package isip.java.bullyse.bullydb;
import java.io.*;
import java.util.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
// This file handles login/logout procedures for the Bulldog
// Stock Exchange. This is simply the framework for login and
// logout, the real work is done in calls to a BullyDB object.
public class AccountLogin extends HttpServlet {
// Create a new BullyDB object
static BullyDB sessionbase = new BullyDB();
// System parameters are stored in the database, retrieve the values
// through the BullyDB object.
static String SystemURL = sessionbase.getURL();
static String ServletURL = sessionbase.getServletURL();
static String SystemEmail = sessionbase.getEmail();
static String SystemPath = sessionbase.getPath();
static String SystemName = sessionbase.getName();
static String SystemShortName = sessionbase.getShortName();
static String SystemLock = sessionbase.getLockStatus();
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException
{
// Initialize variables
boolean Login = false;
String username = request.getParameter("username");
String password = request.getParameter("password");
String Message = "";
int error = 0;
String query = (String)null;
// Make sure they actually put in a login/password. No need to query the
// database if one of these is missing.
if (username.length()<1 || password.length()<1) {
// Open error file
Message += "The username or password you entered is invalid.
";
error++;
} else {
HttpSession session = request.getSession(true);
// Check to see if the user is logged in already. If so, close
// the old session.
if (!session.isNew()) {
session.invalidate();
session = request.getSession(true);
}
String SessionId = session.getId();
// Check for a user lock
query = "select Locked from Account where Username = '" + username + "'";
ResultSet result = sessionbase.doQuery(query);
String LockStatus = (String)null;
try {
while (result.next()) {
LockStatus = result.getString("Locked");
}
} catch (Exception e) {
e.printStackTrace();
}
if (LockStatus.equals("Y")) {
// User is locked
Message += "Your account has been locked by a " + SystemName + " administrator.
";
error++;
}
// Check for a System lock.
if (sessionbase.checkLock() && !sessionbase.checkRoot(username)) {
Message += "Logins are not permitted at this time.
";
error++;
}
if (error == 0) {
// Attempt to log in the user.
Login = sessionbase.doLogon(username, password, SessionId);
if (Login != true) {
// Don't want to leave a session open if the user didn't
// successfully log in
session.invalidate();
Message += "The username or password you entered is invalid.
";
error++;
}
}
if (error > 0) {
// Set up output stream
response.setContentType("text/html");
PrintWriter out = response.getWriter();
sessionbase.printFile(SystemPath + "/home_template_top.html", out);
out.println("
"); out.println("
"); out.println("Login Error:"); out.println(Message); out.println("