
58 </td>
59 <td bordercolor="ffffff"><%=rs.getString("sex")%></td>
60 </tr>
61 <tr>
62 <td bordercolor="ffffff">
63 BirthDay:
64 </td>
65 <td bordercolor="ffffff"><%=rs.getString("Birthday")%></td>
66 </tr>
67 <tr>
68 <td bordercolor="ffffff">
69 Phone:
70 </td>
71 <td bordercolor="ffffff"><%=rs.getString("Phone")%></td>
72 </tr>
73 <tr>
74 <td bordercolor="ffffff">
75 HireDate:
76 </td>
77 <td bordercolor="ffffff"><%=rs.getString("HireDate")%></td>
78 </tr>
79 <tr>
80 <td bordercolor="ffffff">
81 Title:
82 </td>
83 <td bordercolor="ffffff"><%=rs.getString("Title")%></td>
84 </tr>
85 <tr>
86 <td bordercolor="ffffff">
87 Salary:
88 </td>
89 <td bordercolor="ffffff"><%=rs.getString("Salary")%></td>
90 </tr>
91 <tr>
92 <td bordercolor="ffffff">
93 DegreeName:
94 </td>
95 <td bordercolor="ffffff"><%=rs.getString("DegreeName")%></td>
96 </tr>
97 <tr>
98 <td bordercolor="ffffff">
99 DepartmentName:
100 </td>
101 <td bordercolor="ffffff"><%=rs.getString("DepartmentName")%></td>
102 </tr>
103 </table>
104 <%if(session.getAttribute("Auth_Info")=="1"){%>
105 <input type="hidden" name=EmployeeID ID=EmpolyeeID value=<%=temp%> />
106 <input type="submit" value="delete" >
107 <br>
108 <%}%>
109 </form>
110 <form action="employee_edit.jsp" method="get">
111 <%if(session.getAttribute("Auth_Info")=="1"){%>
112 <input type="hidden" name=EmployeeID ID=EmpolyeeID value=<%=temp%> />
113 <input type="submit" value="Edit" >
114 <br>
115 <%}%>
116 </form>
117 <%
118 }
119 rs.close();
120 pstmt.close();
121 } catch (SQLException e) {
122 e.printStackTrace();
123 } finally {
124 try {
125 conn.close();
126 } catch (SQLException e) {
127 e.printStackTrace();
128 }
129 }
130 %>
131 </center>
132 <%@ include file="/footer.jsp"%>
添加员工
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%>
2 <%@ include file="/header.jsp"%>
3 <style>
4 * { font-family: "宋体"; font-size: 14px }
5 </style>
6
7 <p align="center">
8 添加员工
9 </p>
10 <p align="center">
11 <a href="<%=context%>/query.jsp">查看员工信息</a>
12 </p>
13 <form id="form1" name="form1" method="post"
14 action="<%=context%>/addEmployeeHandler.jsp"
15 >
16 <table width="650" height="200" border="0" align="center">
17 <tr>
18 <td width="150">EmployeeID:</td>
19 <td width="500">
20 <input name="EmployeeID" type="text" id="EmployeeID" size="40" maxlength="20" />
21 </td>
22 </tr>
23 <tr>
24 <td>EmployeeName:</td>
25 <td>
26 <input name="EmployeeName" type="text" id="EmployeeName" size="40" maxlength="40" />
27 </td>
28 </tr>
29 <tr>
30 <td>Sex:</td>
31 <td>
32 <input name="Sex" type="text" id="Sex" size="40" maxlength="20" />
33 </td>
34 </tr>
35 <tr>
36 <td>BirthDay:</td>
37 <td>
38 <input name="BirthDay" type="text" id="BirthDay" size="40" maxlength="20" />
39 </td>
40 </tr>
41 <tr>
42 <td>Phone:</td>
43 <td>
44 <input name="Phone" type="text" id="Phone" size="40" maxlength="20" />
45 </td>
46 </tr>
47 <tr>
48 <td>DegreeID:</td>
49 <td>
50 <input name="DegreeID" type="text" id="DegreeID" size="40" maxlength="20" />
51 </td>
52 </tr>
53 <tr>
54 <td>HireDate:</td>
55 <td>
56 <input name="HireDate" type="text" id="HireDate" size="40" maxlength="20" />
57 </td>
58 </tr>
59 <tr>
60 <td>EmployeeTypeID:</td>
61 <td>
62 <input name="EmployeeTypeID" type="text" id="EmployeeTypeID" size="40" maxlength="20" />
63 </td>
64 </tr>
65 <tr>
