package isip.java.bullyse.bullydb; // This file handles profile/password management. It is pretty self-contained, // referencing itself for most of the work except some page displays. import java.io.*; import java.util.*; import java.sql.*; import javax.servlet.*; import javax.servlet.http.*; public class profile extends HttpServlet { // Initialize BullyDB Object static BullyDB sessionbase = new BullyDB(); // System parameters are stored in the database, retrieve the values // through the BullyDB object. static String SystemURL = sessionbase.getURL(); static String ServletURL = sessionbase.getServletURL(); static String SystemEmail = sessionbase.getEmail(); static String SystemPath = sessionbase.getPath(); static String SystemName = sessionbase.getName(); static String SystemShortName = sessionbase.getShortName(); public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { // Much of the work is controlled by the "task" variable. This is used // to identify just what needs to take place. String task = ""; task = request.getParameter("task"); String AccountId = (String)null; String SessionId = (String)null; HttpSession session = null; // A ResultSet object will be needed at several points. // Go ahead and initialize one. ResultSet result = null; // Retrieve user's session if (!task.equals("password")) { session = request.getSession(true); SessionId = session.getId(); } // Initialize the output stream. response.setContentType("text/html"); PrintWriter out = response.getWriter(); // Task to reset password if (task.equals("password")) { String email = request.getParameter("email"); String Username = (String)null; // Check database to see if email address exists String query = "SELECT AccountId, Username from Account where Email = '" + email + "'"; result = sessionbase.doQuery(query); try { while(result.next()) { AccountId = result.getString("AccountId"); Username = result.getString("Username"); } } catch(Exception e) { e.printStackTrace(); } // If the database wasn't able to retrieve an AccountId then the // account must not exist. if (AccountId == null) { sessionbase.printFile(SystemPath + "/html/errors/pass_noemail.html", out); // Close the output stream out.close(); } else { // Okay so we have an AccountId. Now lets do a password. // The way password generation works: // A wordlist is set up in the array PassChoice. A random number is // generated to pick from this wordlist. At the end of the word picked, // a random number(0-99) is tagged, giving the user their random // password. String[] PassChoice = {"sporadic","gerbil","fruitcake","yellowsub","desktop","gerbil","sporadic","fruitcake","goofy","mother","raven","tiger","golfer","parseit","garbageday","bookshelf","beefjerky","hobbit"}; int rnum, rend; Random rand = new Random(); rnum = rand.nextInt(18); rend = rand.nextInt(100); // Update the user entry in the database to contain the new password. query = "update Account set Password = password('" + PassChoice[rnum] + rend + "') where AccountId = " + AccountId; sessionbase.doUpdate(query); // Results for the Username and Password are emailed to the address. // Pass message to BullyDB to send. // Initialize variables String from = SystemEmail; String Subject = "Password Change Notification"; String Text = "Please note that your password on the Bulldog Stock Exchange has\n been changed.\n\nUsername: " + Username + "\nPassword: " + PassChoice[rnum] + rend; sessionbase.sendEmail(Subject, email, from, Text); // Everything seems to have worked. Output the success message. response.sendRedirect(ServletURL + ".nonMember?task=passChange"); // Close the output stream out.close(); if (!task.equals("password")) { session.invalidate(); } } } else if(task.equals("modit")) { // This responds to data being posted from doGet() below. The user // has entered their data and submitted it for change. // Retrieve form variables String Fname = request.getParameter("fName"); String MI = request.getParameter("mi"); String Lname = request.getParameter("lName"); String newpass = request.getParameter("newpass"); String verpass = request.getParameter("verpass"); String Email = request.getParameter("Email"); String job = request.getParameter("job"); // Used for determining no email duplication String EMAcId = ""; // Retrieve AccountId AccountId = sessionbase.getAccountId(SessionId); if (AccountId == null) { response.sendRedirect(SystemURL + "/html/errors/not_logged_in.html"); } else { int error = 0; // Compare passwords first. If they don't match, send back to fix. if(!newpass.equals(verpass)) { response.sendRedirect(SystemURL + "/html/errors/mismatch.html"); error++; } else if(newpass.length() < 5 && newpass.length() > 0) { response.sendRedirect(SystemURL + "/html/errors/passhort.html"); error++; } else if (Fname.length()<1) { response.sendRedirect(SystemURL + "/html/errors/missing_Fname.html"); error++; } else if(Lname.length()<1) { response.sendRedirect(SystemURL + "/html/errors/missing_Lname.html"); error++; } else if(Email.length()<1) { response.sendRedirect(SystemURL + "/html/errors/missing_Email.html"); error++; } // Check for invalid email address. Must match *@*.* in some way. // Simply checks character by character for @ and . then checks // positioning. String lookFor = "@"; int found = 0; for (int i = 0; i< Email.length(); i++) { if(Email.charAt(i) == ' ') { response.sendRedirect(SystemURL + "/html/errors/invalid_email.html"); error++; } if (Email.charAt(i) == lookFor.charAt(0)) { found++; if (i == 0) { response.sendRedirect(SystemURL + "/html/errors/invalid_email.html"); error++; } else if (i == (Email.length()-1)) { response.sendRedirect(SystemURL + "/html/errors/invalid_email.html"); error++; } else { int j = i+1; lookFor = "."; for (int k = 0; k < (Email.length()-j); k++) { if (Email.charAt(k+j) == lookFor.charAt(0)) { found++; if (k == 0) { response.sendRedirect(SystemURL + "/html/errors/invalid_email.html"); error++; } else if ( k == (Email.length()-j-1)) { response.sendRedirect(SystemURL + "/html/errors/invalid_email.html"); error++; } } } } } } if (found < 2) { response.sendRedirect(SystemURL + "/html/errors/invalid_email.html"); error++; } // Retrieve AccountId in Database from Account that matches the // selected email address. String query = "select AccountId from Account where Email = '" + Email + "'"; result = sessionbase.doQuery(query, SessionId); try { while(result.next()) { EMAcId = result.getString("AccountId"); } } catch(Exception e) { e.printStackTrace(); } if(!AccountId.equals(EMAcId) && EMAcId.length()>1) { response.sendRedirect(SystemURL + "/html/errors/duplicate_email.html"); error++; } if(error==0) { // Nothing seems to be missing, account doesn't already // exist, safe to go ahead and create. // Do we want to set the password? if(newpass.length() < 1) { // Must not, set the query without changing anything in // the password. query = "update Account set Fname = '" + Fname + "', Lname = '" + Lname + "', Mi = '" + MI + "', Email = '" + Email + "' where AccountId = " + AccountId; } else { // Okay, password needs changing. Set query accordingly. query = "update Account set Fname = '" + Fname + "', Lname = '" + Lname + "', Mi = '" + MI + "', Email = '" + Email + "', Password = password('" + newpass + "') where AccountId = " + AccountId; } // Send changes to the database. sessionbase.doUpdate(query, SessionId); // Changes must have worked. Print success page. sessionbase.printTop(out, 3); sessionbase.QuoteFlash(out); // Fill in the blanks from the template out.println(""); out.println("
");
out.println(" "); out.println("Success "); out.println("Your account information has been modified. "); out.println(" | ");
out.println(""); sessionbase.printBot(out, SessionId); out.close(); } } } else if(task.equals("modinfo")) { String Phone = request.getParameter("Phone"); String Fax = request.getParameter("Fax"); String Cell = request.getParameter("Cell"); String Address = request.getParameter("Address"); String State = request.getParameter("State"); String City = request.getParameter("City"); String Zip = request.getParameter("Zip"); String Bio = request.getParameter("Bio"); String query = (String)null; // Retrieve AccountId AccountId = sessionbase.getAccountId(SessionId); if (AccountId == null) { response.sendRedirect(SystemURL + "/html/errors/not_logged_in.html"); } else { // Query to update profile query = "update Personal set Phone = '" + Phone + "', Fax = '" + Fax + "', Cell = '" + Cell + "', Address = '" + Address + "', State = '" + State + "', City = '" + City + "', Zip = '" + Zip + "', Bio = '" + Bio + "' where AccountId = " + AccountId; sessionbase.doQuery(query, SessionId); // Everything seems to have worked, output a success // message to the user. sessionbase.printTop(out, 3); sessionbase.QuoteFlash(out); // Fill in the blanks from the template out.println(" | "); out.println("");
out.println("
|