package isip.java.bullyse.bullydb;
// This file handles profile/password management. It is pretty self-contained,
// referencing itself for most of the work except some page displays.
import java.io.*;
import java.util.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class profile extends HttpServlet {
// Initialize BullyDB Object
static BullyDB sessionbase = new BullyDB();
// System parameters are stored in the database, retrieve the values
// through the BullyDB object.
static String SystemURL = sessionbase.getURL();
static String ServletURL = sessionbase.getServletURL();
static String SystemEmail = sessionbase.getEmail();
static String SystemPath = sessionbase.getPath();
static String SystemName = sessionbase.getName();
static String SystemShortName = sessionbase.getShortName();
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException
{
// Much of the work is controlled by the "task" variable. This is used
// to identify just what needs to take place.
String task = "";
task = request.getParameter("task");
String AccountId = (String)null;
String SessionId = (String)null;
HttpSession session = null;
// A ResultSet object will be needed at several points.
// Go ahead and initialize one.
ResultSet result = null;
// Retrieve user's session
if (!task.equals("password")) {
session = request.getSession(true);
SessionId = session.getId();
}
// Task to reset password
if (task.equals("password")) {
String email = request.getParameter("email");
String Username = request.getParameter("username");
if ((email == null) || (Username == null)) {
response.sendRedirect(ServletURL + ".nonMember?task=passChangeFail");
}
// Check database to see if email address exists
String query = "SELECT AccountId, Username from Account where Email = '" + email + "' and Username = '" + Username + "'";
result = sessionbase.doQuery(query);
try {
while(result.next()) {
AccountId = result.getString("AccountId");
Username = result.getString("Username");
}
} catch(Exception e) {
e.printStackTrace();
}
// If the database wasn't able to retrieve an AccountId then the
// account must not exist.
if (AccountId == null) {
response.sendRedirect(ServletURL + ".nonMember?task=passChangeFail");
} else {
String newPass = (String)null;
// Okay so we have an AccountId. Now lets do a password.
newPass = sessionbase.genPass(AccountId, true);
// Results for the Username and Password are emailed to the address.
// Pass message to BullyDB to send.
// Initialize variables
String Subject = "Password Change Notification";
String Text = "Please note that your password on the Bulldog Stock Exchange has\n been changed.\n\nUsername: " + Username + "\nPassword: " + newPass + "\n";
sessionbase.sendEmail(Subject, Text, AccountId);
// Everything seems to have worked. Output the success message.
response.sendRedirect(ServletURL + ".nonMember?task=passChange");
if (!task.equals("password")) {
session.invalidate();
}
}
} else if(task.equals("modit")) {
// This responds to data being posted from doGet() below. The user
// has entered their data and submitted it for change.
// Retrieve form variables
String Fname = "";
Fname += request.getParameter("fName");
String MI = "";
MI += request.getParameter("mi");
String Lname = "";
Lname += request.getParameter("lName");
String newpass = "";
newpass += request.getParameter("newpass");
String verpass = "";
verpass += request.getParameter("verpass");
String Email = "";
Email += request.getParameter("Email");
String job = request.getParameter("job");
// Used for determining no email duplication
boolean setInvalidEmail = false;
String EMAcId = "";
// Set up output stream
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String Message = "";
// Retrieve AccountId
AccountId = sessionbase.getAccountId(SessionId);
if (AccountId == null) {
response.sendRedirect(ServletURL + ".nonMember?task=LI&Type=1");
} else {
int error = 0;
// Compare passwords first. If they don't match, send back to fix.
if(!newpass.equals(verpass)) {
Message += "The passwords you entered do not match.
";
error++;
} else if(newpass.length() < 5 && newpass.length() > 0) {
Message += "Your password must be at least 5 characters in length.
";
error++;
} else if (Fname.length()<1) {
Message += "First name field is required.
";
error++;
} else if(Lname.length()<1) {
Message += "Last name field is required.
";
error++;
} else if(Email.length()<1) {
Message += "Email Address is required.
";
error++;
}
// Check for invalid email address. Must match *@*.* in some way.
// Simply checks character by character for @ and . then checks
// positioning.
String lookFor = "@";
int found = 0;
for (int i = 0; i< Email.length(); i++) {
if(Email.charAt(i) == ' ') {
if (!setInvalidEmail) {
setInvalidEmail = true;
Message += "The email address you entered is invalid.
