import java.io.*; import java.util.*; import org.apache.log4j.Logger; import java.sql.*; import javax.servlet.*; import javax.servlet.http.*; import uk.ac.roe.wfau.DatabaseConnection; import uk.ac.roe.wfau.FormatLines; import uk.ac.roe.wfau.VDFSSQLStatements; import uk.ac.roe.wfau.VDFSSchema; import uk.ac.roe.wfau.WSAHTMLSchema; import com.oreilly.servlet.*; import com.oreilly.servlet.multipart.*; import net.mar.DefaultSelect; import net.mar.SQLRadial; import net.alanmaxwell.html.HTMLStrings; import net.alanmaxwell.sql.SQLServerInfoJDBC; import net.alanmaxwell.sql.SixSQLRetrieverThread; import net.alanmaxwell.sql.SQLRetrieverThread6dF; public class UserAdmin extends HttpServlet { private int serviceCurrent = 0; static Logger logger; private int serviceTotal = 0; private static final int MAX_LINES = 5000; // Access methods for service counter... protected synchronized void enteringServiceMethod() { serviceCurrent++; serviceTotal++; }; protected synchronized void leavingServiceMethod() { serviceCurrent--; }; protected synchronized int getServiceCurrent() { return serviceCurrent; }; protected synchronized int getServiceTotal() { return serviceTotal; }; private boolean shuttingDown = false; // Access methods for the shuttingDown flag... protected synchronized void setShuttingDown(boolean flag) { shuttingDown = flag; }; protected synchronized boolean isShuttingDown() { return shuttingDown; }; private static String DBserver; private static String [] DBservers; private static String DBuser; private static String DBpasswd; private static String DBdatabase; private static String webURL; private static String tmpSpace; private static String userAdminOffline; private static String userIDSQL="INSERT INTO userIDs(username,community) SELECT w.username,w.community FROM wsa_users as w left outer join userIDs as u on w.username=u.username and w.community=u.community where u.username is null"; private Connection con = null; public void init(ServletConfig config) throws ServletException { super.init(config); String path = getServletContext().getRealPath("/"); logger=Logger.getLogger("wsa.simple"); Properties properties = new Properties(); try { properties.load(new FileInputStream(path + "WEB-INF/WSA.properties")); } catch (IOException e) { System.out.println("ERROR: properties file not found"); return; } userAdminOffline=properties.getProperty("userAdminOffline"); DBserver = properties.getProperty("loginServer"); DBservers=FormatLines.commaSeparatedStringToStringArray(properties.getProperty("loginServers").trim()); DBuser = properties.getProperty("DBLoginUser"); DBpasswd = properties.getProperty("DBLoginPasswd"); DBdatabase = properties.getProperty("DBLoginDatabase"); tmpSpace = properties.getProperty("DBTmpSpace"); webURL = properties.getProperty("DBWebURL"); try { // Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver"); Class.forName("net.sourceforge.jtds.jdbc.Driver"); } catch (ClassNotFoundException e) { System.err .println("SQLRetrieverThread::static(): Could not load SQLServerDriver class!"); } } protected void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { String fileName = null; String userName=null; String firstName=null; String lastName=null; String community=null; String passwd1=null; String passwd2=null; InputStream istream; BufferedReader br; String archive="WSA"; int archiveID=VDFSSchema.WSAARCHIVEID; File savedUploadFile=null; PrintWriter out=null; try { out = res.getWriter(); if (userAdminOffline != null && userAdminOffline.trim().equalsIgnoreCase("offline")) { out.println("

