From 2a37d1e1b8eeb92a46ce3bcb84b366f786285ab1 Mon Sep 17 00:00:00 2001
From: Connor L Jackson <connor.jackson@uconn.edu>
Date: Fri, 14 Apr 2017 12:35:56 -0400
Subject: [PATCH] Admins are now forced to change their password upon first
 login

---
 WebContent/adminLogin.jsp                     | 19 ++++-
 WebContent/html/webpages/adminApprove.jsp     | 16 +++--
 .../html/webpages/adminDeviceSettings.jsp     | 20 +++---
 WebContent/html/webpages/adminpassword.jsp    | 60 ++++++++++++++++
 .../html/webpages/adminpasswordchange.jsp     | 71 +++++++++++++++++++
 .../html/webpages/adminpasswordtryagain.jsp   | 61 ++++++++++++++++
 WebContent/html/webpages/deviceRedirect.jsp   |  4 +-
 WebContent/html/webpages/logout.jsp           |  6 +-
 WebContent/html/webpages/navbar.jsp           | 26 ++++---
 src/database/AdminQueries.java                | 36 ++++++++++
 src/database/DeviceQueries.java               | 10 +--
 src/entities/Admin.java                       |  9 ++-
 src/entities/Device.java                      |  8 +--
 13 files changed, 302 insertions(+), 44 deletions(-)
 create mode 100644 WebContent/html/webpages/adminpassword.jsp
 create mode 100644 WebContent/html/webpages/adminpasswordchange.jsp
 create mode 100644 WebContent/html/webpages/adminpasswordtryagain.jsp
 create mode 100644 src/database/AdminQueries.java

diff --git a/WebContent/adminLogin.jsp b/WebContent/adminLogin.jsp
index 6341098..6f884ff 100644
--- a/WebContent/adminLogin.jsp
+++ b/WebContent/adminLogin.jsp
@@ -23,10 +23,23 @@ if (result.next()){
 	session.setAttribute("ssoNum", ssoNum);
 	adminCookie = new Cookie("ssoNum", Integer.toString(ssoNum));
 	adminCookie.setMaxAge(30*60);
+	adminCookie.setPath("/");
 	response.addCookie(adminCookie);
-	stmt.close();
-	connection.close();
-	response.sendRedirect("html/webpages/admin.jsp");
+	Cookie adminCookie2 = new Cookie("admin", Integer.toString(ssoNum));
+	adminCookie2.setPath("/");
+	response.addCookie(adminCookie2);
+	if(result.getInt("Password_Flag") == 1){
+		stmt.close();
+		connection.close();
+		response.sendRedirect("html/webpages/admin.jsp");
+		return;
+	}
+	else{
+		stmt.close();
+		connection.close();
+		response.sendRedirect("html/webpages/adminpassword.jsp");
+		return;
+	}
 } else {
 	stmt.close();
 	connection.close();
diff --git a/WebContent/html/webpages/adminApprove.jsp b/WebContent/html/webpages/adminApprove.jsp
index 6c999ef..bd55259 100644
--- a/WebContent/html/webpages/adminApprove.jsp
+++ b/WebContent/html/webpages/adminApprove.jsp
@@ -56,9 +56,6 @@
       border-color: #3B3C43;
       border-radius: 5px;
     }
-    div.displayDevice{
-      left: 0px;
-    }
     .form-control{
       margin: auto;
       text-align: center;
@@ -71,7 +68,6 @@
     .table{
       width: auto;
       background-color: #E9EAEB;
-	  margin: 0 auto;
     }
 
     tbody{
@@ -89,6 +85,16 @@
     	<%@ include file="navbar.jsp"%>
     </nav>
 
+	<div class="col-sm-3 col-md-2 sidebar">
+		<ul class="nav nav-sidebar">
+			<h4>Admin Options</h4>
+			<li class="option"><a href="adminApprove.jsp">Approve Devices</a></li>
+			<!-- will add in when maegan is done <li class="option"><a href="#">Manage Admins</a></li> -->
