Ejemplo n.º 1
0
 public void service(HttpServletRequest request, HttpServletResponse response)
     throws ServletException {
   try {
     ConnectionPool conPool = getConnectionPool();
     if (!realAuthentication(request, conPool)) {
       String queryString = request.getQueryString();
       if (request.getQueryString() == null) {
         queryString = "";
       }
       // if user is not authenticated send to signin
       response.sendRedirect(
           response.encodeRedirectURL(URLAUTHSIGNIN + "?" + URLBUY + "?" + queryString));
     } else {
       response.setHeader("Cache-Control", "no-cache");
       response.setHeader("Expires", "0");
       response.setHeader("Pragma", "no-cache");
       response.setContentType("text/html");
       String errorMessage = processRequest(request, response, conPool);
       if (errorMessage != null) {
         request.setAttribute(StringInterface.ERRORPAGEATTR, errorMessage);
         RequestDispatcher rd = getServletContext().getRequestDispatcher(PATHUSERERROR);
         rd.include(request, response);
       }
     }
   } catch (Exception e) {
     throw new ServletException(e);
   }
 }
Ejemplo n.º 2
0
 public void service(HttpServletRequest request, HttpServletResponse response)
     throws IOException, ServletException {
   try {
     Driver driver = new com.mysql.jdbc.Driver();
     DriverManager.registerDriver(driver);
     Connection connection =
         DriverManager.getConnection("jdbc:mysql://127.0.0.1/school", "root", "password");
     PreparedStatement preparedStatement =
         connection.prepareStatement("update student set name=?, per=? where roll=?");
     preparedStatement.setString(1, request.getParameter("name"));
     preparedStatement.setFloat(2, Float.parseFloat(request.getParameter("per")));
     preparedStatement.setInt(3, Integer.parseInt(request.getParameter("roll")));
     preparedStatement.execute();
     preparedStatement.close();
     connection.close();
   } catch (SQLException e) {
     e.printStackTrace();
   }
   RequestDispatcher requestDispatcher = request.getRequestDispatcher("/Display");
   requestDispatcher.forward(request, response);
 }
 public void doGet(HttpServletRequest request, HttpServletResponse response) {
   try {
     String comment = request.getParameter("comment");
     int answerId = Integer.parseInt(request.getParameter("answer_id"));
     Connection connection = GlobalResources.getConnection();
     Statement s;
     s = connection.createStatement();
     PreparedStatement preparedStatement;
     PreparedStatement preparedStatement1;
     preparedStatement =
         connection.prepareStatement("insert into comment(comment,answer_id) values(?,?)");
     preparedStatement.setString(1, comment);
     preparedStatement.setInt(2, answerId);
     preparedStatement.executeUpdate();
     preparedStatement.close();
     connection.close();
     RequestDispatcher requestDispatcher;
     requestDispatcher = request.getRequestDispatcher("/studenthome.jsp");
     requestDispatcher.forward(request, response);
   } catch (Exception e) {
   }
 }
Ejemplo n.º 4
0
 public void doPost(HttpServletRequest request, HttpServletResponse response)
     throws ServletException, IOException {
   Integer etat = (Integer) request.getSession().getAttribute("etat");
   if (etat == null) {
     RequestDispatcher dispatcher = request.getRequestDispatcher("/login.jsp");
     dispatcher.forward(request, response);
   } else {
     try {
       String titre = request.getParameter("titre");
       String dateSortie = request.getParameter("dateSortie");
       String nom = request.getParameter("nom");
       String role = request.getParameter("role");
       // conversion du parametre dateSortie en SQLDate
       Date date;
       try {
         date = new Date(FormatDate.convertirDate(dateSortie).getTime());
       } catch (ParseException e) {
         throw new Tp6Exception(
             "Format de la date " + dateSortie + " incorrect. AAAA-MM-JJ attendue.");
       }
       // executer la transaction
       GestionTp6 tp6Update = (GestionTp6) request.getSession().getAttribute("tp6Update");
       synchronized (tp6Update) {
         tp6Update.gestionFilm.ajoutActeurFilm(titre, date, nom, role);
       }
       RequestDispatcher dispatcher = request.getRequestDispatcher("/WEB-INF/menu.jsp");
       dispatcher.forward(request, response);
     } catch (Tp6Exception e) {
       List<String> listeMessageErreur = new LinkedList<String>();
       listeMessageErreur.add(e.toString());
       request.setAttribute("listeMessageErreur", listeMessageErreur);
       RequestDispatcher dispatcher = request.getRequestDispatcher("/WEB-INF/menu.jsp");
       dispatcher.forward(request, response);
     } catch (Exception e) {
       e.printStackTrace();
       response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.toString());
     }
   }
 }
Ejemplo n.º 5
0
  public void doGet(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    response.setContentType("text/html");
    HttpSession session = request.getSession(false);
    String reseller = null;
    if (session != null && session.getAttribute("reseller") != null)
      reseller = "%" + session.getAttribute("reseller") + "%";
    List<LicenseData> searchResult = null;
    if (reseller != null) {
      /*  session.setAttribute("fieldsearch", true);
      session.removeAttribute("datesearch");*/

