@Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // get a connection ConnectionPool pool = ConnectionPool.getInstance(); Connection connection = pool.getConnection(); String sqlStatement = request.getParameter("sqlStatement"); String sqlResult = ""; try { // create a statement Statement statement = connection.createStatement(); // parse the SQL string sqlStatement = sqlStatement.trim(); if (sqlStatement.length() >= 6) { String sqlType = sqlStatement.substring(0, 6); if (sqlType.equalsIgnoreCase("select")) { // create the HTML for the result set ResultSet resultSet = statement.executeQuery(sqlStatement); sqlResult = SQLUtil.getHtmlTable(resultSet); resultSet.close(); } else { int i = statement.executeUpdate(sqlStatement); if (i == 0) { sqlResult = "<p>The statement executed successfully.</p>"; } else { // an INSERT, UPDATE, or DELETE statement sqlResult = "<p>The statement executed successfully.<br>" + i + " row(s) affected.</p>"; } } } statement.close(); connection.close(); } catch (SQLException e) { sqlResult = "<p>Error executing the SQL statement: <br>" + e.getMessage() + "</p>"; } finally { pool.freeConnection(connection); } HttpSession session = request.getSession(); session.setAttribute("sqlResult", sqlResult); session.setAttribute("sqlStatement", sqlStatement); String url = "/index.jsp"; getServletContext().getRequestDispatcher(url).forward(request, response); }
/** checks database for this user */ private boolean realAuthentication(HttpServletRequest request, ConnectionPool conPool) throws SQLException { // user authentication is required! User user = (User) request.getSession().getAttribute(StringInterface.USERATTR); if (user == null) { return false; } Connection con = conPool.getConnection(); boolean authenticated = false; try { authenticated = userUtils.confirmUserWithEncrypted(user.getID(), user.getEncrypted(), con); } catch (Exception e) { throw new SQLException(e.getMessage()); } finally { conPool.free(con); con = null; } return authenticated; } // end realAuthentication
public void doGet(HttpServletRequest request, HttpServletResponse response) { response.setContentType("text/html"); PrintWriter webPageOutput = null; try { webPageOutput = response.getWriter(); } catch (IOException error) { Routines.writeToLog(servletName, "getWriter error : " + error, false, context); } HttpSession session = request.getSession(); session.setAttribute("redirect", request.getRequestURL() + "?" + request.getQueryString()); Connection database = null; try { database = pool.getConnection(servletName); } catch (SQLException error) { Routines.writeToLog(servletName, "Unable to connect to database : " + error, false, context); } if (Routines.loginCheck(true, request, response, database, context)) { return; } String server = context.getInitParameter("server"); boolean liveSever = false; if (server == null) { server = ""; } if (server.equals("live")) { response.setHeader("Refresh", "60"); } Routines.WriteHTMLHead( "View System Log", // title false, // showMenu 13, // menuHighLight false, // seasonsMenu false, // weeksMenu false, // scores false, // standings false, // gameCenter false, // schedules false, // previews false, // teamCenter false, // draft database, // database request, // request response, // response webPageOutput, // webPageOutput context); // context webPageOutput.println("<CENTER>"); webPageOutput.println( "<IMG SRC=\"../Images/Admin.gif\"" + " WIDTH='125' HEIGHT='115' ALT='Admin'>"); webPageOutput.println("</CENTER>"); pool.returnConnection(database); webPageOutput.println(Routines.spaceLines(1)); Routines.tableStart(false, webPageOutput); Routines.tableHeader("System Log", 0, webPageOutput); Routines.tableDataStart(true, false, false, true, true, 0, 0, "scoresrow", webPageOutput); boolean firstLine = true; int numOfLines = 0; try { String file = context.getRealPath("/"); FileReader logFile = new FileReader(file + "/Data/log.txt"); BufferedReader logFileBuffer = new