package isip.java.bullyse.bullydb; // This file handles profile/password management. It is pretty self-contained, // referencing itself for most of the work except some page displays. import java.io.*; import java.util.*; import java.sql.*; import javax.servlet.*; import javax.servlet.http.*; public class profile extends HttpServlet { // Initialize BullyDB Object static BullyDB sessionbase = new BullyDB(); // System parameters are stored in the database, retrieve the values // through the BullyDB object. static String SystemURL = sessionbase.getURL(); static String ServletURL = sessionbase.getServletURL(); static String SystemEmail = sessionbase.getEmail(); static String SystemPath = sessionbase.getPath(); static String SystemName = sessionbase.getName(); static String SystemShortName = sessionbase.getShortName(); public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { // Much of the work is controlled by the "task" variable. This is used // to identify just what needs to take place. String task = ""; task = request.getParameter("task"); String AccountId = (String)null; String SessionId = (String)null; HttpSession session = null; // A ResultSet object will be needed at several points. // Go ahead and initialize one. ResultSet result = null; // Retrieve user's session if (!task.equals("password")) { session = request.getSession(true); SessionId = session.getId(); } // Initialize the output stream. response.setContentType("text/html"); PrintWriter out = response.getWriter(); // Task to reset password if (task.equals("password")) { String email = request.getParameter("email"); String Username = (String)null; // Check database to see if email address exists String query = "SELECT AccountId, Username from Account where Email = '" + email + "'"; result = sessionbase.doQuery(query); try { while(result.next()) { AccountId = result.getString("AccountId"); Username = result.getString("Username"); } } catch(Exception e) { e.printStackTrace(); } // If the database wasn't able to retrieve an AccountId then the // account must not exist. if (AccountId == null) { sessionbase.printFile(SystemPath + "/html/errors/pass_noemail.html", out); // Close the output stream out.close(); } else { // Okay so we have an AccountId. Now lets do a password. // The way password generation works: // A wordlist is set up in the array PassChoice. A random number is // generated to pick from this wordlist. At the end of the word picked, // a random number(0-99) is tagged, giving the user their random // password. String[] PassChoice = {"sporadic","gerbil","fruitcake","yellowsub","desktop","gerbil","sporadic","fruitcake","goofy","mother","raven","tiger","golfer","parseit","garbageday","bookshelf","beefjerky","hobbit"}; int rnum, rend; Random rand = new Random(); rnum = rand.nextInt(18); rend = rand.nextInt(100); // Update the user entry in the database to contain the new password. query = "update Account set Password = password('" + PassChoice[rnum] + rend + "') where AccountId = " + AccountId; sessionbase.doUpdate(query); // Results for the Username and Password are emailed to the address. // Pass message to BullyDB to send. // Initialize variables String from = SystemEmail; String Subject = "Password Change Notification"; String Text = "Please note that your password on the Bulldog Stock Exchange has\n been changed.\n\nUsername: " + Username + "\nPassword: " + PassChoice[rnum] + rend; sessionbase.sendEmail(Subject, email, from, Text); // Everything seems to have worked. Output the success message. response.sendRedirect(ServletURL + ".nonMember?task=passChange"); // Close the output stream out.close(); if (!task.equals("password")) { session.invalidate(); } } } else if(task.equals("modit")) { // This responds to data being posted from doGet() below. The user // has entered their data and submitted it for change. // Retrieve form variables String Fname = request.getParameter("fName"); String MI = request.getParameter("mi"); String Lname = request.getParameter("lName"); String newpass = request.getParameter("newpass"); String verpass = request.getParameter("verpass"); String Email = request.getParameter("Email"); String job = request.getParameter("job"); // Used for determining no email duplication String EMAcId = ""; // Retrieve AccountId AccountId = sessionbase.getAccountId(SessionId); if (AccountId == null) { response.sendRedirect(SystemURL + "/html/errors/not_logged_in.html"); } else { int error = 0; // Compare passwords first. If they don't match, send back to fix. if(!newpass.equals(verpass)) { response.sendRedirect(SystemURL + "/html/errors/mismatch.html"); error++; } else if(newpass.length() < 5 && newpass.length() > 0) { response.sendRedirect(SystemURL + "/html/errors/passhort.html"); error++; } else if (Fname.length()<1) { response.sendRedirect(SystemURL + "/html/errors/missing_Fname.html"); error++; } else if(Lname.length()<1) { response.sendRedirect(SystemURL + "/html/errors/missing_Lname.html"); error++; } else if(Email.length()<1) { response.sendRedirect(SystemURL + "/html/errors/missing_Email.html"); error++; } // Check for invalid email address. Must match *@*.* in some way. // Simply checks character by character for @ and . then checks // positioning. String lookFor = "@"; int found = 0; for (int i = 0; i< Email.length(); i++) { if(Email.charAt(i) == ' ') { response.sendRedirect(SystemURL + "/html/errors/invalid_email.html"); error++; } if (Email.charAt(i) == lookFor.charAt(0)) { found++; if (i == 0) { response.sendRedirect(SystemURL + "/html/errors/invalid_email.html"); error++; } else if (i == (Email.length()-1)) { response.sendRedirect(SystemURL + "/html/errors/invalid_email.html"); error++; } else { int j = i+1; lookFor = "."; for (int k = 0; k < (Email.length()-j); k++) { if (Email.charAt(k+j) == lookFor.charAt(0)) { found++; if (k == 0) { response.sendRedirect(SystemURL + "/html/errors/invalid_email.html"); error++; } else if ( k == (Email.length()-j-1)) { response.sendRedirect(SystemURL + "/html/errors/invalid_email.html"); error++; } } } } } } if (found < 2) { response.sendRedirect(SystemURL + "/html/errors/invalid_email.html"); error++; } // Retrieve AccountId in Database from Account that matches the // selected email address. String query = "select AccountId from Account where Email = '" + Email + "'"; result = sessionbase.doQuery(query, SessionId); try { while(result.next()) { EMAcId = result.getString("AccountId"); } } catch(Exception e) { e.printStackTrace(); } if(!AccountId.equals(EMAcId) && EMAcId.length()>1) { response.sendRedirect(SystemURL + "/html/errors/duplicate_email.html"); error++; } if(error==0) { // Nothing seems to be missing, account doesn't already // exist, safe to go ahead and create. // Do we want to set the password? if(newpass.length() < 1) { // Must not, set the query without changing anything in // the password. query = "update Account set Fname = '" + Fname + "', Lname = '" + Lname + "', Mi = '" + MI + "', Email = '" + Email + "' where AccountId = " + AccountId; } else { // Okay, password needs changing. Set query accordingly. query = "update Account set Fname = '" + Fname + "', Lname = '" + Lname + "', Mi = '" + MI + "', Email = '" + Email + "', Password = password('" + newpass + "') where AccountId = " + AccountId; } // Send changes to the database. sessionbase.doUpdate(query, SessionId); // Changes must have worked. Print success page. sessionbase.printTop(out, 3); sessionbase.QuoteFlash(out); // Fill in the blanks from the template out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println("
"); out.println("\"BSE
"); out.println("Success