66 <td>DepartmentID:</td>
67 <td>
68 <input name="DepartmentID" type="text" id="DepartmentID" size="40" maxlength="20" />
69 </td>
70 </tr>
71 <tr>
72 <td>Title:</td>
73 <td>
74 <input name="Title" type="text" id="Title" size="40" maxlength="20" />
75 </td>
76 </tr>
77 <tr>
78 <td>Salary:</td>
79 <td>
80 <input name="Salary" type="text" id="Salary" size="40" maxlength="20" />
81 </td>
82 </tr>
83 <tr>
84 <td>ManagerID:</td>
85 <td>
86 <input name="ManagerID" type="text" id="ManagerID" size="40" maxlength="20" />
87 </td>
88 </tr>
89 <tr>
90
91 <td>
92
93 </td>
94 </tr>
95 <tr>
96 <td></td>
97 <td>
98 <input type="submit" name="Submit" value="提交" />
99 <input type="reset" name="Reset" value="重置" />
100 </td>
101 </tr>
102 </table>
103 </form>
104 <%@ include file="/footer.jsp"%>
添加员工时的后台处理addEmployeeHandler.jsp
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%>
2 <%@ include file="/header.jsp"%>
3 <style>
4 * { font-family: "宋体"; font-size: 14px}
5 </style>
6 <jsp:useBean id="db"
7 scope="page"
8 class="util.DB" />
9 <%
10 Connection conn = null;
11 // request.setCharacterEncoding("gb2312");
12 int result = 0;
13 request.setCharacterEncoding("utf-8");
14 String EmployeeID = request.getParameter("EmployeeID");
15 String EmployeeName = request.getParameter("EmployeeName");
16 String Sex = request.getParameter("Sex");
17 String BirthDay = request.getParameter("BirthDay");
18 String Phone = request.getParameter("Phone");
19 String DegreeID= request.getParameter("DegreeID");
20 String HireDate= request.getParameter("HireDate");
21 String EmployeeTypeID= request.getParameter("EmployeeTypeID");
22 String DepartmentID= request.getParameter("DepartmentID");
23 String Title= request.getParameter("Title");
24 String Salary= request.getParameter("Salary");
25 String ManagerID= request.getParameter("ManagerID");
26 String sql = "insert into employees (EmployeeID,EmployeeName,Sex,BirthDay,Phone,DegreeID,HireDate,EmployeeTypeID,DepartmentID,Title,Salary,ManagerID) values(?,?,?,?,?,?,?,?,?,?,?,?);";
27
28 if (StringUtil.validateNull(EmployeeID)) {
29 out.println("对不起,不能为空,请您重新输入!<br>");
30 out.println("><a href=\"" + context + "/employee_add.jsp\">添加新员工</a><br>");
31 } else if (StringUtil.validateNull(EmployeeName)) {
32 out.println("对不起,不能为空,请您重新输入!<br>");
33 out.println("<a href=\"" + context + "/employee_add.jsp\">添加新员工</a><br>");
34 } else {
35 try {
36 conn = db.getConn();
37 //Statement stmt=conn.createStatement();
38 // result=stmt.executeUpdate(sql);
39 // stmt.close();
40 PreparedStatement pstmt = conn.prepareStatement(sql);
41 pstmt.setString(1, StringUtil.filterHtml(EmployeeID));
42 pstmt.setString(2, StringUtil.filterHtml(EmployeeName));
43 pstmt.setString(3, StringUtil.filterHtml(request.getParameter("Sex")));
44 pstmt.setString(4, StringUtil.filterHtml(request.getParameter("BirthDay")));
45 pstmt.setString(5, StringUtil.filterHtml(request.getParameter("Phone")));
46 pstmt.setString(6, StringUtil.filterHtml(request.getParameter("DegreeID")));
47 pstmt.setString(7, StringUtil.filterHtml(request.getParameter("HireDate")));
48 pstmt.setString(8, StringUtil.filterHtml(request.getParameter("EmployeeTypeID")));
49 pstmt.setString(9, StringUtil.filterHtml(request.getParameter("DepartmentID")));
50 pstmt.setString(10, StringUtil.filterHtml(request.getParameter("Title")));
