API tools faq
paste
Guest User

Untitled

a guest
Jan 14th, 2018
103
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.33 KB | None | 0 0
raw download clone embed print report
  1. package coreservlets;
  2.  
  3. import java.io.File;
  4. import java.io.IOException;
  5. import java.sql.Connection;
  6. import java.sql.DriverManager;
  7. import java.sql.SQLException;
  8. import java.sql.Statement;
  9. import java.util.Iterator;
  10. import java.util.List;
  11. import java.util.Random;
  12.  
  13. import javax.servlet.ServletException;
  14. import javax.servlet.annotation.WebServlet;
  15. import javax.servlet.http.HttpServlet;
  16. import javax.servlet.http.HttpServletRequest;
  17. import javax.servlet.http.HttpServletResponse;
  18. import javax.servlet.http.HttpSession;
  19.  
  20. import net.sf.jmimemagic.Magic;
  21. import net.sf.jmimemagic.MagicMatch;
  22.  
  23. import org.apache.commons.fileupload.FileItem;
  24. import org.apache.commons.fileupload.disk.DiskFileItemFactory;
  25. import org.apache.commons.fileupload.servlet.ServletFileUpload;
  26.  
  27. /**
  28. * Servlet implementation class AddProperty
  29. */
  30. @WebServlet("/addProperty")
  31. public class AddProperty extends HttpServlet {
  32. private static final long serialVersionUID = 1L;
  33.  
  34. String uploadStatus = "";
  35. String msg = "";
  36.  
  37.  
  38. /**
  39. * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
  40. */
  41. protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
  42. HttpSession session = request.getSession();
  43. DiskFileItemFactory factory = new DiskFileItemFactory();
  44. factory.setSizeThreshold(3*1024*1024);//3MB
  45. factory.setRepository(new File("/tmp"));
  46. ServletFileUpload upload = new ServletFileUpload(factory);
  47. upload.setSizeMax(3*1024*1024);//3MB
  48. boolean isMultiPart = ServletFileUpload.isMultipartContent(request);
  49. File uploadedFile = null;
  50.  
  51. if(isMultiPart)
  52. {
  53. try {
  54.  
  55.  
  56. System.out.println("Line:56");
  57.  
  58.  
  59. String title = ""; // title
  60. String type = ""; // type
  61. String desc = ""; // item_desc
  62. String address = ""; // address
  63. int buy = 0; // buy
  64. boolean bid = false; // on_bid
  65. boolean rent = false; // on_rent
  66. int bidStart = 0; // bid_start
  67. int bidInc = 0; // bid_inc
  68. int bidEnd = 0; // bid_end
  69. String imgcode = ""; // imgCode
  70. String captcha = session.getAttribute("captcha").toString();
  71. String imgName = randomKey(5)+"_"+randomKey(10);
  72. String addProperty;
  73. String imgProperty = "property.png";
  74.  
  75. List fileItems = upload.parseRequest(request);
  76. Iterator itr = fileItems.iterator();
  77. while (itr.hasNext())
  78. {
  79. FileItem item = (FileItem) itr.next();
  80.  
  81. if(item.isFormField())
  82. {
  83. String name = item.getFieldName();
  84. String value = item.getString();
  85. System.out.println("Line:85");
  86. try
  87. {
  88. if(name.equalsIgnoreCase("title"))
  89. {
  90. title = (value.equals(null)||value.equals(""))?"":value;
  91. System.out.println(name+":"+value);
  92. }
  93. else if(name.equalsIgnoreCase("item_desc"))
  94. {
  95. desc = (value.equals(null)||value.equals(""))?"":value;
  96. System.out.println(name+":"+value);
  97. }
  98. else if(name.equalsIgnoreCase("type"))
  99. {
  100. type = (value.equals(null)||value.equals(""))?"":value;
  101. System.out.println(name+":"+value);
  102. }
  103. else if(name.equalsIgnoreCase("address"))
  104. {
  105. address = (value.equals(null)||value.equals(""))?"":value;
  106. System.out.println(name+":"+value);
  107. }
  108. else if(name.equalsIgnoreCase("buy"))
  109. {
  110. buy = (value.equals(null)||value.equals(""))?0:Integer.parseInt(value);
  111. System.out.println(name+":"+value);
  112. }
  113. else if(name.equalsIgnoreCase("on_bid"))
  114. {
  115. bid = (value.equals(null)||value.equals(""))?false:(value.equals("on")?true:false);
  116. System.out.println(name+":"+value);
  117. }
  118. else if(name.equalsIgnoreCase("on_rent"))
  119. {
  120. rent = (value.equals(null)||value.equals(""))?false:(value.equals("on")?true:false);
  121. System.out.println(name+":"+value);
  122. }
  123. else if(name.equalsIgnoreCase("bid_start"))
  124. {
  125. bidStart = (value.equals(null)||value.equals(""))?0:Integer.parseInt(value);
  126. System.out.println(name+":"+value);
  127. }
  128. else if(name.equalsIgnoreCase("bid_inc"))
  129. {
  130. bidInc = (value.equals(null)||value.equals(""))?0:Integer.parseInt(value);
  131. System.out.println(name+":"+value);
  132. }
  133. else if(name.equalsIgnoreCase("bid_end"))
  134. {
  135. bidEnd = (value.equals(null)||value.equals(""))?0:Integer.parseInt(value);
  136. System.out.println(name+":"+value);
  137. }
  138. else if(name.equalsIgnoreCase("imgCode"))
  139. {
  140. imgcode = (value.equals(null)||value.equals(""))?"":value.toLowerCase();
  141. System.out.println(name+":"+value);
  142. }
  143.  
