API tools faq
paste
Guest User

Untitled

a guest
Jan 13th, 2018
100
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.33 KB | None | 0 0
raw download clone embed print report
  1. package main;
  2.  
  3. import java.io.IOException;
  4. import java.io.PrintWriter;
  5. import java.sql.Connection;
  6. import java.sql.SQLException;
  7.  
  8. import javax.naming.Context;
  9. import javax.naming.InitialContext;
  10. import javax.naming.NamingException;
  11. import javax.servlet.ServletConfig;
  12. import javax.servlet.ServletException;
  13. import javax.servlet.http.Cookie;
  14. import javax.servlet.http.HttpServlet;
  15. import javax.servlet.http.HttpServletRequest;
  16. import javax.servlet.http.HttpServletResponse;
  17. import javax.servlet.http.HttpSession;
  18. import javax.sql.DataSource;
  19.  
  20. import bean.User;
  21. import db.Account;
  22.  
  23. /**
  24. * Servlet implementation class Controller
  25. */
  26. public class Controller extends HttpServlet {
  27. private static final long serialVersionUID = 1L;
  28. private DataSource ds;
  29. Account account;
  30.  
  31. /**
  32. * @see HttpServlet#HttpServlet()
  33. */
  34. public Controller() {
  35. super();
  36. }
  37.  
  38. /**
  39. * @see HttpServlet#HttpServlet()
  40. */
  41. public void init(ServletConfig config) throws ServletException {
  42. try {
  43. InitialContext initContext = new InitialContext();
  44.  
  45. Context env = (Context) initContext.lookup("java:comp/env");
  46.  
  47. ds = (DataSource) env.lookup("jdbc/loginjspjdbcDB");
  48.  
  49. Connection conn = null;
  50. try {
  51. conn = ds.getConnection();
  52. } catch (SQLException e) {
  53. // TODO Auto-generated catch block
  54. e.printStackTrace();
  55. return;
  56. }
  57. this.account = new Account(conn);
  58. } catch (NamingException e) {
  59. throw new ServletException();
  60. }
  61. }
  62.  
  63. /**
  64. * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
  65. * response)
  66. */
  67. protected void doGet(HttpServletRequest request, HttpServletResponse response)
  68. throws ServletException, IOException {
  69.  
  70. HttpSession session = request.getSession();
  71. String page = (String) request.getParameter("page");
  72.  
  73. request.setAttribute("email", "");
  74. request.setAttribute("message", "");
  75.  
  76. if (session.getAttribute("email") == null) {
  77. String cookieEmail = getCookie(request, "email");
  78. if(cookieEmail != null) {
  79. session.setAttribute("email", cookieEmail);
  80. }
  81. }
  82. if (session.getAttribute("token") == null) {
  83. String cookieToken = getCookie(request, "token");
  84. if(cookieToken != null) {
  85. session.setAttribute("token", cookieToken);
  86. }
  87. }
  88.  
  89. if (page == null) {
  90. try {
  91. String email = (String) session.getAttribute("email");
  92. String token = (String) session.getAttribute("token");
  93. if (account.isLoginNow(email, token)) {
  94. request.setAttribute("email", session.getAttribute("email"));
  95. request.getRequestDispatcher("/succes.jsp").forward(request, response);
  96. return;
  97. }
  98. } catch (SQLException e1) {
  99. // TODO Auto-generated catch block
  100. e1.printStackTrace();
  101. }
  102. request.getRequestDispatcher("/index.jsp").forward(request, response);
  103. } else if (page.equals("login")) {
  104. request.getRequestDispatcher("/login.jsp").forward(request, response);
  105. } else if (page.equals("register")) {
  106. request.getRequestDispatcher("/register.jsp").forward(request, response);
  107. } else {
  108. PrintWriter out = response.getWriter();
  109. out.print("<html><h1>404</h1></html>");
  110. }
  111. }
  112.  
  113. /**
  114. * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
  115. * response)
  116. */
  117. protected void doPost(HttpServletRequest request, HttpServletResponse response)
  118. throws ServletException, IOException {
  119.  
  120. HttpSession session = request.getSession();
  121. PrintWriter out = response.getWriter();
  122.  
  123. String action = request.getParameter("action");
  124. request.setAttribute("email", request.getParameter("email"));
  125.  
  126. if (action.equals("login")) {
  127. String email = request.getParameter("email");
  128. String password = request.getParameter("password");
  129. String tmpRemember = request.getParameter("remember");
  130. boolean remember = tmpRemember != null && tmpRemember.equals("true");
  131.  
  132. try {
  133. if (!account.isLoginExist(email)) {
  134. request.setAttribute("message", "email doesn't exist");
  135. request.getRequestDispatcher("/login.jsp").forward(request, response);
  136. return;
  137. }
  138. if (!account.login(email, password)) {
  139. request.setAttribute("message", "bad password");
  140. request.getRequestDispatcher("/login.jsp").forward(request, response);
  141. return;
  142. }
  143. } catch (SQLException e) {
  144. // TODO Auto-generated catch block
  145. e.printStackTrace();
  146. }
  147.  
  148. String token = TokenGenerator.generate(20);
  149. session.setAttribute("email", email);
  150. session.setAttribute("token", token);
  151. try {
  152. account.remember(email, token);
  153. } catch (SQLException e) {
  154. // TODO Auto-generated catch block
  155. e.printStackTrace();
  156. }
  157.  
  158. if (remember) {
  159. response.addCookie(new Cookie("email", email));
  160. response.addCookie(new Cookie("token", token));
  161. } else {
  162. eraseCookie(request, response);
  163. }
  164.  