51 pstmt.setString(11, StringUtil.filterHtml(request.getParameter("Salary")));
52 pstmt.setString(12, StringUtil.filterHtml(request.getParameter("ManagerID")));
53
54 result = pstmt.executeUpdate();
55 pstmt.close();
56 } catch (SQLException e) {
57 e.printStackTrace();
58 } finally {
59 try {
60 conn.close();
61 } catch (SQLException e) {
62 e.printStackTrace();
63 }
64 }
65
66
67 if (result == 0) {
68 out.println("对不起,员工信息添加不成功,请您重新输入!<BR>");
69 out.println("<a href=\"" + context + "/employee_add.jsp\">添加新的员工信息</a><BR>");
70 } else {
71 out.println("祝贺您,员工信息成功添加。<BR>");
72 out.println("<a href=\"" + context + "/query.jsp\">查看所有员工信息</a><BR>");
73 out.println("<a href=\"" + context + "/employee_add.jsp\">继续添加员工信息</a><BR>");
74 }
75 }
76 %>
77 <%@ include file="/footer.jsp"%>
employee_delete.jsp后台进行删除操作
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%>
2 <%@ include file="/header.jsp"%>
3 <style>
4 * { font-family: "宋体"; font-size: 14px}
5 </style>
6 <jsp:useBean id="db"
7 scope="page"
8 class="util.DB" />
9 <%
10 Connection conn = null;
11 request.setCharacterEncoding("utf-8");
12 String EmployeeID = request.getParameter("EmployeeID");
13 String sql = "delete from employees where EmployeeID="+EmployeeID+";";
14 try{
15 conn = db.getConn();
16 Statement stmt=conn.createStatement();
17 out.println("<br><br>删除成功");
18 stmt.executeUpdate(sql);
19 stmt.close();
20 } catch (SQLException e) {
21 e.printStackTrace();
22 } finally {
23 try {
24 conn.close();
25 } catch (SQLException e) {
26 e.printStackTrace();
27 }
28 }
29 response.sendRedirect("query.jsp");
30 %>
31 <%@ include file="/footer.jsp"%>
管理员编辑员工信息的界面emoployee_edit.jsp
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%>
2
3 <%@ include file="/header.jsp"%>
4 <style>
5 * {font-family: "宋体";font-size: 14px}
6 </style>
7 <center>
8 <jsp:useBean id="db"
9 scope="page"
10 class="util.DB" />
11
12 <%
13 String emID=request.getParameter("EmployeeID");
14 String sql = "select * from employees where EmployeeID="+emID+";";
15 Connection conn = null;
16 response.setContentType("text/html;charset=utf-8");
17 try {
18
19 conn = db.getConn();
20 Statement pstmt = db.getStmt(conn);
21 ResultSet rs = db.getRs(pstmt,sql);
22 while (rs.next()) {
23
24 %>
25 <form id="form1" name="form1" method="post"
26 action="<%=context%>/employee_editHandler.jsp"
27 >
28 <table width="650" height="200" border="0" align="center">
29 <tr>
30 <td width="150">EmployeeID:</td>
31 <td width="500">
32 <input name="EmployeeID" type="text" value=<%=rs.getString("EmployeeID")%> size="40" maxlength="20" />
33 </td>
34 </tr>
35 <tr>
36 <td>EmployeeName:</td>
37 <td>
38 <input name="EmployeeName" type="text" value=<%=rs.getString("EmployeeName")%> size="40" maxlength="40" />
39 </td>
40 </tr>
41 <tr>
42 <td>Sex:</td>
43 <td>
44 <input name="Sex" type="text" value=<%=rs.getString("Sex")%> size="40" maxlength="20" />
45 </td>
46 </tr>
47 <tr>
48 <td>BirthDay:</td>
49 <td>
50 <input name="BirthDay" type="text" value=<%=rs.getString("BirthDay")%> size="40" maxlength="20" />
51 </td>
52 </tr>
53 <tr>
54 <td>Phone:</td>
55 <td>
56 <input name="Phone" type="text" value=<%=rs.getString("Phone")%> size="40" maxlength="20" />
57 </td>
58 </tr>
59 <tr>
60 <td>DegreeID:</td>
61 <td>
