ziver/zallery
1
0
Fork 0
Code Pull requests Releases Activity

fixed most compilation errors

Browse source
This commit is contained in:
Ziver Koc 2018-07-24 16:23:53 +02:00
parent cd24ee74e3
commit de503bd441
23 changed files with 208 additions and 475 deletions
Download patch file Download diff file Expand all files Collapse all files

2
WebContent/WEB-INF/web.xml
View file

@ -26,7 +26,7 @@
<servlet>
<servlet-name>Content</servlet-name>
<servlet-class>zall.ZalleryContent</servlet-class>
<servlet-class>zall.page.ContentServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Content</servlet-name>

2
WebContent/WEB-INF/web_debug.xml
View file

@ -46,7 +46,7 @@
<servlet>
<servlet-name>Content</servlet-name>
<servlet-class>zall.ZalleryContent</servlet-class>
<servlet-class>zall.page.ContentServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Content</servlet-name>

2
WebContent/WEB-INF/web_server.xml
View file

@ -46,7 +46,7 @@
<servlet>
<servlet-name>Content</servlet-name>
<servlet-class>zall.ZalleryContent</servlet-class>
<servlet-class>zall.page.ContentServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Content</servlet-name>

7
Zallery.iml
View file

@ -55,7 +55,7 @@
<SOURCES />
</library>
</orderEntry>
<orderEntry type="library" name="Maven: se.koc:zutil:1.0.0-SNAPSHOT" level="project" />
<orderEntry type="library" name="Maven: se.koc:zutil:1.0.1" level="project" />
<orderEntry type="library" name="Maven: commons-fileupload:commons-fileupload:1.2.1" level="project" />
<orderEntry type="library" name="Maven: commons-io:commons-io:2.5" level="project" />
<orderEntry type="library" name="Maven: dom4j:dom4j:1.6.1" level="project" />
@ -63,8 +63,8 @@
<orderEntry type="library" name="Maven: org.xerial:sqlite-jdbc:3.8.11.2" level="project" />
<orderEntry type="library" name="Maven: org.hamcrest:hamcrest-core:1.3" level="project" />
<orderEntry type="library" name="Maven: com.carrotsearch:junit-benchmarks:0.7.2" level="project" />
<orderEntry type="library" name="Maven: javax.mail:mail:1.3.2" level="project" />
<orderEntry type="library" name="Maven: javax.activation:activation:1.0.2" level="project" />
<orderEntry type="library" name="Maven: javax.mail:javax.mail-api:1.6.1" level="project" />
<orderEntry type="library" name="Maven: javax.activation:activation:1.1" level="project" />
<orderEntry type="library" name="Maven: mysql:mysql-connector-java:5.1.36" level="project" />
<orderEntry type="module-library">
<library name="Maven: xuggle:xuggle-xuggler:5.4">
@ -76,6 +76,5 @@
</library>
</orderEntry>
<orderEntry type="library" scope="PROVIDED" name="Maven: javax.servlet:javax.servlet-api:3.1.0" level="project" />
<orderEntry type="module" module-name="Zutil" />
</component>
</module>

BIN
lib/servlet-api.jar
View file

Binary file not shown.

8
pom.xml
View file

@ -22,12 +22,12 @@
<dependency>
<groupId>se.koc</groupId>
<artifactId>zutil</artifactId>
<version>1.0.0-SNAPSHOT</version>
<version>1.0.1</version>
</dependency>
<dependency>
<groupId>javax.mail</groupId>
<artifactId>mail</artifactId>
<version>1.3.2</version>
<artifactId>javax.mail-api</artifactId>
<version>1.6.1</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
@ -52,7 +52,7 @@
<build>
<sourceDirectory>src</sourceDirectory>
<testSourceDirectory>test</testSourceDirectory>
<!--<testSourceDirectory>test</testSourceDirectory>-->
<plugins>
<plugin>