Service offline

This service is currently offline for maintenance."); return; } HttpSession sess=req.getSession(); String IPAddress=req.getRemoteAddr(); String remoteUser=req.getRemoteUser(); String action = ""; String subAction = ""; String email = ""; logger.info("Remoteuser: "+remoteUser); /*res.setHeader("Cache-Control", "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"); res.setHeader("Pragma", "no-cache"); out.println(" ");*/ out.println(""); /* out.println("
"); out.println(""); out.println(""); out.println(""); out.println(""); out.println("
CommunitySearch string
"); out.println("
"); out.println("
"); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println("
CommunityFile to upload
"); out.println("
"); out.println("
"); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println("
CommunityUsernamePasswdConfirm
Passwd		FirstNameLastName
"); out.println(" "); out.println("
"); out.println("
"); out.println(""); out.println(""); out .println(""); out .println(""); out .println("
CommunityUsername
"); out.println("
"); out.println("
"); out.println(""); out.println(""); out.println(""); out.println("
Community
"); out.println("
"); */ try { MultipartParser mp = new MultipartParser(req, 10 * 1024 * 1024); // 10MB Part part; while ((part = mp.readNextPart()) != null) { String name = part.getName(); if (part.isParam()) { // it's a parameter part ParamPart paramPart = (ParamPart) part; String value = paramPart.getStringValue(); if (name.equalsIgnoreCase("userName")) { userName = value.trim(); } if (name.equalsIgnoreCase("action")) { action = value.trim(); } if (name.equalsIgnoreCase("community")) { community = value.trim(); if (verifyString(community,64,1)){ sess.setAttribute("WSACommunity",community); } } if (name.equalsIgnoreCase("passwd1")) { passwd1 = value.trim(); } if (name.equalsIgnoreCase("passwd2")) { passwd2 = value.trim(); } if (name.equalsIgnoreCase("firstName")) { firstName = value.trim(); } if (name.equalsIgnoreCase("lastName")) { lastName = value.trim(); } if (name.equalsIgnoreCase("email")) { email = value.trim(); } if (name.equalsIgnoreCase("subAction")) { subAction = value.trim(); } if (name.equalsIgnoreCase("archive")) { archive = value.trim(); } // out.println("param: name=" + name + "; value=" + // value); } else if (part.isFile()) { // it's a file part FilePart filePart = (FilePart) part; fileName = filePart.getFileName(); if (fileName == null) { out.println("

No file name supplied

Use the browser's back button to return to the form"); return; // Finish this method immediately... } if (fileName != null) { File dir = new File(tmpSpace); savedUploadFile = File.createTempFile("upl", "tmp", dir); long size = filePart.writeTo(savedUploadFile); if (size == 0) { out.println("

Upload file contain zero bytes, check filename

Use the browser's back button to return to the form"); // res.sendError(res.SC_BAD_REQUEST,"Upload file contain zero bytes"); return; // Finish this method immediately... } // System.out.println(Calendar.getInstance().getTime() // ); istream = filePart.getInputStream(); br = new BufferedReader(new InputStreamReader( new FileInputStream(savedUploadFile))); //new FileInputStream(newdir))); String line = ""; int numberOfLines = 0; while (line != null) { line = br.readLine(); //out.println("
"+line); numberOfLines++; } numberOfLines--; out.println("

Uploaded file size: " + size + " bytes, " + numberOfLines + " rows"); if (numberOfLines > MAX_LINES) { res.sendError(res.SC_BAD_REQUEST, "File contained more than " + MAX_LINES + " lines."); return; // Finish this method immediately... } } else { // the field did not contain a file // out.println("file: name=" + name + "; EMPTY"); } // out.flush(); } } } catch (IOException IOEx) { out.println(IOEx); } archiveID=VDFSSchema.getArchiveID(archive); if (!action.equals("")) { out.println("

Results

"); } try { /* con = DriverManager.getConnection("jdbc:microsoft:sqlserver://" + DBserver + ":1433;DatabaseName=" + DBdatabase, DBuser, DBpasswd);*/ con=DatabaseConnection.getConnection(DBservers,DBdatabase,DBuser,DBpasswd,DBservers[0]); // con = DriverManager.getConnection("jdbc:jtds:sqlserver://" // + DBserver + ":1433/" + DBdatabase, // DBuser, DBpasswd); // ("jdbc:microsoft:sqlserver://ifa33p:1433;DatabaseName="+"usernames", // "userAdmin","userAdminpw"); con.setAutoCommit(false); // out.println("

"+Math.random()); Statement stmt = con.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_READ_ONLY); stmt.setQueryTimeout(90); boolean somethingChanged = false; PreparedStatement pstmt=null; if (action.equals("DelUser")) { String sqlDelUser; sqlDelUser = "delete from wsa_users where username='" + userName + "' and community='" + community + "'"; pstmt=VDFSSQLStatements.getDeleteUserPrepareStmt(con,archiveID,remoteUser,userName,community); int count = pstmt.executeUpdate();//stmt.executeUpdate(sqlDelUser); pstmt=null; if (count == 1) { somethingChanged = true; out.println("