+			<li class="option"><a href="adminDeviceSettings.jsp">Manage Devices</a></li>
+			<li class="option"><a href="adminLocation.jsp">Manage Locations</a></li>
+		</ul>
+	</div>
+
 	<!-- Modal for choosing ticket action. -->
   <div id="Modal" class="modal">
         <div class="modal-content">
@@ -99,7 +105,7 @@
             <div class="modal-body">
               <!-- Where new information is added. -->
               <form ACTION = "ticketAdminRedirect.jsp" METHOD = "POST">
-              	<table class="table table-bordered table-hover">
+              	<table style = 'margin: 0 auto;' class="table table-bordered table-hover">
 			        <thead>
 			            <tr>
 			                <th>Ticket ID</th>
diff --git a/WebContent/html/webpages/adminDeviceSettings.jsp b/WebContent/html/webpages/adminDeviceSettings.jsp
index 65db663..d67cd5a 100644
--- a/WebContent/html/webpages/adminDeviceSettings.jsp
+++ b/WebContent/html/webpages/adminDeviceSettings.jsp
@@ -74,13 +74,14 @@ pageEncoding="ISO-8859-1"%>
 <body>
   <!-- Side bar -->
   <div class="col-sm-3 col-md-2 sidebar">
-    <ul class="nav nav-sidebar">
-      <h4>Admin Options</h4>
-      <li class="option"><a href="../webpages/adminApprove.html">Approve Devices</a></li>
-      <li class="option"><a href="#">Manage Admins</a></li>
-      <li class="option"><a href="#">Manage Devices</a></li>
-    </ul>
-  </div>
+		<ul class="nav nav-sidebar">
+			<h4>Admin Options</h4>
+			<li class="option"><a href="adminApprove.jsp">Approve Devices</a></li>
+			<!-- will add in when maegan is done <li class="option"><a href="#">Manage Admins</a></li> -->
+			<li class="option"><a href="adminDeviceSettings.jsp">Manage Devices</a></li>
+			<li class="option"><a href="adminLocation.jsp">Manage Locations</a></li>
+		</ul>
+	</div>
 
   <!-- Modal for adding new device. -->
   <div id="addModal" class="modal">
@@ -129,7 +130,7 @@ pageEncoding="ISO-8859-1"%>
         </div>
         <div class = "form-group">
           <label for="addNFC">NFC ID</label>
-          <input style = "width: 75px;" name = "NFC" class="form-control" type = "number" id="addNFC" placeholder="ID">
+          <input style = "width: 75px;" name = "NFC" class="form-control" id="addNFC" placeholder="ID">
         </div><br>
         <button type = "submit" name = "add" value = "Add" class="btn btn-primary">Add</button>
       </form>
@@ -184,7 +185,7 @@ pageEncoding="ISO-8859-1"%>
       </div>
       <div class = "form-group">
         <label for="modifyNFC">NFC ID</label>
-        <input style = "width: 75px;" name = "NFC" class="form-control" type = "number" id="modifyNFC" placeholder="ID">
+        <input style = "width: 75px;" name = "NFC" class="form-control" id="modifyNFC" placeholder="ID">
       </div><br>
       <button type = "submit" name = "modify" value = "Save Changes" class="btn btn-primary">Save Changes</button>
       <button style = "display: inline-block;" type = "submit" name = "delete" value = "Delete Entry" class="btn btn-primary">Delete</button>
@@ -251,6 +252,7 @@ populateDevices(devices);
 
 //adds event listeners to all table records
 $("tr.entry").click(modifyModal);
+
 //Exits modal when x is clicked.