200
src/zall/Zallery.java
View file

@ -74,201 +74,6 @@ public class Zallery extends HttpServlet{
}
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException{
DBConnection db = null;
try{
doGet(request, response, db = getDB());
} finally{
if(db != null) db.close();
}
}
public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws ServletException{
try{
response.setContentType("text/html");
HttpSession session = request.getSession();
String page = new File(request.getRequestURI()).getName();
request.setAttribute("page", page);
User user = (User) session.getAttribute("user");
String action = request.getParameter("action");
if( action == null ) action = "";
UserMessage msgs = UserMessage.getUserMessage(session);
// Verify email address
if( action.equalsIgnoreCase("verfemail") ){
User verfUser = User.load(db, Long.parseLong(request.getParameter("id")));
if (verfUser != null) {
if( verfUser.verifyEmail(request.getParameter("hash")) ){
ZalleryEmail.sendNewUserRegistrationToAdmin(verfUser, db);
verfUser.save(db);
msgs.add(MessageType.INFO, "Your email has been successfully verified.");
msgs.add(MessageType.WARNING, "The account is waiting account activation by an admin.");
}
else
msgs.add(MessageType.ERROR, "Email verification failed!");
}
else msgs.add(MessageType.ERROR, "Invalid user id: "+request.getParameter("id"));
}
// auth with cookie
if( user == null ){
user = User.loadByCookie(request, db, getCookieValue(request.getCookies(), "sessionHash") );
if(user != null){
logger.info("Used cookies to auth User: \""+user.getName()+"\".");
session.setAttribute("user", user);
}
}
if( user == null && ( !page.startsWith("register") && !page.startsWith("login") )){
//response.sendRedirect("login?redirect=\""+getUrl(request)+"\"");
response.sendRedirect("login");
return;
}
// validate user or Logout
if( user != null && ( !user.valid(request) || page.startsWith("logout") )){
logger.info("Logging Out User: \""+user.getName()+"\".");
session.invalidate();
session = request.getSession( true );
msgs.setSession( session );
user.logout( response );
if( !user.isEmailVerified() )
msgs.add(MessageType.WARNING, "Your email has not been verified!");
else if( !user.isEnabled() )
msgs.add(MessageType.ERROR, "Your account is disabled! Please contact the website administrator.");
else
msgs.add(MessageType.WARNING, "Your have been logged out.");
user = null;
response.sendRedirect("login");
return;
}
//**********************************************************
String include_jsp = null;
if( user != null ){
logger.finest("Valid user: \""+user.getName()+"\"");
// Import JSP pages
if(page.startsWith("media")){
try{
if( request.getParameter("id") == null && request.getParameter("type") == null){
msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
int id = Integer.parseInt( request.getParameter("id") );
Media media = Media.load(db, request.getParameter("type"), id);
request.setAttribute("media", media);
include_jsp = "media.jsp";
}catch(NumberFormatException e){ logger.log(Level.FINE, "", e); }
}
else if(page.startsWith("login")){
include_jsp = "login.jsp";
}
else if(page.startsWith("profile")){
if( request.getParameter("id") != null ){
User profile_user = User.load(db, Long.parseLong( request.getParameter("id") ));
if( AuthenticationManager.canEdit( user, profile_user )){
request.setAttribute("profile_user", profile_user);
include_jsp = "profile.jsp";
}else{
msgs.add(MessageType.ERROR, "You do not have permission to edit this user.");
}
}else{
request.setAttribute("profile_user", user);
include_jsp = "profile.jsp";
}
}
else if(page.startsWith("users")){
List<User> users = User.load(db);
request.setAttribute("users", users);
include_jsp = "users.jsp";
}
else if(page.startsWith("upload")){
List<Folder> dirList = Folder.load(db, user);
request.setAttribute("folders", dirList);
include_jsp = "upload.jsp";
}
else if( page.startsWith("slideshow") ){
Image image = Image.load(db, Integer.parseInt( request.getParameter("id") ));
request.setAttribute("image", image );
List<Image> list = Image.loadFolder(db, image.getFolder());
request.setAttribute("image", image);
request.setAttribute("images", list);
include_jsp = "slideshow.jsp";
}
else { // if(page.startsWith("gallery"))
Folder folder = null;
if(request.getParameter("folder") != null && !request.getParameter("folder").equalsIgnoreCase("null"))
folder = Folder.load(db, Long.parseLong(request.getParameter("folder")) );
else{
folder = Folder.loadRoot(db, user);
// Setup new root folder
if( folder == null ){
folder = Folder.genRoot();
folder.save(db);
}
}
List<Media> list = Media.load(db, folder);
List<Folder> subFolders = Folder.loadSubFolders(db, folder, user);
//session.setAttribute("user", user);
request.setAttribute("folder", folder);
request.setAttribute("subfolders", subFolders);
request.setAttribute("media", list);
include_jsp = "gallery.jsp";
}
}
else if(page.startsWith("register")){
include_jsp = "register.jsp";
}
else if(page.startsWith("login")){
include_jsp = "login.jsp";
}
else{
//response.sendRedirect("login?redirect=\""+getUrl(request)+"\"");
response.sendRedirect("login");
return;
}
include("header.jsp", request, response);
if( include_jsp != null )
include(include_jsp, request, response);
include("footer.jsp", request, response);
} catch (Exception e) {
logger.severe(e.getMessage());
System.out.flush();
throw new ServletException(e);
} finally{
if(db != null) db.close();
}
}
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException{
try {
include("ajax", request, response);
// RequestDispatcher include header read only workaround
HttpSession session = request.getSession();
User user = (User) session.getAttribute("user");
if( user != null ){
Cookie c = new Cookie("sessionHash", user.getSessionHash() );
c.setMaxAge(5*24*60*60); // 5 days
response.addCookie( c );
}
// Do the output
doGet(request, response);
} catch (Exception e) {
logger.severe(e.getMessage());
throw new ServletException(e);
}
}
public static DBConnection getDB() throws ServletException{
try {
return new DBConnection("jdbc/mysql");
@ -277,11 +82,6 @@ public class Zallery extends HttpServlet{
}
}
protected void include(String url, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException{
RequestDispatcher dispatcher = getServletContext().getRequestDispatcher("/"+url);
if (dispatcher != null)
dispatcher.include(request, response);
}
public static String getCookieValue(Cookie[] cookies, String name) {
if( cookies == null )

