Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <%@ page import ="java.sql.*" %>
- <%@ page import ="java.util.Objects" %>
- <%@ page import ="java.util.HashMap" %>
- <%@ page import ="java.security.MessageDigest" %>
- <%@ page import ="java.sql.Timestamp" %>
- <%@ page import ="java.util.Date" %>
- <%
- String id = request.getParameter("Id");
- String name = request.getParameter("Name");
- String pw = request.getParameter("Password");
- String status = request.getParameter("Status");
- String[] perm = request.getParameterValues("Permission");
- String exeName = (String) session.getAttribute("User_Name");// action executioner's name
- // determine the user permission
- HashMap<String, String> permMap = new HashMap<String, String>();
- for(int i = 0; i < perm.length; i++) {
- if(Objects.equals(perm[i], "pageA"))
- permMap.put("pageA", "true");
- else
- permMap.put("pageA", "false");
- if(Objects.equals(perm[i], "pageB"))
- permMap.put("pageB", "true");
- else
- permMap.put("pageB", "false");
- if(Objects.equals(perm[i], "pageC"))
- permMap.put("pageC", "true");
- else
- permMap.put("pageC", "false");
- if(Objects.equals(perm[i], "pageD"))
- permMap.put("pageD", "true");
- else
- permMap.put("pageD", "false");
- if(Objects.equals(perm[i], "pageE"))
- permMap.put("pageE", "true");
- else
- permMap.put("pageE", "false");
- if(Objects.equals(perm[i], "pageF"))
- permMap.put("pageF", "true");
- else
- permMap.put("pageF", "false");
- }
- // generate salt
- Date date = new Date();
- String tmp = new Timestamp(date.getTime()).toString();
- MessageDigest mdSalt = MessageDigest.getInstance("SHA1");
- byte[] tmpBytes = tmp.getBytes();
- mdSalt.update(tmpBytes);
- // translate bytes to hex string
- byte[] str1 = mdSalt.digest();
- final StringBuffer salt = new StringBuffer();
- for(int i = 0; i < str1.length; ++i) {
- final byte b = str1[i];
- final int value = (b & 0x7F) + (b < 0 ? 128 : 0);
- salt.append(value < 16 ? "0" : "");
- salt.append(Integer.toHexString(value));
- }
- // compute password's sha1
- MessageDigest mdPW = MessageDigest.getInstance("SHA1");
- byte[] tmpBytes1 = pw.getBytes();
- mdPW.update(tmpBytes1);
- byte[] str2 = mdPW.digest();
- final StringBuffer tmpBuffer = new StringBuffer();
- for(int i = 0; i < str2.length; ++i) {
- final byte b = str2[i];
- final int value = (b & 0x7F) + (b < 0 ? 128 : 0);
- tmpBuffer.append(value < 16 ? "0" : "");
- tmpBuffer.append(Integer.toHexString(value));
- }
- // compute encrypted password
- MessageDigest mdEnPW = MessageDigest.getInstance("SHA1");
- String midStr = tmpBuffer.toString() + salt.toString().substring(5, 15);
- byte[] tmpBytes2 = midStr.getBytes();
- mdEnPW.update(tmpBytes2);
- byte[] str3 = mdEnPW.digest();
- final StringBuffer hashPW = new StringBuffer();
- for(int i = 0; i < str3.length; ++i) {
- final byte b = str3[i];
- final int value = (b & 0x7F) + (b < 0 ? 128 : 0);
- hashPW.append(value < 16 ? "0" : "");
- hashPW.append(Integer.toHexString(value));
- }
- // establish db connection
- Class.forName("com.mysql.jdbc.Driver");
- Connection con = DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/dbname", "root", "dbpass");
- String select = "select ID from dbo.Users where ID=?";
- String insert = "insert into test.User_Profile(UserName, Password, " +
- "Salt, Permissions, Status, Modify_User, ID) " +
- "values(?, ?, ?, ?, ?, ?, ?)";
- String update = "update test.Users " +
- "UserName=?, Password=?, Salt=?, Permissions=?, Status=?, Modify_User=? " +
- "where ID=?";
- // permission in json format
- Gson gPerm = new Gson(permMap);
- PreparedStatement pstmt = con.prepareStatement(select);
- pstmt.setString(1, id);
- ResultSet rs = pstmt.executeQuery();
- // this ID already existed, do update
- if(rs.next())
- // use transaction to avoid race condition
- con.setAutoCommit(false);
- con.prepareStatement(update);
- pstmt.setString(1, name);
- pstmt.setString(2, hashPW.toString());
- pstmt.setString(3, salt.toString());
- pstmt.setString(4, gPerm.toJson());
- pstmt.setString(5, status);
- pstmt.setString(6, exeName);
- pstmt.setString(7, id);
- pstmt.executeUpdate();
- // end of transaction
- con.commit();
- out.println("<script>alert("New User added.")</script>");
- }
- // this ID is not exist, do insert
- else {
- con.prepareStatement(insert);
- pstmt.setString(1, name);
- pstmt.setString(2, hashPW.toString());
- pstmt.setString(3, salt.toString());
- pstmt.setString(4, gPerm.toJson());
- pstmt.setString(5, status);
- pstmt.setString(6, exeName);
- pstmt.setString(7, id);
- pstmt.executeUpdate();
- out.println("<script>alert("User profile updated.")</script>");
- }
- response.sendRedirect("../main.jsp");
- %>
- An error occurred at line: 134 in the jsp file: gPerm cannot be resolved
- An error occurred at line: 147 in the jsp file: Syntax error on token "else", finally expected
- An error occurred at line: 148 in the jsp file: con cannot be resolved
- An error occurred at line: 148 in the jsp file: insert cannot be resolved to a variable
- ...
- Description Resource Path Location Type
- Syntax error on token "}", delete this token addMem.jsp /ajax line 0 JSP Problem
- Syntax error on token "catch", Identifier expected addMem.jsp /ajax line 0 JSP Problem
- Syntax error on token "else", finally expected addMem.jsp /ajax line 147 JSP Problem
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement