Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Merge pull request #153 from arc12012/bugs
Bugs
- Loading branch information
Showing
29 changed files
with
1,374 additions
and
755 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,88 +1,221 @@ | ||
<%@ page import = "database.*" %> | ||
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" | ||
pageEncoding="ISO-8859-1"%> | ||
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> | ||
<%@ page import = "java.sql.*" %> | ||
<%@ page import = "java.security.MessageDigest" %> | ||
<%@ page import = "java.security.NoSuchAlgorithmException" %> | ||
<% | ||
int ssoNum; | ||
String pass; | ||
Cookie adminCookie; | ||
<%@ page import = "java.util.Random" %> | ||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> | ||
<html> | ||
<head> | ||
<meta charset="utf-8"> | ||
<meta http-equiv="X-UA-Compatible" content="IE=edge"> | ||
<meta name="viewport" content="width=device-width, initial-scale=1"> | ||
<!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags --> | ||
<meta name="description" content=""> | ||
<meta name="author" content=""> | ||
|
||
ssoNum = Integer.parseInt(request.getParameter("username")); | ||
pass = request.getParameter("pass"); | ||
String generatedPass = null; | ||
<title>Innovation Hub</title> | ||
|
||
try { | ||
MessageDigest md = MessageDigest.getInstance("MD5"); | ||
md.update(pass.getBytes()); | ||
byte[] bytes = md.digest(); | ||
StringBuilder sb = new StringBuilder(); | ||
for(int i = 0; i<bytes.length; i++) | ||
sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1)); | ||
generatedPass = sb.toString(); | ||
} | ||
catch (NoSuchAlgorithmException e){ | ||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"> | ||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script> | ||
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> | ||
<link rel = "stylesheet" type = "text/css" href = "html/css/stylesheet.css"> | ||
<link rel = "shortcut icon" href = "html/imgs/synchrony-financial-logo-dlpx_1.ico"> | ||
</head> | ||
<body> | ||
<nav class="navbar navbar-inverse navbar-fixed-top" id = "navbaruniversal" style = "visibility: hidden;"> | ||
<div class="container-fluid"><div class="navbar-header"><button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"><span class="sr-only">Toggle navigation</span><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></button><a class="navbar-brand" href="index.jsp"><img src="html/imgs/synchrony-financial-logo-dlpx_1.png" style = "height: 100%;"></a></div><div id="navbar" class="navbar-collapse collapse" aria-expanded="false"><ul class="nav navbar-nav navbar-right"><li><a href="index.jsp">Synchrony Device Request System</a></li></ul></div></div> | ||
</nav> | ||
<div id = "info" style = "margin-left: 10px; visibility: hidden;"> | ||
<h2>Password Reset</h2> | ||
<h3>Please check your email to get your newly generated password!</h3> | ||
<button class = "btn btn-primary" onclick="goBack()">Go Back</button> | ||
</div> | ||
</body> | ||
<% | ||
/* | ||
If admin chose to login, we work on this form. | ||
*/ | ||
if(request.getParameter("login") != null){ | ||
/* | ||
Get form information from last page. | ||
*/ | ||
int ssoNum = Integer.parseInt(request.getParameter("username")); | ||
String pass = request.getParameter("pass"); | ||
Cookie adminCookie; | ||
String generatedPass = null; | ||
} | ||
String database = "jdbc:mysql://us-cdbr-iron-east-04.cleardb.net/ad_15a989204c2ff8a?user=b372dfe7409692&password=74f6e317"; | ||
