public JSONObject deleteQuestion(JSONRPC2Request req, HttpServletRequest request)
      throws JSONRPC2Error, Exception {
    // create json object for the result
    JSONObject jsonDeleteQuestion = new JSONObject();

    // get question id
    Map<String, Object> params = req.getNamedParams();
    NamedParamsRetriever np = new NamedParamsRetriever(params);
    Map<String, Object> qParams = np.getMap("question");
    NamedParamsRetriever questionNp = new NamedParamsRetriever(qParams);
    int questionId = questionNp.getInt("id");
    int qOwnwerId = questionNp.getInt("ownerId");

    User u = getCurrentUser(request);

    // check for user privilleges
    if (u.getId() == qOwnwerId) {
      // remove question from database

      QuestionController.deleteQuestion(questionId);

      // send result
      return jsonDeleteQuestion;
    } else {

      System.out.println("current user id: " + u.getId());
      System.out.println("question owner id: " + qOwnwerId);
      throw new Exception("no privileges");
    }
  }
  public JSONObject updateQuestion(JSONRPC2Request req, HttpServletRequest request)
      throws JSONRPC2Error, Exception {
    JSONObject jsonUpdateQuestion = new JSONObject();

    // get question
    Map<String, Object> params = req.getNamedParams();
    NamedParamsRetriever np = new NamedParamsRetriever(params);
    Map<String, Object> qParams = np.getMap("question");
    NamedParamsRetriever questionNp = new NamedParamsRetriever(qParams);
    int questionId = questionNp.getInt("id");
    String questionBody = questionNp.getString("body");
    String questionAnswer = questionNp.getString("answer");

    int qOwnerId = questionNp.getInt("ownerId");

    User u = getCurrentUser(request);

    // check if this is the owner of the question
    if (u.getId() == qOwnerId) {
      // update question in database
      Question qUpdated =
          QuestionController.updateQuestion(questionId, questionBody, questionAnswer);

      // return result
      jsonUpdateQuestion.put("question", qUpdated.toJSONObject());
      return jsonUpdateQuestion;
    } else {
      throw new Exception("no privileges");
    }
  }
  public JSONObject deleteTest(JSONRPC2Request req, HttpServletRequest request)
      throws JSONRPC2Error, Exception {
    // create json object for the result
    JSONObject jsonDeleteTest = new JSONObject();

    // get question id
    Map<String, Object> params = req.getNamedParams();
    NamedParamsRetriever np = new NamedParamsRetriever(params);
    Map<String, Object> tParams = np.getMap("test");
    NamedParamsRetriever testNp = new NamedParamsRetriever(tParams);
    int testId = testNp.getInt("id");
    int tOwnerId = testNp.getInt("ownerId");

    User u = getCurrentUser(request);

    // check for privileges
    if (u.getId() == tOwnerId) {

      // remove question from database
      TestController.deleteTest(testId);

      // send result
      return jsonDeleteTest;
    } else {
      throw new Exception("no privileges");
    }
  }
  public JSONObject addQuestion(JSONRPC2Request req, HttpServletRequest request)
      throws JSONRPC2Error {
    // json object for the result
    JSONObject jsonAddQuestion = new JSONObject();

    // get question
    System.out.println(req.toString());
    Map<String, Object> params = req.getNamedParams();
    NamedParamsRetriever np = new NamedParamsRetriever(params);
    Map<String, Object> qParams = np.getMap("question");
    NamedParamsRetriever questionNp = new NamedParamsRetriever(qParams);
    String body = questionNp.getString("body");
    String answer = questionNp.getString("answer");

    // get user
    User u = getCurrentUser(request);
    int userID = (int) u.getId();
    System.out.println("current user id" + userID);

    // return ID of Question if added successfully
    Question q = QuestionController.addQuestion(body, answer, userID);

    jsonAddQuestion.put("question", q.toJSONObject());

    return jsonAddQuestion;
  }
  public JSONObject updateTest(JSONRPC2Request req, HttpServletRequest request)
      throws JSONRPC2Error, Exception {
    JSONObject jsonUpdateTest = new JSONObject();

    // get question
    Map<String, Object> params = req.getNamedParams();
    NamedParamsRetriever np = new NamedParamsRetriever(params);
    Map<String, Object> tParams = np.getMap("test");
    NamedParamsRetriever testNp = new NamedParamsRetriever(tParams);
    int testId = testNp.getInt("id");
    String testName = testNp.getString("name");
    int tOwnerId = testNp.getInt("ownerId");

    User u = getCurrentUser(request);

    // check for privileges
    if (u.getId() == tOwnerId) {
      // update question in database
      Test testUpdated = TestController.updateTest(testId, testName);

      // return result
      jsonUpdateTest.put("updatedTest", testUpdated.toJSONObject());

      return jsonUpdateTest;
    } else {
      throw new Exception("no privileges");
    }
  }
  public JSONObject removeTestQuestion(JSONRPC2Request req, HttpServletRequest request)
      throws Exception, SQLException {
    JSONObject jsonResult = new JSONObject();

    // set retrievers
    Map<String, Object> params = req.getNamedParams();
    NamedParamsRetriever np = new NamedParamsRetriever(params);
    Map<String, Object> tParams = np.getMap("test");
    NamedParamsRetriever testNp = new NamedParamsRetriever(tParams);
    Map<String, Object> qParams = np.getMap("question");
    NamedParamsRetriever questNp = new NamedParamsRetriever(qParams);

    MySQLDAO dao = new MySQLDAO();
    Test t = dao.loadTest(testNp.getInt(("id")));
    dao = new MySQLDAO();
    Question q = dao.loadQuestion(questNp.getInt("id"));