 $("#closeModifyForm").click(closeModifyModal);
 //Open the add modal
diff --git a/WebContent/html/webpages/adminpassword.jsp b/WebContent/html/webpages/adminpassword.jsp
new file mode 100644
index 0000000..2be0454
--- /dev/null
+++ b/WebContent/html/webpages/adminpassword.jsp
@@ -0,0 +1,60 @@
+<%@ page import = "database.*,entities.User" %>
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
+    <meta name="description" content="">
+    <meta name="author" content="">
+
+    <title>Synchrony Financial</title>
+
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
+    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
+    <link rel = "stylesheet" type = "text/css" href = "../css/stylesheet.css">
+    <link rel = "shortcut icon" href = "../imgs/synchrony-financial-logo-dlpx_1.ico">
+    <link rel="stylesheet" type="text/css" href="../javascript/iconselect.js-1.0/css/lib/control/iconselect.css" >
+    <script type="text/javascript" src="../javascript/iconselect.js-1.0/lib/control/iconselect.js"></script>
+    <script type="text/javascript" src="../javascript/iconselect.js-1.0/lib/iscroll.js"></script>
+
+    <style>
+    </style>
+
+</head>
+
+<body>
+    <!-- Header. -->
+   	<nav class="navbar navbar-inverse navbar-fixed-top" id = "navbaruniversal">
+		<div class="container-fluid"><div class="navbar-header"><button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"><span class="sr-only">Toggle navigation</span><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></button><a class="navbar-brand" href="index.jsp"><img src="html/imgs/synchrony-financial-logo-dlpx_1.png" style = "height: 100%;"></a></div><div id="navbar" class="navbar-collapse collapse" aria-expanded="false"><ul class="nav navbar-nav navbar-right"><li><a href="index.jsp">Synchrony Device Request System</a></li></ul></div></div>
+  	</nav>
+    <!-- All profile information -->
+    <div style = "margin-left: 30px;">
+        <!-- Where main user information is edited -->
+        <form action = "adminpasswordchange.jsp" class = "infobar">
+            <h2>Change Your Password</h2>
+            <h3>Since it is your first time logging in, you need to update your password.</h3>
+            <div class = "form-group">
+                <label for="old">Old Password</label>
+                <input style = "width: 200px;" name = "old" type = "password" class="form-control" id="old" required = "true">
+            </div>
+            <div class = "form-group">
+                <label for="new">New Password</label>
+                <input style = "width: 200px;" name = "new" type = "password" class="form-control" id="new" required = "true">
+            </div>
+            <div class = "form-group">
+                <label for="confirm">Confirm Password</label>
+                <input style = "width: 200px;" name = "confirm" type = "password" class="form-control" id="confirm" required = "true">
+            </div>
+            <div class = "form-group">
+                <label for="confirm">Pincode for Locker (4 digits long)</label>
+                <input style = "width: 200px;" name = "pincode" type = "password" class="form-control" id="pincode" required = "true">
+            </div>
+            <button name = "submit" type="submit" class="btn btn-primary" id = "submit">Apply Changes</button>
+        </form>
+    </div>
+</body>
+
+</html> 
\ No newline at end of file
diff --git a/WebContent/html/webpages/adminpasswordchange.jsp b/WebContent/html/webpages/adminpasswordchange.jsp
new file mode 100644
index 0000000..881eb1d
--- /dev/null
+++ b/WebContent/html/webpages/adminpasswordchange.jsp
@@ -0,0 +1,71 @@