";
}
error++;
}
if (Email.charAt(i) == lookFor.charAt(0)) {
found++;
if (i == 0) {
if (!setInvalidEmail) {
setInvalidEmail = true;
Message += "The email address you entered is invalid.
";
}
error++;
} else if (i == (Email.length()-1)) {
if (!setInvalidEmail) {
setInvalidEmail = true;
Message += "The email address you entered is invalid.
";
}
error++;
} else {
int j = i+1;
lookFor = ".";
for (int k = 0; k < (Email.length()-j); k++) {
if (Email.charAt(k+j) == lookFor.charAt(0)) {
found++;
if (k == 0) {
if (!setInvalidEmail) {
setInvalidEmail = true;
Message += "The email address you entered is invalid.
";
}
error++;
} else if ( k == (Email.length()-j-1)) {
if (!setInvalidEmail) {
setInvalidEmail = true;
Message += "The email address you entered is invalid.
";
}
error++;
}
}
}
}
}
}
if (found < 2) {
if (!setInvalidEmail) {
setInvalidEmail = true;
Message += "The email address you entered is invalid.
";
}
error++;
}
// Retrieve AccountId in Database from Account that matches the
// selected email address.
String query = "select AccountId from Account where Email = '" + Email + "'";
result = sessionbase.doQuery(query, SessionId);
try {
while(result.next()) {
EMAcId = result.getString("AccountId");
}
} catch(Exception e) {
e.printStackTrace();
}
if(!AccountId.equals(EMAcId) && EMAcId.length()>1) {
Message += "The Email address you entered is being used by another user.
";
error++;
}
if(error==0) {
// Nothing seems to be missing, account doesn't already
// exist, safe to go ahead and create.
// Do we want to set the password?
if(newpass.length() < 1) {
// Must not, set the query without changing anything in
// the password.
query = "update Account set Fname = '" + Fname + "', Lname = '" + Lname + "', Mi = '" + MI + "', Email = '" + Email + "' where AccountId = " + AccountId;
} else {
// Okay, password needs changing. Set query accordingly.
query = "update Account set Fname = '" + Fname + "', Lname = '" + Lname + "', Mi = '" + MI + "', Email = '" + Email + "', Password = password('" + newpass + "') where AccountId = " + AccountId;
}
// Send changes to the database.
sessionbase.doUpdate(query, SessionId);
// Changes must have worked. Print success page.
sessionbase.printTop(out, 3);
out.println("![\"BSE](\"")
");
out.println("Success
");
out.println("Your account information has been modified.
");
sessionbase.printBot(out, SessionId, 1);
out.close();
} else {
sessionbase.printTop(out, 3);
out.println("
");
out.println("" + Message + "");
out.println("");
sessionbase.printBot(out, SessionId, 1);
}
}
} else if(task.equals("modinfo")) {
String Phone = request.getParameter("Phone");
String Fax = request.getParameter("Fax");
String Cell = request.getParameter("Cell");
String Address = request.getParameter("Address");
String State = request.getParameter("State");
String City = request.getParameter("City");
String Zip = request.getParameter("Zip");
String Bio = request.getParameter("Bio");
String query = (String)null;
// Retrieve AccountId
AccountId = sessionbase.getAccountId(SessionId);
if (AccountId == null) {
response.sendRedirect(ServletURL + ".nonMember?task=LI&Type=1");
} else {
// Query to update profile
query = "update Personal set Phone = '" + Phone + "', Fax = '" + Fax + "', Cell = '" + Cell + "', Address = '" + Address + "', State = '" + State + "', City = '" + City + "', Zip = '" + Zip + "', Bio = '" + Bio + "' where AccountId = " + AccountId;
sessionbase.doQuery(query, SessionId);
// Everything seems to have worked, output a success
// message to the user.
// Set up output stream
response.setContentType("text/html");
PrintWriter out = response.getWriter();
sessionbase.printTop(out, 3);
out.println("
");
out.println("Success
");
out.println("Personal information has been updated.
");
sessionbase.printBot(out, SessionId, 1);
out.close();
}
} else {
// Someone must have passed an invalid task into the servlet.