  144. }
  145. catch(Exception e)
  146. {
  147. uploadStatus = "Check form fields."+e;
  148. session.setAttribute("msgAdd", msg);
  149. session.setAttribute("uploadStatus", uploadStatus);
  150. response.sendRedirect("addNew.jsp");
  151. }
  152. }
  153. else if(!item.isFormField())
  154. {
  155. System.out.println("Line:154");
  156. byte[] fileData = item.get();
  157. MagicMatch match = Magic.getMagicMatch(fileData);
  158. String mimeType = match.getMimeType();
  159. String fileType = mimeType.contains("png")?"png":(mimeType.contains("jpeg")?"jpg":(mimeType.contains("bmp")?"bmp":"unknown"));
  160. if((fileType == "png"||fileType == "jpg"||fileType == "bmp"))
  161. {
  162.  
  163. System.out.println("Line:162");
  164. String storeFile = imgName+"."+fileType;
  165. imgProperty = storeFile;
  166. uploadedFile = new File("C://webapps/example/images/properties/"+storeFile);
  167. item.write(uploadedFile);
  168. uploadStatus = "Upload successful.";
  169.  
  170. }
  171. else
  172. {
  173. System.out.println("Line:172");
  174. uploadStatus = "JPEG/PNG/BMP less than 3MB only are allowed."+fileType;
  175. session.setAttribute("msgAdd", msg);
  176. session.setAttribute("uploadStatus", uploadStatus);
  177. response.sendRedirect("addNew.jsp");
  178. }
  179.  
  180. }
  181.  
  182. }
  183. if(imgcode != "" && captcha.equals(imgcode))
  184. {
  185. System.out.println("Line:184");
  186. checkText(desc, address);
  187. if(bid)
  188. {
  189. System.out.println("Line:188");
  190. checkNumber(bidStart);
  191. checkNumber(bidInc);
  192. checkNumber(bidEnd);
  193. addProperty = "INSERT INTO `propertefied`.`items_property` (`desc_item`, `type`, `address`, `buy_price`, `listed_date`, `bid_start`, `bid_inc`, `on_bid`, `owner`, `bid_endDate`, `on_lease`, `title`) VALUES('"
  194. + desc
  195. + "', '"
  196. + type
  197. + "', '"
  198. + address
  199. + "', "
  200. + buy
  201. + ", current_timestamp(), "
  202. + bidStart
  203. + ", "
  204. + bidInc
  205. + ", "
  206. + bid
  207. + "', '"
  208. + session.getAttribute("uname")
  209. + "', adddate(current_timestamp(),"
  210. + bidEnd
  211. +"), "
  212. + rent + ", '" + title + "')";
  213. }
  214. else
  215. {
  216. System.out.println("Line:215");
  217. addProperty = "INSERT INTO `propertefied`.`items_property` (`desc_item`, `type`, `address`, `buy_price`, `listed_date`, `bid_start`, `bid_inc`, `on_bid`, `owner`, `bid_endDate`, `on_lease`, `title`) VALUES('"
  218. + desc
  219. + "', '"
  220. + type
  221. + "', '"
  222. + address
  223. + "', "
  224. + buy
  225. + ", current_timestamp(), 0, 0, false, '"
  226. + session.getAttribute("uname")
  227. + "', null, false, '" + title + "')";
  228.  
