2012-06-13 17:59:22 +00:00
package zall ;
import java.io.IOException ;
import java.io.PrintWriter ;
import java.sql.SQLException ;
import java.util.List ;
import java.util.logging.Level ;
import java.util.logging.Logger ;
import javax.servlet.ServletException ;
import javax.servlet.http.HttpServlet ;
import javax.servlet.http.HttpServletRequest ;
import javax.servlet.http.HttpServletResponse ;
import javax.servlet.http.HttpSession ;
import zall.bean.Comment ;
import zall.bean.Folder ;
import zall.bean.Media ;
import zall.bean.User ;
import zall.util.Email ;
import zall.util.Email.ContentType ;
import zall.util.msg.UserMessage ;
import zall.util.msg.UserMessage.MessageType ;
import zutil.db.DBConnection ;
import zutil.log.LogUtil ;
public class ZalleryAjax extends HttpServlet {
public static final Logger logger = LogUtil . getLogger ( ) ;
private static final long serialVersionUID = 1L ;
public void doGet ( HttpServletRequest request , HttpServletResponse response ) throws ServletException {
try {
doGet ( request , response , response . getWriter ( ) ) ;
} catch ( IOException e ) {
throw new ServletException ( e ) ;
}
}
public void doPost ( HttpServletRequest request , HttpServletResponse response ) throws ServletException {
doGet ( request , response , null ) ;
}
/ * *
* @param out is the PrintStream that will be used , no output will be generated if it is null
* /
public void doGet ( HttpServletRequest request , HttpServletResponse response , PrintWriter out ) throws ServletException {
DBConnection db = null ;
try {
HttpSession session = request . getSession ( ) ;
User user = ( User ) session . getAttribute ( " user " ) ;
String action = request . getParameter ( " action " ) ;
if ( action = = null ) action = " " ;
db = Zallery . getDB ( ) ;
UserMessage msgs = UserMessage . getUserMessage ( session ) ;
// Login
if ( action . equalsIgnoreCase ( " login " ) ) {
user = User . load ( request , response , db , request . getParameter ( " email " ) , request . getParameter ( " password " ) ) ;
if ( user ! = null ) {
logger . info ( " Used user input to auth \" " + user . getName ( ) + " \" " ) ;
session . setAttribute ( " user " , user ) ;
if ( out ! = null )
out . println ( " { } " ) ;
}
else if ( out ! = null ) out . println ( " { \" error \" : \" Wrong username or password! \" } " ) ;
else msgs . add ( MessageType . ERROR , " Wrong username or password! " ) ;
return ;
}
// Register
if ( action . equalsIgnoreCase ( " register " ) ) {
if ( request . getParameter ( " email " ) = = null ) {
msgs . add ( MessageType . ERROR , " Please provide a valid email! " ) ;
return ;
}
if ( User . emailExists ( request . getParameter ( " email " ) , db ) ) {
msgs . add ( MessageType . ERROR , " An account with that email already exists! " ) ;
return ;
}
user = new User ( ) ;
user . setEmail ( request . getParameter ( " email " ) ) ;
user . setPassword ( request . getParameter ( " password " ) ) ;
user . setName ( request . getParameter ( " name " ) ) ;
user . save ( db ) ;
sendEmailVerification ( user ) ;
logger . info ( " Registered new user: " + user . getName ( ) + " . " ) ;
session . setAttribute ( " user " , user ) ;
if ( out ! = null ) out . println ( " { \" id \" : " + user . getId ( ) + " } " ) ;
else msgs . add ( MessageType . INFO , " Your account has successfully been created. A verification email has been sent to your email, please click the link to continue. " ) ;
return ;
}
// Verify email address
if ( action . equalsIgnoreCase ( " verfemail " ) ) {
User verfuser = User . load ( db , Long . parseLong ( request . getParameter ( " id " ) ) ) ;
if ( verfuser . verifyEmail ( request . getParameter ( " hash " ) ) ) {
2012-06-13 20:05:58 +00:00
if ( verfuser . isEnabled ( ) )
if ( out ! = null ) out . println ( " { } " ) ;
else msgs . add ( MessageType . INFO , " Your email has been successfully verified " ) ;
else {
sendEmailNewUserToAdmin ( verfuser , db ) ;
if ( out ! = null ) out . println ( " { } " ) ;
else msgs . add ( MessageType . INFO , " Your email has been successfully verified, the account is waiting account activation by an admin. " ) ;
}
2012-06-13 17:59:22 +00:00
verfuser . save ( db ) ;
}
2012-06-13 20:05:58 +00:00
else if ( out ! = null ) out . println ( " { \" error \" : \" Invalid email verification hash! \" } " ) ;
else msgs . add ( MessageType . ERROR , " Invalid email verification hash! " ) ;
2012-06-13 17:59:22 +00:00
return ;
}
// Other
else if ( user ! = null ) {
// Administration things of users
if ( user . isSuperUser ( ) & & action . equalsIgnoreCase ( " moduserstat " ) ) {
User target_user = User . load ( db , Long . parseLong ( request . getParameter ( " id " ) ) ) ;
// Enable user
if ( request . getParameter ( " enable " ) ! = null ) {
target_user . setEnabled ( true ) ;
// Email the user about the activation
Email email = new Email ( " admin@koc.se " , target_user . getEmail ( ) ) ;
email . setSubject ( " Account activation at " + Zallery . getWebsiteName ( ) ) ;
email . setContentType ( ContentType . HTML ) ;
email . setMessage ( " Your account has now been activated by an admin. You can now login and use the site. " +
" <a href=' " + Zallery . getWebsiteURL ( ) + " '> " + Zallery . getWebsiteURL ( ) + " </a> " ) ;
}
// Disable user, can not disable one self!