"); out.println("Your account information has been modified.
"); out.println("		"); sessionbase.printBot(out, SessionId); out.close(); } } } else if(task.equals("modinfo")) { String Phone = request.getParameter("Phone"); String Fax = request.getParameter("Fax"); String Cell = request.getParameter("Cell"); String Address = request.getParameter("Address"); String State = request.getParameter("State"); String City = request.getParameter("City"); String Zip = request.getParameter("Zip"); String Bio = request.getParameter("Bio"); String query = (String)null; // Retrieve AccountId AccountId = sessionbase.getAccountId(SessionId); if (AccountId == null) { response.sendRedirect(SystemURL + "/html/errors/not_logged_in.html"); } else { // Query to update profile query = "update Personal set Phone = '" + Phone + "', Fax = '" + Fax + "', Cell = '" + Cell + "', Address = '" + Address + "', State = '" + State + "', City = '" + City + "', Zip = '" + Zip + "', Bio = '" + Bio + "' where AccountId = " + AccountId; sessionbase.doQuery(query, SessionId); // Everything seems to have worked, output a success // message to the user. sessionbase.printTop(out, 3); sessionbase.QuoteFlash(out); // Fill in the blanks from the template out.println(""); out.println(""); out.println(""); out.println(""); out.println("
"); out.println("\"BSE
"); out.println("

Success

"); out.println("

Personal information has been updated.

