db 암호화 오류 수정

src/main/java/com/lemon/lifecenter/common/LifeCenterQueryLog.java

@@ -4,6 +4,7 @@ import java.sql.Statement;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
+import java.util.regex.Matcher;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -16,12 +17,16 @@ import org.apache.ibatis.plugin.Invocation;
 import org.apache.ibatis.plugin.Plugin;
 import org.apache.ibatis.plugin.Signature;
 import org.apache.ibatis.session.ResultHandler;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
 import com.lemon.lifecenter.dto.PrivateLogDTO;
 import com.lemon.lifecenter.service.PrivateLogService;
+
+import ch.qos.logback.classic.Logger;
+
 import java.sql.Connection; 
 import java.sql.DriverManager; 
 import java.sql.SQLException; 
@@ -43,6 +48,8 @@ import cubrid.jdbc.driver.*;
         @Signature(type = StatementHandler.class, method = "query", args = { Statement.class, ResultHandler.class }) })
 public class LifeCenterQueryLog implements Interceptor {
     
+    private final Logger logger = (Logger) LoggerFactory.getLogger(this.getClass());
+    
     private Connection con; 
     private Statement stmt;
     
@@ -180,7 +187,8 @@ public class LifeCenterQueryLog implements Interceptor {
                 }
 
                 if (value instanceof String) {
-                    sql = sql.replaceFirst("\\?", "'" + value + "'");
+//                    sql = sql.replaceFirst("\\?", "'" + value + "'");
+                    sql = sql.replaceFirst("\\?", "'"+Matcher.quoteReplacement(value.toString())+"'");
                 } else {
                     sql = sql.replaceFirst("\\?", value.toString());
                 }
@@ -196,8 +204,10 @@ public class LifeCenterQueryLog implements Interceptor {
                 Field field = paramClass.getDeclaredField(propValue);
                 field.setAccessible(true);
                 Class<?> javaType = mapping.getJavaType();
+                
                 if (String.class == javaType) {
-                    sql = sql.replaceFirst("\\?", "'" + field.get(param) + "'");
+                    String str = field.get(param) == null ? "" : field.get(param).toString();
+                    sql = sql.replaceFirst("\\?", "'"+Matcher.quoteReplacement(str)+"'");
                 } else {
                     sql = sql.replaceFirst("\\?", field.get(param).toString());
                 }

src/main/java/com/lemon/lifecenter/controller/CenterController.java

@@ -117,7 +117,8 @@ public class CenterController extends LifeCenterController {
         mDto.setCenterCode(centerCode);
         mDto.setId(staffId);
 //        mDto.setPassword(LifeCenterFunction.aesEncrypt(config.aesKey, config.IV, staffPw));
-        mDto.setPassword(LifeCenterFunction.sha256Encrypt(staffPw));
+//        mDto.setPassword(LifeCenterFunction.sha256Encrypt(staffPw));
+        mDto.setPassword(staffPw);
         mDto.setName(staffName);
         mDto.setPhoneNumber(staffPhoneNumber);
         mDto.setGroupIdx( 2 ); // 1: 시스템관리자 2:관리자 3:일반사용자, 센터신규등록시 아이디생성은 관리자 권한으로 생성, 센터하나에 관리자 1명으로 개발진행

src/main/java/com/lemon/lifecenter/controller/PatientController.java

@@ -263,7 +263,8 @@ public class PatientController extends LifeCenterController {
         
         // 환자 password는 생년월일(yyyymmdd)을 암호화
 //        dto.setPw( LifeCenterFunction.aesEncrypt( config.aesKey, config.IV, jumin ) );
-//        dto.setPw( LifeCenterFunction.sha256Encrypt( jumin ) );s
+//        dto.setPw( LifeCenterFunction.sha256Encrypt( jumin ) );
+        dto.setPw(jumin);
         dto.setCenterCode( sesCenterCode );
         dto.setState( "H" ); // H : 입소
         dto.setCreateBy( sesId );

src/main/java/com/lemon/lifecenter/controller/StaffController.java

@@ -367,17 +367,17 @@ public class StaffController extends LifeCenterController {
         originMemberData.setId( memberId );
         originMemberData = memberService.selectMemberInfo(originMemberData);
         
