From 2f8dd7377d4b0b02743e018fd0ac5fb5eea3fddd Mon Sep 17 00:00:00 2001
From: Connor L Jackson <connor.jackson@uconn.edu>
Date: Sat, 22 Apr 2017 14:14:18 -0400
Subject: [PATCH 1/2] Password Reset

Still needs a bit of extra work
---
 WebContent/adminLogin.jsp    |  84 +++-----------------
 WebContent/index.jsp         |   4 +-
 WebContent/passwordreset.jsp | 149 +++++++++++++++++++++++++++++++++++
 3 files changed, 163 insertions(+), 74 deletions(-)
 create mode 100644 WebContent/passwordreset.jsp

diff --git a/WebContent/adminLogin.jsp b/WebContent/adminLogin.jsp
index df36b10..9c3445f 100644
--- a/WebContent/adminLogin.jsp
+++ b/WebContent/adminLogin.jsp
@@ -28,8 +28,18 @@
 	</nav>
 	<div  id = "info" style = "margin-left: 10px; visibility: hidden;">
 		<h2>Password Reset</h2>
-		<h3>Please check your email to get your newly generated password!</h3>
-		<button class = "btn btn-primary" onclick="goBack()">Go Back</button>
+		<h3>Please enter your SSO number and Email below.</h3>
+		<form action = "passwordreset.jsp" method="post">
+			<div class="form-group">
+				<label = for="username">SSO Number *</label>
+				<input id = "username" class = "form-control" type="text" pattern="[0-9]{9}" name="username" placeholder="9 digit SSO Number">
+			</div>
+			<div class="form-group">
+				<label = for="email">Email *</label>
+				<input id = "email" class = "form-control" type="email" name="email" placeholder="email@email.com">
+			</div>
+			<button name = "reset" type="submit" class="btn btn-primary" id = "submit">Reset Password</button>
+		</form>
 	</div>
 </body>
 <%
@@ -140,69 +150,6 @@ if(request.getParameter("login") != null){
 /*
 	If the user wants to reset their password, we will keep them on this page.
 */
-//if(request.getParameter("reset") != null){
-	//int ssoNum = Integer.parseInt(request.getParameter("username"));
-	
-	/*
-		Generate new password randomly
-	*/
-	//String chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
-	//StringBuilder random = new StringBuilder();
-	//Random rnd = new Random();
-	//String is 16 characters long
-	//while(random.length() < 16){
-		//int index = (int)(rnd.nextFloat()*chars.length());
-	//}
-	//String newpass = random.toString();
-	//String hashpass = null;
-	
-	/*
-		Hash new password.
-	*/
-	//try {
-		//MessageDigest md1 = MessageDigest.getInstance("MD5");
-		//md1.update(newpass.getBytes());
-		//byte[] bytes = md1.digest();
-		//StringBuilder sb = new StringBuilder();
-		//for(int i = 0; i<bytes.length; i++)
-			//sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
-		//hashpass = sb.toString();
-	//}
-	//catch (NoSuchAlgorithmException e){
-		
-	//}
-	
-	/*
-		Save new password to database
-	*/
-	//String database = "jdbc:mysql://us-cdbr-iron-east-04.cleardb.net/ad_15a989204c2ff8a?user=b372dfe7409692&password=74f6e317";
-	//String user = "b372dfe7409692";
-	//String password = "74f6e317";
-	//Class.forName("com.mysql.jdbc.Driver");
-	//Connection connection;
-	//Statement stmt;
-	//for(;;){
-		//try{
-			//connection = DriverManager.getConnection(database, user, password);
-			//break;
-		//}
-		//catch(SQLException e){
-			//Thread.sleep(1);
-		//}
-	//}
-	//for(;;){
-		//try{
-			//stmt = connection.createStatement();
-			//break;
-		//}
-		//catch(SQLException e){
-			//Thread.sleep(1);
-		//}
-	//}
-	//stmt.executeUpdate("UPDATE admin SET Password = \"" + hashpass + "\", Password_Flag = 0 WHERE Admin_ID = " + ssoNum);
-	
-	//dispatch email with the non hashed password
-//}
 %>
 <script>
 /*
@@ -210,12 +157,5 @@ if(request.getParameter("login") != null){
 */
 document.getElementById("info").style.visibility = 'visible';
 document.getElementById("navbaruniversal").style.visibility = 'visible';
-
-/*
-	Goes back to the previous page.
-*/
-function goBack(){
-	window.history.back();
-}
 </script>
 </html>
\ No newline at end of file
diff --git a/WebContent/index.jsp b/WebContent/index.jsp
index f44d00c..16d5526 100644
--- a/WebContent/index.jsp
+++ b/WebContent/index.jsp
@@ -95,7 +95,7 @@ pageEncoding="ISO-8859-1"%>
      <div class = "menuOption">
        <h2>User Login</h2>
        <form action="html/webpages/userLogin.jsp" method="post">
-        <input class = "form-control" type="text" pattern="[0-9]{9}" name="username" placeholder="9 digit SSO Number" /><br>
+        <input class = "form-control" type="text" pattern="[0-9]{9}" name="username" placeholder="9 digit SSO Number" required="true" /><br>
         <button type = "submit" value = "Add" class="btn btn-primary">Login</button>
       </form>
     </div>
@@ -103,7 +103,7 @@ pageEncoding="ISO-8859-1"%>
       <h2>Admin Login</h2> 
       <form action="adminLogin.jsp" method="post">
         <input class = "form-control" type="text" pattern="[0-9]{9}" name="username" placeholder="9 digit SSO Number" required = "true" />
-        <input class = "form-control" type="password" name="pass"  placeholder="Password" /><br>
+        <input class = "form-control" type="password" name="pass"  placeholder="Password" required="true" /><br>
         <button type = "submit" name = "login" class="btn btn-primary">Login</button>
         <button type = "submit" name = "reset" class = "btn btn-primary">Forgot Password?</button>
       </form>
diff --git a/WebContent/passwordreset.jsp b/WebContent/passwordreset.jsp
new file mode 100644
index 0000000..83a0d39
--- /dev/null
+++ b/WebContent/passwordreset.jsp
@@ -0,0 +1,149 @@
+<%@ page import = "database.*" %>
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
+<%@ page import = "java.sql.*" %>
+<%@ page import = "java.security.MessageDigest" %>
+<%@ page import = "java.security.NoSuchAlgorithmException" %>
+<%@ page import = "java.util.Random" %>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
+  <meta name="description" content="">
+  <meta name="author" content="">
+
+  <title>Innovation Hub</title>
+
+  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
+  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
+  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
+  <link rel = "stylesheet" type = "text/css" href = "html/css/stylesheet.css">
+  <link rel = "shortcut icon" href = "html/imgs/synchrony-financial-logo-dlpx_1.ico">
+</head>
+<body>
+	<nav class="navbar navbar-inverse navbar-fixed-top" id = "navbaruniversal" style = "visibility: hidden;">
+	  <div class="container-fluid"><div class="navbar-header"><button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"><span class="sr-only">Toggle navigation</span><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></button><a class="navbar-brand" href="index.jsp"><img src="html/imgs/synchrony-financial-logo-dlpx_1.png" style = "height: 100%;"></a></div><div id="navbar" class="navbar-collapse collapse" aria-expanded="false"><ul class="nav navbar-nav navbar-right"><li><a href="index.jsp">Synchrony Device Request System</a></li></ul></div></div>
+	</nav>
+	<div  id = "info" style = "margin-left: 10px; visibility: hidden;">
+		<h2>Password Reset</h2>
+		<h3 id = "msg"></h3>
+		<button class = "btn btn-primary" onclick="goBack()">Go Back</button>
+	</div>
+</body>
+<%
+int success = 0;
+/*
+	If the user wants to reset their password, we will keep them on this page.
+*/
+//if(request.getParameter("reset") != null){
+	//int ssoNum = Integer.parseInt(request.getParameter("username"));
+	//String email = request.getParameter("email");
+	
+	/*
+		Generate new password randomly
+	*/
+	//String chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
+	//StringBuilder random = new StringBuilder();
+	//Random rnd = new Random();
+	//String is 16 characters long
+	//while(random.length() < 16){
+		//int index = (int)(rnd.nextFloat()*chars.length());
+		//random.append(chars.charAt(index));
+	//}
+	//String newpass = random.toString();
+	//String hashpass = null;
+	
+	/*
+		Hash new password.
+	*/
+	//try {
+		//MessageDigest md1 = MessageDigest.getInstance("MD5");
+		//md1.update(newpass.getBytes());
+		//byte[] bytes = md1.digest();
+		//StringBuilder sb = new StringBuilder();
+		//for(int i = 0; i<bytes.length; i++)
+			//sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
+		//hashpass = sb.toString();
+	//}
+	//catch (NoSuchAlgorithmException e){
+		
+	//}
+	
+	/*
+		Make database connection
+	*/
+	//String database = "jdbc:mysql://us-cdbr-iron-east-04.cleardb.net/ad_15a989204c2ff8a?user=b372dfe7409692&password=74f6e317";
+	//String user = "b372dfe7409692";
+	//String password = "74f6e317";
+	//Class.forName("com.mysql.jdbc.Driver");
+	//Connection connection;
+	//Statement stmt;
+	//for(;;){
+		//try{
+			//connection = DriverManager.getConnection(database, user, password);
+			//break;
+		//}
+		//catch(SQLException e){
+			//Thread.sleep(1);
+		//}
+	//}
+	//for(;;){
+		//try{
+			//stmt = connection.createStatement();
+			//break;
+		//}
+		//catch(SQLException e){
+			//Thread.sleep(1);
+		//}
+	//}
+	
+	/*
+		We check to make sure that the email and SSO number match.
+	*/
+	//ResultSet set = stmt.executeQuery("SELECT * from employee WHERE Email = \'" + email + "\' AND Employee_ID = " + sso)
+	//int success;
+	//if(set.next()){
+		//success = 1;
+		//stmt.executeUpdate("UPDATE admin SET Password = \"" + hashpass + "\", Password_Flag = 0 WHERE Admin_ID = " + ssoNum);
+		//User changepass = new User(ssoNum,
+			//set.getInt("Location_ID"),
+			//set.getString("Name"),
+			//set.getString("Phone_Number"),
+			//set.getString("Email"),
+			//set.getInt("Img_Index"),
+			//set.getInt("Notification_Preference"))
+		//stmt.close();
+		//connection.close();
+		//new Mail(changepass).sebdTemporaryPassword(newpass);
+	//}
+	/*
+		Email and SSO did not match, so we end.
+	*/
+	//else{
+		//success = 0;
+		//stmt.close();
+		//connection.close();
+	//}
+//}
+%>
+<script>
+/*
+	At this point, we show the user what happened.
+*/
+if(<%=success%> == 1)
+	document.getElementById("msg").innerHTML = "Please check your email to get your newly generated password!";
+else
+	document.getElementById("msg").innerHTML = "Email and SSO Number did not match. Please go back and try again.";
+document.getElementById("info").style.visibility = 'visible';
+document.getElementById("navbaruniversal").style.visibility = 'visible';
+
+/*
+	Goes back to the previous page.
+*/
+function goBack(){
+	window.history.back();
+}
+</script>
+</html>
\ No newline at end of file