      if (request.getParameter("so") != null && !request.getParameter("so").isEmpty()) {

        log.info(
            "Search Fields : Sales Order Search "
                + request.getParameter("so")
                + " for reseller "
                + session.getAttribute("reseller"));

        searchResult = getSearchByFieldResults(reseller, request.getParameter("so"), "so");

        session.setAttribute("so", request.getParameter("so"));
        session.removeAttribute("enduser");
        session.removeAttribute("ek");
        session.setAttribute("label", "Sales Order");
        session.setAttribute("value", request.getParameter("so"));

      } else if (request.getParameter("enduser") != null
          && !request.getParameter("enduser").isEmpty()) {

        log.info(
            "Search Fields : End User Search "
                + request.getParameter("enduser")
                + " for reseller "
                + session.getAttribute("reseller"));

        searchResult =
            getSearchByFieldResults(reseller, request.getParameter("enduser"), "enduser");
        session.setAttribute("enduser", request.getParameter("enduser"));
        session.removeAttribute("so");
        session.removeAttribute("sno");
        session.removeAttribute("ek");
        session.setAttribute("label", "End User");
        session.setAttribute("value", request.getParameter("enduser"));

      } else if (request.getParameter("ek") != null && !request.getParameter("ek").isEmpty()) {

        log.info(
            "Search Fields : Entitlement Key Search "
                + request.getParameter("ek")
                + " for reseller "
                + session.getAttribute("reseller"));

        searchResult = getSearchByFieldResults(reseller, request.getParameter("ek"), "ek");
        session.setAttribute("ek", request.getParameter("ek"));
        session.removeAttribute("so");
        session.removeAttribute("sno");
        session.removeAttribute("enduser");
        session.setAttribute("label", "Entitlement Key");
        session.setAttribute("value", request.getParameter("ek"));

      } else if (request.getParameter("sno") != null && !request.getParameter("sno").isEmpty()) {

        log.info(
            "Search Fields : Serial Number Search "
                + request.getParameter("sno")
                + " for reseller "
                + session.getAttribute("reseller"));

        searchResult = getSearchByFieldResults(reseller, request.getParameter("sno"), "sno");
        session.setAttribute("sno", request.getParameter("sno"));
        session.removeAttribute("ek");
        session.removeAttribute("so");
        session.removeAttribute("enduser");
        request.setAttribute("sno", 1);
        session.setAttribute("label", "Serial Number");
        session.setAttribute("value", request.getParameter("sno"));

      } else if (request.getParameter("po") != null && !request.getParameter("po").isEmpty()) {

        log.info(
            "Search Fields : Purchase Order Search "
                + request.getParameter("po")
                + " for reseller "
                + session.getAttribute("reseller"));

        searchResult = getSearchByFieldResults(reseller, request.getParameter("po"), "po");
        session.setAttribute("po", request.getParameter("po"));
        session.setAttribute("label", "Purchase Order");
        session.setAttribute("value", request.getParameter("po"));

