package isip.java.bullyse.bullydb;

import java.io.*;
import java.util.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;

// This file handles login/logout procedures for the Bulldog
// Stock Exchange. This is simply the framework for login and
// logout, the real work is done in calls to a BullyDB object.

public class AccountLogin extends HttpServlet {
    // Create a new BullyDB object
    static BullyDB sessionbase = new BullyDB();

    // System parameters are stored in the database, retrieve the values
    // through the BullyDB object.
    static String SystemURL = sessionbase.getURL();
    static String ServletURL = sessionbase.getServletURL();
    static String SystemEmail = sessionbase.getEmail();
    static String SystemPath = sessionbase.getPath();
    static String SystemName = sessionbase.getName();
    static String SystemShortName = sessionbase.getShortName();
    static String SystemLock = sessionbase.getLockStatus();

    public void doPost(HttpServletRequest request, HttpServletResponse response)
	throws IOException, ServletException
    {
	// Initialize variables
	boolean Login = false;
	String username = request.getParameter("username");
	String password = request.getParameter("password");

	String Message = "";
	int error = 0;

	String query = (String)null;

	// Make sure they actually put in a login/password. No need to query the
	// database if one of these is missing. 

	if (username.length()<1 || password.length()<1) {
	    // Open error file
	    Message += "The username or password you entered is invalid.<br>";
	    error++;
	} else {

	    HttpSession session = request.getSession(true);

	    // Check to see if the user is logged in already. If so, close
	    // the old session.
	    if (!session.isNew()) {
		session.invalidate();
		session = request.getSession(true);
	    }

	    String SessionId = session.getId();

	    // Check for a user lock
	    query = "select Locked from Account where Username = '" + username + "'";
	    ResultSet result = sessionbase.doQuery(query);
	    
	    String LockStatus = (String)null;
	    
	    try {
		while (result.next()) {
		    LockStatus = result.getString("Locked");
		}
	    } catch (Exception e) {
		e.printStackTrace();
	    }
	    
	    if (LockStatus.equals("Y")) {
		// User is locked
		Message += "Your account has been locked by a " + SystemName + " administrator.<br>";
		error++;
	    }

	    // Check for a System lock.
	    if (sessionbase.checkLock() && !sessionbase.checkRoot(username)) {
		Message += "Logins are not permitted at this time.<br>";
		error++;
	    }

	    if (error == 0) {
		// Attempt to log in the user.
		Login = sessionbase.doLogon(username, password, SessionId);
		
		if (Login != true) {
		    // Don't want to leave a session open if the user didn't
		    // successfully log in
		    
		    session.invalidate();
		    Message += "The username or password you entered is invalid.<br>";
		    error++;
		}
	    }

	    if (error > 0) {
		// Set up output stream
		response.setContentType("text/html");
		PrintWriter out = response.getWriter();

		sessionbase.printFile(SystemPath + "/home_template_top.html", out);
		out.println("<TD class=\"lightbody\" width=\"100%\">");
		out.println("<p align=\"left\">");
		out.println("<img src=\"html/images/home_head.gif\" alt=\"Home\" width=\"178\" height=\"26\"></p>");
		out.println("<b>Login Error:</b>");
		out.println(Message);
		out.println("</p></td>");
		sessionbase.printFile(SystemPath + "/home_template_bot.html", out);
	    } else {
		// Create a new session for the user and set the maximum they
		// can be inactive
		session.setAttribute("Exchange.user." + sessionbase.getAccountId(SessionId), sessionbase);
		session.setMaxInactiveInterval(3600);
		
		// Update LastLogin on the Account table
		query = "update Account set LastLogin = NOW() where AccountId = " + sessionbase.getAccountId(SessionId);
		sessionbase.doUpdate(query, SessionId);
		
		// Check to see what user is logging in. If this is the
		// Administrative user, send them to a different page

		if (sessionbase.checkRoot(username)) {		
		    // Must be admin, redirect to Admin page
		    response.sendRedirect(ServletURL + ".Admin");
		} else {
		    response.sendRedirect(ServletURL + ".Portfolio?task=Members");
		}
	    }
	}
    }

    // doGet handles logout functions. Assumes that if a user directly
    // accesses the servlet they are intending to log out.

    public void doGet(HttpServletRequest request, HttpServletResponse response)
	throws ServletException, IOException
    {
	String AccountId = (String)null;

	HttpSession session = request.getSession();

	String SessionId = session.getId();

	// Retrieve AccountId, make sure the user is logged in before we try to log
	// him out.
	AccountId = sessionbase.getAccountId(SessionId);
	
	if (AccountId == null) {
	    // User login must have timed in already, so
	    // nothing needs to be done. Simply redirect
	    // to Login page.

	    response.sendRedirect(SystemURL + "/index.html");
	} else {
	    
	    // Close the HttpSession
	    sessionbase.doLogout(SessionId);
	    session.invalidate();
	    
	    // User is logged out, simply send them back to the
	    // Login page
	    response.sendRedirect(SystemURL + "/index.html");
	}
    }

    static public void reload() {
	SystemURL = sessionbase.getURL();
	ServletURL = sessionbase.getServletURL();
	SystemEmail = sessionbase.getEmail();
	SystemPath = sessionbase.getPath();
	SystemName = sessionbase.getName();
	SystemShortName = sessionbase.getShortName();
    }
}