else if ( request . getParameter ( " disable " ) ! = null & & ! user . equals ( target_user ) )
target_user . setEnabled ( false ) ;
// Promote user to Admin
else if ( request . getParameter ( " setadmin " ) ! = null )
target_user . setSuperUser ( true ) ;
// Degrade Admin to normal user, can not degrade one self!
else if ( request . getParameter ( " unadmin " ) ! = null & & ! user . equals ( target_user ) )
target_user . setSuperUser ( false ) ;
else {
if ( out ! = null ) out . println ( " { } " ) ;
return ;
}
target_user . save ( db ) ;
if ( out ! = null )
out . println ( " { } " ) ;
else
msgs . add ( MessageType . INFO , " Account changes saved. " ) ;
return ;
}
// User profile changes
else if ( action . equalsIgnoreCase ( " moduser " ) ) {
User target_user = null ;
if ( request . getParameter ( " id " ) ! = null )
target_user = User . load ( db , Long . parseLong ( request . getParameter ( " id " ) ) ) ;
else // set target user to the logged in user
target_user = user ;
if ( user . canEdit ( target_user ) ) {
if ( request . getParameter ( " email " ) ! = null )
target_user . setEmail ( request . getParameter ( " email " ) ) ;
if ( request . getParameter ( " password " ) ! = null ) {
if ( target_user . getPassword ( ) = = null )
target_user . setPassword ( request . getParameter ( " password " ) ) ;
else if ( request . getParameter ( " oldPassword " ) ! = null )
if ( target_user . equalsPassword ( request . getParameter ( " oldPassword " ) ) )
target_user . setPassword ( request . getParameter ( " password " ) ) ;
else {
if ( out ! = null ) out . println ( " { \" error \" : \" Wrong password! \" } " ) ;
else msgs . add ( MessageType . ERROR , " Wrong password! " ) ;
return ;
}
}
if ( request . getParameter ( " name " ) ! = null )
target_user . setName ( request . getParameter ( " name " ) ) ;
target_user . save ( db ) ;
if ( ! user . isEmailVerified ( ) )
sendEmailVerification ( target_user ) ;
if ( out ! = null )
out . println ( " { } " ) ;
else
msgs . add ( MessageType . INFO , " Settings saved successfully. " ) ;
}
else if ( out ! = null ) out . println ( " { \" error \" : \" You are not authorize to change these values! \" } " ) ;
else msgs . add ( MessageType . ERROR , " You are not authorize to change these values! " ) ;
return ;
}
// Remove user
else if ( action . equalsIgnoreCase ( " rmuser " ) ) {
User target_user = null ;
if ( request . getParameter ( " id " ) ! = null )
target_user = User . load ( db , Long . parseLong ( request . getParameter ( " id " ) ) ) ;
else {
if ( out ! = null ) out . println ( " { \" error \" : \" Missing parameters! \" } " ) ;
else msgs . add ( MessageType . ERROR , " Missing parameters! " ) ;
return ;
}
if ( target_user ! = null ) {
if ( user . isSuperUser ( ) ) {
target_user . delete ( db ) ;
if ( out ! = null ) out . println ( " { } " ) ;
else msgs . add ( MessageType . INFO , " User removed successfully. " ) ;
}
else if ( out ! = null ) out . println ( " { \" error \" : \" You are not authorize to delete that user! \" } " ) ;
else msgs . add ( MessageType . ERROR , " You are not authorize to delete that user! " ) ;
}
else {
if ( out ! = null ) out . println ( " { \" error \" : \" No such user! \" } " ) ;
else msgs . add ( MessageType . ERROR , " No such user! " ) ;
}
return ;
}
// Remove user
else if ( action . equalsIgnoreCase ( " sendverfemail " ) ) {
User target_user = null ;
if ( request . getParameter ( " id " ) ! = null )
target_user = User . load ( db , Long . parseLong ( request . getParameter ( " id " ) ) ) ;
else {
