重置密码引起的sql注入问题修复

src/main/java/com/jeeplus/modules/sys/mapper/UserMapper.java

@@ -107,6 +107,10 @@ public interface UserMapper extends BaseMapper<User> {
 	 */
 	
 	public List<User>  findListByOffice(User user);
-	
+
+
+	User findUniqueByMobile(String mobile);
+
+	User findUniqueByLoginName(String loginName);
 	
 }

src/main/java/com/jeeplus/modules/sys/mapper/xml/UserMapper.xml

@@ -426,5 +426,22 @@
 					<if test="dbName == 'mssql'">'%'+#{name}+'%'</if>
 		</if>
 	</select>
-	
+
+
+	<!-- 根据用户id和好友id获取唯一记录 -->
+	<select id="findUniqueByMobile" resultType="User">
+		SELECT
+			*
+		FROM sys_user a
+		where a.mobile = #{mobile}
+	</select>
+
+	<!-- 根据用户id和好友id获取唯一记录 -->
+	<select id="findUniqueByLoginName" resultType="User">
+		SELECT
+			*
+		FROM sys_user a
+		where a.login_name = #{loginName}
+	</select>
+
 </mapper>

src/main/java/com/jeeplus/modules/sys/web/RegisterController.java

@@ -78,7 +78,7 @@ public class RegisterController extends BaseController {
 	
 		//验证手机号是否已经注册
 		
-		if(userMapper.findUniqueByProperty("mobile", user.getMobile()) != null){
+		if(userMapper.findUniqueByMobile(user.getMobile()) != null){
 			// 如果是手机登录，则返回JSON字符串
 			if (mobileLogin){
 				AjaxJson j = new AjaxJson();
@@ -94,7 +94,7 @@ public class RegisterController extends BaseController {
 		
 		//验证用户是否已经注册
 		
-		if(userMapper.findUniqueByProperty("login_name", user.getLoginName()) != null){
+		if(userMapper.findUniqueByLoginName(user.getLoginName()) != null){
 			// 如果是手机登录，则返回JSON字符串
 			if (mobileLogin){
 				AjaxJson j = new AjaxJson();
@@ -193,7 +193,7 @@ public class RegisterController extends BaseController {
 		AjaxJson j = new AjaxJson();
 		
 		//验证手机号是否已经注册
-		if(userMapper.findUniqueByProperty("mobile", mobile) != null){
+		if(userMapper.findUniqueByMobile( mobile) != null){
 			
 				j.setSuccess(false);
 				j.setErrorCode("1");

src/main/java/com/jeeplus/modules/sys/web/UserController.java

@@ -624,7 +624,7 @@ public class UserController extends BaseController {
     @RequestMapping(value = "validateLoginName")
     public boolean validateLoginName(String loginName, HttpServletResponse response) {
 
-        User user = userMapper.findUniqueByProperty("login_name", loginName);
+        User user = userMapper.findUniqueByLoginName(loginName);
         if (user == null) {
             return true;
         } else {
@@ -639,7 +639,7 @@ public class UserController extends BaseController {
     @ResponseBody
     @RequestMapping(value = "validateMobile")
     public boolean validateMobile(String mobile, HttpServletResponse response, Model model) {
-        User user = userMapper.findUniqueByProperty("mobile", mobile);
+        User user = userMapper.findUniqueByMobile( mobile);
         if (user == null) {
             return true;
         } else {
@@ -653,7 +653,7 @@ public class UserController extends BaseController {
     @ResponseBody
     @RequestMapping(value = "validateMobileExist")
     public boolean validateMobileExist(String mobile, HttpServletResponse response, Model model) {
-        User user = userMapper.findUniqueByProperty("mobile", mobile);
+        User user = userMapper.findUniqueByMobile( mobile);
         if (user != null) {
             return true;
         } else {
@@ -666,13 +666,13 @@ public class UserController extends BaseController {
     public AjaxJson resetPassword(String mobile, HttpServletResponse response, Model model) {
         SystemConfig config = systemConfigService.get("1");//获取短信配置的用户名和密码
         AjaxJson j = new AjaxJson();
-        if (userMapper.findUniqueByProperty("mobile", mobile) == null) {
+        if (userMapper.findUniqueByMobile( mobile) == null) {
             j.setSuccess(false);
             j.setMsg("手机号不存在!");
             j.setErrorCode("1");
             return j;
         }
-        User user = userMapper.findUniqueByProperty("mobile", mobile);
+        User user = userMapper.findUniqueByMobile( mobile);
         String newPassword = String.valueOf((int) (Math.random() * 900000 + 100000));
         try {
             String result = UserUtils.sendPass(config.getSmsName(), config.getSmsPassword(), mobile, newPassword);