Merge pull request #160 from arc12012/bugs

Bugs

WebContent/adminLogin.jsp

@@ -28,8 +28,18 @@
 	</nav>
 	<div  id = "info" style = "margin-left: 10px; visibility: hidden;">
 		<h2>Password Reset</h2>
-		<h3>Please check your email to get your newly generated password!</h3>
-		<button class = "btn btn-primary" onclick="goBack()">Go Back</button>
+		<h3>Please enter your SSO number and Email below.</h3>
+		<form action = "passwordreset.jsp" method="post">
+			<div class="form-group">
+				<label = for="username">SSO Number *</label>
+				<input id = "username" class = "form-control" type="text" pattern="[0-9]{9}" name="username" placeholder="9 digit SSO Number">
+			</div>
+			<div class="form-group">
+				<label = for="email">Email *</label>
+				<input id = "email" class = "form-control" type="email" name="email" placeholder="email@email.com">
+			</div>
+			<button name = "reset" type="submit" class="btn btn-primary" id = "submit">Reset Password</button>
+		</form>
 	</div>
 </body>
 <%
@@ -140,82 +150,12 @@ if(request.getParameter("login") != null){
 /*
 	If the user wants to reset their password, we will keep them on this page.
 */
-//if(request.getParameter("reset") != null){
-	//int ssoNum = Integer.parseInt(request.getParameter("username"));
-	
-	/*
-		Generate new password randomly
-	*/
-	//String chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
-	//StringBuilder random = new StringBuilder();
-	//Random rnd = new Random();
-	//String is 16 characters long
-	//while(random.length() < 16){
-		//int index = (int)(rnd.nextFloat()*chars.length());
-	//}
-	//String newpass = random.toString();
-	//String hashpass = null;
-	
-	/*
-		Hash new password.
-	*/
-	//try {
-		//MessageDigest md1 = MessageDigest.getInstance("MD5");
-		//md1.update(newpass.getBytes());
-		//byte[] bytes = md1.digest();
-		//StringBuilder sb = new StringBuilder();
-		//for(int i = 0; i<bytes.length; i++)
-			//sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
-		//hashpass = sb.toString();
-	//}
-	//catch (NoSuchAlgorithmException e){
-		
-	//}
-	
-	/*
-		Save new password to database
-	*/
-	//String database = "jdbc:mysql://us-cdbr-iron-east-04.cleardb.net/ad_15a989204c2ff8a?user=b372dfe7409692&password=74f6e317";
-	//String user = "b372dfe7409692";
-	//String password = "74f6e317";
-	//Class.forName("com.mysql.jdbc.Driver");
-	//Connection connection;
-	//Statement stmt;
-	//for(;;){
-		//try{
-			//connection = DriverManager.getConnection(database, user, password);
-			//break;
-		//}
-		//catch(SQLException e){
-			//Thread.sleep(1);
-		//}
-	//}
-	//for(;;){
-		//try{
-			//stmt = connection.createStatement();
-			//break;
-		//}
-		//catch(SQLException e){
-			//Thread.sleep(1);
-		//}
-	//}
-	//stmt.executeUpdate("UPDATE admin SET Password = \"" + hashpass + "\", Password_Flag = 0 WHERE Admin_ID = " + ssoNum);
-	
-	//dispatch email with the non hashed password
-//}
 %>
 <script>
 /*
 	If we get to this point in the page, the user is resetting their password and we want to display everything on the page now.
 */
 document.getElementById("info").style.visibility = 'visible';
 document.getElementById("navbaruniversal").style.visibility = 'visible';
-
-/*
-	Goes back to the previous page.
-*/
-function goBack(){
-	window.history.back();
-}
 </script>
 </html>

WebContent/index.jsp

@@ -95,15 +95,15 @@ pageEncoding="ISO-8859-1"%>
      <div class = "menuOption">
        <h2>User Login</h2>
        <form action="html/webpages/userLogin.jsp" method="post">
-        <input class = "form-control" type="text" pattern="[0-9]{9}" name="username" placeholder="9 digit SSO Number" /><br>
+        <input class = "form-control" type="text" pattern="[0-9]{9}" name="username" placeholder="9 digit SSO Number" required="true" /><br>
         <button type = "submit" value = "Add" class="btn btn-primary">Login</button>
       </form>
     </div>
     <div class = "menuOption">
       <h2>Admin Login</h2> 
       <form action="adminLogin.jsp" method="post">
         <input class = "form-control" type="text" pattern="[0-9]{9}" name="username" placeholder="9 digit SSO Number" required = "true" />
-        <input class = "form-control" type="password" name="pass"  placeholder="Password" /><br>
+        <input class = "form-control" type="password" name="pass"  placeholder="Password" required="true" /><br>
         <button type = "submit" name = "login" class="btn btn-primary">Login</button>
         <button type = "submit" name = "reset" class = "btn btn-primary">Forgot Password?</button>
       </form>