if ( out ! = null ) out . println ( " { \" error \" : \" Missing parameters! \" } " ) ;
else msgs . add ( MessageType . ERROR , " Missing parameters! " ) ;
return ;
}
if ( target_user ! = null ) {
if ( user . isSuperUser ( ) ) {
sendEmailVerification ( target_user ) ;
logger . info ( " Verification email sent successfully to: " + user . getEmail ( ) ) ;
if ( out ! = null ) out . println ( " { } " ) ;
else msgs . add ( MessageType . INFO , " Verification email sent successfully. " ) ;
}
else if ( out ! = null ) out . println ( " { \" error \" : \" You are not authorize send verification emails! \" } " ) ;
else msgs . add ( MessageType . ERROR , " You are not authorize send verification emails! " ) ;
}
else {
if ( out ! = null ) out . println ( " { \" error \" : \" No such user! \" } " ) ;
else msgs . add ( MessageType . ERROR , " No such user! " ) ;
}
return ;
}
///// Media stuff
// Comments for media
else if ( action . equalsIgnoreCase ( " comment " ) ) {
if ( request . getParameter ( " id " ) = = null | | request . getParameter ( " type " ) = = null ) {
if ( out ! = null ) out . println ( " { \" error \" : \" Missing parameters! \" } " ) ;
else msgs . add ( MessageType . ERROR , " Missing parameters! " ) ;
return ;
}
long id = Long . parseLong ( request . getParameter ( " id " ) ) ;
Media media = Media . load ( db , request . getParameter ( " type " ) , id ) ;
Comment cm = new Comment ( ) ;
cm . setUser ( user ) ;
cm . setMessage ( request . getParameter ( " msg " ) ) ;
media . addComment ( cm ) ;
media . save ( db ) ;
if ( out ! = null ) out . println ( " { } " ) ;
else msgs . add ( MessageType . INFO , " Comment saved. " ) ;
return ;
}
// Edit media information
else if ( action . equalsIgnoreCase ( " modmedia " ) ) {
if ( request . getParameter ( " id " ) = = null | | request . getParameter ( " type " ) = = null ) {
if ( out ! = null ) out . println ( " { \" error \" : \" Missing parameters! \" } " ) ;
else msgs . add ( MessageType . ERROR , " Missing parameters! " ) ;
return ;
}
long id = Long . parseLong ( request . getParameter ( " id " ) ) ;
Media media = Media . load ( db , request . getParameter ( " type " ) , id ) ;
if ( media ! = null ) {
if ( user . canEdit ( media ) ) {
media . setTitle ( request . getParameter ( " title " ) ) ;
media . setDescription ( request . getParameter ( " description " ) ) ;
media . save ( db ) ;
if ( out ! = null ) out . println ( " {} " ) ;
else msgs . add ( MessageType . INFO , " Item edited successfully. " ) ;
}
else if ( out ! = null ) out . println ( " { \" error \" : \" You are not authorize to modify this item! \" } " ) ;
else msgs . add ( MessageType . ERROR , " You are not authorize to modify this item! " ) ;
}
else if ( out ! = null ) out . println ( " { \" error \" : \" No such item! \" } " ) ;
else msgs . add ( MessageType . ERROR , " The item does not exist! " ) ;
}
// Remove media
else if ( action . equalsIgnoreCase ( " rmmedia " ) ) {
if ( request . getParameter ( " id " ) = = null | | request . getParameter ( " type " ) = = null ) {
if ( out ! = null ) out . println ( " { \" error \" : \" Missing parameters! \" } " ) ;
else msgs . add ( MessageType . ERROR , " Missing parameters! " ) ;
return ;
}
long id = Long . parseLong ( request . getParameter ( " id " ) ) ;
Media media = Media . load ( db , request . getParameter ( " type " ) , id ) ;
if ( media ! = null ) {
if ( user . canEdit ( media ) ) {
media . delete ( db ) ;
if ( out ! = null ) out . println ( " {} " ) ;
else msgs . add ( MessageType . INFO , " Item removed successfully. " ) ;
}
else if ( out ! = null ) out . println ( " { \" error \" : \" You are not authorize to delete the item! \" } " ) ;
