@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// get a connection
ConnectionPool pool = ConnectionPool.getInstance();
Connection connection = pool.getConnection();
String sqlStatement = request.getParameter("sqlStatement");
String sqlResult = "";
try {
// create a statement
Statement statement = connection.createStatement();
// parse the SQL string
sqlStatement = sqlStatement.trim();
if (sqlStatement.length() >= 6) {
String sqlType = sqlStatement.substring(0, 6);
if (sqlType.equalsIgnoreCase("select")) {
// create the HTML for the result set
ResultSet resultSet = statement.executeQuery(sqlStatement);
sqlResult = SQLUtil.getHtmlTable(resultSet);
resultSet.close();
} else {
int i = statement.executeUpdate(sqlStatement);
if (i == 0) {
sqlResult = "<p>The statement executed successfully.</p>";
} else { // an INSERT, UPDATE, or DELETE statement
sqlResult = "<p>The statement executed successfully.<br>" + i + " row(s) affected.</p>";
}
}
}
statement.close();
connection.close();
} catch (SQLException e) {
sqlResult = "<p>Error executing the SQL statement: <br>" + e.getMessage() + "</p>";
} finally {
pool.freeConnection(connection);
}
HttpSession session = request.getSession();
session.setAttribute("sqlResult", sqlResult);
session.setAttribute("sqlStatement", sqlStatement);
String url = "/index.jsp";
getServletContext().getRequestDispatcher(url).forward(request, response);
}
/** checks database for this user */
private boolean realAuthentication(HttpServletRequest request, ConnectionPool conPool)
throws SQLException {
// user authentication is required!
User user = (User) request.getSession().getAttribute(StringInterface.USERATTR);
if (user == null) {
return false;
}
Connection con = conPool.getConnection();
boolean authenticated = false;
try {
authenticated = userUtils.confirmUserWithEncrypted(user.getID(), user.getEncrypted(), con);
} catch (Exception e) {
throw new SQLException(e.getMessage());
} finally {
conPool.free(con);
con = null;
}
return authenticated;
} // end realAuthentication
public void doGet(HttpServletRequest request, HttpServletResponse response) {
response.setContentType("text/html");
PrintWriter webPageOutput = null;
try {
webPageOutput = response.getWriter();
} catch (IOException error) {
Routines.writeToLog(servletName, "getWriter error : " + error, false, context);
}
HttpSession session = request.getSession();
session.setAttribute("redirect", request.getRequestURL() + "?" + request.getQueryString());
Connection database = null;
try {
database = pool.getConnection(servletName);
} catch (SQLException error) {
Routines.writeToLog(servletName, "Unable to connect to database : " + error, false, context);
}
if (Routines.loginCheck(true, request, response, database, context)) {
return;
}
String server = context.getInitParameter("server");
boolean liveSever = false;
if (server == null) {
server = "";
}
if (server.equals("live")) {
response.setHeader("Refresh", "60");
}
Routines.WriteHTMLHead(
"View System Log", // title
false, // showMenu
13, // menuHighLight
false, // seasonsMenu
false, // weeksMenu
false, // scores
false, // standings
false, // gameCenter
false, // schedules
false, // previews
false, // teamCenter
false, // draft
database, // database
request, // request
response, // response
webPageOutput, // webPageOutput
context); // context
webPageOutput.println("<CENTER>");
webPageOutput.println(
"<IMG SRC=\"../Images/Admin.gif\"" + " WIDTH='125' HEIGHT='115' ALT='Admin'>");
webPageOutput.println("</CENTER>");
pool.returnConnection(database);
webPageOutput.println(Routines.spaceLines(1));
Routines.tableStart(false, webPageOutput);
Routines.tableHeader("System Log", 0, webPageOutput);
Routines.tableDataStart(true, false, false, true, true, 0, 0, "scoresrow", webPageOutput);
boolean firstLine = true;
int numOfLines = 0;
try {
String file = context.getRealPath("/");
FileReader logFile = new FileReader(file + "/Data/log.txt");
BufferedReader logFileBuffer = new BufferedReader(logFile);