    User u = getCurrentUser(request);

    if (u.getId() == t.getOwnerId()) {
      dao = new MySQLDAO();
      t = dao.deleteTestQuestion(t, q);
    } else {
      throw new Exception("no privileges : you do not own this test");
    }

    JSONObject jsonTest = t.toJSONObject();
    JSONObject jsonQuestion = q.toJSONObject();

    jsonResult.put("test", jsonTest);
    jsonResult.put("question", jsonQuestion);

    return jsonResult;
  }
  public JSONObject addTestQuestion(JSONRPC2Request req, HttpServletRequest request)
      throws Exception, SQLException {
    JSONObject jsonResult = new JSONObject();

    // set retrievers
    Map<String, Object> params = req.getNamedParams();
    NamedParamsRetriever np = new NamedParamsRetriever(params);
    Map<String, Object> tParams = np.getMap("test");
    NamedParamsRetriever testNp = new NamedParamsRetriever(tParams);
    Map<String, Object> qParams = np.getMap("question");
    NamedParamsRetriever questNp = new NamedParamsRetriever(qParams);
    int tid = testNp.getInt(("id"));
    int qid = questNp.getInt(("id"));

    // load test and question
    MySQLDAO dao = new MySQLDAO();
    Test t = dao.loadTest(tid);
    dao = new MySQLDAO();
    Question q = dao.loadQuestion(qid);

    // load current user
    User u = getCurrentUser(request);

    if (u.getId() == t.getOwnerId()) {
      // check for duplicates
      boolean duplicate = false;
      for (Question quest : t.getQuestions()) {
        if (quest.getId() == qid) {
          duplicate = true;
        }
      }
      if (!duplicate) {
        dao = new MySQLDAO();
        t = dao.saveTestQuestion(t, q);
      }
    } else {
      throw new Exception("no privileges : you do not own this test!");
    }

    // set result
    JSONObject jsonTest = t.toJSONObject();
    JSONObject jsonQuestion = q.toJSONObject();

    jsonResult.put("test", jsonTest);
    jsonResult.put("question", jsonQuestion);

    return jsonResult;
  }
  public JSONObject loginUser(
      HttpServletRequest request, HttpServletResponse response, JSONRPC2Request jsonReq)
      throws Exception {
    // define new json for the result
    JSONObject jsonLogin = new JSONObject();
    // get user info
    Map<String, Object> params = jsonReq.getNamedParams();
    NamedParamsRetriever np = new NamedParamsRetriever(params);

    String password = PassEncript.PassHash(np.getString("password"));
    System.out.println("input pass " + password);

    String email = np.getString("email");

    // establish connection

    MySQLDAO dao = new MySQLDAO();

    // get user by email
    User u = new User();
    u = dao.loadUser(email);

    if (!(u.getEmail().equals(email))) {
      throw new Exception("incorrect email");
    } else {
      // check if password is correct
      if (u.getPassword().equals(password)) {
        // create sesssion and cookies
        HttpSession session = request.getSession();
        session.setAttribute("pass", TimeEncrpyt.TimeHash());
        System.out.println("session pass: "******"pass").toString());
        session.setAttribute("user", email);
        System.out.println("session user: "******"user").toString());
        session.setMaxInactiveInterval(30 * 60);
        Cookie pass = new Cookie("pass", TimeEncrpyt.TimeHash());
        System.out.println("cookie pass: "******"user", u.toJSONObject());
        return jsonLogin;
      } else {
        throw new Exception("password missmatch");
      }
    }
  }
  public JSONObject addTest(JSONRPC2Request req, HttpServletRequest request) throws JSONRPC2Error {
    // json object for the result
    JSONObject jsonAddTest = new JSONObject();

    // get test
    Map<String, Object> params = req.getNamedParams();
    NamedParamsRetriever np = new NamedParamsRetriever(params);
    Map<String, Object> tParams = np.getMap("test");
    NamedParamsRetriever testNp = new NamedParamsRetriever(tParams);
    String name = testNp.getString("name");

    // get user
    User u = getCurrentUser(request);
    int userID = (int) u.getId();

    // return test if added successfully
    Test t = TestController.addTest(name, userID);
    System.out.println("add test: " + t.toJSONObject().toString());
    jsonAddTest.put("test", t.toJSONObject());
    return jsonAddTest;
  }
  public JSONObject logoutUser(HttpServletRequest request) {
    // get session time stamp
    HttpSession session = request.getSession();
    String sessionPass = (String) session.getAttribute("pass");
    // get cookies
    Cookie[] cookies = request.getCookies();
    // search cookies for match and delete cookie if found
    if (cookies != null) {
      for (Cookie cookie : cookies) {
        if (cookie.getValue().equals(sessionPass)) {
          cookie.setMaxAge(0);
        }
      }
    }
    // invalidate session
    request.getSession().invalidate();

    // send result

    User u = getCurrentUser(request);
    JSONObject jsonLogout = new JSONObject();
    jsonLogout.put("user", u.toJSONObject());
    return jsonLogout;
  }
  public JSONObject registerUser(JSONRPC2Request request, JSONRPC2Response response)
      throws Exception {

    @SuppressWarnings("unused")
    JSONRPC2ParamsType paramsType = request.getParamsType();
    Map<String, Object> params = request.getNamedParams();
    NamedParamsRetriever np = new NamedParamsRetriever(params);
    JSONObject jsonRegistration = new JSONObject();
    // create new user
    User u = new User();

    // set params
    u.setName(np.getString("name"));
    u.setEmail(np.getString("email"));
    u.setPassword(PassEncript.PassHash(np.getString("password")));

    // add user
    MySQLDAO dao = new MySQLDAO();
    dao.insertUser(u);

    jsonRegistration.put("user", u.toJSONObject());

    return jsonRegistration;
  }