87
src/zall/ZalleryContent.java
View file

@ -1,87 +0,0 @@
package zall;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.fileupload.util.Streams;
import zall.bean.Image;
import zall.bean.Media;
import zall.bean.User;
import zall.bean.Video;
import zutil.db.DBConnection;
import zutil.io.file.FileUtil;
public class ZalleryContent extends HttpServlet{
private static final long serialVersionUID = 1L;
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException{
DBConnection db = null;
try {
HttpSession session = request.getSession();
User user = (User) session.getAttribute("user");
String size = request.getParameter("size");
if( size == null ) size = "";
if( user != null || size.equalsIgnoreCase("small") ){
db = Zallery.getDB();
Media media;
if( "video".equals(request.getParameter("type")) )
media = Video.load(db, Integer.parseInt(request.getParameter("id")));
else
media = Image.load(db, Integer.parseInt(request.getParameter("id")));
if( media != null ){
File file = null;
if( size.equalsIgnoreCase( "small" ) )
file = media.getFile( Media.Size.SMALL );
else if( size.equalsIgnoreCase( "medium" ) )
file = media.getFile( Media.Size.MEDIUM );
else if( size.equalsIgnoreCase( "large" ) )
file = media.getFile( Media.Size.LARGE );
else
file = media.getFile( Media.Size.ORIGINAL );
if( request.getParameter("download") != null )
response.setHeader("Content-disposition", "attachment; filename="+media.getTitle()+"."+FileUtil.getFileExtension(file));
if( file.exists() ){
if( "video".equals(request.getParameter("type")) )
response.setContentType("video/"+FileUtil.getFileExtension(file));
else
response.setContentType("image/"+FileUtil.getFileExtension(file));
response.setContentLength( (int)file.length() );
BufferedInputStream in = new BufferedInputStream( new FileInputStream(file) );
Streams.copy(in, response.getOutputStream(), false);
in.close();
}
else
response.setStatus( 404 );
}
else{
// Page not found
response.setStatus( 404 );
}
}
else{
// Unauthorized
response.setStatus( 401 );
}
} catch (Exception e) {
throw new ServletException(e);
} finally{
if(db != null) db.close();
}
}
}

7
src/zall/ZalleryServlet.java
View file

@ -1,5 +1,6 @@
package zall;
import zall.util.UserMessage;
import zutil.db.DBConnection;
import zutil.log.LogUtil;
@ -8,10 +9,16 @@ import javax.servlet.ServletException;
import javax.servlet.http.*;
import java.io.IOException;
import java.sql.SQLException;
import java.util.Locale;
import java.util.PropertyResourceBundle;
import java.util.ResourceBundle;
import java.util.logging.Logger;
import static zall.ZalleryConstant.LANG_BASENAME;
public abstract class ZalleryServlet extends HttpServlet {
private static Logger logger = LogUtil.getLogger();
protected ResourceBundle lang = PropertyResourceBundle.getBundle(LANG_BASENAME, Locale.getDefault());
public final void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException {

