Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package main;
- import java.io.IOException;
- import java.io.PrintWriter;
- import java.sql.Connection;
- import java.sql.SQLException;
- import javax.naming.Context;
- import javax.naming.InitialContext;
- import javax.naming.NamingException;
- import javax.servlet.ServletConfig;
- import javax.servlet.ServletException;
- import javax.servlet.http.Cookie;
- import javax.servlet.http.HttpServlet;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
- import javax.sql.DataSource;
- import bean.User;
- import db.Account;
- /**
- * Servlet implementation class Controller
- */
- public class Controller extends HttpServlet {
- private static final long serialVersionUID = 1L;
- private DataSource ds;
- Account account;
- /**
- * @see HttpServlet#HttpServlet()
- */
- public Controller() {
- super();
- }
- /**
- * @see HttpServlet#HttpServlet()
- */
- public void init(ServletConfig config) throws ServletException {
- try {
- InitialContext initContext = new InitialContext();
- Context env = (Context) initContext.lookup("java:comp/env");
- ds = (DataSource) env.lookup("jdbc/loginjspjdbcDB");
- Connection conn = null;
- try {
- conn = ds.getConnection();
- } catch (SQLException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- return;
- }
- this.account = new Account(conn);
- } catch (NamingException e) {
- throw new ServletException();
- }
- }
- /**
- * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- HttpSession session = request.getSession();
- String page = (String) request.getParameter("page");
- request.setAttribute("email", "");
- request.setAttribute("message", "");
- if (session.getAttribute("email") == null) {
- String cookieEmail = getCookie(request, "email");
- if(cookieEmail != null) {
- session.setAttribute("email", cookieEmail);
- }
- }
- if (session.getAttribute("token") == null) {
- String cookieToken = getCookie(request, "token");
- if(cookieToken != null) {
- session.setAttribute("token", cookieToken);
- }
- }
- if (page == null) {
- try {
- String email = (String) session.getAttribute("email");
- String token = (String) session.getAttribute("token");
- if (account.isLoginNow(email, token)) {
- request.setAttribute("email", session.getAttribute("email"));
- request.getRequestDispatcher("/succes.jsp").forward(request, response);
- return;
- }
- } catch (SQLException e1) {
- // TODO Auto-generated catch block
- e1.printStackTrace();
- }
- request.getRequestDispatcher("/index.jsp").forward(request, response);
- } else if (page.equals("login")) {
- request.getRequestDispatcher("/login.jsp").forward(request, response);
- } else if (page.equals("register")) {
- request.getRequestDispatcher("/register.jsp").forward(request, response);
- } else {
- PrintWriter out = response.getWriter();
- out.print("<html><h1>404</h1></html>");
- }
- }
- /**
- * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- HttpSession session = request.getSession();
- PrintWriter out = response.getWriter();
- String action = request.getParameter("action");
- request.setAttribute("email", request.getParameter("email"));
- if (action.equals("login")) {
- String email = request.getParameter("email");
- String password = request.getParameter("password");
- String tmpRemember = request.getParameter("remember");
- boolean remember = tmpRemember != null && tmpRemember.equals("true");
- try {
- if (!account.isLoginExist(email)) {
- request.setAttribute("message", "email doesn't exist");
- request.getRequestDispatcher("/login.jsp").forward(request, response);
- return;
- }
- if (!account.login(email, password)) {
- request.setAttribute("message", "bad password");
- request.getRequestDispatcher("/login.jsp").forward(request, response);
- return;
- }
- } catch (SQLException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- String token = TokenGenerator.generate(20);
- session.setAttribute("email", email);
- session.setAttribute("token", token);
- try {
- account.remember(email, token);
- } catch (SQLException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- if (remember) {
- response.addCookie(new Cookie("email", email));
- response.addCookie(new Cookie("token", token));
- } else {
- eraseCookie(request, response);
- }
- } else if (action.equals("register")) {
- User user = new User();
- String email = request.getParameter("email");
- String password = request.getParameter("password");
- String password2 = request.getParameter("password2");
- user.setEmail(email);