62 <input name="DegreeID" type="text" value=<%=rs.getString("DegreeID")%> size="40" maxlength="20" />
63 </td>
64 </tr>
65 <tr>
66 <td>HireDate:</td>
67 <td>
68 <input name="HireDate" type="text" value=<%=rs.getString("HireDate")%> size="40" maxlength="20" />
69 </td>
70 </tr>
71 <tr>
72 <td>EmployeeTypeID:</td>
73 <td>
74 <input name="EmployeeTypeID" type="text" value=<%=rs.getString("EmployeeTypeID")%> size="40" maxlength="20" />
75 </td>
76 </tr>
77 <tr>
78 <td>DepartmentID:</td>
79 <td>
80 <input name="DepartmentID" type="text" value=<%=rs.getString("DepartmentID")%> size="40" maxlength="20" />
81 </td>
82 </tr>
83 <tr>
84 <td>Title:</td>
85 <td>
86 <input name="Title" type="text" value=<%=rs.getString("Title")%> size="40" maxlength="20" />
87 </td>
88 </tr>
89 <tr>
90 <td>Salary:</td>
91 <td>
92 <input name="Salary" type="text" value=<%=rs.getString("Salary")%> size="40" maxlength="20" />
93 </td>
94 </tr>
95 <tr>
96 <td>ManagerID:</td>
97 <td>
98 <input name="ManagerID" type="text" value=<%=rs.getString("ManagerID")%> size="40" maxlength="20" />
99 </td>
100 </tr>
101 <tr>
102
103 <td>
104
105 </td>
106 </tr>
107 <tr>
108 <td></td>
109 <td>
110 <input type="submit" name="Submit" value="提交" />
111 <input type="reset" name="Reset" value="重置" />
112 </td>
113 </tr>
114 </table>
115 </form>
116 <%
117 }
118 rs.close();
119 pstmt.close();
120 } catch (SQLException e) {
121 e.printStackTrace();
122 } finally {
123 try {
124 conn.close();
125 } catch (SQLException e) {
126 e.printStackTrace();
127 }
128 }
129 %>
130 </center>
131 <%@ include file="/footer.jsp"%>
编辑后employee_editHandler.jsp对数据库进行更新
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%>
2 <%@ include file="/header.jsp"%>
3 <style>
4 * { font-family: "宋体"; font-size: 14px}
5 </style>
6 <jsp:useBean id="db"
7 scope="page"
8 class="util.DB" />
9 <%
10 Connection conn = null;
11 // request.setCharacterEncoding("gb2312");
12 int result = 0;
13 request.setCharacterEncoding("utf-8");
14 String EmployeeID = request.getParameter("EmployeeID");
15 String EmployeeName = request.getParameter("EmployeeName");
16 String Sex = request.getParameter("Sex");
17 String BirthDay = request.getParameter("BirthDay");
18 String Phone = request.getParameter("Phone");
19 String DegreeID= request.getParameter("DegreeID");
20 String HireDate= request.getParameter("HireDate");
21 String EmployeeTypeID= request.getParameter("EmployeeTypeID");
22 String DepartmentID= request.getParameter("DepartmentID");
23 String Title= request.getParameter("Title");
24 String Salary= request.getParameter("Salary");
25 String ManagerID= request.getParameter("ManagerID");
26 String sql_d = "delete from employees where EmployeeID="+EmployeeID+";";
27 String sql ="insert into employees (EmployeeID,EmployeeName,Sex,BirthDay,Phone,DegreeID,HireDate,EmployeeTypeID,DepartmentID,Title,Salary,ManagerID) values(?,?,?,?,?,?,?,?,?,?,?,?);";
28
29 if (StringUtil.validateNull(EmployeeID)) {
30 out.println("对不起,不能为空,请您重新输入!<br>");
31 out.println("><a href=\"" + context + "/employee_edit.jsp\">重新编辑</a><br>");
32 } else if (StringUtil.validateNull(EmployeeName)) {
33 out.println("对不起,不能为空,请您重新输入!<br>");
34 out.println("<a href=\"" + context + "/employee_edit.jsp\">重新编辑</a><br>");
35 } else {
36 try {
37 conn = db.getConn();
38 Statement stmt=db.getStmt(conn);