String user = "b372dfe7409692"; | ||
String password = "74f6e317"; | ||
Class.forName("com.mysql.jdbc.Driver"); | ||
Connection connection; | ||
Statement stmt; | ||
for(;;){ | ||
try{ | ||
connection = DriverManager.getConnection(database, user, password); | ||
break; | ||
/* | ||
Hash what the user put in, so we can see if the passwords match up. | ||
*/ | ||
try { | ||
MessageDigest md = MessageDigest.getInstance("MD5"); | ||
md.update(pass.getBytes()); | ||
byte[] bytes = md.digest(); | ||
StringBuilder sb = new StringBuilder(); | ||
for(int i = 0; i<bytes.length; i++) | ||
sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1)); | ||
generatedPass = sb.toString(); | ||
} | ||
catch(SQLException e){ | ||
Thread.sleep(1); | ||
catch (NoSuchAlgorithmException e){ | ||
} | ||
} | ||
for(;;){ | ||
try{ | ||
stmt = connection.createStatement(); | ||
break; | ||
/* | ||
Make database connection to get the corresponding user that's logging in. | ||
*/ | ||
String database = "jdbc:mysql://us-cdbr-iron-east-04.cleardb.net/ad_15a989204c2ff8a?user=b372dfe7409692&password=74f6e317"; | ||
String user = "b372dfe7409692"; | ||
String password = "74f6e317"; | ||
Class.forName("com.mysql.jdbc.Driver"); | ||
Connection connection; | ||
Statement stmt; | ||
for(;;){ | ||
try{ | ||
connection = DriverManager.getConnection(database, user, password); | ||
break; | ||
} | ||
catch(SQLException e){ | ||
Thread.sleep(1); | ||
} | ||
} | ||
catch(SQLException e){ | ||
Thread.sleep(1); | ||
for(;;){ | ||
try{ | ||
stmt = connection.createStatement(); | ||
break; | ||
} | ||
catch(SQLException e){ | ||
Thread.sleep(1); | ||
} | ||
} | ||
} | ||
ResultSet result = stmt.executeQuery("select admin.*,employee.Name FROM admin INNER JOIN employee ON admin.Admin_ID = employee.Employee_ID WHERE Admin_ID='" + ssoNum + "' AND Password='" + generatedPass + "'"); | ||
if (result.next()){ | ||
request.getSession(); | ||
session.setAttribute("ssoNum", ssoNum); | ||
adminCookie = new Cookie("ssoNum", Integer.toString(ssoNum)); | ||
adminCookie.setMaxAge(30*60); | ||
adminCookie.setPath("/"); | ||
response.addCookie(adminCookie); | ||
Cookie adminCookie2 = new Cookie("admin", Integer.toString(ssoNum)); | ||
adminCookie2.setPath("/"); | ||
response.addCookie(adminCookie2); | ||
Cookie newCookie = new Cookie("name",result.getString("Name")); | ||
newCookie.setMaxAge(30*60); | ||
newCookie.setPath("/"); | ||
response.addCookie(newCookie); | ||
if(result.getInt("Password_Flag") == 1){ | ||
stmt.close(); | ||
connection.close(); | ||
response.sendRedirect("html/webpages/administration/admin.jsp"); | ||
return; | ||
} | ||
else{ | ||
ResultSet result = stmt.executeQuery("select admin.*,employee.Name FROM admin INNER JOIN employee ON admin.Admin_ID = employee.Employee_ID WHERE Admin_ID='" + ssoNum + "' AND Password='" + generatedPass + "'"); | ||
/* | ||
If the user exists, we'll log them in. | ||
*/ | ||
if (result.next()){ | ||
/* | ||
Generating multiple cookies to be used during te user's session | ||
*/ | ||
request.getSession(); | ||
session.setAttribute("ssoNum", ssoNum); | ||
adminCookie = new Cookie("ssoNum", Integer.toString(ssoNum)); | ||
adminCookie.setMaxAge(30*60); | ||
adminCookie.setPath("/"); | ||
response.addCookie(adminCookie); | ||
Cookie adminCookie2 = new Cookie("admin", Integer.toString(ssoNum)); | ||
adminCookie2.setPath("/"); | ||
response.addCookie(adminCookie2); | ||
Cookie newCookie = new Cookie("name",result.getString("Name")); | ||