+<%@ page import = "database.*,entities.Device" %>
+<%@ page import = "java.sql.*" %>
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+    pageEncoding="ISO-8859-1"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
+  <meta name="description" content="">
+  <meta name="author" content="">
+
+  <title>Synchrony Financial</title>
+
+  <link rel="stylesheet" type="text/css" href="http://ajax.aspnetcdn.com/ajax/jquery.dataTables/1.9.4/css/jquery.dataTables.css">
+  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
+  <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
+  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
+  <link rel = "stylesheet" type = "text/css" href = "../css/stylesheet.css">
+  <link rel = "shortcut icon" href = "../imgs/synchrony-financial-logo-dlpx_1.ico">
+  <nav class="navbar navbar-inverse navbar-fixed-top" id = "navbaruniversal">
+    <%@ include file="navbar.jsp"%>
+  </nav>
+</head>
+<body>
+  <h2>Redirect Page</h2>
+  <p>You shouldn't be seeing this page :)</p>
+
+<%
+//add form was submitted
+if(request.getParameter("submit") != null){
+  String old = request.getParameter("old");
+  String newpass = request.getParameter("new");
+  String confirm = request.getParameter("confirm");
+  String pincode = request.getParameter("pincode");
+  String database = "jdbc:mysql://us-cdbr-iron-east-04.cleardb.net/ad_15a989204c2ff8a?user=b372dfe7409692&password=74f6e317";
+  String user = "b372dfe7409692";
+  String password = "74f6e317";
+  System.getenv("VCAP_SERVICES");
+  Class.forName("com.mysql.jdbc.Driver");
+  Connection connection = DriverManager.getConnection(database, user, password);
+  Statement stmt = connection.createStatement();
+  ResultSet result;
+  result = stmt.executeQuery("select * FROM admin where Admin_ID='" + navsso + "' AND Password='" + old + "'");
+  if(result.next()){//if old password is accurate
+  	if (!old.equals(newpass) && newpass.equals(confirm) && pincode.length() == 4 && AdminQueries.pincodeInt(pincode)){//if the password is new AND both news ones are equal AND pincode is 4 digits AND pincode is a number
+  		stmt.executeUpdate("UPDATE admin SET Password = \"" + newpass + "\", Password_Flag = 1, Pincode = " + pincode + " WHERE Admin_ID = " + navsso);
+  		stmt.close();
+  		connection.close();
+  		response.sendRedirect("admin.jsp");
+  		return;
+  	}
+  	else{
+  		stmt.close();
+  		connection.close();
+  		response.sendRedirect("adminpasswordtryagain.jsp");
+  		return;
+  	}
+  }
+  else{
+  	stmt.close();
+  	connection.close();
+  	response.sendRedirect("adminpasswordtryagain.jsp");
+  	return;
+  }
+}
+%>
+</body>
+</html> 
\ No newline at end of file
diff --git a/WebContent/html/webpages/adminpasswordtryagain.jsp b/WebContent/html/webpages/adminpasswordtryagain.jsp
new file mode 100644
index 0000000..ae7082f
--- /dev/null
+++ b/WebContent/html/webpages/adminpasswordtryagain.jsp
@@ -0,0 +1,61 @@
+<%@ page import = "database.*,entities.User" %>
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
+    <meta name="description" content="">
+    <meta name="author" content="">
+
+    <title>Synchrony Financial</title>
+
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
+    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
+    <link rel = "stylesheet" type = "text/css" href = "../css/stylesheet.css">
+    <link rel = "shortcut icon" href = "../imgs/synchrony-financial-logo-dlpx_1.ico">
+    <link rel="stylesheet" type="text/css" href="../javascript/iconselect.js-1.0/css/lib/control/iconselect.css" >
+    <script type="text/javascript" src="../javascript/iconselect.js-1.0/lib/control/iconselect.js"></script>
