Merge pull request #153 from arc12012/bugs

Bugs

WebContent/adminLogin.jsp

@@ -1,88 +1,221 @@
 <%@ page import = "database.*" %>
-<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
-    pageEncoding="ISO-8859-1"%>
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
 <%@ page import = "java.sql.*" %>
 <%@ page import = "java.security.MessageDigest" %>
 <%@ page import = "java.security.NoSuchAlgorithmException" %>
-<%
-int ssoNum;
-String pass;
-Cookie adminCookie;
+<%@ page import = "java.util.Random" %>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
+  <meta name="description" content="">
+  <meta name="author" content="">
 
-ssoNum = Integer.parseInt(request.getParameter("username"));
-pass = request.getParameter("pass");
-String generatedPass = null;
+  <title>Innovation Hub</title>
 
-try {
-	MessageDigest md = MessageDigest.getInstance("MD5");
-	md.update(pass.getBytes());
-	byte[] bytes = md.digest();
-	StringBuilder sb = new StringBuilder();
-	for(int i = 0; i<bytes.length; i++)
-		sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
-	
-	generatedPass = sb.toString();
-}
-catch (NoSuchAlgorithmException e){
+  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
+  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
+  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
+  <link rel = "stylesheet" type = "text/css" href = "html/css/stylesheet.css">
+  <link rel = "shortcut icon" href = "html/imgs/synchrony-financial-logo-dlpx_1.ico">
+</head>
+<body>
+	<nav class="navbar navbar-inverse navbar-fixed-top" id = "navbaruniversal" style = "visibility: hidden;">
+	  <div class="container-fluid"><div class="navbar-header"><button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"><span class="sr-only">Toggle navigation</span><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></button><a class="navbar-brand" href="index.jsp"><img src="html/imgs/synchrony-financial-logo-dlpx_1.png" style = "height: 100%;"></a></div><div id="navbar" class="navbar-collapse collapse" aria-expanded="false"><ul class="nav navbar-nav navbar-right"><li><a href="index.jsp">Synchrony Device Request System</a></li></ul></div></div>
+	</nav>
+	<div  id = "info" style = "margin-left: 10px; visibility: hidden;">
+		<h2>Password Reset</h2>
+		<h3>Please check your email to get your newly generated password!</h3>
+		<button class = "btn btn-primary" onclick="goBack()">Go Back</button>
+	</div>
+</body>
+<%
+/*
+	If admin chose to login, we work on this form.
+*/
+if(request.getParameter("login") != null){
+	/*
+		Get form information from last page.
+	*/
+	int ssoNum = Integer.parseInt(request.getParameter("username"));
+	String pass = request.getParameter("pass");
+	Cookie adminCookie;
+	String generatedPass = null;
 	