      } else if (request.getParameter("hm") != null && !request.getParameter("hm").isEmpty()) {

        log.info(
            "Search Fields : HM ID Search "
                + request.getParameter("hm")
                + " for reseller "
                + session.getAttribute("hm"));

        searchResult = getSearchByFieldResults(reseller, request.getParameter("hm"), "hm");
        session.setAttribute("hm", request.getParameter("hm"));
        session.setAttribute("label", "Hive Manager ID");
        session.setAttribute("value", request.getParameter("hm"));
      }

      session.setAttribute("fieldSearchList", searchResult);
      String nextJSP = "/viewFieldSearchResult.jsp";
      RequestDispatcher dispatcher = getServletContext().getRequestDispatcher(nextJSP);
      dispatcher.forward(request, response);
    } else {

      log.info("Search Fields : Reseller Blank  ");
      String nextJSP = "/login.jsp";
      RequestDispatcher dispatcher = getServletContext().getRequestDispatcher(nextJSP);
      dispatcher.forward(request, response);
    }
  }
Ejemplo n.º 6
0
 /** @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */
 @Override
 protected void doPost(HttpServletRequest request, HttpServletResponse response)
     throws ServletException, IOException {
   // TODO Auto-generated method stub
   boolean isSussed = false;
   LogClass RegisterBean = new LogClass(); // 创建javabean模型
   request.setAttribute("RegisterBean", RegisterBean); // 将会更新id是userBean的bean
   String logname = request.getParameter("sign_name").trim();
   String logpassword = request.getParameter("sign_password").trim();
   String logpassword2 = request.getParameter("sign_confirm_password").trim();
   if (logname == null) logname = "";
   if (logpassword == null) logpassword = "";
   if (!logpassword.equals(logpassword2)) {
     RegisterBean.setBackNews("两次密码不同,注册失败啦!要认真填哦!");
     RegisterBean.setSucced(false);
     isSussed = false;
     RequestDispatcher dispatcher = request.getRequestDispatcher("join.jsp");
     dispatcher.forward(request, response); // 转发
     return;
   }
   // 注册信息合法检查
   if (logname.length() > 0 && logpassword.length() > 5) { // 信息合法
     if (!getConnection.getConnection()) { // 连接数据库失败
       RegisterBean.setBackNews("数据库连接失败,数据库现在无法服务哦!!");
       RequestDispatcher dispatcher = request.getRequestDispatcher("join.jsp");
       dispatcher.forward(request, response); // 转发
       return;
     }
     try {
       String insertCondition = "INSERT INTO usr VALUES(?,?,?,?);";
       getConnection.prepareStatement(insertCondition);
       getConnection.getSql().setString(1, handleString(logname));
       getConnection.getSql().setString(2, handleString(logpassword));
       getConnection.getSql().setString(3, "user_");
       getConnection.getSql().setString(4, "true_");
       if (getConnection.getSql().executeUpdate() != 0) {
         RegisterBean.setBackNews("注册成功,用户名为:" + handleString(logname) + "密码:" + logpassword);
         RegisterBean.setSucced(true);
         isSussed = true;
         RegisterBean.setName(logname);
         RegisterBean.setPassword(logpassword);
       }
     } catch (SQLException e) {
       // TODO Auto-generated catch block
       //	e.printStackTrace();
       RegisterBean.setBackNews("用户名已经存在或格式有问题哟,请重新填写信息!");
       RegisterBean.setSucced(false);
       isSussed = false;
     }
   } else if (logname.length() <= 0) {
     RegisterBean.setBackNews("用户名长度不够,请重新填写哦!");
     RegisterBean.setSucced(false);
     isSussed = false;
   } else if (logpassword.length() < 6) {
     RegisterBean.setBackNews("密码长度不够,请重新填写哦!");
     RegisterBean.setSucced(false);
     isSussed = false;
   } else { // 信息不合法
     RegisterBean.setBackNews("信息填写不完整或名字中有非法字,请重新填写哦!");
     RegisterBean.setSucced(false);
     isSussed = false;
   }
   if (!isSussed) {
     RequestDispatcher dispatcher = request.getRequestDispatcher("join.jsp");
     dispatcher.forward(request, response); // 转发
   } else {
     RequestDispatcher dispatcher = request.getRequestDispatcher("hint.jsp");
     dispatcher.forward(request, response); // 转发
   }
 }
Ejemplo n.º 7
0
Archivo: Set1.java Proyecto: wangz/MYOA
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    request.setCharacterEncoding("gb2312");
    response.setContentType("text/html; charset=gb2312");
    out = response.getWriter();
    session = request.getSession();
    time = new Time();
    str = new Str();
    db = new Db();