+    <script type="text/javascript" src="../javascript/iconselect.js-1.0/lib/iscroll.js"></script>
+
+    <style>
+    </style>
+
+</head>
+
+<body>
+    <!-- Header. -->
+   	<nav class="navbar navbar-inverse navbar-fixed-top" id = "navbaruniversal">
+		<div class="container-fluid"><div class="navbar-header"><button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"><span class="sr-only">Toggle navigation</span><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></button><a class="navbar-brand" href="index.jsp"><img src="html/imgs/synchrony-financial-logo-dlpx_1.png" style = "height: 100%;"></a></div><div id="navbar" class="navbar-collapse collapse" aria-expanded="false"><ul class="nav navbar-nav navbar-right"><li><a href="index.jsp">Synchrony Device Request System</a></li></ul></div></div>
+  	</nav>
+    <!-- All profile information -->
+    <div style = "margin-left: 30px;">
+        <!-- Where main user information is edited -->
+        <form action = "adminpasswordchange.jsp" class = "infobar">
+            <h2>Change Your Password</h2>
+            <h3>Since it is your first time logging in, you need to update your password.</h3>
+            <h4>Please make sure your old password is correct, your new ones are new and matching, and your pincode is 4 digits long.</h4>
+            <div class = "form-group">
+                <label for="old">Old Password</label>
+                <input style = "width: 200px;" name = "old" type = "password" class="form-control" id="old" required = "true">
+            </div>
+            <div class = "form-group">
+                <label for="new">New Password</label>
+                <input style = "width: 200px;" name = "new" type = "password" class="form-control" id="new" required = "true">
+            </div>
+            <div class = "form-group">
+                <label for="confirm">Confirm Password</label>
+                <input style = "width: 200px;" name = "confirm" type = "password" class="form-control" id="confirm" required = "true">
+            </div>
+            <div class = "form-group">
+                <label for="confirm">Pincode for Locker (4 digits long)</label>
+                <input style = "width: 200px;" name = "pincode" type = "password" class="form-control" id="pincode" required = "true">
+            </div>
+            <button name = "submit" type="submit" class="btn btn-primary" id = "submit">Apply Changes</button>
+        </form>
+    </div>
+</body>
+
+</html> 
\ No newline at end of file
diff --git a/WebContent/html/webpages/deviceRedirect.jsp b/WebContent/html/webpages/deviceRedirect.jsp
index d3e9558..08624d8 100644
--- a/WebContent/html/webpages/deviceRedirect.jsp
+++ b/WebContent/html/webpages/deviceRedirect.jsp
@@ -37,7 +37,7 @@ String manufacturer = request.getParameter("manu").replace("\"","\\\"");
 String hardware = request.getParameter("hardware").replace("\"","\\\"");
 String model = request.getParameter("model").replace("\"","\\\"");
 String serial = request.getParameter("serial");
-int nfc =  Integer.parseInt(request.getParameter("NFC"));
+String nfc =  request.getParameter("NFC");
 //add form was submitted
 if(request.getParameter("add") != null){
   Device device = new Device(name,1,description,hardware,model,manufacturer,status,mac,serial,nfc);
@@ -65,7 +65,5 @@ if(request.getParameter("delete") != null){
 <script>
 window.location.replace("adminDeviceSettings.jsp");
 </script>
-<!-- Navbar generation. -->
-<script src = "../javascript/navbar.js"></script>
 </body>
 </html>
\ No newline at end of file
diff --git a/WebContent/html/webpages/logout.jsp b/WebContent/html/webpages/logout.jsp