- user.setPassword(password);
- user.setPassword2(password2);
- if (!user.isValid(email, password, password2)) {
- request.setAttribute("message", user.getValidationMessage());
- request.getRequestDispatcher("/register.jsp").forward(request, response);
- return;
- }
- try {
- if (account.isLoginExist(email)) {
- request.setAttribute("message", "The email is already in use. Change it.");
- request.getRequestDispatcher("/register.jsp").forward(request, response);
- return;
- }
- } catch (SQLException e) {
- out.println("Problem with database, cannot check if the email is already in use.");
- e.printStackTrace();
- }
- try {
- account.register(email, password);
- request.getRequestDispatcher("succesregister.jsp").forward(request, response);
- return;
- } catch (SQLException e) {
- out.println("Cannot register.");
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- } else if (action.equals("logout")) {
- String toRemove = (String) session.getAttribute("email");
- if (toRemove != null) {
- session.removeAttribute("email");
- session.removeAttribute("token");
- try {
- account.removeToken(toRemove);
- } catch (SQLException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
- eraseCookie(request, response);
- request.getRequestDispatcher("/index.jsp").forward(request, response);
- return;
- }
- request.getRequestDispatcher("/succes.jsp").forward(request, response);
- }
- /**
- * @author Gray
- * https://stackoverflow.com/questions/890935/how-do-you-remove-a-cookie-in-a-java-servlet
- *
- */
- private void eraseCookie(HttpServletRequest req, HttpServletResponse resp) {
- Cookie[] cookies = req.getCookies();
- if (cookies != null)
- for (Cookie cookie : cookies) {
- cookie.setValue("");
- cookie.setPath("/");
- cookie.setMaxAge(0);
- resp.addCookie(cookie);
- }
- }
- private String getCookie(HttpServletRequest request, String name) {
- Cookie[] cookies = request.getCookies();
- if(cookies != null) {
- for(Cookie cookie : cookies) {
- if(cookie.getName().equals("name")) {
- return cookie.getValue();
- }
- }
- }
- return null;
- }
- }
- package db;
- import java.sql.Connection;
- import java.sql.PreparedStatement;
- import java.sql.ResultSet;
- import java.sql.SQLException;
- public class Account {
- public Connection conn;
- public Account(Connection conn) {
- this.conn = conn;
- }
- public boolean login(String login, String password) throws SQLException {
- String passwordInDb = "";
- String sql = "select password as password from users where email = ?";
- PreparedStatement stmt = conn.prepareStatement(sql);
- stmt.setString(1, login);
- ResultSet rs = stmt.executeQuery();
- if (rs.next()) {
- passwordInDb = rs.getString(1);
- }
- return passwordInDb.equals(password);
- }
- public void register(String login, String password) throws SQLException {
- if (isLoginExist(login)) {
- throw new RuntimeException("Login already in use!");
- }
- String sql = "insert into users (email, password) values(?, ?)";
- PreparedStatement stmt = conn.prepareStatement(sql);
- stmt.setString(1, login);
- stmt.setString(2, password);
- stmt.executeUpdate();
- }
- public boolean isLoginExist(String login) throws SQLException {
- String sql = "select count(*) as no from users where email = ?";
- PreparedStatement stmt = conn.prepareStatement(sql);
- stmt.setString(1, login);
- ResultSet rs = stmt.executeQuery();
- int count = 0;
- if (rs.next()) {
- count = rs.getInt("no");
- }
- rs.close();
- return count > 0;
- }
- public void remember(String email, String token) throws SQLException {
- removeToken(email);
- String sql = "insert into active_users (email, token) values(?, ?)";
- PreparedStatement stmt = conn.prepareStatement(sql);
- stmt.setString(1, email);
- stmt.setString(2, token);
- stmt.executeUpdate();
- }
- public boolean isLoginNow(String email, String token) throws SQLException {
- String sql = "select token from active_users where email = ?";
- PreparedStatement stmt = conn.prepareStatement(sql);
- stmt.setString(1, email);
- ResultSet rs = stmt.executeQuery();
- String validToken = "";
- if (rs.next()) {
- validToken = rs.getString("token");
- }
- rs.close();
- return validToken != null && validToken.length() > 0 && validToken.equals(token);
- }
- public void removeToken(String email) throws SQLException {
- String sql = "delete from active_users where email = ?";
- PreparedStatement stmt = conn.prepareStatement(sql);
- stmt.setString(1, email);
- stmt.executeUpdate();
- }
- }
Add Comment
Please, Sign In to add comment