"); out.println("		"); sessionbase.printBot(out, SessionId); out.close(); } } else { // Someone must have passed an invalid task into the servlet. out.println("Error"); out.println("Invalid Task
"); out.println("Main BSE page"); out.close(); } } public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String AccountId = (String)null; // Extract variable that tells what task we are to perform String task = ""; task = request.getParameter("task"); // Get the SessionID to make sure the user is logged in HttpSession session = request.getSession(); String SessionId = session.getId(); // Retrieve AccountId AccountId = sessionbase.getAccountId(SessionId); if (AccountId == null) { response.sendRedirect(SystemURL + "/html/errors/not_logged_in.html"); } else { ResultSet result; // Initialize the output stream response.setContentType("text/html"); PrintWriter out = response.getWriter(); if (task.equals("profile")) { // We must want to edit the profile // Initialize variables for the form String Fname = (String)null; String Mi = (String)null; String Lname = (String)null; String Uname = (String)null; String pass = (String)null; String Email = (String)null; // Query the database for user information. If user is not // logged in it will simply return null values. String query="select * from Account where AccountId = " + AccountId; result = sessionbase.doQuery(query, SessionId); try { while(result.next()) { // Retrieve values from the resultset Fname = result.getString("Fname"); Mi = result.getString("Mi"); Lname = result.getString("Lname"); Uname = result.getString("Username"); Email = result.getString("Email"); } } catch(Exception e) { e.printStackTrace(); } // Check to see if user is logged in. if (!Fname.equals(null)) { // Output form for user data. sessionbase.printTop(out, 3); sessionbase.QuoteFlash(out); // Fill in the blanks from the template out.println("		"); out.println(""); out.println(""); out.println(""); out.println("
"); out.println("\"BSE
"); out.println("
"); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println("
First Name:
Middle Initial:
Last Name:
Email Address:
New Password:
Verify Password:
"); out.println("		"); sessionbase.printBot(out, SessionId); } else { // Fname is null, database must not have had a record for the // user. Direct them to an error page instructing login need. sessionbase.printFile(SystemPath + "/html/errors/not_logged_in.html", out); // Close the output stream out.close(); } } else if(task.equals("Account")) { sessionbase.printTop(out, 3); sessionbase.QuoteFlash(out); // Fill in the blanks from the template out.println(""); out.println(""); out.println(""); out.println(""); out.println("
"); out.println("\"BSE
"); out.println("Account Information for " + sessionbase.getUsername(SessionId) + ".
"); out.println("Account Info allows you to change several of the settings for your account
"); out.println("including your Password, Email addres, Name, and so on.
"); out.println("° Account Info

"); out.println("Personal Info is simply information about you. This information is completely optional.
"); out.println("° Personal Info
"); out.println("		"); sessionbase.printBot(out, SessionId); out.close(); } else if(task.equals("info")) { // Routine to edit user's personal info. // Retrieve AccountId try { AccountId = sessionbase.getAccountId(SessionId); } catch (NullPointerException e) { response.sendRedirect(SystemURL + "/html/errors/not_logged_in.html"); } // Initialize variables for the form String Phone = ""; String Fax = ""; String Cell = ""; String Address = ""; String State = ""; String City = ""; String Zip = ""; String Bio = ""; // Query the database for user information. If user is not // logged in it will simply return null values. String query="select * from Personal where AccountId = " + AccountId; result = sessionbase.doQuery(query, SessionId); try { while(result.next()) { // Retrieve values from the resultset Phone = result.getString("Phone"); Fax = result.getString("Fax"); Cell = result.getString("Cell"); Address = result.getString("Address"); State = result.getString("State"); City = result.getString("City"); Zip = result.getString("Zip"); Bio = result.getString("Bio"); } } catch(Exception e) { e.printStackTrace(); } // Output form for user data sessionbase.printTop(out, 3); sessionbase.QuoteFlash(out); // Fill in the blanks from the template out.println(""); out.println(""); out.println(""); out.println("
"); out.println("\"BSE
"); out.println("

"); out.println("The information on this page is all strictly optional and is"); out.println("simply for our records.

"); out.println("
"); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println("
Phone:Cell:
Fax:
Address:
City:State:
Zip:
Bio: (250 character max)
"); out.println("		"); sessionbase.printBot(out, SessionId); out.close(); } else { // An invalid task must have been selected. Output an error. out.println("Error"); out.println(""); out.println("Invalid task"); out.println("Main BSE page"); out.close(); } } } static public void reload() { SystemURL = sessionbase.getURL(); ServletURL = sessionbase.getServletURL(); SystemEmail = sessionbase.getEmail(); SystemPath = sessionbase.getPath(); SystemName = sessionbase.getName(); SystemShortName = sessionbase.getShortName(); } }