Existing entry for user " + userName + " deleted."); } else { out .println("

No entry found for user \"" + userName + "\" and community \"" + community + "\""); } } if (action.equals("AddUser")) { if (!verifyString(userName,64,1) || !verifyString(firstName,32,0) || !verifyString(lastName,32,1) || !verifyString(passwd1,32,4) || !verifyString(community,64,1) || !verifyString(email,64,3)){ logger.info("userAdmin "+userName+" "+firstName+" "+lastName+" "+passwd1+" "+community+" "+email); out.println("Check that input parameters are not blanks or outside their min/max sizes.

Use the browser's back button to return to the form."); return; } if (passwd1.equals(passwd2)) { String sqlCheckCommunity=VDFSSQLStatements.getCheckCommunitySQL(archiveID,remoteUser,community); pstmt = VDFSSQLStatements.getCheckCommunityPrepareStmt(con,archiveID,remoteUser,community); //stmt.execute("select * from wsa_community where community='"+ community + "'"); //stmt.execute(sqlCheckCommunity); pstmt.execute(); ResultSet rs = pstmt.getResultSet(); boolean communityExists = false; if (rs.next()) { communityExists = true; } rs.close(); if (communityExists) { out.println("

Community verified

"); String sqlAddUser; String sqlDelUser; sqlDelUser = "delete from wsa_users where username='" + userName + "'and community='" + community + "'"; int count=0; int [] resCount; resCount=new int[2]; // count = stmt.executeUpdate(sqlDelUser); pstmt=VDFSSQLStatements.getDeleteUserPrepareStmt(con,archiveID,remoteUser,userName,community); resCount[0]=pstmt.executeUpdate(); //stmt.addBatch(sqlDelUser); /* if (count == 1) { out.println("

Existing entry for user " + userName + " deleted."); }*/ //Thread.sleep(1000); sqlAddUser = "insert into wsa_users (lastName,firstName,username,community,password,email,ipaddress) values ( " + "'" + lastName + "','" + firstName + "','" + userName + "','" + community + "'," + "'" + passwd1 + "','"+email+"','"+IPAddress+"')"; //out.println("

"+sqlAddUser+"

"); // count = stmt.executeUpdate(sqlAddUser); // stmt.addBatch(sqlAddUser); //resCount=stmt.executeBatch(); pstmt=VDFSSQLStatements.getAddUserPrepareStmt(con,archiveID,remoteUser,userName,community,lastName,firstName,passwd1,email,IPAddress); resCount[1]=pstmt.executeUpdate(); if (resCount[0] == 1) { out.println("

Existing entry for user " + userName + " deleted."); } if (resCount[1] == 1) { out.println("

User added."); somethingChanged = true; try { stmt.execute(userIDSQL); } catch (SQLException se) { } } } else { out .println("

Community does not exist, unable to add user."); } } else { out.println("

Passwords do not match."); } // out.println("

end AddUser"); } if (action.equals("file")) { /* stmt .execute("select * from wsa_community where community='" + community + "'"); */ pstmt=VDFSSQLStatements.getCheckCommunityPrepareStmt(con,archiveID,remoteUser,community); pstmt.execute(); ResultSet rs = pstmt.getResultSet(); // stmt.getResultSet(); boolean communityExists = false; if (rs.next()) { communityExists = true; } rs.close(); if (communityExists) { out.println("

Community verified

"); String sqlAddUser; String sqlDelUser; br = new BufferedReader(new InputStreamReader( new FileInputStream(savedUploadFile))); //new FileInputStream(newdir))); String line = ""; int numberOfLines = 0; String parts[]; int lineNum=0; int delCount=0; int addCount=0; int resCount[]; // PreparedStatement delPstmt=VDFSSQLStatements.getDeleteUserPrepareStmt(con,archiveID); // PreparedStatement addPstmt=VDFSSQLStatements.getAddUserPrepareStmt(con,archiveID);; resCount=new int [2]; while (line != null) { resCount[0]=0; resCount[1]=0; line = br.readLine(); if (line != null){ lineNum=lineNum+1; parts=line.split(","); // out.println ("