else msgs . add ( MessageType . ERROR , " You are not authorize to delete the item! " ) ;
}
else if ( out ! = null ) out . println ( " { \" error \" : \" No such item! \" } " ) ;
else msgs . add ( MessageType . ERROR , " The item does not exist! " ) ;
2012-06-13 20:05:58 +00:00
}
// Toggle folder private
else if ( action . equalsIgnoreCase ( " mkprivate " ) ) {
if ( request . getParameter ( " id " ) = = null ) {
if ( out ! = null ) out . println ( " { \" error \" : \" Missing parameters! \" } " ) ;
else msgs . add ( MessageType . ERROR , " Missing parameters! " ) ;
return ;
}
long id = Long . parseLong ( request . getParameter ( " id " ) ) ;
Folder folder = Folder . load ( db , id ) ;
if ( folder ! = null ) {
if ( user . canEdit ( folder ) ) {
folder . setPrivate ( ! folder . isPrivate ( ) ) ;
folder . save ( db ) ;
if ( out ! = null ) out . println ( " {} " ) ;
else {
if ( folder . isPrivate ( ) ) msgs . add ( MessageType . INFO , " Folder is now private (not visible to other users). " ) ;
else msgs . add ( MessageType . INFO , " Folder is now public (can be viewed by other users). " ) ;
}
}
else if ( out ! = null ) out . println ( " { \" error \" : \" You are not authorize to edit this folder! \" } " ) ;
else msgs . add ( MessageType . ERROR , " You are not authorize to edit this folder! " ) ;
}
else if ( out ! = null ) out . println ( " { \" error \" : \" No such folder! \" } " ) ;
else msgs . add ( MessageType . ERROR , " The folder does not exist! " ) ;
2012-06-13 17:59:22 +00:00
}
else if ( action . equalsIgnoreCase ( " rmdir " ) ) {
if ( request . getParameter ( " id " ) = = null ) {
if ( out ! = null ) out . println ( " { \" error \" : \" Missing parameters! \" } " ) ;
else msgs . add ( MessageType . ERROR , " Missing parameters! " ) ;
return ;
}
long id = Long . parseLong ( request . getParameter ( " id " ) ) ;
Folder folder = Folder . load ( db , id ) ;
if ( folder ! = null ) {
if ( ! folder . isEmpty ( db ) ) {
if ( out ! = null ) out . println ( " { \" error \" : \" Folder is not empty! \" } " ) ;
else msgs . add ( MessageType . ERROR , " Folder is not empty! " ) ;
} else if ( user . canEdit ( folder ) ) {
folder . delete ( db ) ;
if ( out ! = null ) out . println ( " {} " ) ;
else msgs . add ( MessageType . INFO , " Folder removed successfully. " ) ;
}
else if ( out ! = null ) out . println ( " { \" error \" : \" You are not authorize to delete this folder! \" } " ) ;
else msgs . add ( MessageType . ERROR , " You are not authorize to delete this folder! " ) ;
}
else if ( out ! = null ) out . println ( " { \" error \" : \" No such folder! \" } " ) ;
else msgs . add ( MessageType . ERROR , " The folder does not exist! " ) ;
}
// Create Folder
else if ( action . equalsIgnoreCase ( " mkdir " ) ) {
String path = request . getParameter ( " dir " ) ;
Folder folder = Folder . load ( db , path , user ) ;
logger . info ( " Creating new folder: / " + user . getName ( ) + " / " + path ) ;
// parent folder
if ( folder = = null ) {
String [ ] dirs = path . split ( " / " ) ;
2012-06-13 20:05:58 +00:00
Folder parent = Folder . loadRoot ( db , user ) ;
2012-06-13 17:59:22 +00:00
if ( user . isSuperUser ( ) & & path . charAt ( 0 ) = = '/' )
path = " " ;
else {
path = " /{NAME} " ;
// Get root folder
parent = Folder . load ( db , path , user ) ; // Get user root folder
if ( parent = = null ) { // Create root folder
2012-06-13 20:05:58 +00:00
parent = Folder . loadRoot ( db , user ) ; // get root folder
2012-06-13 17:59:22 +00:00
folder = new Folder ( ) ;
