ziver/zallery
1
0
Fork 0
Code Pull requests Releases Activity

Refactored the code, addded google translator, and fixed some bugs

Browse source
This commit is contained in:
Ziver Koc 2012-06-14 20:39:22 +00:00
parent 36cee77790
commit ed1505254d
20 changed files with 844 additions and 370 deletions
Download patch file Download diff file Expand all files Collapse all files

2
WebContent/css/style.css
View file

@ -1158,7 +1158,7 @@ html, body {
} }
#footer{ #footer{
margin-top: 0; margin-top: 0;
height: 30px; #height: 30px;
padding: 20px 0; padding: 20px 0;
} }
.push { .push {

9
WebContent/footer.jsp
View file

@ -7,6 +7,15 @@
<div class="footer"> <div class="footer">
<div id="footer"> <div id="footer">
<div id="siteinfo"> <div id="siteinfo">
<div id="google_translate_element"></div>
<script type="text/javascript">
function googleTranslateElementInit() {
new google.translate.TranslateElement({pageLanguage: 'en', layout: google.translate.TranslateElement.InlineLayout.HORIZONTAL, multilanguagePage: true, gaTrack: true, gaId: 'UA-310804-2'}, 'google_translate_element');
}
</script>
<script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
Powered by Powered by
Java2EE And Tomcat. Zallery Gallery created by Ziver Koc. Java2EE And Tomcat. Zallery Gallery created by Ziver Koc.
<br>Built on the <br>Built on the

4
WebContent/header.jsp
View file

@ -54,6 +54,7 @@ UserMessage message = UserMessage.getUserMessage(session);
}, "Please enter your first and last name" ); }, "Please enter your first and last name" );
</script> </script>
<!-- Facebook -->
<script type="text/javascript"> <script type="text/javascript">
// Google Analythics // Google Analythics
var _gaq = _gaq || []; var _gaq = _gaq || [];
@ -65,6 +66,9 @@ UserMessage message = UserMessage.getUserMessage(session);
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})(); })();
</script> </script>
<!-- Google translate -->
<meta name="google-translate-customization" content="2ed4e94374eecdd6-9478f2e9269794a2-ge4734ab0ad9c470f-6"></meta>
</head> </head>
<% if( page_url.startsWith("upload") || page_url.startsWith("users") || page_url.startsWith("profile") || page_url.startsWith("login") || page_url.startsWith("register") ){ %> <% if( page_url.startsWith("upload") || page_url.startsWith("users") || page_url.startsWith("profile") || page_url.startsWith("login") || page_url.startsWith("register") ){ %>

5
WebContent/users.jsp
View file

@ -2,6 +2,7 @@
<%@ page import="zall.bean.*" %> <%@ page import="zall.bean.*" %>
<%@ page import="java.text.SimpleDateFormat" %> <%@ page import="java.text.SimpleDateFormat" %>
<%@ page import="java.io.IOException" %> <%@ page import="java.io.IOException" %>
<%@ page import="java.sql.Timestamp" %>
<% <%
User user = (User)session.getAttribute("user"); User user = (User)session.getAttribute("user");
List<User> users = (List<User>)request.getAttribute("users"); List<User> users = (List<User>)request.getAttribute("users");
@ -35,7 +36,11 @@ if( request.getParameter("search") != null ){
out.println(" <table border=1 width='100%'>"); out.println(" <table border=1 width='100%'>");
out.println(" <tr>"); out.println(" <tr>");
out.println(" <td width='180px'><b>"+printUser.getName()+"</b></td>"); out.println(" <td width='180px'><b>"+printUser.getName()+"</b></td>");
if( printUser.getLoginDate().after(new Timestamp(System.currentTimeMillis()-60*60*1000) )){
out.println(" <td width='180px'><b>Last login:</b> <span style='color: lightgreen;'>"+formatter.format( printUser.getLoginDate() )+"</span></td>");
} else {
out.println(" <td width='180px'><b>Last login:</b> "+formatter.format( printUser.getLoginDate() )+"</td>"); out.println(" <td width='180px'><b>Last login:</b> "+formatter.format( printUser.getLoginDate() )+"</td>");
}
out.println(" <td>&nbsp;"); out.println(" <td>&nbsp;");
if( printUser.getFacebookUid() != null ){ if( printUser.getFacebookUid() != null ){
out.println(" <a href='http://www.facebook.com/profile.php?id="+printUser.getFacebookUid()+"' target='blank' title='Link to Facebook profile'>Facebook</a>"); out.println(" <a href='http://www.facebook.com/profile.php?id="+printUser.getFacebookUid()+"' target='blank' title='Link to Facebook profile'>Facebook</a>");