newCookie.setMaxAge(30*60); | ||
newCookie.setPath("/"); | ||
response.addCookie(newCookie); | ||
/* | ||
If the admin's password flag is 1, then we will allow them to be logged in no problem. | ||
*/ | ||
if(result.getInt("Password_Flag") == 1){ | ||
stmt.close(); | ||
connection.close(); | ||
response.sendRedirect("html/webpages/administration/admin.jsp"); | ||
return; | ||
} | ||
/* | ||
Otherwise, their password flag is 0, indicating they NEED to update their password and pincode. | ||
*/ | ||
else{ | ||
stmt.close(); | ||
connection.close(); | ||
response.sendRedirect("html/webpages/administration/adminpassword.jsp"); | ||
return; | ||
} | ||
/* | ||
If the user doesn't exist, they won't be logged in. | ||
*/ | ||
} else { | ||
stmt.close(); | ||
connection.close(); | ||
response.sendRedirect("html/webpages/administration/adminpassword.jsp"); | ||
return; | ||
response.sendRedirect("index.jsp"); | ||
} | ||
} else { | ||
stmt.close(); | ||
connection.close(); | ||
response.sendRedirect("index.jsp"); | ||
} | ||
/* | ||
If the user wants to reset their password, we will keep them on this page. | ||
*/ | ||
//if(request.getParameter("reset") != null){ | ||
//int ssoNum = Integer.parseInt(request.getParameter("username")); | ||
/* | ||
Generate new password randomly | ||
*/ | ||
//String chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; | ||
//StringBuilder random = new StringBuilder(); | ||
//Random rnd = new Random(); | ||
//String is 16 characters long | ||
//while(random.length() < 16){ | ||
//int index = (int)(rnd.nextFloat()*chars.length()); | ||
//} | ||
//String newpass = random.toString(); | ||
//String hashpass = null; | ||
/* | ||
Hash new password. | ||
*/ | ||
//try { | ||
//MessageDigest md1 = MessageDigest.getInstance("MD5"); | ||
//md1.update(newpass.getBytes()); | ||
//byte[] bytes = md1.digest(); | ||
//StringBuilder sb = new StringBuilder(); | ||
//for(int i = 0; i<bytes.length; i++) | ||
//sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1)); | ||
//hashpass = sb.toString(); | ||
//} | ||
//catch (NoSuchAlgorithmException e){ | ||
//} | ||
/* | ||
Save new password to database | ||
*/ | ||
//String database = "jdbc:mysql://us-cdbr-iron-east-04.cleardb.net/ad_15a989204c2ff8a?user=b372dfe7409692&password=74f6e317"; | ||
//String user = "b372dfe7409692"; | ||
//String password = "74f6e317"; | ||
//Class.forName("com.mysql.jdbc.Driver"); | ||
//Connection connection; | ||
//Statement stmt; | ||
//for(;;){ | ||
//try{ | ||
//connection = DriverManager.getConnection(database, user, password); | ||
//break; | ||
//} | ||
//catch(SQLException e){ | ||
//Thread.sleep(1); | ||
//} | ||
//} | ||
//for(;;){ | ||
//try{ | ||
//stmt = connection.createStatement(); | ||
//break; | ||
//} | ||
//catch(SQLException e){ | ||
//Thread.sleep(1); | ||
//} | ||
//} | ||
//stmt.executeUpdate("UPDATE admin SET Password = \"" + hashpass + "\", Password_Flag = 0 WHERE Admin_ID = " + ssoNum); | ||
//dispatch email with the non hashed password | ||
//} | ||
%> | ||
<script> | ||
/* | ||
If we get to this point in the page, the user is resetting their password and we want to display everything on the page now. | ||
*/ | ||
document.getElementById("info").style.visibility = 'visible'; | ||
document.getElementById("navbaruniversal").style.visibility = 'visible'; | ||
%> | ||
/* | ||
Goes back to the previous page. | ||
*/ | ||
function goBack(){ | ||
window.history.back(); | ||
} | ||
</script> | ||
</html> |
Oops, something went wrong.