WebContent/passwordreset.jsp

@@ -0,0 +1,147 @@
+<%@ page import = "database.*,entities.User,utilities.Mail" %>
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
+<%@ page import = "java.sql.*" %>
+<%@ page import = "java.security.MessageDigest" %>
+<%@ page import = "java.security.NoSuchAlgorithmException" %>
+<%@ page import = "java.util.Random" %>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
+  <meta name="description" content="">
+  <meta name="author" content="">
+
+  <title>Innovation Hub</title>
+
+  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
+  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
+  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
+  <link rel = "stylesheet" type = "text/css" href = "html/css/stylesheet.css">
+  <link rel = "shortcut icon" href = "html/imgs/synchrony-financial-logo-dlpx_1.ico">
+</head>
+<body>
+	<nav class="navbar navbar-inverse navbar-fixed-top" id = "navbaruniversal" style = "visibility: hidden;">
+	  <div class="container-fluid"><div class="navbar-header"><button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"><span class="sr-only">Toggle navigation</span><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></button><a class="navbar-brand" href="index.jsp"><img src="html/imgs/synchrony-financial-logo-dlpx_1.png" style = "height: 100%;"></a></div><div id="navbar" class="navbar-collapse collapse" aria-expanded="false"><ul class="nav navbar-nav navbar-right"><li><a href="index.jsp">Synchrony Device Request System</a></li></ul></div></div>
+	</nav>
+	<div  id = "info" style = "margin-left: 10px; visibility: hidden;">
+		<h2>Password Reset</h2>
+		<h3 id = "msg"></h3>
+		<button class = "btn btn-primary" onclick="goBack()">Go Back</button>
+	</div>
+</body>
+<%
+int success=0;
+/*
+	If the user wants to reset their password, we will keep them on this page.
+*/
+if(request.getParameter("reset") != null){
+	int ssoNum = Integer.parseInt(request.getParameter("username"));
+	String email = request.getParameter("email");
+	
+	/*
+		Generate new password randomly
+	*/
+	String chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
+	StringBuilder random = new StringBuilder();
+	Random rnd = new Random();
+	//String is 16 characters long
+	while(random.length() < 16){
+		int index = (int)(rnd.nextFloat()*chars.length());
+		random.append(chars.charAt(index));
+	}
+	String newpass = random.toString();
+	String hashpass = null;
+	
+	/*
+		Hash new password.
+	*/
+	try {
+		MessageDigest md1 = MessageDigest.getInstance("MD5");
+		md1.update(newpass.getBytes());
+		byte[] bytes = md1.digest();
+		StringBuilder sb = new StringBuilder();
+		for(int i = 0; i<bytes.length; i++)
+			sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
+		hashpass = sb.toString();
+	}
+	catch (NoSuchAlgorithmException e){
+	}
+	
+	/*
+		Make database connection
+	*/
+	String database = "jdbc:mysql://us-cdbr-iron-east-04.cleardb.net/ad_15a989204c2ff8a?user=b372dfe7409692&password=74f6e317";
+	String user = "b372dfe7409692";
+	String password = "74f6e317";
+	Class.forName("com.mysql.jdbc.Driver");
+	Connection connection;
+	Statement stmt;
+	for(;;){
+		try{
+			connection = DriverManager.getConnection(database, user, password);
+			break;
+		}
+		catch(SQLException e){
+			Thread.sleep(1);
+		}
+	}
+	for(;;){
+		try{
+			stmt = connection.createStatement();
+			break;
+		}
+		catch(SQLException e){
+			Thread.sleep(1);
+		}
+	}
+	
+	/*
+		We check to make sure that the email and SSO number match.
+	*/
+	ResultSet set = stmt.executeQuery("SELECT * from employee WHERE Email = \'" + email + "\' AND Employee_ID = " + ssoNum);
+	if(set.next()){
+		success = 1;
+		stmt.executeUpdate("UPDATE admin SET Password = \"" + hashpass + "\", Password_Flag = 0 WHERE Admin_ID = " + ssoNum);
+		User changepass = new User(ssoNum,
+			set.getInt("Location_ID"),
+			set.getString("Name"),
+			set.getString("Phone_Number"),
+			set.getString("Email"),
+			set.getInt("Img_Index"),
+			set.getInt("Notification_Preference"));
+		stmt.close();
+		connection.close();
+		new Mail(changepass).sendTemporaryPassword(newpass);
+	}
+	/*
+		Email and SSO did not match, so we end.
+	*/
+	else{
+		success = 0;
+		stmt.close();
+		connection.close();
+	}
+}
+%>
+<script>
+/*
+	At this point, we show the user what happened.
+*/
+if(<%=success%> == 1)
+	document.getElementById("msg").innerHTML = "Please check your email to get your newly generated password!";
+else
+	document.getElementById("msg").innerHTML = "Email and SSO Number did not match. Please go back and try again.";
+document.getElementById("info").style.visibility = 'visible';
+document.getElementById("navbaruniversal").style.visibility = 'visible';
+
+/*
+	Goes back to the previous page.
+*/
+function goBack(){
+	window.history.back();
+}
+</script>
+</html>