index 1d7cba8..e39c5f3 100644
--- a/WebContent/html/webpages/logout.jsp
+++ b/WebContent/html/webpages/logout.jsp
@@ -7,13 +7,13 @@
 Cookie[] usercookies = request.getCookies();
 if(usercookies != null){
 	for(Cookie c : usercookies){
-		if(c.getName().equals("ssoNum")){//when (and if) we get to user cookie we want to reset it 
+		if(c.getName().equals("ssoNum") || c.getName().equals("admin")){//when (and if) we get to user cookie we want to reset it 
 			c.setMaxAge(0);//delete current
-			Cookie newCookie = new Cookie("ssoNum","");//make new one
+			String cookiename = c.getName();
+			Cookie newCookie = new Cookie(cookiename,"");//make new one
 			newCookie.setMaxAge(0);
 			newCookie.setPath("/");
 			response.addCookie(newCookie);
-			break;
 		}
 	}
 }
diff --git a/WebContent/html/webpages/navbar.jsp b/WebContent/html/webpages/navbar.jsp
index 731039a..4ab3fbe 100644
--- a/WebContent/html/webpages/navbar.jsp
+++ b/WebContent/html/webpages/navbar.jsp
@@ -18,6 +18,7 @@
 	<div id="navbar" class="navbar-collapse collapse" aria-expanded="false">
 		<ul class="nav navbar-nav navbar-right">
 			<li><a href="../webpages/">Home</a></li>
+			<li id = "adminbar"></li>
 			<li><a href="requestPage.jsp">Request Device</a></li>
 			<li><a href="returnPage.jsp">Return Device</a></li>
 			<li><a href="listingPage.jsp">Device Listing</a></li>
@@ -31,19 +32,22 @@
 	String navname = "error";
 	User self = new User();
 	Cookie newCookie;
+	int admin = 0;
+	
 	//iterate cookies
 	if(usercookies != null){
 		for(Cookie c : usercookies){
-			if(c.getName().equals("ssoNum")){//when (and if) we get to user cookie we want to reset it
-				if(c.getValue().equals("") == false){
-					navsso = c.getValue(); 
-					c.setMaxAge(0);//delete current
-					newCookie = new Cookie("ssoNum",navsso);//make new one
-					newCookie.setMaxAge(30*60);
-					newCookie.setPath("/");
-					response.addCookie(newCookie);
-					break;
-				}
+			if(c.getName().equals("ssoNum") || c.getName().equals("admin")){//when (and if) we get to user cookie we want to reset it
+				navsso = c.getValue(); 
+				String cookiename = c.getName();
+				c.setMaxAge(0);//delete current
+				newCookie = new Cookie(cookiename,navsso);//make new one
+				newCookie.setMaxAge(30*60);
+				newCookie.setPath("/");
+				response.addCookie(newCookie);
+			}
+			if(c.getName().equals("admin")){
+				admin = 1;
 			}
 		}
 	}
@@ -60,4 +64,6 @@
 <script>
 var name = '<%=navname%>';
 document.getElementById('user').innerHTML = "Hi " + name + "!";
+if(<%=admin%> == 1)
+document.getElementById('adminbar').innerHTML = '<a href="admin.jsp">Admin Hub</a>'
 </script>
\ No newline at end of file
diff --git a/src/database/AdminQueries.java b/src/database/AdminQueries.java
new file mode 100644
index 0000000..4a7f3a3
--- /dev/null
+++ b/src/database/AdminQueries.java
@@ -0,0 +1,36 @@
+package database;
+
+import java.sql.*;
+
+public class AdminQueries {
+
+	private static String database = "jdbc:mysql://us-cdbr-iron-east-04.cleardb.net/ad_15a989204c2ff8a?user=b372dfe7409692&password=74f6e317";
+	private static String user = "b372dfe7409692";
+	private static String password = "74f6e317";
+	
+	public static boolean isAdmin(int id) throws ClassNotFoundException, SQLException{
+		System.getenv("VCAP_SERVICES");
+		Class.forName("com.mysql.jdbc.Driver");
+		Connection connection = DriverManager.getConnection(database, user, password);
+		Statement stmt = connection.createStatement();
+		ResultSet results = stmt.executeQuery("SELECT * from admin WHERE Admin_ID = " + id);
+		results.next();
+		return true;
+	}
+	
+	/**
+	 * Checks to see if a pincode is numeric.
