<%@ page import ="java.sql.*" %><%@ page import ="java.util.Objects" %><%@ pag

1. <%@ page import ="java.sql.*" %>
2. <%@ page import ="java.util.Objects" %>
3. <%@ page import ="java.util.HashMap" %>
4. <%@ page import ="java.security.MessageDigest" %>
5. <%@ page import ="java.sql.Timestamp" %>
6. <%@ page import ="java.util.Date" %>
7. <%
8. String id = request.getParameter("Id");
9. String name = request.getParameter("Name");
10. String pw = request.getParameter("Password");
11. String status = request.getParameter("Status");
12. String[] perm = request.getParameterValues("Permission");
13. String exeName = (String) session.getAttribute("User_Name");// action executioner's name
14.  
15. // determine the user permission
16. HashMap<String, String> permMap = new HashMap<String, String>();
17. for(int i = 0; i < perm.length; i++) {
18. if(Objects.equals(perm[i], "pageA"))
19. permMap.put("pageA", "true");
20. else
21. permMap.put("pageA", "false");
22.  
23. if(Objects.equals(perm[i], "pageB"))
24. permMap.put("pageB", "true");
25. else
26. permMap.put("pageB", "false");
27.  
28.  
29. if(Objects.equals(perm[i], "pageC"))
30. permMap.put("pageC", "true");
31. else
32. permMap.put("pageC", "false");
33.  
34.  
35. if(Objects.equals(perm[i], "pageD"))
36. permMap.put("pageD", "true");
37. else
38. permMap.put("pageD", "false");
39.  
40.  
41. if(Objects.equals(perm[i], "pageE"))
42. permMap.put("pageE", "true");
43. else
44. permMap.put("pageE", "false");
45.  
46.  
47. if(Objects.equals(perm[i], "pageF"))
48. permMap.put("pageF", "true");
49. else
50. permMap.put("pageF", "false");
51. }
52.  
53. // generate salt
54. Date date = new Date();
55. String tmp = new Timestamp(date.getTime()).toString();
56. MessageDigest mdSalt = MessageDigest.getInstance("SHA1");
57. byte[] tmpBytes = tmp.getBytes();
58. mdSalt.update(tmpBytes);
59.  
60. // translate bytes to hex string
61. byte[] str1 = mdSalt.digest();
62.  
63. final StringBuffer salt = new StringBuffer();
64. for(int i = 0; i < str1.length; ++i) {
65. final byte b = str1[i];
66. final int value = (b & 0x7F) + (b < 0 ? 128 : 0);
67. salt.append(value < 16 ? "0" : "");
68. salt.append(Integer.toHexString(value));
69. }
70.  
71. // compute password's sha1
72. MessageDigest mdPW = MessageDigest.getInstance("SHA1");
73. byte[] tmpBytes1 = pw.getBytes();
74.  
75. mdPW.update(tmpBytes1);
76. byte[] str2 = mdPW.digest();
77.  
78. final StringBuffer tmpBuffer = new StringBuffer();
79. for(int i = 0; i < str2.length; ++i) {
80. final byte b = str2[i];
81. final int value = (b & 0x7F) + (b < 0 ? 128 : 0);
82. tmpBuffer.append(value < 16 ? "0" : "");
83. tmpBuffer.append(Integer.toHexString(value));
84. }
85.  
86. // compute encrypted password
87. MessageDigest mdEnPW = MessageDigest.getInstance("SHA1");
88. String midStr = tmpBuffer.toString() + salt.toString().substring(5, 15);
89. byte[] tmpBytes2 = midStr.getBytes();
90.  
91. mdEnPW.update(tmpBytes2);
92. byte[] str3 = mdEnPW.digest();
93.  
94. final StringBuffer hashPW = new StringBuffer();
95. for(int i = 0; i < str3.length; ++i) {
96. final byte b = str3[i];
97. final int value = (b & 0x7F) + (b < 0 ? 128 : 0);
98. hashPW.append(value < 16 ? "0" : "");
99. hashPW.append(Integer.toHexString(value));
100. }
101.  
102. // establish db connection
103. Class.forName("com.mysql.jdbc.Driver");
104. Connection con = DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/dbname", "root", "dbpass");
105.  
106. String select = "select ID from dbo.Users where ID=?";
107.  
108. String insert = "insert into test.User_Profile(UserName, Password, " +
109. "Salt, Permissions, Status, Modify_User, ID) " +
110. "values(?, ?, ?, ?, ?, ?, ?)";
111.  
112. String update = "update test.Users " +
113. "UserName=?, Password=?, Salt=?, Permissions=?, Status=?, Modify_User=? " +
114. "where ID=?";
115.  
116. // permission in json format
117. Gson gPerm = new Gson(permMap);
118.  
119. PreparedStatement pstmt = con.prepareStatement(select);
120. pstmt.setString(1, id);
121.  
122. ResultSet rs = pstmt.executeQuery();
123.  
124. // this ID already existed, do update
125. if(rs.next())
126. // use transaction to avoid race condition
127. con.setAutoCommit(false);
128.  
129. con.prepareStatement(update);
130.  
131. pstmt.setString(1, name);
132. pstmt.setString(2, hashPW.toString());
133. pstmt.setString(3, salt.toString());
134. pstmt.setString(4, gPerm.toJson());
135. pstmt.setString(5, status);
136. pstmt.setString(6, exeName);
137. pstmt.setString(7, id);
138.  
139. pstmt.executeUpdate();
140.  
141. // end of transaction
142. con.commit();
143.  
144. out.println("<script>alert("New User added.")</script>");
145. }
146. // this ID is not exist, do insert
147. else {
148. con.prepareStatement(insert);
149.  
150. pstmt.setString(1, name);
151. pstmt.setString(2, hashPW.toString());
152. pstmt.setString(3, salt.toString());
153. pstmt.setString(4, gPerm.toJson());
154. pstmt.setString(5, status);
155. pstmt.setString(6, exeName);
156. pstmt.setString(7, id);
157.  
158. pstmt.executeUpdate();
159.  
160. out.println("<script>alert("User profile updated.")</script>");
161. }
162.  
163. response.sendRedirect("../main.jsp");
164. %>
165.  
166. An error occurred at line: 134 in the jsp file: gPerm cannot be resolved
167. An error occurred at line: 147 in the jsp file: Syntax error on token "else", finally expected
168. An error occurred at line: 148 in the jsp file: con cannot be resolved
169. An error occurred at line: 148 in the jsp file: insert cannot be resolved to a variable
170. ...
171.  
172. Description Resource Path Location Type
173. Syntax error on token "}", delete this token addMem.jsp /ajax line 0 JSP Problem
174.  
175. Syntax error on token "catch", Identifier expected addMem.jsp /ajax line 0 JSP Problem
176.  
177. Syntax error on token "else", finally expected addMem.jsp /ajax line 147 JSP Problem