39 // out.println(sql_d);
40 stmt.executeUpdate(sql_d);
41 stmt.close();
42 PreparedStatement pstmt = conn.prepareStatement(sql);
43 pstmt.setString(1, StringUtil.filterHtml(EmployeeID));
44 pstmt.setString(2, StringUtil.filterHtml(EmployeeName));
45 pstmt.setString(3, StringUtil.filterHtml(request.getParameter("Sex")));
46 pstmt.setString(4, StringUtil.filterHtml(request.getParameter("BirthDay")));
47 pstmt.setString(5, StringUtil.filterHtml(request.getParameter("Phone")));
48 pstmt.setString(6, StringUtil.filterHtml(request.getParameter("DegreeID")));
49 pstmt.setString(7, StringUtil.filterHtml(request.getParameter("HireDate")));
50 pstmt.setString(8, StringUtil.filterHtml(request.getParameter("EmployeeTypeID")));
51 pstmt.setString(9, StringUtil.filterHtml(request.getParameter("DepartmentID")));
52 pstmt.setString(10, StringUtil.filterHtml(request.getParameter("Title")));
53 pstmt.setString(11, StringUtil.filterHtml(request.getParameter("Salary")));
54 pstmt.setString(12, StringUtil.filterHtml(request.getParameter("ManagerID")));
55
56 result = pstmt.executeUpdate();
57 pstmt.close();
58 } catch (SQLException e) {
59 e.printStackTrace();
60 } finally {
61 try {
62 conn.close();
63 } catch (SQLException e) {
64 e.printStackTrace();
65 }
66 }
67
68
69 if (result == 0) {
70 out.println("对不起,员工信息编辑不成功,请您重新编辑!<BR>");
71 out.println("<a href=\"" + context + "/employee_edit.jsp\">编辑员工信息</a><BR>");
72 } else {
73 out.println("祝贺您,员工信息编辑成功。<BR>");
74 out.println("<a href=\"" + context + "/query.jsp\">查看所有员工信息</a><BR>");
75 }
76 }
77 %>
78 <%@ include file="/footer.jsp"%>
根据员工号进行查询employee_query.jsp
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%>
2
3 <%@ include file="/header.jsp"%>
4 <style>
5 * {font-family: "宋体";font-size: 14px}
6 </style>
7 <center>
8 <jsp:useBean id="db"
9 scope="page"
10 class="util.DB" />
11
12 <%
13 String emID=request.getParameter("text3");
14 String sql = "select * from v_EmployeeInformation where EmployeeID="+emID+";";
15 Connection conn = null;
16 response.setContentType("text/html;charset=utf-8");
17 try {
18
19 conn = db.getConn();
20 Statement pstmt = db.getStmt(conn);
21 ResultSet rs = db.getRs(pstmt,sql);
22 while (rs.next()) {
23
24 %>
25 <br><br>
26 <table width="600" border="1" bordercolor="000000"
27 style="table-layout: fixed; word-break: break-all">
28 <tr>
29 <td width="100" bordercolor="ffffff">
30 EmployeeID:
31 </td>
32 <td width="500" bordercolor="ffffff"><%=rs.getInt("EmployeeID")%></td>
33 </tr>
34 <tr>
35 <td bordercolor="ffffff">
36 EmployeeName:
37 </td>
38 <td bordercolor="ffffff"><%=rs.getString("EmployeeName")%></td>
39 </tr>
40 <tr>
41 <td bordercolor="ffffff">
42 sex:
43 </td>
44 <td bordercolor="ffffff"><%=rs.getString("sex")%></td>
45 </tr>
46 <tr>
47 <td bordercolor="ffffff">
48 BirthDay:
49 </td>
50 <td bordercolor="ffffff"><%=rs.getString("Birthday")%></td>
51 </tr>
52 <tr>
53 <td bordercolor="ffffff">
54 Phone:
55 </td>
56 <td bordercolor="ffffff"><%=rs.getString("Phone")%></td>
57 </tr>
58 <tr>
59 <td bordercolor="ffffff">
60 HireDate:
61 </td>
62 <td bordercolor="ffffff"><%=rs.getString("HireDate")%></td>
63 </tr>
64 <tr>
65 <td bordercolor="ffffff">
66 Title:
67 </td>
68 <td bordercolor="ffffff"><%=rs.getString("Title")%></td>
69 </tr>
70 <tr>
71 <td bordercolor="ffffff">
72 Salary:
73 </td>
74 <td bordercolor="ffffff"><%=rs.getString("Salary")%></td>
75 </tr>
76 <tr>
77 <td bordercolor="ffffff">
78 DegreeName:
79 </td>
80 <td bordercolor="ffffff"><%=rs.getString("DegreeName")%></td>
81 </tr>
82 <tr>
83 <td bordercolor="ffffff">
84 DepartmentName:
85 </td>
86 <td bordercolor="ffffff"><%=rs.getString("DepartmentName")%></td>
87 </tr>
88
89 </table>
90 <br>
91 <%
92 }
93 rs.close();
94 pstmt.close();
95 } catch (SQLException e) {
96 e.printStackTrace();
97 } finally {
98 try {
99 conn.close();
100 } catch (SQLException e) {
101 e.printStackTrace();
102 }
103 }
104 %>
105 </center>
106 <%@ include file="/footer.jsp"%>
4、考勤管理
attendance_query.jsp实现考勤信息的查询输出
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%>
2 <%@ include file="/header.jsp"%>
3 <style>
4 * {font-family: "宋体";font-size: 14px}
5 </style>
6 <jsp:useBean id="db" scope="page" class="util.DB"/>
7 <center>
8 <br>出勤日志<br>
9 <table>
10 <tr>
11 <td>职工姓名</td><td>日期</td><td>出勤状态</td>
12 </tr>
13 <%
14 response.setContentType("text/html;charset=utf-8");
15 Connection conn=null;
16 try{
17 conn=db.getConn();
18 Statement stmt=db.getStmt(conn);
19 ResultSet rs=stmt.executeQuery("select * from v_attendances;");
20 while(rs.next()){
21 %>
22 <tr>
23 <td><%=rs.getString("EmployeeName")%></td><td><%=rs.getString("Date") %></td><td><%=rs.getString("Status")%>
24 </tr>
25 <%
26 }
27 rs.close();
28 stmt.close();
29 }catch(SQLException e){
30 e.printStackTrace();
31 } finally{
32 try{
33 conn.close();
34 }catch(SQLException e){
35 e.printStackTrace();
36 }
37 }
38 %>
39 </table>
40 </center>
41 <%@ include file="footer.jsp"%>
5、培训管理
主要部分training_query.jsp输出培训信息,并能够根据权限选择性输出管理培训信息的入口;添加培训信息training_add.jsp;编辑培训信息training_editHandler.jsp;后台更新数据库training_editHandler.jsp。
6、考核管理
这个部分的设计结构与培训管理模块一样,考核主界面evaluation_query.jsp。添加考核信息evaluation_addHandler.jsp;编辑考核信息evaluation_editHandler.jsp。
7、奖惩管理
本部分与上两部分模式一样,稍有不同的是本模块没有编辑功能,但是有删除功能。奖惩信息主界面rewardandpunishment_query.jsp,添加奖惩信息rewardandpunishment_addHandler.jsp,删除奖惩信息rewardandpunishment_deleteHandler.jsp;
8、角色管理
本部分有特点的是角色的各种权限信息用多选框显示出来了,不再是以文本框的形式输出了。角色管理主界面roler_query.jsp,修改角色的权限roler_editHandler.jsp,roler_addHandler.jsp处理添加角色及勾选相应拥有权限。
9、用户密码管理
本模块也是只有具有密码管理权限的用户才能够进来的界面。password_query.jsp是密码管理界面,password_editHandler.jsp修改员工密码后更新后台数据库。
四:退出登录、错误页的设置、防止恶意脚本注入的过滤操作
注销时使session失效
1 <%@ page language="java" import="java.util.*" pageEncoding="utf8"%> 2 3 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 4 <html> 5 <head> 6 <title>My JSP ‘loginout.jsp‘ starting page</title> 7 8 <meta http-equiv="pragma" content="no-cache"> 9 <meta http-equiv="cache-control" content="no-cache"> 10 <meta http-equiv="expires" content="0"> 11 <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> 12 <meta http-equiv="description" content="This is my page"> 13 <!-- 14 <link rel="stylesheet" type="text/css" href="styles.css"> 15 --> 16 17 </head> 18 <% String context=request.getContextPath();%> 19 <body> 20 <%session.invalidate(); %> 21 注销成功<br> 22 <a href="<%=context%>/login.html">返回</a> 23 </body> 24 </html>
错误页,在web.xml中进行设置
1 <%@ page language="java" contentType="text/html; charset=UTF-8"%> 2 <html> 3 <head> 4 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> 5 <title>display 500 error</title> 6 </head> 7 <body> 8 对不起,亲爱的用户,您访问的网页发生不可预知的问题。<br> 9 请您访问其它网页,或者与我们的客服人员联系。<br> 10 </body> 11 </html>