// Set up output stream
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("Error");
out.println("Invalid Task
");
out.println("Main BSE page");
out.close();
}
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
String AccountId = (String)null;
// Extract variable that tells what task we are to perform
String task = "";
task = request.getParameter("task");
// Get the SessionID to make sure the user is logged in
HttpSession session = request.getSession();
String SessionId = session.getId();
// Retrieve AccountId
AccountId = sessionbase.getAccountId(SessionId);
if (AccountId == null && !task.equals("help")) {
response.sendRedirect(ServletURL + ".nonMember?task=LI&Type=1");
} else {
ResultSet result;
// Initialize the output stream
response.setContentType("text/html");
PrintWriter out = response.getWriter();
if (task.equals("profile")) {
// We must want to edit the profile
// Initialize variables for the form
String Fname = (String)null;
String Mi = (String)null;
String Lname = (String)null;
String Uname = (String)null;
String pass = (String)null;
String Email = (String)null;
// Query the database for user information. If user is not
// logged in it will simply return null values.
String query="select * from Account where AccountId = " + AccountId;
result = sessionbase.doQuery(query, SessionId);
try {
while(result.next()) {
// Retrieve values from the resultset
Fname = result.getString("Fname");
Mi = result.getString("Mi");
Lname = result.getString("Lname");
Uname = result.getString("Username");
Email = result.getString("Email");
}
} catch(Exception e) {
e.printStackTrace();
}
// Check to see if user is logged in.
if (!Fname.equals(null)) {
// Output form for user data.
sessionbase.printTop(out, 3);
out.println("
");
out.println("");
sessionbase.printBot(out, SessionId, 1);
} else {
// Fname is null, database must not have had a record for the
// user. Direct them to an error page instructing login need.
response.sendRedirect(ServletURL + ".nonMember?task=LI&Type=1");
// Close the output stream
out.close();
}
} else if(task.equals("help")) {
String Typ = request.getParameter("Type");
Integer intConv = new Integer(Typ);
int Type = intConv.intValue();
if (Type == 1) {
sessionbase.printTop(out, 1);
} else if (Type == 2) {
sessionbase.printTop(out, 11);
} else if (Type == 3) {
sessionbase.printTop(out, 21);
}
out.println("Help files have not been created yet.");
sessionbase.printBot(out, "", Type);
out.close();
} else if(task.equals("Account")) {
sessionbase.printTop(out, 3);
out.println("
");
out.println("Account Information for " + sessionbase.getUsername(SessionId) + ".
");
out.println("Account Info allows you to change several of the settings for your account including your Password, Email addres, Name, and so on.
");
out.println("° Account Info
");
sessionbase.printBot(out, SessionId, 1);
out.close();
} else if(task.equals("info")) {
// Routine to edit user's personal info.
// Retrieve AccountId
try {
AccountId = sessionbase.getAccountId(SessionId);
} catch (NullPointerException e) {
response.sendRedirect(ServletURL + ".nonMember?task=LI&Type=1");
}
// Initialize variables for the form
String Phone = "";
String Fax = "";
String Cell = "";
String Address = "";
String State = "";
String City = "";
String Zip = "";
String Bio = "";
// Query the database for user information. If user is not
// logged in it will simply return null values.
String query="select * from Personal where AccountId = " + AccountId;
result = sessionbase.doQuery(query, SessionId);
try {
while(result.next()) {
// Retrieve values from the resultset
Phone = result.getString("Phone");
Fax = result.getString("Fax");
Cell = result.getString("Cell");
Address = result.getString("Address");
State = result.getString("State");
City = result.getString("City");
Zip = result.getString("Zip");
Bio = result.getString("Bio");
}
} catch(Exception e) {
e.printStackTrace();
}
// Output form for user data
sessionbase.printTop(out, 3);
out.println("
");
out.println("");
out.println("The information on this page is all strictly optional and is");
out.println("simply for our records.
");
out.println("");
sessionbase.printBot(out, SessionId, 1);
out.close();
} else {
// An invalid task must have been selected. Output an error.
out.println("Error");
out.println("");
out.println("Invalid task");
out.println("Main BSE page");
out.close();
}
}
}
static public void reload() {
SystemURL = sessionbase.getURL();
ServletURL = sessionbase.getServletURL();
SystemEmail = sessionbase.getEmail();
SystemPath = sessionbase.getPath();
SystemName = sessionbase.getName();
SystemShortName = sessionbase.getShortName();
}
}