BufferedReader(logFile); boolean endOfFile = false; while (!endOfFile) { String logFileText = logFileBuffer.readLine(); if (logFileText == null) { endOfFile = true; } else { if (firstLine) { firstLine = false; } else { webPageOutput.println(Routines.spaceLines(1)); } numOfLines++; webPageOutput.println(logFileText); } } logFileBuffer.close(); } catch (IOException error) { Routines.writeToLog(servletName, "Problem with log file : " + error, false, context); } Routines.tableDataEnd(false, true, true, webPageOutput); Routines.tableEnd(webPageOutput); if (numOfLines < 20) { webPageOutput.println(Routines.spaceLines(20 - numOfLines)); } Routines.WriteHTMLTail(request, response, webPageOutput); }
private String processRequest( HttpServletRequest request, HttpServletResponse response, ConnectionPool conPool) throws Exception { // getting id parameters ParameterParser parameter = new ParameterParser(request); String bookID = parameter.getString(bookInterface.FIELD_ID, null); String sellerID = parameter.getString(bookInterface.FIELD_SELLERID, null); String message = parameter.getString(FIELD_MESSAGE, null); int codeID = parameter.getInt(bookInterface.FIELD_HIDDENID, 0); // get buyer's user object User user = (User) request.getSession().getAttribute(StringInterface.USERATTR); // security feauture: // if one of ids is missing or incorrect return false if (bookID == null || sellerID == null || codeID == 0 || bookID.length() != booksTable.ID_LENGTH || sellerID.length() != usersTable.ID_LENGTH || codeID != Math.abs(bookID.hashCode())) { return "We were unable to find the book you specified! Please make sure that the book id is correct."; } if (user.getID().equals(sellerID)) { return "You may not purchase an item from yourself!"; } // get connection Connection con = conPool.getConnection(); try { booksTable book = generalUtils.getBook(bookID, con); /*security feauture: *check seller id == passed hidden id *book != null */ if (book == null || !book.getSellerID().equals(sellerID)) { return "We were unable to find the book you specified! Please make sure that the book id is correct."; } usersTable sellerInfo = userUtils.getUserInfo(sellerID, con); usersTable buyerInfo = userUtils.getUserInfo(user.getID(), con); collegeTable college = getCollege(book.getCollegeID() + "", con); // if still here continue if (message == null) { request.setAttribute(ATTR_BOOK, book); request.setAttribute(ATTR_SELLER, sellerInfo); request.setAttribute(ATTR_BUYER, buyerInfo); request.setAttribute(ATTR_COLLEGE, college.getFull()); RequestDispatcher rd = getServletContext().getRequestDispatcher(PATH_BUY_CONFIRM); rd.include(request, response); return null; } else if (buy(book, user, con)) { // sending email to buyer request.setAttribute(mailInterface.USERATTR, buyerInfo.getUsername()); request.setAttribute(mailInterface.EMAILATTR, buyerInfo.getEmail()); request.setAttribute(mailInterface.BOOKATTR, book); request.setAttribute("book_id", bookID); request.setAttribute("seller_id", sellerID); RequestDispatcher rd = getServletContext().getRequestDispatcher(PATHBIDCONFIRMATION); rd.include(request, response); // sending email to seller request.setAttribute(ATTR_COLLEGE, college.getFull()); request.setAttribute(mailInterface.USERATTR, sellerInfo.getUsername()); request.setAttribute(mailInterface.EMAILATTR, sellerInfo.getEmail()); request.setAttribute(mailInterface.MESSAGEATTR, message); request.setAttribute(mailInterface.BOOKATTR, book); request.setAttribute(mailInterface.MOREATTR, buyerInfo); request.setAttribute("book_id", bookID); request.setAttribute("buyer_id", user.getID()); rd = getServletContext().getRequestDispatcher(PATHBOOKUPDATE); rd.include(request, response); // showing success message rd = getServletContext().getRequestDispatcher(PATH_BUY_SUCCESS); rd.include(request, response); return null; } else { throw new Exception("failed to process with buy"); } } catch (Exception e) { throw e; } finally { // recycle conPool.free(con); con = null; } }