功具类,其中有判断字符串是否为空,对字符串中的敏感符号进行替换,防止恶意脚本注入
1 package util;
2
3 public class StringUtil {
4 public static boolean validateNull(String args) {
5 if (args == null || args.length() == 0) {
6 return true;
7 } else {
8 return false;
9 }
10 }
11
12 public static String chanageNull(String source, String target) {
13 if (source == null || source.length() == 0 || source.equalsIgnoreCase("null")) {
14 return target;
15 } else {
16 return source;
17 }
18 }
19
20
21 public static String filterHtml(String input) {
22 if (input == null) {
23 return null;
24 }
25 if (input.length() == 0) {
26 return input;
27 }
28 input = input.replaceAll("&", "&");
29 input = input.replaceAll("<", "<");
30 input = input.replaceAll(">", ">");
31 input = input.replaceAll(" ", " ");
32 input = input.replaceAll("‘", "'");
33 input = input.replaceAll("\"", """);
34 return input.replaceAll("\n", "<br>");
35 }
36 }
本文中缺少的源码及数据库可以在https://github.com/OOMMYY/EM 下载,直接导入MyEclipse即可
1. 表信息汇总
|
表名 |
说明 |
|
Employees |
员工信息表 |
|
EmployeeType |
职工类型表 |
|
Degrees |
学位类型表 |
|
Departments |
部门信息表 |
|
Attendances |
考勤信息表 |
|
AttendanceStatus |
出勤状态类型表 |
|
Evaluations |
考核信息表 |
|
EvaluationProjects |
考核项目信息表 |
|
Training |
培训信息表 |
|
EmployeeTraining |
员工培训表 |
|
RewardsAndPunishments |
员工奖惩信息表 |
|
Users |
系统用户信息表 |
|
UserRole |
用户角色信息表 |
|
Roles |
角色及权限信息表 |
2. 表结构详情
员工信息表(Employees)
|
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
|
EmployeeID |
INT |
NOT NULL |
PK |
员工ID |
|
EmployeeName |
NVARCHAR(20) |
NOT NULL |
|
员工姓名 |
|
Sex |
NCHAR(1) |
NOT NULL |
|
性别 |
|
BirthDay |
DATETIME |
NOT NULL |
|
生日 |
|
Phone |
VARCHAR(20) |
NOT NULL |
|
电话 |
|
DegreeID |
INT |
NOT NULL |
FK |
学位 |
|
HireDate |
DATETIME |
NOT NULL |
|
入职日期 |
|
EmployeeTypeID |
INT |
NOT NULL |
FK |
员工类型 |
|
DepartmentID |
INT |
NOT NULL |
FK |
所属部门 |
|
Title |
NVARCHAR(50) |
NOT NULL |
|
职位头衔 |
|
Salary |
MONEY |
NOT NULL |
|
薪酬 |
|
ManagerID |
INT |
NULL |
FK |
上司ID |
职工类型表(EmployeeType)
|
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
|
EmployeeTypeID |
INT |
NOT NULL |
PK |
类型ID |
|
EmployeeTypeName |
NVARCHAR(50) |
NOT NULL |
Unique |
类型名称 |
学位类型表(Degrees)
|
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
|
DegreeID |
INT |
NOT NULL |
PK |
类型ID |
|
DegreeName |
NVARCHAR(20) |
NOT NULL |
Unique |
学位名称 |
部门信息表(Departments)
|
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
|
DepartmentID |
INT |
NOT NULL |
PK |
部门ID |
|
DepartmentName |
NVARCHAR(50) |
NOT NULL |
Unique |
部门名称 |
|
ManagerID |
INT |
NULL |
FK |
部门经理ID |
考勤信息表(Attendances)
|
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
|
EmployeeID |
INT |
NOT NULL |
PK |
员工ID |
|
StatusID |
INT |
NOT NULL |
FK |
出勤类型ID |
|
Date |
DATETIME |
NOT NULL |
PK |
日期 |
出勤状态类型表(AttendanceStatus)
|
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
|
StatusID |
INT |
NOT NULL |
PK |
出勤类型ID |
|
Status |
NVARCHAR(50) |
NOT NULL |
Unique |
出勤类型名称 |
考核信息表(Evaluations)
|
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
|
EvaluationID |
INT |
NOT NULL |
PK |
考核ID |
|
EmployeeID |
INT |
NOT NULL |
FK |
员工ID |
|
EvaluationProjectID |
INT |
NOT NULL |
FK |
考核项目ID |
|
Date |
DATETIME |
NOT NULL |
|
日期 |
|
Result |
NVARCHAR(2) |
NOT NULL |
|
成绩 |
考核项目信息表(EvaluationProjects)
|