+	 * @param pincode
+	 * @return
+	 */
+	public static boolean pincodeInt(String pincode){
+		try{
+			Integer.parseInt(pincode);
+			return true;
+		}
+		catch(NumberFormatException e){
+			return false;
+		}
+	}
+	
+}
diff --git a/src/database/DeviceQueries.java b/src/database/DeviceQueries.java
index 86afc5a..248a400 100644
--- a/src/database/DeviceQueries.java
+++ b/src/database/DeviceQueries.java
@@ -27,7 +27,7 @@ public static Device[] getUserDevices(String userID) throws SQLException, ClassN
 		
 		//iterate result set
 		while(resultSet.next()){
-			devices[counter] = new Device(resultSet.getString("Device_Name"),resultSet.getInt("Device_ID"),resultSet.getString("Device_Description"),resultSet.getString("Hardware"), resultSet.getString("Model"), resultSet.getString("Manufacturer"), resultSet.getString("Status"), resultSet.getString("MAC_Address"), resultSet.getString("Serial_Num"), resultSet.getInt("NFC_ID"));
+			devices[counter] = new Device(resultSet.getString("Device_Name"),resultSet.getInt("Device_ID"),resultSet.getString("Device_Description"),resultSet.getString("Hardware"), resultSet.getString("Model"), resultSet.getString("Manufacturer"), resultSet.getString("Status"), resultSet.getString("MAC_Address"), resultSet.getString("Serial_Num"), resultSet.getString("NFC_ID"));
 			counter++;
 		}		
 		stmt.close();
@@ -53,7 +53,7 @@ public static Device[] getAllDevices() throws SQLException, ClassNotFoundExcepti
 		
 		//iterate result set
 		while(resultSet.next()){
-			devices[counter] = new Device(resultSet.getString("Device_Name"),resultSet.getInt("Device_ID"),resultSet.getString("Device_Description"),resultSet.getString("Hardware"), resultSet.getString("Model"), resultSet.getString("Manufacturer"), resultSet.getString("Status"), resultSet.getString("MAC_Address"), resultSet.getString("Serial_Num"), resultSet.getInt("NFC_ID"));
+			devices[counter] = new Device(resultSet.getString("Device_Name"),resultSet.getInt("Device_ID"),resultSet.getString("Device_Description"),resultSet.getString("Hardware"), resultSet.getString("Model"), resultSet.getString("Manufacturer"), resultSet.getString("Status"), resultSet.getString("MAC_Address"), resultSet.getString("Serial_Num"), resultSet.getString("NFC_ID"));
 			counter++;
 		}
 		stmt.close();
@@ -79,7 +79,7 @@ public static Device[] getAvailableDevices() throws SQLException, ClassNotFoundE
 		
 		//iterate result set
 		while(resultSet.next()){
-			devices[counter] = new Device(resultSet.getString("Device_Name"),resultSet.getInt("Device_ID"),resultSet.getString("Device_Description"),resultSet.getString("Hardware"), resultSet.getString("Model"), resultSet.getString("Manufacturer"), resultSet.getString("Status"), resultSet.getString("MAC_Address"), resultSet.getString("Serial_Num"), resultSet.getInt("NFC_ID"));
+			devices[counter] = new Device(resultSet.getString("Device_Name"),resultSet.getInt("Device_ID"),resultSet.getString("Device_Description"),resultSet.getString("Hardware"), resultSet.getString("Model"), resultSet.getString("Manufacturer"), resultSet.getString("Status"), resultSet.getString("MAC_Address"), resultSet.getString("Serial_Num"), resultSet.getString("NFC_ID"));
 			counter++;
 		}
 		stmt.close();
@@ -126,7 +126,7 @@ public static void addDevice(Device device) throws SQLException, ClassNotFoundEx
 			id = results.getInt("Device_ID");
 			id++;
 			//tries this statement, otherwise tries again with a new id
-			String command = "INSERT INTO devices (Device_ID,Device_Name,Device_Description,MAC_Address,Manufacturer,Hardware,Model,Serial_Num,Status,Added_By,NFC_ID) " + "VALUES (" + id +",\"" + device.getName() + "\",\"" + device.getDesc()+ "\",\"" + device.getMAC() + "\",\"" + device.getManufacturer() + "\",\""+device.getHardware()+ "\",\"" + device.getModel() + "\",\"" + device.getSerial()  + "\",\"" + device.getStatus() + "\",30," + device.getNFC() +  ");"; //TODO update the Added_By to include cookies