"+parts.length); for (int j=0; jLine "+lineNum+"
"+line+"
contains the wrong number " + "of parameters or some of the parameters are blank or too short/long, this line has not been added."); } } numberOfLines++; } out.println("

"+delCount+" rows deleted"); out.println("

"+addCount+" rows added"); if (delCount >0 || addCount > 0){ somethingChanged=true; try { stmt.execute(userIDSQL); } catch (SQLException se) { } } } else { out.println("

Community does not exist, unable to make changes."); } // savedUploadFile.delete(); } if (action.equals("addCommunity")) { if (verifyString(community,64,1) && !VDFSSchema.isReserved(community)){ pstmt = VDFSSQLStatements.getCheckCommunityPrepareStmt(con,archiveID,remoteUser,community); //stmt.execute("select * from wsa_community where community='"+ community + "'"); //stmt.execute(sqlCheckCommunity); pstmt.execute(); ResultSet rs = pstmt.getResultSet(); boolean communityExists = false; if (rs.next()) { communityExists = true; } rs.close(); if (!communityExists){ pstmt=VDFSSQLStatements.getAddCommunityPrepareStmt(con, archiveID, community); pstmt.execute(); int resCount=pstmt.getUpdateCount(); if (resCount > 0 ) { out.println("

"+resCount+" community \""+community+"\" added"); somethingChanged=true; } } else { out.println("Community already exists"); } } else { out.println("Check the supplied community is not blank or larger than 64 characters or a reserved name

Use the browser's back button to return to the form"); return; } } if (action.equals("listUser")) { if (verifyString(community,64,1)){ pstmt=VDFSSQLStatements.getListUserPrepareStmt(con,archiveID,remoteUser,community,userName); if (/*stmt .execute("select top 500 lastName,firstName,username,email from wsa_users where community='"+ community+"' and (username like '%" + userName + "%' or firstName like '%" + userName + "%' or lastName like '%"+ userName+"%')" ));*/ pstmt.execute()); { int rowsRet = 0; ResultSet rs = pstmt.getResultSet(); // stmt.getResultSet(); out .println("

Listing for "+community+"

\n"); ResultSetMetaData rsmd = rs.getMetaData(); //out.println(rsmd.getTableName(1)); int numcols = rsmd.getColumnCount(); // Title the table with the result set's column labels out.println(""); for (int i = 1; i <= numcols; i++) { out.println("\n"); while (rs.next()) { rowsRet = rowsRet + 1; out.println(""); // start a new row for (int i = 1; i <= numcols; i++) { out.print(""); else out.print(" "); } out.println("\n"); } rs.close(); // End the table out.println("
" + rsmd.getColumnLabel(i)); } out.println("
"); // start a new data element Object obj = rs.getObject(i); if (obj != null) out.print(obj.toString()+"

" + rowsRet + " row(s) returned.\n"); } } else { out.println("Check the supplied community is not blank or larger than 64 characters

Use the browser's back button to return to the form"); return; } } res.flushBuffer(); stmt.close(); // out.println("

Committing"); con.commit(); if (somethingChanged) { out.println("

Updates committed"); } } catch (Exception e) { try { con.rollback(); out.println(e + "

Rollingback, no changes have been made."); if (e instanceof SQLException) { out.print("

Database error " + e); } } catch (SQLException sqlEx) { out.print("Database error " + sqlEx); } } out.println("

Use the browser's back button to return to the form"); } catch (Exception e) { out.println(e); e.printStackTrace(); res.sendError(res.SC_INTERNAL_SERVER_ERROR, e + ""); return; } finally { if (con != null) { try { con.close(); } catch (SQLException sqlEx) { } System.gc(); } } }; // END of doGet() protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { // Data received by an HTTP POST is handled the same way // as data sent with a HTTP GET request... simply pass on to above... doPost(req, res); }; // END of doPost() protected boolean verifyString(String str,int maxSize,int minSize){ if (str != null && str.length() >= minSize && str.length() <= maxSize && !str.equals("")){ return true; } return false; } };