From d9c38d7fa2c7789757277dc5d7d0cdab193a8eec Mon Sep 17 00:00:00 2001
From: Connor L Jackson <connor.jackson@uconn.edu>
Date: Sat, 22 Apr 2017 14:24:23 -0400
Subject: [PATCH 2/2] Push

---
 WebContent/passwordreset.jsp | 142 +++++++++++++++++------------------
 1 file changed, 70 insertions(+), 72 deletions(-)

diff --git a/WebContent/passwordreset.jsp b/WebContent/passwordreset.jsp
index 83a0d39..f8f0f78 100644
--- a/WebContent/passwordreset.jsp
+++ b/WebContent/passwordreset.jsp
@@ -1,4 +1,4 @@
-<%@ page import = "database.*" %>
+<%@ page import = "database.*,entities.User,utilities.Mail" %>
 <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
 <%@ page import = "java.sql.*" %>
 <%@ page import = "java.security.MessageDigest" %>
@@ -33,100 +33,98 @@
 	</div>
 </body>
 <%
-int success = 0;
+int success=0;
 /*
 	If the user wants to reset their password, we will keep them on this page.
 */
-//if(request.getParameter("reset") != null){
-	//int ssoNum = Integer.parseInt(request.getParameter("username"));
-	//String email = request.getParameter("email");
+if(request.getParameter("reset") != null){
+	int ssoNum = Integer.parseInt(request.getParameter("username"));
+	String email = request.getParameter("email");
 	
 	/*
 		Generate new password randomly
 	*/
-	//String chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
-	//StringBuilder random = new StringBuilder();
-	//Random rnd = new Random();
+	String chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
+	StringBuilder random = new StringBuilder();
+	Random rnd = new Random();
 	//String is 16 characters long
-	//while(random.length() < 16){
-		//int index = (int)(rnd.nextFloat()*chars.length());
-		//random.append(chars.charAt(index));
-	//}
-	//String newpass = random.toString();
-	//String hashpass = null;
+	while(random.length() < 16){
+		int index = (int)(rnd.nextFloat()*chars.length());
+		random.append(chars.charAt(index));
+	}
+	String newpass = random.toString();
+	String hashpass = null;
 	
