@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter writer = response.getWriter();
if (!ServletUtilities.checkExactlyOneSingletonInput(
request, new String[] {"adminUsername", "adminPassword", "restaurantId"})) {
writer.append("error");
return;
}
String username = request.getParameter("adminUsername");
String password = request.getParameter("adminPassword");
String restaurantId = request.getParameter("restaurantId");
try {
MySQLUtilities sql = new MySQLUtilities();
ResultSet rs;
if (username == null && password == null) {
// use restaurantId
rs =
sql.SelectSQL(
"SELECT menuId,menuName FROM MenuList WHERE restaurantId=" + restaurantId + ";");
} else {
// use username
rs =
sql.SelectSQL(
String.format(
"SELECT MenuList.menuId,MenuList.menuName "
+ "FROM MenuList INNER JOIN UserInfo "
+ "ON UserInfo.restaurantId=MenuList.restaurantId AND UserInfo.type='admin' "
+ "WHERE UserInfo.username='******' AND UserInfo.password='******';",
username, password));
}
while (rs.next()) {
writer.append(rs.getString(1));
writer.append(',');
writer.append(rs.getString(2));
writer.append('\n');
}
} catch (ClassNotFoundException e) {
writer.append("error");
} catch (SQLException e) {
writer.append("error");
}
}
public static boolean checkPassword(MySQLUtilities sql, String username, String password)
throws SQLException {
return sql.SelectSQL(
String.format(
"SELECT username FROM UserInfo WHERE username='******' AND password='******';",
username, password))
.next();
}
public static boolean isUsernameEmailTaken(MySQLUtilities sql, String username, String email)
throws SQLException {
ResultSet rs =
sql.SelectSQL(
String.format(
"SELECT username FROM UserInfo WHERE username='******' OR email='%s';",
username, email));
return rs.next();
}
public static String storePasswordAndSalt(
MySQLUtilities sql, String username, String password, String salt) throws SQLException {
String passwordHash = generateHash(password, salt);
int rowsAffected =
sql.InsertSQL(
String.format(
"UPDATE UserInfo SET password='******',salt='%s' WHERE username='******';",
passwordHash, salt, username));
return rowsAffected > 0 ? passwordHash : null;
}
public static String getRestaurantFromAdmin(
MySQLUtilities sql, String adminUsername, String adminPassword) throws SQLException {
ResultSet rs =
sql.SelectSQL(
String.format(
"SELECT restaurantId FROM UserInfo WHERE username='******' AND password='******' AND type='admin';",
adminUsername, adminPassword));
if (rs.next()) return rs.getString(1);
return null;
}
public static boolean updateOrderStatusIfNecessary(MySQLUtilities sql, String detailId)
throws SQLException {
ResultSet rs =
sql.SelectSQL("SELECT orderId from OrderDetails where detailId=" + detailId + ";");
if (rs.next()) {
String orderId = rs.getString(1);
rs =
sql.SelectSQL(
"SELECT OrderList.status,OrderDetails.status,OrderList.orderId from OrderList INNER JOIN OrderDetails ON OrderList.orderId=OrderDetails.orderId AND OrderList.orderId="
+ orderId
+ ";");
}
String orderId = null;
OrderStatus os = null;
OrderStatus minDetailStatus = OrderStatus.PAID;
while (rs.next()) {
if (os == null) {
os = OrderStatus.valueOf(rs.getString(1));
orderId = rs.getString(3);
}
OrderStatus detailStatus = OrderStatus.valueOf(rs.getString(2));
if (detailStatus.ordinal() < minDetailStatus.ordinal()) {
minDetailStatus = detailStatus;
}
}
if (os != null && os.ordinal() < minDetailStatus.ordinal()) {
int rowsChanged =
sql.UpdateSQL(
String.format(
"UPDATE OrderList SET status='%s' WHERE orderId=%s;",
minDetailStatus.name(), orderId));
return rowsChanged != 0;
}
return false;
}
public static String getLastInsertId(MySQLUtilities sql) throws SQLException {
ResultSet rs = sql.SelectSQL("SELECT LAST_INSERT_ID();");
return rs.next() ? rs.getString(1) : null;
}
public static String getSalt(MySQLUtilities sql, String username) throws SQLException {
ResultSet rs =
sql.SelectSQL(String.format("SELECT salt FROM UserInfo WHERE username='******';", username));
if (rs.next()) return rs.getString(1);
return null;
}