42
src/zall/action/LoginAction.java
View file

@ -1,42 +0,0 @@
package zall.action;
import java.io.PrintWriter;
import java.sql.SQLException;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import zall.bean.User;
import zall.util.UserMessage;
import zall.util.UserMessage.MessageType;
import zutil.db.DBConnection;
import zutil.log.LogUtil;
public class LoginAction extends ZalleryAction{
private static final Logger logger = LogUtil.getLogger();
public LoginAction() {
super("login");
}
@Override
public void handleRequest(DBConnection db, HttpServletRequest request, HttpServletResponse response, HttpSession session,
PrintWriter out, User user, UserMessage msgs) throws SQLException {
user = User.load(request, response, db, request.getParameter("email"), request.getParameter("password") );
if( user != null ){
logger.info("Used user input to auth \""+user.getName()+"\"");
session.setAttribute("user", user);
if( out != null )
out.println("{ }");
}
else if(out != null) out.println("{ \"error\":\"Wrong username or password!\"}");
else msgs.add(MessageType.ERROR, "Wrong username or password!");
}
}

51
src/zall/action/RegisterAction.java
View file

@ -1,51 +0,0 @@
package zall.action;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.SQLException;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import zall.bean.User;
import zall.util.ZalleryEmail;
import zall.util.UserMessage;
import zall.util.UserMessage.MessageType;
import zutil.db.DBConnection;
import zutil.log.LogUtil;
public class RegisterAction extends ZalleryAction{
private static final Logger logger = LogUtil.getLogger();
public RegisterAction() {
super("register");
}
@Override
public void handleRequest(DBConnection db, HttpServletRequest request, HttpServletResponse response, HttpSession session,
PrintWriter out, User user, UserMessage msgs) throws SQLException, IOException {
if( request.getParameter("email") == null ){
msgs.add(MessageType.ERROR, "Please provide a valid email!");
return;
}
if(User.load(db, request.getParameter("email")) != null){
msgs.add(MessageType.ERROR, "An account with that email already exists!");
return;
}
user = new User();
user.setEmail( request.getParameter("email") );
user.setPassword( request.getParameter("password") );
user.setName( request.getParameter("name") );
user.save(db);
ZalleryEmail.sendVerificationEmail( user );
logger.info("Registered new user: "+user.getName()+".");
session.setAttribute("user", user);
if(out != null) out.println("{ \"id\":"+user.getId()+" }");
else msgs.add(MessageType.INFO, "Your account has successfully been created. A verification email has been sent to your email, please click the link to continue.");
}
}

2
src/zall/action/user/ModifyUserStatusAction.java
View file

@ -39,7 +39,7 @@ public class ModifyUserStatusAction extends ZalleryAction{
if( target_user.getPassword() == null )
target_user.setPassword( request.getParameter("password") );
else if( request.getParameter("oldPassword") != null )
if( target_user.equalsPassword(request.getParameter("oldPassword")) )
if( target_user.getPassword().equals(request.getParameter("oldPassword")) )
target_user.setPassword( request.getParameter("password") );
else{
if(out != null) out.println("{ \"error\": \"Wrong password!\"}");

23
src/zall/lang/zallery_lang_en.properties
View file

@ -1,4 +1,19 @@
error.email_exsists=An account with that email already exists!
error.first_name_missing="Please provide a valid First Name!"
info.verification_email_sent="A verification email has been sent, please click the link to continue."
info.account_created="Your account has successfully been created."
error.incorrect.user_or_pass=Wrong username or password!
info.sent.email.verification=A verification email has been sent, please click the link to continue.
info.created.account=Your account has successfully been created.
info.modify.folder.is.private=Folder is now private (not visible to other users).
info.modify.folder.is.public=Folder is now public (can be viewed by other users).
error.not.found.folder=The folder does not exist!
error.not.allowed.edit.folder=You are not authorize to edit this folder!
error.not.found.parameter=Parameter missing!
info.modify.successfully=Changes were saved successfully.
error.not.found.media=The media does not exist!
error.not.allowed.edit.media=You are not authorize to modify this media!
info.created.comment=Comment saved.
error.not.allowed.edit.user=You do not have permission to edit the user.
error.not.found.first.name=Please provide a valid first name!
error.not.found.last.name=Please provide a valid last name!
error.not.found.email=Please provide a valid email!
error.not.found.password=Please provide a valid password!
error.incorrect.password.matching=Provided passwords do not match!
error.email_exists=An account with that email already exists!

