/** checks database for this user */
private boolean realAuthentication(HttpServletRequest request, ConnectionPool conPool)
throws SQLException {
// user authentication is required!
User user = (User) request.getSession().getAttribute(StringInterface.USERATTR);
if (user == null) {
return false;
}
Connection con = conPool.getConnection();
boolean authenticated = false;
try {
authenticated = userUtils.confirmUserWithEncrypted(user.getID(), user.getEncrypted(), con);
} catch (Exception e) {
throw new SQLException(e.getMessage());
} finally {
conPool.free(con);
con = null;
}
return authenticated;
} // end realAuthentication
private String processRequest(
HttpServletRequest request, HttpServletResponse response, ConnectionPool conPool)
throws Exception {
// getting id parameters
ParameterParser parameter = new ParameterParser(request);
String bookID = parameter.getString(bookInterface.FIELD_ID, null);
String sellerID = parameter.getString(bookInterface.FIELD_SELLERID, null);
String message = parameter.getString(FIELD_MESSAGE, null);
int codeID = parameter.getInt(bookInterface.FIELD_HIDDENID, 0);
// get buyer's user object
User user = (User) request.getSession().getAttribute(StringInterface.USERATTR);
// security feauture:
// if one of ids is missing or incorrect return false
if (bookID == null
|| sellerID == null
|| codeID == 0
|| bookID.length() != booksTable.ID_LENGTH
|| sellerID.length() != usersTable.ID_LENGTH
|| codeID != Math.abs(bookID.hashCode())) {
return "We were unable to find the book you specified! Please make sure that the book id is correct.";
}
if (user.getID().equals(sellerID)) {
return "You may not purchase an item from yourself!";
}
// get connection
Connection con = conPool.getConnection();
try {
booksTable book = generalUtils.getBook(bookID, con);
/*security feauture:
*check seller id == passed hidden id
*book != null
*/
if (book == null || !book.getSellerID().equals(sellerID)) {
return "We were unable to find the book you specified! Please make sure that the book id is correct.";
}
usersTable sellerInfo = userUtils.getUserInfo(sellerID, con);
usersTable buyerInfo = userUtils.getUserInfo(user.getID(), con);
collegeTable college = getCollege(book.getCollegeID() + "", con);
// if still here continue
if (message == null) {
request.setAttribute(ATTR_BOOK, book);
request.setAttribute(ATTR_SELLER, sellerInfo);
request.setAttribute(ATTR_BUYER, buyerInfo);
request.setAttribute(ATTR_COLLEGE, college.getFull());
RequestDispatcher rd = getServletContext().getRequestDispatcher(PATH_BUY_CONFIRM);
rd.include(request, response);
return null;
} else if (buy(book, user, con)) {
// sending email to buyer
request.setAttribute(mailInterface.USERATTR, buyerInfo.getUsername());
request.setAttribute(mailInterface.EMAILATTR, buyerInfo.getEmail());
request.setAttribute(mailInterface.BOOKATTR, book);
request.setAttribute("book_id", bookID);
request.setAttribute("seller_id", sellerID);
RequestDispatcher rd = getServletContext().getRequestDispatcher(PATHBIDCONFIRMATION);
rd.include(request, response);
// sending email to seller
request.setAttribute(ATTR_COLLEGE, college.getFull());
request.setAttribute(mailInterface.USERATTR, sellerInfo.getUsername());
request.setAttribute(mailInterface.EMAILATTR, sellerInfo.getEmail());
request.setAttribute(mailInterface.MESSAGEATTR, message);
request.setAttribute(mailInterface.BOOKATTR, book);
request.setAttribute(mailInterface.MOREATTR, buyerInfo);
request.setAttribute("book_id", bookID);
request.setAttribute("buyer_id", user.getID());
rd = getServletContext().getRequestDispatcher(PATHBOOKUPDATE);
rd.include(request, response);
// showing success message
rd = getServletContext().getRequestDispatcher(PATH_BUY_SUCCESS);
rd.include(request, response);
return null;
} else {
throw new Exception("failed to process with buy");
}
} catch (Exception e) {
throw e;
} finally {
// recycle
conPool.free(con);
con = null;
}
}