  165. } else if (action.equals("register")) {
  166. User user = new User();
  167. String email = request.getParameter("email");
  168. String password = request.getParameter("password");
  169. String password2 = request.getParameter("password2");
  170. user.setEmail(email);
  171. user.setPassword(password);
  172. user.setPassword2(password2);
  173.  
  174. if (!user.isValid(email, password, password2)) {
  175. request.setAttribute("message", user.getValidationMessage());
  176. request.getRequestDispatcher("/register.jsp").forward(request, response);
  177. return;
  178. }
  179.  
  180. try {
  181. if (account.isLoginExist(email)) {
  182. request.setAttribute("message", "The email is already in use. Change it.");
  183. request.getRequestDispatcher("/register.jsp").forward(request, response);
  184. return;
  185. }
  186. } catch (SQLException e) {
  187. out.println("Problem with database, cannot check if the email is already in use.");
  188. e.printStackTrace();
  189. }
  190.  
  191. try {
  192. account.register(email, password);
  193. request.getRequestDispatcher("succesregister.jsp").forward(request, response);
  194. return;
  195. } catch (SQLException e) {
  196. out.println("Cannot register.");
  197. // TODO Auto-generated catch block
  198. e.printStackTrace();
  199. }
  200.  
  201. } else if (action.equals("logout")) {
  202. String toRemove = (String) session.getAttribute("email");
  203. if (toRemove != null) {
  204. session.removeAttribute("email");
  205. session.removeAttribute("token");
  206. try {
  207. account.removeToken(toRemove);
  208. } catch (SQLException e) {
  209. // TODO Auto-generated catch block
  210. e.printStackTrace();
  211. }
  212. }
  213. eraseCookie(request, response);
  214. request.getRequestDispatcher("/index.jsp").forward(request, response);
  215. return;
  216. }
  217. request.getRequestDispatcher("/succes.jsp").forward(request, response);
  218. }
  219.  
  220. /**
  221. * @author Gray
  222. * https://stackoverflow.com/questions/890935/how-do-you-remove-a-cookie-in-a-java-servlet
  223. *
  224. */
  225. private void eraseCookie(HttpServletRequest req, HttpServletResponse resp) {
  226. Cookie[] cookies = req.getCookies();
  227. if (cookies != null)
  228. for (Cookie cookie : cookies) {
  229. cookie.setValue("");
  230. cookie.setPath("/");
  231. cookie.setMaxAge(0);
  232. resp.addCookie(cookie);
  233. }
  234. }
  235.  
  236. private String getCookie(HttpServletRequest request, String name) {
  237. Cookie[] cookies = request.getCookies();
  238. if(cookies != null) {
  239. for(Cookie cookie : cookies) {
  240. if(cookie.getName().equals("name")) {
  241. return cookie.getValue();
  242. }
  243. }
  244. }
  245. return null;
  246. }
  247.  
  248. }
  249.  
  250. package db;
  251.  
  252. import java.sql.Connection;
  253. import java.sql.PreparedStatement;
  254. import java.sql.ResultSet;
  255. import java.sql.SQLException;
  256.  
  257. public class Account {
  258.  
  259. public Connection conn;
  260.  
  261. public Account(Connection conn) {
  262. this.conn = conn;
  263. }
  264.  
  265. public boolean login(String login, String password) throws SQLException {
  266. String passwordInDb = "";
  267.  
  268. String sql = "select password as password from users where email = ?";
  269. PreparedStatement stmt = conn.prepareStatement(sql);
  270. stmt.setString(1, login);
  271. ResultSet rs = stmt.executeQuery();
  272. if (rs.next()) {
  273. passwordInDb = rs.getString(1);
  274. }
  275. return passwordInDb.equals(password);
  276. }
  277.  
  278. public void register(String login, String password) throws SQLException {
  279. if (isLoginExist(login)) {
  280. throw new RuntimeException("Login already in use!");
  281. }
  282. String sql = "insert into users (email, password) values(?, ?)";
  283. PreparedStatement stmt = conn.prepareStatement(sql);
  284. stmt.setString(1, login);
  285. stmt.setString(2, password);
  286. stmt.executeUpdate();
  287. }
  288.  
  289. public boolean isLoginExist(String login) throws SQLException {
  290. String sql = "select count(*) as no from users where email = ?";
  291. PreparedStatement stmt = conn.prepareStatement(sql);
  292. stmt.setString(1, login);
  293. ResultSet rs = stmt.executeQuery();
  294.  
  295. int count = 0;
  296. if (rs.next()) {
  297. count = rs.getInt("no");
  298. }
  299.  
  300. rs.close();
  301.  
  302. return count > 0;
  303. }
  304.  
  305. public void remember(String email, String token) throws SQLException {
  306. removeToken(email);
  307.  
  308. String sql = "insert into active_users (email, token) values(?, ?)";
  309. PreparedStatement stmt = conn.prepareStatement(sql);
  310. stmt.setString(1, email);
  311. stmt.setString(2, token);
  312. stmt.executeUpdate();
  313. }
  314.  
  315. public boolean isLoginNow(String email, String token) throws SQLException {
  316. String sql = "select token from active_users where email = ?";
  317. PreparedStatement stmt = conn.prepareStatement(sql);
  318. stmt.setString(1, email);
  319. ResultSet rs = stmt.executeQuery();
  320. String validToken = "";
  321. if (rs.next()) {
  322. validToken = rs.getString("token");
  323. }
  324. rs.close();
  325. return validToken != null && validToken.length() > 0 && validToken.equals(token);
  326. }
  327.  
  328. public void removeToken(String email) throws SQLException {
  329. String sql = "delete from active_users where email = ?";
  330. PreparedStatement stmt = conn.prepareStatement(sql);
  331. stmt.setString(1, email);
  332. stmt.executeUpdate();
  333. }
  334. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!