    // 取得
    try {
      id = Integer.parseInt((String) request.getParameter("id"));
    } catch (Exception e) {
      id = 0;
    }
    password = request.getParameter("password");
    password = str.inStr(password);
    sqlsp = "SELECT * FROM password WHERE employeeid=" + id;
    sqlse = "SELECT employeeid FROM eminfo WHERE employeeid=" + id;
    sqlu =
        "UPDATE password SET time='"
            + time.getYMDHMS()
            + "',password='******' WHERE employeeid="
            + id;
    sqli =
        "INSERT INTO password(employeeid,password,time) VALUES("
            + id
            + ",'"
            + password
            + "','"
            + time.getYMDHMS()
            + "')";
    try {
      stmt = db.getStmtread();
      rs = stmt.executeQuery(sqlsp);
      // 不是第一次设置更新数据库
      if (rs.next()) {
        db.close();
        stmt = db.getStmt();
        temp = 0;
        temp = stmt.executeUpdate(sqlu);
        if (temp > 0) {
          request.setAttribute("msg", "设置成功");
        } else {
          request.setAttribute("msg", "设置失败");
        }
        db.close();
      } else {
        // 第一次设置
        db.close();
        temp = 0;
        stmt = db.getStmtread();
        rs = stmt.executeQuery(sqlse);
        if (rs.next()) {
          // id存在
          rs.close();
          stmt.close();
          temp = 0;
          stmt = db.getStmt();
          temp = stmt.executeUpdate(sqli);
          if (temp > 0) {
            request.setAttribute("msg", "设置成功");
          } else {
            request.setAttribute("msg", "设置失败");
          }
          db.close();
        } else {
          // id不存在
          db.close();
          request.setAttribute("msg", "员工序号不存在");
        }
      }
    } catch (SQLException e) {
      e.printStackTrace();
    } finally {
      RequestDispatcher dispatcher = request.getRequestDispatcher("set1.jsp");
      dispatcher.forward(request, response);
    }
  }
Ejemplo n.º 8
0
  /** @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */
  protected void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    // TODO Auto-generated method stub
    response.setContentType("text/html");

    Connection conn = null;
    System.out.println("Reached here 1");
    String driver = "sun.jdbc.odbc.JdbcOdbcDriver";
    String user = "";
    String userpass = "";
    String strQuery = "";

    Statement st = null;
    ResultSet rs = null;
    HttpSession session = request.getSession(true);

    try {
      Class.forName(driver);

      conn = DriverManager.getConnection("jdbc:odbc:test", "", "");

      if (request.getParameter("user") != null
          && request.getParameter("user") != ""
          && request.getParameter("userpass") != null
          && request.getParameter("userpass") != "") {
        user = request.getParameter("user").toString();
        userpass = request.getParameter("userpass").toString();
        strQuery = "select * from register ";

        st = conn.createStatement();
        System.out.println("Reached here 2");

        rs = st.executeQuery(strQuery);