-}
-
-String database = "jdbc:mysql://us-cdbr-iron-east-04.cleardb.net/ad_15a989204c2ff8a?user=b372dfe7409692&password=74f6e317";
-String user = "b372dfe7409692";
-String password = "74f6e317";
-Class.forName("com.mysql.jdbc.Driver");
-Connection connection;
-Statement stmt;
-for(;;){
-	try{
-		connection = DriverManager.getConnection(database, user, password);
-		break;
+	/*
+		Hash what the user put in, so we can see if the passwords match up.
+	*/
+	try {
+		MessageDigest md = MessageDigest.getInstance("MD5");
+		md.update(pass.getBytes());
+		byte[] bytes = md.digest();
+		StringBuilder sb = new StringBuilder();
+		for(int i = 0; i<bytes.length; i++)
+			sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
+		generatedPass = sb.toString();
 	}
-	catch(SQLException e){
-		Thread.sleep(1);
+	catch (NoSuchAlgorithmException e){
+		
 	}
-}
-for(;;){
-	try{
-		stmt = connection.createStatement();
-		break;
+	
+	/*
+		Make database connection to get the corresponding user that's logging in.
+	*/
+	String database = "jdbc:mysql://us-cdbr-iron-east-04.cleardb.net/ad_15a989204c2ff8a?user=b372dfe7409692&password=74f6e317";
+	String user = "b372dfe7409692";
+	String password = "74f6e317";
+	Class.forName("com.mysql.jdbc.Driver");
+	Connection connection;
+	Statement stmt;
+	for(;;){
+		try{
+			connection = DriverManager.getConnection(database, user, password);
+			break;
+		}
+		catch(SQLException e){
+			Thread.sleep(1);
+		}
 	}
-	catch(SQLException e){
-		Thread.sleep(1);
+	for(;;){
+		try{
+			stmt = connection.createStatement();
+			break;
+		}
+		catch(SQLException e){
+			Thread.sleep(1);
+		}
 	}
-}
-ResultSet result = stmt.executeQuery("select admin.*,employee.Name FROM admin INNER JOIN employee ON admin.Admin_ID = employee.Employee_ID WHERE Admin_ID='" + ssoNum + "' AND Password='" + generatedPass + "'");
-
-if (result.next()){
-	request.getSession();
-	session.setAttribute("ssoNum", ssoNum);
-	adminCookie = new Cookie("ssoNum", Integer.toString(ssoNum));
-	adminCookie.setMaxAge(30*60);
-	adminCookie.setPath("/");
-	response.addCookie(adminCookie);
-	Cookie adminCookie2 = new Cookie("admin", Integer.toString(ssoNum));
-	adminCookie2.setPath("/");
-	response.addCookie(adminCookie2);
-	Cookie newCookie = new Cookie("name",result.getString("Name"));
-	newCookie.setMaxAge(30*60);
-	newCookie.setPath("/");
-	response.addCookie(newCookie);
-	if(result.getInt("Password_Flag") == 1){
-		stmt.close();
-		connection.close();
-		response.sendRedirect("html/webpages/administration/admin.jsp");
-		return;
-	}
-	else{
+	ResultSet result = stmt.executeQuery("select admin.*,employee.Name FROM admin INNER JOIN employee ON admin.Admin_ID = employee.Employee_ID WHERE Admin_ID='" + ssoNum + "' AND Password='" + generatedPass + "'");
+	
+	/*
+		If the user exists, we'll log them in.
+	*/
+	if (result.next()){
+		/*
+			Generating multiple cookies to be used during te user's session
+		*/
+		request.getSession();
+		session.setAttribute("ssoNum", ssoNum);
+		adminCookie = new Cookie("ssoNum", Integer.toString(ssoNum));
+		adminCookie.setMaxAge(30*60);
+		adminCookie.setPath("/");
+		response.addCookie(adminCookie);
+		Cookie adminCookie2 = new Cookie("admin", Integer.toString(ssoNum));
+		adminCookie2.setPath("/");
+		response.addCookie(adminCookie2);
+		Cookie newCookie = new Cookie("name",result.getString("Name"));
+		newCookie.setMaxAge(30*60);
+		newCookie.setPath("/");
+		response.addCookie(newCookie);
+		/*
+			If the admin's password flag is 1, then we will allow them to be logged in no problem.
+		*/
+		if(result.getInt("Password_Flag") == 1){
+			stmt.close();
+			connection.close();
+			response.sendRedirect("html/webpages/administration/admin.jsp");
+			return;
+		}
+		/*
+			Otherwise, their password flag is 0, indicating they NEED to update their password and pincode.
+		*/
+		else{
+			stmt.close();
+			connection.close();
+			response.sendRedirect("html/webpages/administration/adminpassword.jsp");
+			return;
+		}
+	/*
+		If the user doesn't exist, they won't be logged in.	
+	*/
+	} else {
 		stmt.close();
 		connection.close();
-		response.sendRedirect("html/webpages/administration/adminpassword.jsp");
-		return;
+		response.sendRedirect("index.jsp");
 	}
-} else {
-	stmt.close();
-	connection.close();
-	response.sendRedirect("index.jsp");
 }
+/*
+	If the user wants to reset their password, we will keep them on this page.
+*/
+//if(request.getParameter("reset") != null){
+	//int ssoNum = Integer.parseInt(request.getParameter("username"));
+	
+	/*
+		Generate new password randomly
+	*/
+	//String chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+	//StringBuilder random = new StringBuilder();
+	//Random rnd = new Random();
+	//String is 16 characters long
+	//while(random.length() < 16){
+		//int index = (int)(rnd.nextFloat()*chars.length());
+	//}
+	//String newpass = random.toString();
+	//String hashpass = null;
+	
+	/*
+		Hash new password.
+	*/
+	//try {
+		//MessageDigest md1 = MessageDigest.getInstance("MD5");
+		//md1.update(newpass.getBytes());
+		//byte[] bytes = md1.digest();
+		//StringBuilder sb = new StringBuilder();
+		//for(int i = 0; i<bytes.length; i++)
+			//sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
+		//hashpass = sb.toString();
+	//}
+	//catch (NoSuchAlgorithmException e){
+		
+	//}
+	
+	/*
+		Save new password to database
+	*/
+	//String database = "jdbc:mysql://us-cdbr-iron-east-04.cleardb.net/ad_15a989204c2ff8a?user=b372dfe7409692&password=74f6e317";
+	//String user = "b372dfe7409692";
+	//String password = "74f6e317";
+	//Class.forName("com.mysql.jdbc.Driver");
+	//Connection connection;
+	//Statement stmt;
+	//for(;;){
+		//try{
+			//connection = DriverManager.getConnection(database, user, password);
+			//break;
+		//}
+		//catch(SQLException e){
+			//Thread.sleep(1);
+		//}
+	//}
+	//for(;;){
+		//try{
+			//stmt = connection.createStatement();
+			//break;
+		//}
+		//catch(SQLException e){
+			//Thread.sleep(1);
+		//}
+	//}
+	//stmt.executeUpdate("UPDATE admin SET Password = \"" + hashpass + "\", Password_Flag = 0 WHERE Admin_ID = " + ssoNum);
+	
+	//dispatch email with the non hashed password
+//}
+%>
+<script>
+/*
+	If we get to this point in the page, the user is resetting their password and we want to display everything on the page now.
+*/
+document.getElementById("info").style.visibility = 'visible';
+document.getElementById("navbaruniversal").style.visibility = 'visible';
 
-%>
+/*
+	Goes back to the previous page.
+*/
+function goBack(){
+	window.history.back();
+}
+</script>
+</html>