  229. }
  230. if(msg.equals("") || msg == null)
  231. {
  232. System.out.println("Line:231");
  233. Connection con = null;
  234. Statement stmt = null;
  235. try
  236. {
  237. Class.forName("com.mysql.jdbc.Driver");
  238. con = DriverManager.getConnection("jdbc:mysql://localhost:3306/propertefied?" +
  239. "user=root&password=p@$5wd");
  240. con.setAutoCommit(true);
  241. stmt = con.createStatement();
  242. stmt.executeUpdate(addProperty);
  243. stmt.executeUpdate("UPDATE `propertefied`.`items_property` SET photo='"+imgProperty+"' WHERE owner='"+session.getAttribute("uname")+"'");
  244. msg = "Added successfully";
  245. }
  246. catch(SQLException sqle)
  247. {
  248. System.out.println("Line:247"+sqle+":"+addProperty);
  249. uploadedFile.delete();
  250. msg = "Error";
  251. session.setAttribute("msgAdd", msg);
  252. session.setAttribute("uploadStatus", uploadStatus);
  253. response.sendRedirect("addNew.jsp");
  254. }
  255. catch(Exception e)
  256. {
  257. System.out.println("Line:256");
  258. uploadedFile.delete();
  259. msg = "Error";
  260. session.setAttribute("msgAdd", msg);
  261. session.setAttribute("uploadStatus", uploadStatus);
  262. response.sendRedirect("addNew.jsp");
  263. }
  264. }
  265. else
  266. {
  267. System.out.println("Line:266");
  268. session.setAttribute("msgAdd", msg);
  269. session.setAttribute("uploadStatus", uploadStatus);
  270. response.sendRedirect("addNew.jsp");
  271.  
  272. }
  273. }
  274. else
  275. {
  276. msg = "Image Verification failed. Captcha:"+captcha+" ; imgcode:"+imgcode;
  277. session.setAttribute("msgAdd", msg);
  278. session.setAttribute("uploadStatus", uploadStatus);
  279. response.sendRedirect("addNew.jsp");
  280. }
  281. }
  282. catch(Exception e)
  283. {
  284. System.out.println("Line:283");
  285. uploadStatus = "JPEG/PNG/BMP less than 3MB only are allowed."+e;
  286. session.setAttribute("msgAdd", msg);
  287. session.setAttribute("uploadStatus", uploadStatus);
  288. response.sendRedirect("addNew.jsp");
  289. }
  290. }
  291. else
  292. {
  293. uploadStatus = "Not a valid form";
  294. session.setAttribute("msgAdd", msg);
  295. session.setAttribute("uploadStatus", uploadStatus);
  296. response.sendRedirect("addNew.jsp");
  297. }
  298.  
  299. System.out.println("Line:298");
  300. session.setAttribute("msgAdd", msg);
  301. session.setAttribute("uploadStatus", uploadStatus);
  302. response.sendRedirect("addNew.jsp");
  303.  
  304.  
  305. }
  306.  
  307. public StringBuffer randomKey(int count)
  308. {
  309. Random ran = new Random();
  310. String chars = "abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ";
  311. char ch[] = chars.toCharArray();
  312. StringBuffer sb = new StringBuffer();
  313. for(int i=0;i<(count==0?1:count);i++)
  314. {
  315.  
  316. char letter = ch[ran.nextInt(62)];
  317. sb.append(letter);
  318. }
  319. return sb;
  320. }
  321.  
  322. public void checkText(String desc, String address)
  323. {
  324. String regex = "^[a-zA-Z0-9/,.() -]*$";
  325. if(desc != null && desc.matches(regex))
  326. {
  327. msg = "";
  328. }
  329. else if(desc != null && !desc.matches(regex))
  330. {
  331. msg = "Invalid characters in description field";
  332. }
  333. else if(address != null && address.matches(regex))
  334. {
  335. msg = "";
  336. }
  337. else if(address != null && !address.matches(regex))
  338. {
  339. msg = "Invalid characters in address field";
  340. }
  341. else if (address == null)
  342. {
  343. msg = "Address field is required";
  344. }
  345. else
  346. {
  347. msg = "Description field is required";
  348. }
  349.  
  350. }
  351.  
  352. public void checkNumber(int number)
  353. {
  354. String num = String.valueOf(number);
  355. String regex = "^[0-9]([0-9]*)$";
  356. if(num != null && num.matches(regex))
  357. {
  358. msg = "";
  359. }
  360. else if(num != null && !num.matches(regex))
  361. {
  362. msg = "Invalid number field";
  363. }
  364. else
  365. {
  366. msg = "Required field cannot be left empty";
  367. }
  368. }
  369.  
  370.  
  371.  
  372. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!