+			String command = "INSERT INTO devices (Device_ID,Device_Name,Device_Description,MAC_Address,Manufacturer,Hardware,Model,Serial_Num,Status,Added_By,NFC_ID) " + "VALUES (" + id +",\"" + device.getName() + "\",\"" + device.getDesc()+ "\",\"" + device.getMAC() + "\",\"" + device.getManufacturer() + "\",\""+device.getHardware()+ "\",\"" + device.getModel() + "\",\"" + device.getSerial()  + "\",\"" + device.getStatus() + "\",30,\"" + device.getNFC() +  "\");"; //TODO update the Added_By to include cookies
 			System.out.println(command);
 			i = stmt.executeUpdate(command);
 		}
@@ -139,7 +139,7 @@ public static void modifyDevice(Device device) throws ClassNotFoundException, SQ
 		Class.forName("com.mysql.jdbc.Driver");
 		Connection connection = DriverManager.getConnection(database, user, password);
 		Statement stmt = connection.createStatement();
-		stmt.executeUpdate("UPDATE devices SET Device_Name = \"" + device.getName() + "\", Device_Description = \"" + device.getDesc() + "\", MAC_Address = \"" + device.getMAC() + "\", Manufacturer = \"" + device.getManufacturer() + "\", Hardware = \"" + device.getHardware() + "\", Model = \"" + device.getModel() + "\", Serial_Num = \"" + device.getSerial() + "\", Status = \"" + device.getStatus() + "\", NFC_ID = " + device.getNFC() + " WHERE Device_ID = " + device.getID());
+		stmt.executeUpdate("UPDATE devices SET Device_Name = \"" + device.getName() + "\", Device_Description = \"" + device.getDesc() + "\", MAC_Address = \"" + device.getMAC() + "\", Manufacturer = \"" + device.getManufacturer() + "\", Hardware = \"" + device.getHardware() + "\", Model = \"" + device.getModel() + "\", Serial_Num = \"" + device.getSerial() + "\", Status = \"" + device.getStatus() + "\", NFC_ID = \"" + device.getNFC() + "\" WHERE Device_ID = " + device.getID());
 		stmt.close();
 		connection.close();
 	}
diff --git a/src/entities/Admin.java b/src/entities/Admin.java
index 2ebfd89..a175178 100644
--- a/src/entities/Admin.java
+++ b/src/entities/Admin.java
@@ -6,8 +6,13 @@
  */
 public class Admin extends User {
 	
-	public Admin(int id, int location, String name, String phone, String email, int icon) {
-		super(id, location, name, phone, email, icon);		
+	private int password_flag;
+	private int finger_flag;
+	
+	public Admin(int id, int location, String name, String phone, String email, int icon, int pass, int finger) {
+		super(id, location, name, phone, email, icon);
+		password_flag = pass;
+		finger_flag = finger;
 	}
 
 }
diff --git a/src/entities/Device.java b/src/entities/Device.java
index 2111da6..5e3f871 100644
--- a/src/entities/Device.java
+++ b/src/entities/Device.java
@@ -15,9 +15,9 @@ public class Device {
 	private String Status;
 	private String MAC;
 	private String Serial;
-	private int NFC;
+	private String NFC;
 	
-	public Device(String name, int id, String desc, String hardware, String model, String manufacturer, String available, String mac, String serial, int nfc) {
+	public Device(String name, int id, String desc, String hardware, String model, String manufacturer, String available, String mac, String serial, String nfc) {
 		Device_Name = name;
 		Device_ID = id;
 		Device_Description = desc;
@@ -44,7 +44,7 @@ public String toString(){
 		sb.append("\"manufacturer\": \"").append(Manu).append("\"").append(comma);
 		sb.append("\"mac\": \"").append(MAC).append("\"").append(comma);
 		sb.append("\"serial\": \"").append(Serial).append("\"").append(comma);
-		sb.append("\"nfc\": ").append(NFC);
+		sb.append("\"nfc\": \"").append(NFC).append("\"");
 		sb.append("}");
 		return sb.toString();
 	}
@@ -99,7 +99,7 @@ public String getSerial(){
 		return Serial;
 	}
 
-	public int getNFC() {
+	public String getNFC() {
 		return NFC;
 	}