        System.out.println("Reached here 3");
        String cpass = null;
        String name = null;
        while (rs.next()) {
          if (rs.getString(3).equals(user)) {
            name = rs.getString(1);
            cpass = rs.getString("pass");
            break;
          }
        }
        session.setAttribute("sname", name);

        System.out.println("Reached Here 4");

        StringBuffer q = pack.calc(userpass);
        String q1 = q.toString();
        System.out.println("Reached Here 5");
        if (cpass.equals(q1)) {

          RequestDispatcher rd =
              this.getServletConfig().getServletContext().getRequestDispatcher("/home.jsp");
          rd.forward(request, response);

        } else {
          RequestDispatcher rd =
              this.getServletConfig().getServletContext().getRequestDispatcher("/login5.jsp");
          rd.forward(request, response);
        }
      }

      conn.close();

    } catch (Exception e) {
      e.printStackTrace();
    }
  }
Ejemplo n.º 9
0
 @Override
 public void doPost(HttpServletRequest request, HttpServletResponse response)
     throws ServletException, IOException {
   out = response.getWriter();
   HttpSession session;
   String connectionURL = USERS_INFO;
   Connection connection = null;
   ResultSet rs;
   String email = "";
   String userName = "";
   String passwrd = "";
   String remoteAddr = "";
   response.setContentType("text/html");
   int error = 0;
   try {
     // Load the database driver
     Class.forName("com.mysql.jdbc.Driver");
     // Get a Connection to the database
     connection = DriverManager.getConnection(connectionURL, USERNAME, PASSWORD);
     // Add the data into the database
     String sql = "SELECT username, email FROM users";
     Statement s = connection.createStatement();
     s.executeQuery(sql);
     rs = s.getResultSet();
     while (rs.next()) {
       email = rs.getString("email");
       userName = rs.getString("username");
       if (email.equals(request.getParameter("email"))) {
         String message = "Email" + email + "already exists";
         request.setAttribute("RegisterMessage", message);
         RequestDispatcher view = request.getRequestDispatcher("signup.jsp");
         view.forward(request, response);
         error = 1;
       }
       if (userName.equals(request.getParameter("user"))) {
         String message = "Username '" + userName + "' already exists";
         request.setAttribute("RegisterMessage", message);
         RequestDispatcher view = request.getRequestDispatcher("signup.jsp");
         view.forward(request, response);
         error = 1;
       }
       if (error == 1) {
         break;
       }
     }
     passwrd = request.getParameter("pass");
     if (!passwrd.equalsIgnoreCase(request.getParameter("pass2"))) {
       String message = "Passwords don't match";
       request.setAttribute("RegisterMessage", message);
       RequestDispatcher view = request.getRequestDispatcher("signup.jsp");
       view.forward(request, response);
       error = 1;
     }
     remoteAddr = request.getRemoteAddr();
     // ReCaptchaImpl reCaptcha = new ReCaptchaImpl();
     // reCaptcha.setPrivateKey("6LezstoSAAAAAEE9lfB6TR2kEX81_peDt4n03K4l");
     // String challenge = request.getParameter("recaptcha_challenge_field");
     // String uresponse = request.getParameter("recaptcha_response_field");
     // ReCaptchaResponse reCaptchaResponse = reCaptcha.checkAnswer(remoteAddr, challenge,
     // uresponse);
     /*if (!reCaptchaResponse.isValid()) {
     print_wrong_once(error);
     out.print("<h2 align=\"center\">Validation code is wrong.</h2>");
     error = 1;
     }*/
     if (error == 1) {
       rs.close();
       s.close();
       return;
     } else {
       sql =
           "INSERT INTO users_info.users (`username`, `password`, `email`) VALUES ('"
               + request.getParameter("user")
               + "', '"
               + request.getParameter("pass")
               + "', '"
               + request.getParameter("email")
               + "')";
       s.executeUpdate(sql);
       File dir = new File(mainPath + "/" + request.getParameter("user"));