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
|
EP_ID |
INT |
NOT NULL |
PK |
考核项目ID |
|
ProjectName |
NVARCHAR(20) |
NOT NULL |
Unique |
项目名称 |
培训信息表(Training)
|
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
|
TrainingID |
INT |
NOT NULL |
PK |
培训ID |
|
BeginDate |
DATETIME |
NOT NULL |
|
开始日期 |
|
EndDate |
DATETIME |
NOT NULL |
|
结束日期 |
|
TrainingType |
NVARCHAR(20) |
NOT NULL |
|
培训类型 |
|
Description |
NVARCHAR(255) |
NULL |
|
详细描述 |
员工培训表(EmployeeTraining)
|
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
|
TraingingID |
INT |
NOT NULL |
PK FK |
培训ID |
|
EmployeeID |
INT |
NOT NULL |
PK FK |
员工ID |
员工奖惩信息表(RewardsAndPunishments)
|
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
|
RP_ID |
INT |
NOT NULL |
PF |
奖惩ID |
|
EmployeeID |
INT |
NOT NULL |
FK |
员工ID |
|
Type |
NCHAR(2) |
NOT NULL |
|
奖励/惩罚 |
|
Date |
DATETIME |
NOT NULL |
|
日期 |
|
Reason |
NVARCHAR(50) |
NOT NULL |
|
原因 |
|
Remark |
NVARCHAR(255) |
NULL |
|
备注(可选) |
系统用户信息表(Users)
|
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
|
EmployeeID |
INT |
NOT NULL |
PK FK |
员工ID |
|
Password |
VARCHAR(50) |
NOT NULL |
|
登录密码 |
用户角色信息表(UserRole)
|
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
|
EmployeeID |
INT |
NOT NULL |
PK FK |
员工ID |
|
RoleID |
INT |
NOT NULL |
PK FK |
角色ID |
角色及权限信息表(Roles)
|
字段名称 |
数据类型 |
可否为空 |
约束条件 |
说明 |
|
RoleID |
INT |
NOT NULL |
PK |
角色ID |
|
RoleName |
NVARCHAR(50) |
NOT NULL |
Unique |
角色名称 |
|
Auth_Authority |
INT |
NOT NULL |
Default 0 |
权限管理权限 |
|
Auth_Info |
INT |
NOT NULL |
Default 0 |
信息管理权限 |
|
Auth_Job |
INT |
NOT NULL |
Default 0 |
人事管理权限 |
|
Auth_Attendance |
INT |
NOT NULL |
Default 0 |
考勤管理权限 |
|
Auth_Training |
INT |
NOT NULL |
Default 0 |
培训管理权限 |
|
Auth_Evaluation |
INT |
NOT NULL |
Default 0 |
考核管理权限 |
|
Auth_RP |
INT |
NOT NULL |
Default 0 |
奖惩管理权限 |
|
Auth_Role |
INT |
NOT NULL |
Default 0 |
角色管理权限 |
|
Auth_Encrypt |
INT |
NOT NULL |
Default 0 |
加密系统权限 |
本系统支持基于角色的访问控制。正如在业务模块的简介中所述,用户只有拥有某一业务模块的操作权限才能进行相关操作。而用户的权限来源于系统角色,即用户只能从所属的角色中获得若干权限,而本身无法被授权,授权只能对角色进行,即所谓“基于角色的访问控制”。具体的设计原则为:
1. 为每个模块设置独立的权限
业务模块和系统权限呈一一对应关系。拥有该业务模块的权限后,即可对该模块的数据进行全部操作(增、删、改、查等)。
业务模块和系统权限的对应关系如下表所示:
|
权限 |
模块 |
操作 |
页面 |
|
Auth_Job |
员工管理 |
添加员工 |
employee_add.jsp |
|
查询员工 |
employee_query.jsp |
||
|
修改员工 |
employee_edit.jsp |
||
|
删除员工 |
employee_delete.jsp |
||
|
Auth_Attendance |
考勤管理 |
查询考勤 |
attendance_query.jsp |
|
Auth_Job |
培训管理 |
添加培训 |
training_add.jsp |
|
查询培训 |
training_query.jsp |
||
|
编辑培训 |
training_edit.jsp |
||
|
添加员工培训 |
trainingdetails.jsp |
||
|
移除员工培训 |
|||
|
Auth_Evaluation |
考核管理 |
查询考核 |
evaluation_query.jsp |
|
添加考核 |
evaluation_add.jsp |
||
|
删除考核 |
evaluation_delete.jsp |
||
|
Auth_RP |
奖惩管理 |
查询奖励和惩罚 |
rewardandpunishment_query.jsp |
|
添加奖励或惩罚 |
rewardandpunishment_add.jsp |
||
|
删除奖励或惩罚 |
rewardandpunishment_delete.jsp |
||
|
Auth_Authority |
权限管理 |
查询权限信息 |
authority_query.jsp |
|
查询员工权限 |
authority_manage.jsp |
||
|
将员工添加进角色 |
|||
|
将员工从角色移除 |
|||
|
Auth_Role |
角色管理 |
查询角色权限 |
role_query.jsp |
|
添加角色 |
role_add.jsp |
||
|
删除角色 |
role_delete.jsp |
||
|
修改角色权限 |
role_edit.jsp |
2. 将系统角色作为权限授予和撤销的基本单位
l 用户没有任何权限
l 用户获得所属角色的权限
l 用户与角色、角色与权限均呈多对多关系
l 当用户属于多个角色时,其权限为各角色权限的并集
3. 角色管理和权限管理的分离
l 只拥有角色管理权限的用户,不能管理用户角色,而无法直接控制用户的权限。
l 只拥有权限管理权限的用户,只能将用户添加到现有的角色中或移除用户的当前角色,而无法控制角色的权限。
时间: 2024-10-14 11:46:39