 	/*
 		Hash new password.
 	*/
-	//try {
-		//MessageDigest md1 = MessageDigest.getInstance("MD5");
-		//md1.update(newpass.getBytes());
-		//byte[] bytes = md1.digest();
-		//StringBuilder sb = new StringBuilder();
-		//for(int i = 0; i<bytes.length; i++)
-			//sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
-		//hashpass = sb.toString();
-	//}
-	//catch (NoSuchAlgorithmException e){
-		
-	//}
+	try {
+		MessageDigest md1 = MessageDigest.getInstance("MD5");
+		md1.update(newpass.getBytes());
+		byte[] bytes = md1.digest();
+		StringBuilder sb = new StringBuilder();
+		for(int i = 0; i<bytes.length; i++)
+			sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
+		hashpass = sb.toString();
+	}
+	catch (NoSuchAlgorithmException e){
+	}
 	
 	/*
 		Make database connection
 	*/
-	//String database = "jdbc:mysql://us-cdbr-iron-east-04.cleardb.net/ad_15a989204c2ff8a?user=b372dfe7409692&password=74f6e317";
-	//String user = "b372dfe7409692";
-	//String password = "74f6e317";
-	//Class.forName("com.mysql.jdbc.Driver");
-	//Connection connection;
-	//Statement stmt;
-	//for(;;){
-		//try{
-			//connection = DriverManager.getConnection(database, user, password);
-			//break;
-		//}
-		//catch(SQLException e){
-			//Thread.sleep(1);
-		//}
-	//}
-	//for(;;){
-		//try{
-			//stmt = connection.createStatement();
-			//break;
-		//}
-		//catch(SQLException e){
-			//Thread.sleep(1);
-		//}
-	//}
+	String database = "jdbc:mysql://us-cdbr-iron-east-04.cleardb.net/ad_15a989204c2ff8a?user=b372dfe7409692&password=74f6e317";
+	String user = "b372dfe7409692";
+	String password = "74f6e317";
+	Class.forName("com.mysql.jdbc.Driver");
+	Connection connection;
+	Statement stmt;
+	for(;;){
+		try{
+			connection = DriverManager.getConnection(database, user, password);
+			break;
+		}
+		catch(SQLException e){
+			Thread.sleep(1);
+		}
+	}
+	for(;;){
+		try{
+			stmt = connection.createStatement();
+			break;
+		}
+		catch(SQLException e){
+			Thread.sleep(1);
+		}
+	}
 	
 	/*
 		We check to make sure that the email and SSO number match.
 	*/
-	//ResultSet set = stmt.executeQuery("SELECT * from employee WHERE Email = \'" + email + "\' AND Employee_ID = " + sso)
-	//int success;
-	//if(set.next()){
-		//success = 1;
-		//stmt.executeUpdate("UPDATE admin SET Password = \"" + hashpass + "\", Password_Flag = 0 WHERE Admin_ID = " + ssoNum);
-		//User changepass = new User(ssoNum,
-			//set.getInt("Location_ID"),
-			//set.getString("Name"),
-			//set.getString("Phone_Number"),
-			//set.getString("Email"),
-			//set.getInt("Img_Index"),
-			//set.getInt("Notification_Preference"))
-		//stmt.close();
-		//connection.close();
-		//new Mail(changepass).sebdTemporaryPassword(newpass);
-	//}
+	ResultSet set = stmt.executeQuery("SELECT * from employee WHERE Email = \'" + email + "\' AND Employee_ID = " + ssoNum);
+	if(set.next()){
+		success = 1;
+		stmt.executeUpdate("UPDATE admin SET Password = \"" + hashpass + "\", Password_Flag = 0 WHERE Admin_ID = " + ssoNum);
+		User changepass = new User(ssoNum,
+			set.getInt("Location_ID"),
+			set.getString("Name"),
+			set.getString("Phone_Number"),
+			set.getString("Email"),
+			set.getInt("Img_Index"),
+			set.getInt("Notification_Preference"));
+		stmt.close();
+		connection.close();
+		new Mail(changepass).sendTemporaryPassword(newpass);
+	}
 	/*
 		Email and SSO did not match, so we end.
 	*/
-	//else{
-		//success = 0;
-		//stmt.close();
-		//connection.close();
-	//}
-//}
+	else{
+		success = 0;
+		stmt.close();
+		connection.close();
+	}
+}
 %>
 <script>
 /*