       dir.mkdir();
       session = request.getSession(true);
       session.setAttribute("username", request.getParameter("user"));
       response.sendRedirect(response.encodeRedirectURL("XmlParser"));
     }
     rs.close();
     s.close();
     connection.close();
   } catch (Exception e) {
     System.out.println("Unexpected error: " + e);
   }
 }
Ejemplo n.º 10
0
  private String processRequest(
      HttpServletRequest request, HttpServletResponse response, ConnectionPool conPool)
      throws Exception {
    // getting id parameters
    ParameterParser parameter = new ParameterParser(request);
    String bookID = parameter.getString(bookInterface.FIELD_ID, null);
    String sellerID = parameter.getString(bookInterface.FIELD_SELLERID, null);
    String message = parameter.getString(FIELD_MESSAGE, null);
    int codeID = parameter.getInt(bookInterface.FIELD_HIDDENID, 0);
    // get buyer's user object
    User user = (User) request.getSession().getAttribute(StringInterface.USERATTR);
    // security feauture:
    // if one of ids is missing or incorrect return false
    if (bookID == null
        || sellerID == null
        || codeID == 0
        || bookID.length() != booksTable.ID_LENGTH
        || sellerID.length() != usersTable.ID_LENGTH
        || codeID != Math.abs(bookID.hashCode())) {
      return "We were unable to find the book you specified! Please make sure that the book id is correct.";
    }
    if (user.getID().equals(sellerID)) {
      return "You may not purchase an item from yourself!";
    }
    // get connection
    Connection con = conPool.getConnection();
    try {
      booksTable book = generalUtils.getBook(bookID, con);
      /*security feauture:
       *check seller id == passed hidden id
       *book != null
       */
      if (book == null || !book.getSellerID().equals(sellerID)) {
        return "We were unable to find the book you specified! Please make sure that the book id is correct.";
      }
      usersTable sellerInfo = userUtils.getUserInfo(sellerID, con);
      usersTable buyerInfo = userUtils.getUserInfo(user.getID(), con);
      collegeTable college = getCollege(book.getCollegeID() + "", con);
      // if still here continue
      if (message == null) {
        request.setAttribute(ATTR_BOOK, book);
        request.setAttribute(ATTR_SELLER, sellerInfo);
        request.setAttribute(ATTR_BUYER, buyerInfo);
        request.setAttribute(ATTR_COLLEGE, college.getFull());
        RequestDispatcher rd = getServletContext().getRequestDispatcher(PATH_BUY_CONFIRM);
        rd.include(request, response);
        return null;
      } else if (buy(book, user, con)) {
        // sending email to buyer
        request.setAttribute(mailInterface.USERATTR, buyerInfo.getUsername());
        request.setAttribute(mailInterface.EMAILATTR, buyerInfo.getEmail());
        request.setAttribute(mailInterface.BOOKATTR, book);
        request.setAttribute("book_id", bookID);
        request.setAttribute("seller_id", sellerID);

        RequestDispatcher rd = getServletContext().getRequestDispatcher(PATHBIDCONFIRMATION);
        rd.include(request, response);
        // sending email to seller
        request.setAttribute(ATTR_COLLEGE, college.getFull());
        request.setAttribute(mailInterface.USERATTR, sellerInfo.getUsername());
        request.setAttribute(mailInterface.EMAILATTR, sellerInfo.getEmail());
        request.setAttribute(mailInterface.MESSAGEATTR, message);
        request.setAttribute(mailInterface.BOOKATTR, book);
        request.setAttribute(mailInterface.MOREATTR, buyerInfo);

        request.setAttribute("book_id", bookID);
        request.setAttribute("buyer_id", user.getID());
        rd = getServletContext().getRequestDispatcher(PATHBOOKUPDATE);
        rd.include(request, response);
        // showing success message
        rd = getServletContext().getRequestDispatcher(PATH_BUY_SUCCESS);
        rd.include(request, response);
        return null;
      } else {
        throw new Exception("failed to process with buy");
      }
    } catch (Exception e) {
      throw e;
    } finally {
      // recycle
      conPool.free(con);
      con = null;
    }
  }