Ejemplo n.º 1
0
 /** checks database for this user */
 private boolean realAuthentication(HttpServletRequest request, ConnectionPool conPool)
     throws SQLException {
   // user authentication is required!
   User user = (User) request.getSession().getAttribute(StringInterface.USERATTR);
   if (user == null) {
     return false;
   }
   Connection con = conPool.getConnection();
   boolean authenticated = false;
   try {
     authenticated = userUtils.confirmUserWithEncrypted(user.getID(), user.getEncrypted(), con);
   } catch (Exception e) {
     throw new SQLException(e.getMessage());
   } finally {
     conPool.free(con);
     con = null;
   }
   return authenticated;
 } // end realAuthentication
Ejemplo n.º 2
0
  private String processRequest(
      HttpServletRequest request, HttpServletResponse response, ConnectionPool conPool)
      throws Exception {
    // getting id parameters
    ParameterParser parameter = new ParameterParser(request);
    String bookID = parameter.getString(bookInterface.FIELD_ID, null);
    String sellerID = parameter.getString(bookInterface.FIELD_SELLERID, null);
    String message = parameter.getString(FIELD_MESSAGE, null);
    int codeID = parameter.getInt(bookInterface.FIELD_HIDDENID, 0);
    // get buyer's user object
    User user = (User) request.getSession().getAttribute(StringInterface.USERATTR);
    // security feauture:
    // if one of ids is missing or incorrect return false
    if (bookID == null
        || sellerID == null
        || codeID == 0
        || bookID.length() != booksTable.ID_LENGTH
        || sellerID.length() != usersTable.ID_LENGTH
        || codeID != Math.abs(bookID.hashCode())) {
      return "We were unable to find the book you specified! Please make sure that the book id is correct.";
    }
    if (user.getID().equals(sellerID)) {
      return "You may not purchase an item from yourself!";
    }
    // get connection
    Connection con = conPool.getConnection();
    try {
      booksTable book = generalUtils.getBook(bookID, con);
      /*security feauture:
       *check seller id == passed hidden id
       *book != null
       */
      if (book == null || !book.getSellerID().equals(sellerID)) {
        return "We were unable to find the book you specified! Please make sure that the book id is correct.";
      }
      usersTable sellerInfo = userUtils.getUserInfo(sellerID, con);
      usersTable buyerInfo = userUtils.getUserInfo(user.getID(), con);
      collegeTable college = getCollege(book.getCollegeID() + "", con);
      // if still here continue
      if (message == null) {
        request.setAttribute(ATTR_BOOK, book);
        request.setAttribute(ATTR_SELLER, sellerInfo);
        request.setAttribute(ATTR_BUYER, buyerInfo);
        request.setAttribute(ATTR_COLLEGE, college.getFull());
        RequestDispatcher rd = getServletContext().getRequestDispatcher(PATH_BUY_CONFIRM);
        rd.include(request, response);
        return null;
      } else if (buy(book, user, con)) {
        // sending email to buyer
        request.setAttribute(mailInterface.USERATTR, buyerInfo.getUsername());
        request.setAttribute(mailInterface.EMAILATTR, buyerInfo.getEmail());
        request.setAttribute(mailInterface.BOOKATTR, book);
        request.setAttribute("book_id", bookID);
        request.setAttribute("seller_id", sellerID);

        RequestDispatcher rd = getServletContext().getRequestDispatcher(PATHBIDCONFIRMATION);
        rd.include(request, response);
        // sending email to seller
        request.setAttribute(ATTR_COLLEGE, college.getFull());
        request.setAttribute(mailInterface.USERATTR, sellerInfo.getUsername());
        request.setAttribute(mailInterface.EMAILATTR, sellerInfo.getEmail());
        request.setAttribute(mailInterface.MESSAGEATTR, message);
        request.setAttribute(mailInterface.BOOKATTR, book);
        request.setAttribute(mailInterface.MOREATTR, buyerInfo);

        request.setAttribute("book_id", bookID);
        request.setAttribute("buyer_id", user.getID());
        rd = getServletContext().getRequestDispatcher(PATHBOOKUPDATE);
        rd.include(request, response);
        // showing success message
        rd = getServletContext().getRequestDispatcher(PATH_BUY_SUCCESS);
        rd.include(request, response);
        return null;
      } else {
        throw new Exception("failed to process with buy");
      }
    } catch (Exception e) {
      throw e;
    } finally {
      // recycle
      conPool.free(con);
      con = null;
    }
  }
Ejemplo n.º 3
0
 /** moves data into certain tables to simulate the buying process */
 private boolean buy(booksTable book, User buyer, Connection con) throws SQLException {
   try {
     Statement st = con.createStatement();
     /*all parameters are considered to be full--
      *book is completed and so as buyer object
      */
     con.setAutoCommit(false);
     // 1st add purchase to buyers table
     st.addBatch(
         "INSERT INTO "
             + TABLEBUYERS
             + " ("
             + buyersTable.BOOKID
             + ","
             + buyersTable.BUYERID
             + ","
             + buyersTable.DATE
             + ") values (\""
             + book.getID()
             + "\",\""
             + buyer.getID()
             + "\",\""
             + new DateObject().getDate()
             + "\")");
     // 2nd add the book to old books
     String[] oldbooksFields = {
       oldBooksTable.SELLERID, oldBooksTable.BUYERID,
       oldBooksTable.BOOKID, oldBooksTable.TITLE,
       oldBooksTable.AUTHOR, oldBooksTable.ISBN,
       oldBooksTable.CONDITION, oldBooksTable.PRICE,
       oldBooksTable.COMMENT, oldBooksTable.COLLEGE,
       oldBooksTable.DATE
     };
     String[] oldbooksValues = {
       book.getSellerID(),
       buyer.getID(),
       book.getID(),
       book.getTitle(),
       book.getAuthor(),
       book.getISBN(),
       book.getCondition() + "",
       book.getPrice() + "",
       book.getComment(),
       book.getCollegeID() + "",
       new DateObject().getDate()
     };
     st.addBatch(
         "INSERT INTO "
             + TABLEOLDBOOKS
             + " ("
             + sqlUtils.sql_fields(oldbooksFields)
             + ") values ("
             + sqlUtils.sql_values(oldbooksValues)
             + ")");
     // 3rd delete record from booksTable
     st.addBatch(
         "DELETE FROM " + TABLEBOOKS + " WHERE " + booksTable.ID + " = '" + book.getID() + "'");
     // execute all 3 steps and set auto commit mode
     int[] updateCounts = st.executeBatch();
     if (updateCounts[0] == 1 && updateCounts[1] == 1 && updateCounts[2] == 1) {
       return true;
     } else {
       return false;
     }
   } catch (SQLException e) {
     log.writeException(e.getMessage());
     throw e;
   } finally {
     con.setAutoCommit(true);
   }
 }