-        
-        
         Object sesPasswordChange = request.getSession().getAttribute( "sesPasswordChange" );
-        String encryptPw = LifeCenterFunction.sha256Encrypt(dto.getPassword());
+//        String encryptPw = LifeCenterFunction.sha256Encrypt(dto.getPassword());
+        String encryptPw = dto.getPassword();
+        
         dto.setPassword(encryptPw);
         
         int mCnt = memberService.selectMemberCount(dto);
         if (mCnt == 1) {
             if (!passwordNew.equals("")) {
                 if (passwordNew.equals(passwordConfirm)) {
-                    dto.setPassword(LifeCenterFunction.sha256Encrypt(passwordNew));
+                    dto.setPassword(passwordNew);
                     
                     if( sesPasswordChange != null && ( sesPasswordChange.equals( "REQUIRED" ) || sesPasswordChange.equals( "RESET" ) ) ) {
                         LifeCenterSessionController.setSession( request, "sesPasswordChange", "" );
@@ -579,12 +579,16 @@ public class StaffController extends LifeCenterController {
         StaffDTO dto = new StaffDTO();
         dto.setId(id);
         if (type.equals("staff")) {
-            pw = LifeCenterFunction.sha256Encrypt(config.staffResetPw);
+//            pw = LifeCenterFunction.sha256Encrypt(config.staffResetPw);
+            pw = config.staffResetPw;
         } else {
-            pw = LifeCenterFunction.sha256Encrypt(config.centerResetPw);
+//            pw = LifeCenterFunction.sha256Encrypt(config.centerResetPw);
+            pw = config.centerResetPw;
         }
         dto.setPassword(pw);
         
+        logger.error("dto.getPassword -- > " + dto.getPassword());
+        
         int rts = memberService.updateMemberPwReset(dto);
         
         if (rts == 1) {

src/main/java/com/lemon/lifecenter/dto/PatientDTO.java

@@ -20,7 +20,7 @@ public class PatientDTO {
     private int centerCode;
     private String jumin;
     private String patientPhone;
-    private String guardianPhone;
+    private String guardianPhone = "";
     private String symptomStartDate=null;
     private String confirmationDate;
     private String disisolationDate=null;

src/main/resources/mybatis/mapper/staff/staff.xml

@@ -9,7 +9,7 @@
               FROM MEMBER
              WHERE 1 = 1
                AND id = #{id}
-               AND password = #{password}
+               AND password = sfxdb_hash(6, #{password})
         ]]>
     </select>
     
@@ -119,8 +119,8 @@
     <insert id="insertMember" parameterType="StaffDTO" useGeneratedKeys="true">
         <![CDATA[
             INSERT INTO MEMBER
-                        (ID,    PASSWORD,    CREATE_DATE, NAME,    PHONE_NUMBER,   GROUP_IDX,   CENTER_CODE)
-                  VALUE (#{id}, #{password}, NOW(),       #{name}, #{phoneNumber}, #{groupIdx}, #{centerCode})
+                        (ID,    PASSWORD,                   CREATE_DATE, NAME,    PHONE_NUMBER,   GROUP_IDX,   CENTER_CODE)
+                  VALUE (#{id}, sfxdb_hash(6, #{password}), NOW(),       #{name}, #{phoneNumber}, #{groupIdx}, #{centerCode})
         ]]>
     </insert>
     
@@ -132,8 +132,8 @@
         </selectKey>
         <![CDATA[
             INSERT INTO MEMBER
-                        (ID,    PASSWORD,    CREATE_DATE,   NAME,    PHONE_NUMBER,   USE_YN,   GROUP_IDX,   CENTER_CODE)
-                  VALUE (#{id}, #{password}, NOW(),         #{name}, #{phoneNumber}, #{useYn}, #{groupIdx}, #{centerCode})
+                        (ID,    PASSWORD,                   CREATE_DATE,   NAME,    PHONE_NUMBER,   USE_YN,   GROUP_IDX,   CENTER_CODE)
+                  VALUE (#{id}, sfxdb_hash(6, #{password}), NOW(),         #{name}, #{phoneNumber}, #{useYn}, #{groupIdx}, #{centerCode})
         ]]>
     </insert>
     
@@ -144,7 +144,7 @@
         ]]>
         <if test='password != null and password != ""'>
         <![CDATA[
-                   PASSWORD = #{password},
+                   PASSWORD = sfxdb_hash(6, #{password}),
                    PW_CHANGE_REQ = '',
         ]]>
         </if>
@@ -157,7 +157,7 @@
     <update id="updateMemberPwReset" parameterType="StaffDTO">
         <![CDATA[
             UPDATE MEMBER
-               SET PASSWORD = #{password},
+               SET PASSWORD = sfxdb_hash(6, #{password}),
                    FAIL_COUNT = 0
              WHERE ID = #{id}
         ]]>