package isip.java.bullyse.bullydb;
// This file handles profile/password management. It is pretty self-contained,
// referencing itself for most of the work except some page displays.
import java.io.*;
import java.util.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class profile extends HttpServlet {
// Initialize BullyDB Object
static BullyDB sessionbase = new BullyDB();
// System parameters are stored in the database, retrieve the values
// through the BullyDB object.
static String SystemURL = sessionbase.getURL();
static String ServletURL = sessionbase.getServletURL();
static String SystemEmail = sessionbase.getEmail();
static String SystemPath = sessionbase.getPath();
static String SystemName = sessionbase.getName();
static String SystemShortName = sessionbase.getShortName();
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException
{
// Much of the work is controlled by the "task" variable. This is used
// to identify just what needs to take place.
String task = "";
task = request.getParameter("task");
String AccountId = (String)null;
String SessionId = (String)null;
HttpSession session = null;
// A ResultSet object will be needed at several points.
// Go ahead and initialize one.
ResultSet result = null;
// Retrieve user's session
if (!task.equals("password")) {
session = request.getSession(true);
SessionId = session.getId();
}
// Task to reset password
if (task.equals("password")) {
String email = request.getParameter("email");
String Username = request.getParameter("username");
if ((email == null) || (Username == null)) {
response.sendRedirect(ServletURL + ".nonMember?task=passChangeFail");
}
// Check database to see if email address exists
String query = "SELECT AccountId, Username from Account where Email = '" + email + "' and Username = '" + Username + "'";
result = sessionbase.doQuery(query);
try {
while(result.next()) {
AccountId = result.getString("AccountId");
Username = result.getString("Username");
}
} catch(Exception e) {
e.printStackTrace();
}
// If the database wasn't able to retrieve an AccountId then the
// account must not exist.
if (AccountId == null) {
response.sendRedirect(ServletURL + ".nonMember?task=passChangeFail");
} else {
String newPass = (String)null;
// Okay so we have an AccountId. Now lets do a password.
newPass = sessionbase.genPass(AccountId, true);
// Results for the Username and Password are emailed to the address.
// Pass message to BullyDB to send.
// Initialize variables
String Subject = "Password Change Notification";
String Text = "Please note that your password on the Bulldog Stock Exchange has\n been changed.\n\nUsername: " + Username + "\nPassword: " + newPass + "\n";
sessionbase.sendEmail(Subject, Text, AccountId);
// Everything seems to have worked. Output the success message.
response.sendRedirect(ServletURL + ".nonMember?task=passChange");
if (!task.equals("password")) {
session.invalidate();
}
}
} else if(task.equals("modit")) {
// This responds to data being posted from doGet() below. The user
// has entered their data and submitted it for change.
// Retrieve form variables
String Fname = "";
Fname += request.getParameter("fName");
String MI = "";
MI += request.getParameter("mi");
String Lname = "";
Lname += request.getParameter("lName");
String newpass = "";
newpass += request.getParameter("newpass");
String verpass = "";
verpass += request.getParameter("verpass");
String Email = "";
Email += request.getParameter("Email");
String job = request.getParameter("job");
// Used for determining no email duplication
boolean setInvalidEmail = false;
String EMAcId = "";
// Set up output stream
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String Message = "";
// Retrieve AccountId
AccountId = sessionbase.getAccountId(SessionId);
if (AccountId == null) {
response.sendRedirect(ServletURL + ".nonMember?task=LI&Type=1");
} else {
int error = 0;
// Compare passwords first. If they don't match, send back to fix.
if(!newpass.equals(verpass)) {
Message += "The passwords you entered do not match.
";
error++;
} else if(newpass.length() < 5 && newpass.length() > 0) {
Message += "Your password must be at least 5 characters in length.
";
error++;
} else if (Fname.length()<1) {
Message += "First name field is required.
";
error++;
} else if(Lname.length()<1) {
Message += "Last name field is required.
";
error++;
} else if(Email.length()<1) {
Message += "Email Address is required.
";
error++;
}
// Check for invalid email address. Must match *@*.* in some way.
// Simply checks character by character for @ and . then checks
// positioning.
String lookFor = "@";
int found = 0;
for (int i = 0; i< Email.length(); i++) {
if(Email.charAt(i) == ' ') {
if (!setInvalidEmail) {
setInvalidEmail = true;
Message += "The email address you entered is invalid.
";
}
error++;
}
if (Email.charAt(i) == lookFor.charAt(0)) {
found++;
if (i == 0) {
if (!setInvalidEmail) {
setInvalidEmail = true;
Message += "The email address you entered is invalid.
";
}
error++;
} else if (i == (Email.length()-1)) {
if (!setInvalidEmail) {
setInvalidEmail = true;
Message += "The email address you entered is invalid.
";
}
error++;
} else {
int j = i+1;
lookFor = ".";
for (int k = 0; k < (Email.length()-j); k++) {
if (Email.charAt(k+j) == lookFor.charAt(0)) {
found++;
if (k == 0) {
if (!setInvalidEmail) {
setInvalidEmail = true;
Message += "The email address you entered is invalid.
";
}
error++;
} else if ( k == (Email.length()-j-1)) {
if (!setInvalidEmail) {
setInvalidEmail = true;
Message += "The email address you entered is invalid.
";
}
error++;
}
}
}
}
}
}
if (found < 2) {
if (!setInvalidEmail) {
setInvalidEmail = true;
Message += "The email address you entered is invalid.
";
}
error++;
}
// Retrieve AccountId in Database from Account that matches the
// selected email address.
String query = "select AccountId from Account where Email = '" + Email + "'";
result = sessionbase.doQuery(query, SessionId);
try {
while(result.next()) {
EMAcId = result.getString("AccountId");
}
} catch(Exception e) {
e.printStackTrace();
}
if(!AccountId.equals(EMAcId) && EMAcId.length()>1) {
Message += "The Email address you entered is being used by another user.
";
error++;
}
if(error==0) {
// Nothing seems to be missing, account doesn't already
// exist, safe to go ahead and create.
// Do we want to set the password?
if(newpass.length() < 1) {
// Must not, set the query without changing anything in
// the password.
query = "update Account set Fname = '" + Fname + "', Lname = '" + Lname + "', Mi = '" + MI + "', Email = '" + Email + "' where AccountId = " + AccountId;
} else {
// Okay, password needs changing. Set query accordingly.
query = "update Account set Fname = '" + Fname + "', Lname = '" + Lname + "', Mi = '" + MI + "', Email = '" + Email + "', Password = password('" + newpass + "') where AccountId = " + AccountId;
}
// Send changes to the database.
sessionbase.doUpdate(query, SessionId);
// Changes must have worked. Print success page.
sessionbase.printTop(out, 3);
out.println("
");
out.println("Success
");
out.println("Your account information has been modified.
");
sessionbase.printBot(out, SessionId, 1);
out.close();
} else {
sessionbase.printTop(out, 3);
out.println("
");
out.println("" + Message + "");
out.println("
Success
"); out.println("Personal information has been updated.
"); sessionbase.printBot(out, SessionId, 1); out.close(); } } else { // Someone must have passed an invalid task into the servlet. // Set up output stream response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println(""); out.println("The information on this page is all strictly optional and is"); out.println("simply for our records.
"); out.println(""); sessionbase.printBot(out, SessionId, 1); out.close(); } else { // An invalid task must have been selected. Output an error. out.println("