21
src/zall/manager/AuthenticationManager.java
View file

@ -10,9 +10,12 @@ import zutil.db.DBConnection;
import zutil.log.LogUtil;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.sql.SQLException;
import java.util.logging.Logger;
import static zall.ZalleryConstant.SESSION_KEY_USER;
/**
*
*/
@ -38,6 +41,19 @@ public class AuthenticationManager {
return authenticatedUser;
}
/**
* @return the User associated with the provided session.
*/
public static User getUserSession(HttpSession session) {
return (User) session.getAttribute(SESSION_KEY_USER);
}
public static void setUserSession(User user, HttpSession session) {
session.setAttribute(SESSION_KEY_USER, user);
}
public static void rmUserSession(HttpSession session) {
session.removeAttribute(SESSION_KEY_USER);
}
/**
* @return true if the user has a valid authentication session
*/
@ -49,13 +65,13 @@ public class AuthenticationManager {
if(user.getSessionHash() == null || user.getSessionHash().isEmpty() )
return false;
switch( user.getAuthBy() ){
switch(user.getAuthBy()){
case USER_INPUT:
if (!user.isEmailVerified()) return false;
case COOKIE:
String cookieHash = Zallery.getCookieValue(request.getCookies(), ZalleryConstant.SESSION_KEY_AUTH_HASH);
return user.getSessionHash().equals(cookieHash) &&
user.getIpHost().equals( request.getRemoteAddr() );
user.getIpHost().equals(request.getRemoteAddr());
}
return false;
}
@ -87,4 +103,5 @@ public class AuthenticationManager {
user.setSessionHash(null);
user.save(db);
}
}

76
src/zall/page/ContentServlet.java Executable file
View file

@ -0,0 +1,76 @@
package zall.page;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.sql.SQLException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.fileupload.util.Streams;
import zall.Zallery;
import zall.ZalleryServlet;
import zall.bean.Image;
import zall.bean.Media;
import zall.bean.User;
import zall.bean.Video;
import zall.manager.AuthenticationManager;
import zutil.db.DBConnection;
import zutil.io.file.FileUtil;
/**
* A headless page that provides media content.
*/
@WebServlet({"/image", "/video"})
public class ContentServlet extends ZalleryServlet {
private static final long serialVersionUID = 1L;
public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws ServletException, SQLException, IOException {
String size = request.getParameter("size");
Media media = null;
String contentType = "";
switch (request.getServletPath()){
case "/video":
media = Video.load(db, Integer.parseInt(request.getParameter("id")));
contentType = "video";
break;
case "/image":
media = Image.load(db, Integer.parseInt(request.getParameter("id")));
contentType = "image";
break;
}
if (media != null) {
File file;
if (size == null)
file = media.getFile(Media.Size.ORIGINAL);
else
file = media.getFile(Media.Size.valueOf(size.toUpperCase()));
if (request.getParameter("download") != null)
response.setHeader("Content-disposition", "attachment; filename=" + media.getTitle() + "." + FileUtil.getFileExtension(file));
if (file.exists()) {
response.setContentType(contentType + "/" + FileUtil.getFileExtension(file));
response.setContentLength((int) file.length());
BufferedInputStream in = new BufferedInputStream(new FileInputStream(file));
Streams.copy(in, response.getOutputStream(), false);
in.close();
} else
response.setStatus(404);
} else {
// Page not found
response.setStatus(404);
}
}
}