folder . setUser ( user ) ;
folder . setParent ( parent ) ;
folder . setName ( " {NAME} " ) ;
folder . save ( db ) ;
parent = folder ;
}
}
for ( String dir : dirs ) {
if ( dir . trim ( ) . isEmpty ( ) ) // skip empty names
continue ;
path + = " / " + dir ;
folder = Folder . load ( db , path , user ) ;
if ( folder = = null ) { // create folder
folder = new Folder ( ) ;
folder . setUser ( user ) ;
folder . setParent ( parent ) ;
folder . setName ( dir ) ;
folder . save ( db ) ;
}
parent = folder ;
}
if ( out ! = null ) out . print ( " { \" id \" : " + folder . getId ( ) + " , \" name \" : \" " + folder . getPath ( ) + " \" } " ) ;
else msgs . add ( MessageType . INFO , " Folder ' " + path + " ' has been successfully created.! " ) ;
}
else if ( out ! = null ) out . println ( " { \" error \" : \" The folder ' " + path + " ' already exists! \" } " ) ;
else msgs . add ( MessageType . ERROR , " The folder ' " + path + " ' already exists! " ) ;
return ;
}
}
else {
// Unauthorized
if ( out ! = null ) {
out . print ( " { \" error \" : \" Unauthorized user! \" } " ) ;
response . setStatus ( 401 ) ;
}
else
msgs . add ( MessageType . ERROR , " Unauthorized user! " ) ;
logger . severe ( " Unauthorized user! " ) ;
return ;
}
} catch ( Exception e ) {
if ( out ! = null ) {
out . println ( " { \" error \" : \" " + e . getMessage ( ) . replaceAll ( " \" " , " \\ \" " ) + " \" } " ) ;
logger . log ( Level . SEVERE , " Exception in ajax page! " , e ) ;
}
else
throw new ServletException ( e ) ;
} finally {
if ( db ! = null ) db . close ( ) ;
}
}
public static void sendEmailVerification ( User user ) throws IOException {
// Email
Email smtpEmail = new Email ( " admin@koc.se " , user . getEmail ( ) ) ;
smtpEmail . setNiceFrom ( " Koc.se Admin " ) ;
smtpEmail . setSubject ( " Registration at " + Zallery . getWebsiteName ( ) ) ;
smtpEmail . setContentType ( ContentType . HTML ) ;
smtpEmail . setMessage ( " You receive this message because you have requested an account " +
2012-06-13 20:05:58 +00:00
" <br>at " + Zallery . getWebsiteName ( ) + " . Please click the link to verify your email address: " +
2012-06-13 17:59:22 +00:00
" <p><a href=' " + Zallery . getWebsiteURL ( ) + " ?action=verfemail&id= " + user . getId ( ) + " &hash= " + user . getEmailVerificationHash ( ) + " '> " + Zallery . getWebsiteURL ( ) + " ?action=verfemail&id= " + user . getId ( ) + " &hash= " + user . getEmailVerificationHash ( ) + " </a> " +
" <p> You will have to wait for an admin to activate your account after you have verified your email. " ) ;
smtpEmail . send ( ) ;
}
public static void sendEmailNewUserToAdmin ( User newuser , DBConnection db ) throws SQLException , IOException {
// Email the admin about new user
Email email = new Email ( " admin@koc.se " , " admin@koc.se " ) ;
email . setNiceFrom ( " Koc.se Admin " ) ;
email . setSubject ( " New user activation request at " + Zallery . getWebsiteName ( ) ) ;
email . setContentType ( ContentType . HTML ) ;
email . setMessage ( " A new user has registered for an account at " +
" <a href=' " + Zallery . getWebsiteURL ( ) + " '> " + Zallery . getWebsiteName ( ) + " </a>: " +
" <p>Email: <b> " + newuser . getEmail ( ) + " </b> " +
" <br>Name: <b> " + newuser . getName ( ) + " </b> " +
" <br>Facebook: <a href='http://www.facebook.com/profile.php?id= " + newuser . getFacebookUid ( ) + " '> " + newuser . getFacebookUid ( ) + " </a> " ) ;
List < User > admins = User . loadSuperUsers ( db ) ;
for ( User admin : admins ) {
if ( admin . isEmailVerified ( ) ) {
email . setTo ( admin . getEmail ( ) ) ;
email . send ( ) ;
}
}
}
}
