private String processRequest( HttpServletRequest request, HttpServletResponse response, ConnectionPool conPool) throws Exception { // getting id parameters ParameterParser parameter = new ParameterParser(request); String bookID = parameter.getString(bookInterface.FIELD_ID, null); String sellerID = parameter.getString(bookInterface.FIELD_SELLERID, null); String message = parameter.getString(FIELD_MESSAGE, null); int codeID = parameter.getInt(bookInterface.FIELD_HIDDENID, 0); // get buyer's user object User user = (User) request.getSession().getAttribute(StringInterface.USERATTR); // security feauture: // if one of ids is missing or incorrect return false if (bookID == null || sellerID == null || codeID == 0 || bookID.length() != booksTable.ID_LENGTH || sellerID.length() != usersTable.ID_LENGTH || codeID != Math.abs(bookID.hashCode())) { return "We were unable to find the book you specified! Please make sure that the book id is correct."; } if (user.getID().equals(sellerID)) { return "You may not purchase an item from yourself!"; } // get connection Connection con = conPool.getConnection(); try { booksTable book = generalUtils.getBook(bookID, con); /*security feauture: *check seller id == passed hidden id *book != null */ if (book == null || !book.getSellerID().equals(sellerID)) { return "We were unable to find the book you specified! Please make sure that the book id is correct."; } usersTable sellerInfo = userUtils.getUserInfo(sellerID, con); usersTable buyerInfo = userUtils.getUserInfo(user.getID(), con); collegeTable college = getCollege(book.getCollegeID() + "", con); // if still here continue if (message == null) { request.setAttribute(ATTR_BOOK, book); request.setAttribute(ATTR_SELLER, sellerInfo); request.setAttribute(ATTR_BUYER, buyerInfo); request.setAttribute(ATTR_COLLEGE, college.getFull()); RequestDispatcher rd = getServletContext().getRequestDispatcher(PATH_BUY_CONFIRM); rd.include(request, response); return null; } else if (buy(book, user, con)) { // sending email to buyer request.setAttribute(mailInterface.USERATTR, buyerInfo.getUsername()); request.setAttribute(mailInterface.EMAILATTR, buyerInfo.getEmail()); request.setAttribute(mailInterface.BOOKATTR, book); request.setAttribute("book_id", bookID); request.setAttribute("seller_id", sellerID); RequestDispatcher rd = getServletContext().getRequestDispatcher(PATHBIDCONFIRMATION); rd.include(request, response); // sending email to seller request.setAttribute(ATTR_COLLEGE, college.getFull()); request.setAttribute(mailInterface.USERATTR, sellerInfo.getUsername()); request.setAttribute(mailInterface.EMAILATTR, sellerInfo.getEmail()); request.setAttribute(mailInterface.MESSAGEATTR, message); request.setAttribute(mailInterface.BOOKATTR, book); request.setAttribute(mailInterface.MOREATTR, buyerInfo); request.setAttribute("book_id", bookID); request.setAttribute("buyer_id", user.getID()); rd = getServletContext().getRequestDispatcher(PATHBOOKUPDATE); rd.include(request, response); // showing success message rd = getServletContext().getRequestDispatcher(PATH_BUY_SUCCESS); rd.include(request, response); return null; } else { throw new Exception("failed to process with buy"); } } catch (Exception e) { throw e; } finally { // recycle conPool.free(con); con = null; } }
/** moves data into certain tables to simulate the buying process */ private boolean buy(booksTable book, User buyer, Connection con) throws SQLException { try { Statement st = con.createStatement(); /*all parameters are considered to be full-- *book is completed and so as buyer object */ con.setAutoCommit(false); // 1st add purchase to buyers table st.addBatch( "INSERT INTO " + TABLEBUYERS + " (" + buyersTable.BOOKID + "," + buyersTable.BUYERID + "," + buyersTable.DATE + ") values (\"" + book.getID() + "\",\"" + buyer.getID() + "\",\"" + new DateObject().getDate() + "\")"); // 2nd add the book to old books String[] oldbooksFields = { oldBooksTable.SELLERID, oldBooksTable.BUYERID, oldBooksTable.BOOKID, oldBooksTable.TITLE, oldBooksTable.AUTHOR, oldBooksTable.ISBN, oldBooksTable.CONDITION, oldBooksTable.PRICE, oldBooksTable.COMMENT, oldBooksTable.COLLEGE, oldBooksTable.DATE }; String[] oldbooksValues = { book.getSellerID(), buyer.getID(), book.getID(), book.getTitle(), book.getAuthor(), book.getISBN(), book.getCondition() + "", book.getPrice() + "", book.getComment(), book.getCollegeID() + "", new DateObject().getDate() }; st.addBatch( "INSERT INTO " + TABLEOLDBOOKS + " (" + sqlUtils.sql_fields(oldbooksFields) + ") values (" + sqlUtils.sql_values(oldbooksValues) + ")"); // 3rd delete record from booksTable st.addBatch( "DELETE FROM " + TABLEBOOKS + " WHERE " + booksTable.ID + " = '" + book.getID() + "'"); // execute all 3 steps and set auto commit mode int[] updateCounts = st.executeBatch(); if (updateCounts[0] == 1 && updateCounts[1] == 1 && updateCounts[2] == 1) { return true; } else { return false; } } catch (SQLException e) { log.writeException(e.getMessage()); throw e; } finally { con.setAutoCommit(true); } }