27
src/zall/page/GalleryServlet.java
View file

@ -3,6 +3,8 @@ package zall.page;
import zall.ZalleryServlet;
import zall.bean.Folder;
import zall.bean.Media;
import zall.bean.User;
import zall.manager.AuthenticationManager;
import zall.util.UserMessage;
import zutil.db.DBConnection;
import zutil.log.LogUtil;
@ -20,9 +22,13 @@ import java.util.logging.Logger;
public class GalleryServlet extends ZalleryServlet {
private static Logger logger = LogUtil.getLogger();
public static final String JSP_FILE = "gallery.jsp";
public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws SQLException, IOException, ServletException {
User user = AuthenticationManager.getUserSession(request.getSession());
Folder folder;
if (request.getParameter("folder") != null && !request.getParameter("folder").equalsIgnoreCase("null"))
folder = Folder.load(db, Long.parseLong(request.getParameter("folder")));
else {
@ -33,6 +39,7 @@ public class GalleryServlet extends ZalleryServlet {
folder.save(db);
}
}
List<Media> list = Media.load(db, folder);
List<Folder> subFolders = Folder.loadSubFolders(db, folder, user);
@ -41,21 +48,19 @@ public class GalleryServlet extends ZalleryServlet {
request.setAttribute("subfolders", subFolders);
request.setAttribute("media", list);
include("header.jsp", request, response);
include("gallery.jsp", request, response);
include("footer.jsp", request, response);
include(JSP_FILE, request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws SQLException, IOException, ServletException {
User user = AuthenticationManager.getUserSession(request.getSession());
UserMessage msgs = UserMessage.getUserMessage(request.getSession());
long id = Long.parseLong(request.getParameter("id"));
if (request.getParameter("id") == null) {
msgs.add(UserMessage.MessageType.ERROR, "Missing parameters!");
msgs.add(UserMessage.MessageType.ERROR, "id" + lang.getString("error.not.found.parameter"));
return;
}
long id = Long.parseLong(request.getParameter("id"));
Folder folder = Folder.load(db, id);
switch (request.getParameter("action")) {
@ -66,18 +71,20 @@ public class GalleryServlet extends ZalleryServlet {
case "private":
if (folder != null) {
if (user.canEdit(folder)) {
if (AuthenticationManager.canEdit(user, folder)) {
folder.setPrivate(!folder.isPrivate());
folder.save(db);
if (folder.isPrivate())
msgs.add(UserMessage.MessageType.INFO, "Folder is now private (not visible to other users).");
msgs.add(UserMessage.MessageType.INFO, lang.getString("info.modify.folder.is.private"));
else
msgs.add(UserMessage.MessageType.INFO, "Folder is now public (can be viewed by other users).");
msgs.add(UserMessage.MessageType.INFO, lang.getString("info.modify.folder.is.public"));
} else
msgs.add(UserMessage.MessageType.ERROR, "You are not authorize to edit this folder!");
msgs.add(UserMessage.MessageType.ERROR, lang.getString("error.not.allowed.edit.folder"));
} else
msgs.add(UserMessage.MessageType.ERROR, "The folder does not exist!");
msgs.add(UserMessage.MessageType.ERROR, lang.getString("error.not.found.folder"));
break;
}
doGet(request, response, db);
}
}

10
src/zall/page/LoginServlet.java
View file

@ -3,6 +3,7 @@ package zall.page;
import zall.ZalleryServlet;
import zall.bean.User;
import zall.manager.AuthenticationManager;
import zall.util.UserMessage;
import zutil.db.DBConnection;
import zutil.log.LogUtil;
@ -14,8 +15,6 @@ import java.io.IOException;
import java.sql.SQLException;
import java.util.logging.Logger;
import static zall.ZalleryConstant.SESSION_KEY_USER;
@WebServlet("/login")
public class LoginServlet extends ZalleryServlet {
private static Logger logger = LogUtil.getLogger();
@ -29,20 +28,21 @@ public class LoginServlet extends ZalleryServlet {
public void doPost(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws SQLException, ServletException, IOException {
UserMessage msgs = UserMessage.getUserMessage(request.getSession());
User user = AuthenticationManager.authenticate(db,
request.getParameter("email"),
request.getParameter("password"));
// Successfull login
// Successful login
if (user != null) {
user.registerOnHost(request, response, db, true );
request.getSession().setAttribute(SESSION_KEY_USER, user);
AuthenticationManager.setUserSession(user, request.getSession());
forward("/", request, response);
}
// Failed login
else {
include(JSP_FILE, request, response);
msgs.add(UserMessage.MessageType.ERROR, lang.getString("error.incorrect.user_or_pass"));
}
}
}

10
src/zall/page/LogoutServlet.java
View file

@ -11,21 +11,19 @@ import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.sql.SQLException;
import static zall.ZalleryConstant.SESSION_KEY_USER;
/**
*
*/
@WebServlet(urlPatterns = "/logout")
public class LogoutServlet extends ZalleryServlet {
public void doGet(HttpServletRequest req, HttpServletResponse resp, DBConnection db) throws SQLException, IOException {
User user = (User) req.getSession().getAttribute(SESSION_KEY_USER);
public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws SQLException, IOException {
User user = AuthenticationManager.getUserSession(request.getSession());
AuthenticationManager.reset(db, user);
req.getSession().removeAttribute(SESSION_KEY_USER);
AuthenticationManager.rmUserSession(request.getSession());
resp.sendRedirect("/login");
response.sendRedirect("/login");
}
}

