package isip.java.bullyse.bullydb;
// file: AccountCreation.java
// Handles inserting new user accounts into the database
//
import java.io.*;
import java.util.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
// This file handles account creation for the Bulldog Stock Exchange. All interaction
// with the browser is here, including reading in information the user submitted and
// outputting error and success messages.
//
// Actual calls to the database are handled by BullyDB.
public class AccountCreation extends HttpServlet {
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException
{
// Extract everything the user set in the form.
String firstName = request.getParameter("firstname");
String middleInitial = request.getParameter("midinitial");
String lastName = request.getParameter("lastname");
String user = request.getParameter("desirename");
String newpass = request.getParameter("newpass");
String verpass = request.getParameter("verifypass");
String email = request.getParameter("email");
boolean Login = false;
// Variables for database query
int AccountId = 0;
ResultSet result;
// Will contain the address if it exists already. Not to be confused
// with email entered by the user.
String DBEmail = "";
// tracks problems in the code
int error = 0;
// Create a new session for the user
HttpSession session = request.getSession(true);
BullyDB sessionbase = new BullyDB();
if (sessionbase == null) {
sessionbase = new BullyDB();
session.setAttribute("BullySE.user", sessionbase);
session.setMaxInactiveInterval(3600);
}
// Initialize output to the browser
response.setContentType("text/html");
PrintWriter out=response.getWriter();
// Compare user password and username. If they match, password is too simple
// to crack.
if(newpass.equals(user)) {
response.sendRedirect("http://www.isip.msstate.edu/projects/bse/html/errors/passuser.html");
// Close the output stream
out.close();
error++;
}
// Compare passwords first. If they don't match, send back to fix.
if(!newpass.equals(verpass)) {
// Read appropriate html file for error display. This will eventually
// be handled via jsp files but this will do for now.
response.sendRedirect("http://www.isip.msstate.edu/projects/bse/html/errors/mismatch.html");
// Close the output stream
out.close();
error++;
}
// Test to see if password is too short
if(newpass.length()<5) {
sessionbase.printFile("/ftp/pub/projects/bse/html/errors/passhort.html", out);
// Close the output stream
out.close();
error++;
}
// Check for invalid password. Must match *@*.* in some way.
// Simply checks character by character for @ and . then checks
// positioning.
String lookFor = "@";
int found = 0;
for (int i = 0; i< email.length(); i++) {
if(email.charAt(i) == ' ') {
sessionbase.printFile("/ftp/pub/projects/bse/html/errors/invalid_email.html", out);
out.close();
error++;
}
if (email.charAt(i) == lookFor.charAt(0)) {
found++;
if (i == 0) {
sessionbase.printFile("/ftp/pub/projects/bse/html/errors/invalid_email.html", out);
out.close();
error++;
} else if (i == (email.length()-1)) {
sessionbase.printFile("/ftp/pub/projects/bse/html/errors/invalid_email.html", out);
out.close();
error++;
} else {
int j = i+1;
lookFor = ".";
for (int k = 0; k < (email.length()-j); k++) {
if (email.charAt(k+j) == lookFor.charAt(0)) {
found++;
if (k == 0) {
sessionbase.printFile("/ftp/pub/projects/bse/html/errors/invalid_email.html", out);
out.close();
error++;
} else if ( k == (email.length()-j-1)) {
sessionbase.printFile("/ftp/pub/projects/bse/html/errors/invalid_email.html", out);
out.close();
error++;
}
}
}
}
}
}
if (found < 2) {
sessionbase.printFile("/ftp/pub/projects/bse/html/errors/invalid_email.html", out);
out.close();
error++;
}
// Various tests for missing fields. A different if for each right now so
// that the specific error file can be specified. This will eventually
// be more dynamic when everything gets moved to jsp files.
if (firstName.length()<1) {
sessionbase.printFile("/ftp/pub/projects/bse/html/errors/missing_Fname.html", out);
// Close the output stream
out.close();
error++;
} else if(lastName.length()<1) {
sessionbase.printFile("/ftp/pub/projects/bse/html/errors/missing_Lname.html", out);
// Close the output stream
out.close();
error++;
} else if(user.length()<1) {
sessionbase.printFile("/ftp/pub/projects/bse/html/errors/missing_Uname.html", out);
// Close the output stream
out.close();
error++;
} else if(newpass.length()<1) {
sessionbase.printFile("/ftp/pub/projects/bse/html/errors/missing_Pass.html", out);
// Close the output stream
out.close();
error++;
} else if(email.length()<1) {
sessionbase.printFile("/ftp/pub/projects/bse/html/errors/missing_Email.html", out);
// Close the output stream
out.close();
error++;
}
// Everything seems to be in place, lets check the database.
// Check database to see if account or email address already exists.
String query = "SELECT AccountId from Account where Username = '" + user + "'";
// Pass the query over to the BullyDB object. Return type is ResultSet.
result = sessionbase.doQuery(query);
try {
while(result.next()) {
AccountId = result.getInt("AccountId");
}
} catch(Exception e) {
e.printStackTrace();
}
query = "SELECT Email from Account where Email = '" + email + "'";
// Pass the query over to the BullyDB object. Return type is ResultSet.
result = sessionbase.doQuery(query);
try {
while(result.next()) {
DBEmail = result.getString("Email");
}
} catch(Exception e) {
e.printStackTrace();
}
// Check to see if AccountId exists. If so, the account must
// already be in the db.
if(AccountId != 0) {
// account must exist, redirect user to error page
sessionbase.printFile("/ftp/pub/projects/bse/html/errors/exists_username.html", out);
// Close the output stream
out.close();
error++;
}
// Check to see if DBEmail exists. If so, duplicate account would
// be generated, we want to avoid this.
if(DBEmail.length()>0) {
response.sendRedirect("http://www.isip.msstate.edu/projects/bse/html/errors/duplicate_email.html");
// Close the output stream
out.close();
error++;
}
if(error==0) {
// Nothing seems to be missing, account doesn't already
// exist, safe to go ahead and create.
// Check to see what the current max AccountId is.
query = "SELECT max(AccountId) FROM Account";
// Pass the query over to the BullyDB object. Return type is ResultSet.
result = sessionbase.doQuery(query);
try {
while(result.next()) {
AccountId = result.getInt("max(AccountId)");
}
} catch(Exception e) {
e.printStackTrace();
}
// Increment AccountId for the new user
AccountId++;
query = "insert into Account (AccountId, Username, Password, Fname, Lname, Mi, Dcreate, Email) VALUES ("+ AccountId + ",'" + user + "',password('" + newpass + "'),'" + firstName + "','" + lastName + "','" + middleInitial + "',NOW(),'" + email + "')";
// Pass the update over to BullyDB. Updates don't have anything to return.
sessionbase.doUpdate(query);
query = "insert into Portfolio (AccountId, Balance) VALUES (" + AccountId + ", 5000)";
sessionbase.doUpdate(query);
// Initialize the database table for personal info
query = "insert into Personal (AccountId) VALUES (" + AccountId + ")";
sessionbase.doUpdate(query);
// Assume the creation worked.
Login = sessionbase.doLogon(user, newpass, session.getId());
if (Login == true) {
response.sendRedirect("http://www.isip.msstate.edu/projects/bse/html/members/index.html");
} else {
// Don't want to leave a session open if the user didn't
// successfully log in
session.invalidate();
response.sendRedirect("http://www.isip.msstate.edu/projects/bse/html/errors/login_invalid.html");
}
}
out.close();
}
// If someone tries to go straight to this servlet, the following will be
// displayed.
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("Error");
out.println("Invalid Task");
out.println("BSE Main");
out.close();
}
}