boolean endOfFile = false;
while (!endOfFile) {
String logFileText = logFileBuffer.readLine();
if (logFileText == null) {
endOfFile = true;
} else {
if (firstLine) {
firstLine = false;
} else {
webPageOutput.println(Routines.spaceLines(1));
}
numOfLines++;
webPageOutput.println(logFileText);
}
}
logFileBuffer.close();
} catch (IOException error) {
Routines.writeToLog(servletName, "Problem with log file : " + error, false, context);
}
Routines.tableDataEnd(false, true, true, webPageOutput);
Routines.tableEnd(webPageOutput);
if (numOfLines < 20) {
webPageOutput.println(Routines.spaceLines(20 - numOfLines));
}
Routines.WriteHTMLTail(request, response, webPageOutput);
}
private String processRequest(
HttpServletRequest request, HttpServletResponse response, ConnectionPool conPool)
throws Exception {
// getting id parameters
ParameterParser parameter = new ParameterParser(request);
String bookID = parameter.getString(bookInterface.FIELD_ID, null);
String sellerID = parameter.getString(bookInterface.FIELD_SELLERID, null);
String message = parameter.getString(FIELD_MESSAGE, null);
int codeID = parameter.getInt(bookInterface.FIELD_HIDDENID, 0);
// get buyer's user object
User user = (User) request.getSession().getAttribute(StringInterface.USERATTR);
// security feauture:
// if one of ids is missing or incorrect return false
if (bookID == null
|| sellerID == null
|| codeID == 0
|| bookID.length() != booksTable.ID_LENGTH
|| sellerID.length() != usersTable.ID_LENGTH
|| codeID != Math.abs(bookID.hashCode())) {
return "We were unable to find the book you specified! Please make sure that the book id is correct.";
}
if (user.getID().equals(sellerID)) {
return "You may not purchase an item from yourself!";
}
// get connection
Connection con = conPool.getConnection();
try {
booksTable book = generalUtils.getBook(bookID, con);
/*security feauture:
*check seller id == passed hidden id
*book != null
*/
if (book == null || !book.getSellerID().equals(sellerID)) {
return "We were unable to find the book you specified! Please make sure that the book id is correct.";
}
usersTable sellerInfo = userUtils.getUserInfo(sellerID, con);
usersTable buyerInfo = userUtils.getUserInfo(user.getID(), con);
collegeTable college = getCollege(book.getCollegeID() + "", con);
// if still here continue
if (message == null) {
request.setAttribute(ATTR_BOOK, book);
request.setAttribute(ATTR_SELLER, sellerInfo);
request.setAttribute(ATTR_BUYER, buyerInfo);
request.setAttribute(ATTR_COLLEGE, college.getFull());
RequestDispatcher rd = getServletContext().getRequestDispatcher(PATH_BUY_CONFIRM);
rd.include(request, response);
return null;
} else if (buy(book, user, con)) {
// sending email to buyer
request.setAttribute(mailInterface.USERATTR, buyerInfo.getUsername());
request.setAttribute(mailInterface.EMAILATTR, buyerInfo.getEmail());
request.setAttribute(mailInterface.BOOKATTR, book);
request.setAttribute("book_id", bookID);
request.setAttribute("seller_id", sellerID);
RequestDispatcher rd = getServletContext().getRequestDispatcher(PATHBIDCONFIRMATION);
rd.include(request, response);
// sending email to seller
request.setAttribute(ATTR_COLLEGE, college.getFull());
request.setAttribute(mailInterface.USERATTR, sellerInfo.getUsername());
request.setAttribute(mailInterface.EMAILATTR, sellerInfo.getEmail());
request.setAttribute(mailInterface.MESSAGEATTR, message);
request.setAttribute(mailInterface.BOOKATTR, book);
request.setAttribute(mailInterface.MOREATTR, buyerInfo);
request.setAttribute("book_id", bookID);
request.setAttribute("buyer_id", user.getID());
rd = getServletContext().getRequestDispatcher(PATHBOOKUPDATE);
rd.include(request, response);
// showing success message
rd = getServletContext().getRequestDispatcher(PATH_BUY_SUCCESS);
rd.include(request, response);
return null;
} else {
throw new Exception("failed to process with buy");
}
} catch (Exception e) {
throw e;
} finally {
// recycle
conPool.free(con);
con = null;
}
}