26
src/zall/page/MediaServlet.java
View file

@ -3,6 +3,8 @@ package zall.page;
import zall.ZalleryServlet;
import zall.bean.Comment;
import zall.bean.Media;
import zall.bean.User;
import zall.manager.AuthenticationManager;
import zall.util.UserMessage;
import zutil.db.DBConnection;
import zutil.log.LogUtil;
@ -20,12 +22,14 @@ import java.util.logging.Logger;
public class MediaServlet extends ZalleryServlet {
private static Logger logger = LogUtil.getLogger();
private static final String JSP_FILE = "media.jsp";
public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws ServletException, SQLException, IOException {
UserMessage msgs = UserMessage.getUserMessage(request.getSession());
if (request.getParameter("id") == null && request.getParameter("type") == null) {
msgs.add(UserMessage.MessageType.ERROR, "Missing parameters!");
msgs.add(UserMessage.MessageType.ERROR, lang.getString("error.not.found.parameter"));
return;
}
try {
@ -37,17 +41,16 @@ public class MediaServlet extends ZalleryServlet {
logger.log(Level.FINE, "", e);
}
include("header.jsp", request, response);
include("media.jsp", request, response);
include("footer.jsp", request, response);
include(JSP_FILE, request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws SQLException {
public void doPost(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws SQLException, ServletException, IOException {
UserMessage msgs = UserMessage.getUserMessage(request.getSession());
User user = AuthenticationManager.getUserSession(request.getSession());
long id = Long.parseLong(request.getParameter("id"));
if (request.getParameter("id") == null || request.getParameter("type") == null) {
msgs.add(UserMessage.MessageType.ERROR, "Missing parameters!");
msgs.add(UserMessage.MessageType.ERROR, lang.getString("error.not.found.parameter"));
return;
}
@ -65,7 +68,7 @@ public class MediaServlet extends ZalleryServlet {
media.addComment(cm);
media.save(db);
msgs.add(UserMessage.MessageType.INFO, "Comment saved.");
msgs.add(UserMessage.MessageType.INFO, lang.getString("info.created.comment"));
break;
// -----------------------------------------
@ -74,20 +77,21 @@ public class MediaServlet extends ZalleryServlet {
case "modify":
if (media != null) {
if (user.canEdit(media)) {
if (AuthenticationManager.canEdit(user, media)) {
media.setTitle(request.getParameter("title"));
media.setDescription(request.getParameter("description"));
media.save(db);
msgs.add(UserMessage.MessageType.INFO, "Item edited successfully.");
msgs.add(UserMessage.MessageType.INFO, lang.getString("info.modify.successfully"));
} else
msgs.add(UserMessage.MessageType.ERROR, "You are not authorize to modify this item!");
msgs.add(UserMessage.MessageType.ERROR, lang.getString("error.not.allowed.edit.media"));
} else
msgs.add(UserMessage.MessageType.ERROR, "The item does not exist!");
msgs.add(UserMessage.MessageType.ERROR, lang.getString("error.not.found.media"));
break;
}
doGet(request, response, db);
}
}

37
src/zall/page/ProfileServlet.java
View file

@ -2,6 +2,7 @@ package zall.page;
import zall.ZalleryServlet;
import zall.bean.User;
import zall.manager.AuthenticationManager;
import zall.util.UserMessage;
import zutil.db.DBConnection;
import zutil.log.LogUtil;
@ -18,30 +19,26 @@ import java.util.logging.Logger;
public class ProfileServlet extends ZalleryServlet {
private static Logger logger = LogUtil.getLogger();
private static final String JSP_FILE = "profile.jsp";
public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws ServletException{
public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws ServletException, IOException, SQLException {
UserMessage msgs = UserMessage.getUserMessage(request.getSession());
User user = AuthenticationManager.getUserSession(request.getSession());
try{
if(request.getParameter("id") != null){
User profile_user = User.load(db, Long.parseLong( request.getParameter("id") ));
if(user.canEdit(profile_user)){
request.setAttribute("profile_user", profile_user);
} else {
msgs.add(UserMessage.MessageType.ERROR, "You do not have permission to edit the user.");
}
} else {
request.setAttribute("profile_user", user);
}
include("header.jsp", request, response);
include("profile.jsp", request, response);
include("footer.jsp", request, response);
} catch (Exception e) {
logger.severe(e.getMessage());
throw new ServletException(e);
if(request.getParameter("id") != null){
User profile_user = User.load(db, Long.parseLong( request.getParameter("id") ));
if(AuthenticationManager.canEdit(user, profile_user)){
request.setAttribute("profile_user", profile_user);
} else {
msgs.add(UserMessage.MessageType.ERROR, lang.getString("error.not.allowed.edit.user"));
}
} else {
request.setAttribute("profile_user", user);
}
include(JSP_FILE, request, response);
}

26
src/zall/page/RegisterServlet.java
View file

@ -12,13 +12,8 @@ import javax.servlet.annotation.WebServlet;
import javax.servlet.http.*;
import java.io.IOException;
import java.sql.SQLException;
import java.util.Locale;
import java.util.PropertyResourceBundle;
import java.util.ResourceBundle;
import java.util.logging.Logger;
import static zall.ZalleryConstant.LANG_BASENAME;
@WebServlet("/register")
public class RegisterServlet extends ZalleryServlet {
private static Logger logger = LogUtil.getLogger();
@ -38,8 +33,7 @@ public class RegisterServlet extends ZalleryServlet {
public void doPost(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws SQLException, IOException, ServletException {
UserMessage msgHandler = UserMessage.getUserMessage(request.getSession());
ResourceBundle lang = PropertyResourceBundle.getBundle(LANG_BASENAME, Locale.getDefault());
UserMessage msgs = UserMessage.getUserMessage(request.getSession());
/*
* Check inputs
@ -52,20 +46,20 @@ public class RegisterServlet extends ZalleryServlet {
String passwordRe = (String)request.getAttribute(INPUT_ID_PASSWORD_REPEATE);
if (firstName == null)
msgHandler.add(UserMessage.MessageType.ERROR, lang.getString("error.first_name_missing"));
msgs.add(UserMessage.MessageType.ERROR, lang.getString("error.not.found.first.name"));
if (lastName == null)
msgHandler.add(UserMessage.MessageType.ERROR, lang.getString("error.last_name_missing"));
msgs.add(UserMessage.MessageType.ERROR, lang.getString("error.not.found.last.name"));
if (email == null)
msgHandler.add(UserMessage.MessageType.ERROR, lang.getString("error.email_missing"));
msgs.add(UserMessage.MessageType.ERROR, lang.getString("error.not.found.email"));
if (password == null)
msgHandler.add(UserMessage.MessageType.ERROR, lang.getString("error.password_missing"));
msgs.add(UserMessage.MessageType.ERROR, lang.getString("error.not.found.password"));
if (passwordRe == null)
msgHandler.add(UserMessage.MessageType.ERROR, lang.getString("error.password_missing"));
msgs.add(UserMessage.MessageType.ERROR, lang.getString("error.not.found.password"));
else if (passwordRe.equals(password))
msgHandler.add(UserMessage.MessageType.ERROR, lang.getString("error.password_not_matching"));
msgs.add(UserMessage.MessageType.ERROR, lang.getString("error.incorrect.password.matching"));
if(User.load(db, (String)request.getAttribute(INPUT_ID_EMAIL)) != null){
msgHandler.add(UserMessage.MessageType.ERROR, lang.getString("error.email_exsists"));
msgs.add(UserMessage.MessageType.ERROR, lang.getString("error.email_exists"));
return;
}
@ -81,8 +75,8 @@ public class RegisterServlet extends ZalleryServlet {
ZalleryEmail.sendVerificationEmail( user );
request.getSession().setAttribute("user", user);
logger.info("Registered new user: "+user.getName()+".");
msgHandler.add(UserMessage.MessageType.INFO,
lang.getString("info.account_created") + lang.getString("info.verification_email_sent"));
msgs.add(UserMessage.MessageType.INFO,
lang.getString("info.created.account") + " " + lang.getString("info.sent.email.verification"));
include(JSP_FILE, request, response);
}

6
src/zall/page/SlideshowServlet.java
View file

@ -18,6 +18,8 @@ import java.util.logging.Logger;
public class SlideshowServlet extends ZalleryServlet {
private static Logger logger = LogUtil.getLogger();
private static final String JSP_FILE = "slideshow.jsp";
public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws ServletException, SQLException, IOException {
Image image = Image.load(db, Integer.parseInt(request.getParameter("id")));
@ -27,9 +29,7 @@ public class SlideshowServlet extends ZalleryServlet {
request.setAttribute("image", image);
request.setAttribute("images", list);
include("header.jsp", request, response);
include("slideshow.jsp", request, response);
include("footer.jsp", request, response);
include(JSP_FILE, request, response);
}
}

11
src/zall/page/UserListServlet.java
View file

@ -16,16 +16,15 @@ import java.util.logging.Logger;
@WebServlet("/register")
public class UserListServlet extends ZalleryServlet {
private static Logger logger = LogUtil.getLogger();
private static Logger logger = LogUtil.getLogger();
private static final String JSP_FILE = "users.jsp";
public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws ServletException, SQLException, IOException {
public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws ServletException, SQLException, IOException {
List<User> users = User.load(db);
request.setAttribute("users", users);
include("header.jsp", request, response);
include("users.jsp", request, response);
include("footer.jsp", request, response);
include(JSP_FILE, request, response);
}
}