414
src/zall/ZalleryAjax.java
View file

@ -3,20 +3,22 @@ package zall;
import java.io.IOException; import java.io.IOException;
import java.io.PrintWriter; import java.io.PrintWriter;
import java.sql.SQLException; import java.sql.SQLException;
import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import zall.bean.Comment; import zall.action.*;
import zall.bean.Folder; import zall.action.media.*;
import zall.bean.Media; import zall.action.user.*;
import zall.bean.User; import zall.bean.*;
import zall.util.Email; import zall.util.Email;
import zall.util.Email.ContentType; import zall.util.Email.ContentType;
import zall.util.msg.UserMessage; import zall.util.msg.UserMessage;
@ -28,6 +30,37 @@ public class ZalleryAjax extends HttpServlet{
public static final Logger logger = LogUtil.getLogger(); public static final Logger logger = LogUtil.getLogger();
private static final long serialVersionUID = 1L; private static final long serialVersionUID = 1L;
private HashMap<String,ZalleryAction> actions;
public void init(ServletConfig config) throws ServletException {
super.init(config);
// General
registerAction(new LoginAction());
registerAction(new RegisterAction());
// User Actions
registerAction(new ModifyUserAction());
registerAction(new ModifyUserStatusAction());
registerAction(new RemoveUserAction());
registerAction(new SendVerificationEmailAction());
registerAction(new VerifyEmailAction());
// Media Actions
registerAction(new CommentAction());
registerAction(new CreateFolderAction());
registerAction(new ModifyMediaAction());
registerAction(new RemoveFolderAction());
registerAction(new RemoveMediaAction());
registerAction(new TogglePrivateAction());
}
protected void registerAction(ZalleryAction action){
if(actions == null)
actions = new HashMap<String,ZalleryAction>();
actions.put(action.getActionId().toLowerCase(), action);
}
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException{ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException{
try { try {
doGet(request, response, response.getWriter()); doGet(request, response, response.getWriter());
@ -46,368 +79,17 @@ public class ZalleryAjax extends HttpServlet{
public void doGet(HttpServletRequest request, HttpServletResponse response, PrintWriter out) throws ServletException{ public void doGet(HttpServletRequest request, HttpServletResponse response, PrintWriter out) throws ServletException{
DBConnection db = null; DBConnection db = null;
try { try {
String actionStr = request.getParameter("action").toLowerCase();
HttpSession session = request.getSession(); HttpSession session = request.getSession();
User user = (User) session.getAttribute("user"); User user = (User) session.getAttribute("user");
String action = request.getParameter("action");
if( action == null ) action = "";
db = Zallery.getDB(); db = Zallery.getDB();
UserMessage msgs = UserMessage.getUserMessage(session); UserMessage msgs = UserMessage.getUserMessage(session);
// Login ZalleryAction action = actions.get( actionStr );
if( action.equalsIgnoreCase("login") ){ if( action != null ){
user = User.load(request, response, db, request.getParameter("email"), request.getParameter("password") ); if( (action.requireUser() && user != null) || !action.requireUser() ){
if( user != null ){ action.handleRequest(db, request, response, session, out, user, msgs);
logger.info("Used user input to auth \""+user.getName()+"\"");
session.setAttribute("user", user);
if( out != null )
out.println("{ }");
}
else if(out != null) out.println("{ \"error\":\"Wrong username or password!\"}");
else msgs.add(MessageType.ERROR, "Wrong username or password!");
return;
}
// Register
if( action.equalsIgnoreCase("register") ){
if( request.getParameter("email") == null ){
msgs.add(MessageType.ERROR, "Please provide a valid email!");
return;
}
if( User.emailExists(request.getParameter("email"), db) ){
msgs.add(MessageType.ERROR, "An account with that email already exists!");
return;
}
user = new User();
user.setEmail( request.getParameter("email") );
user.setPassword( request.getParameter("password") );
user.setName( request.getParameter("name") );
user.save(db);
sendEmailVerification( user );
logger.info("Registered new user: "+user.getName()+".");
session.setAttribute("user", user);
if(out != null) out.println("{ \"id\":"+user.getId()+" }");
else msgs.add(MessageType.INFO, "Your account has successfully been created. A verification email has been sent to your email, please click the link to continue.");
return;
}
// Verify email address
if( action.equalsIgnoreCase("verfemail") ){
User verfuser = User.load(db, Long.parseLong(request.getParameter("id")));
if( verfuser.verifyEmail(request.getParameter("hash")) ){
if( verfuser.isEnabled() )
if(out != null) out.println("{ }");
else msgs.add(MessageType.INFO, "Your email has been successfully verified");
else {
sendEmailNewUserToAdmin(verfuser, db);
if(out != null) out.println("{ }");
else msgs.add(MessageType.INFO, "Your email has been successfully verified, the account is waiting account activation by an admin.");
}
verfuser.save(db);
}
else if(out != null) out.println("{ \"error\":\"Invalid email verification hash!\" }");
else msgs.add(MessageType.ERROR, "Invalid email verification hash!");
return;
}
// Other
else if( user != null ){
// Administration things of users
if( user.isSuperUser() && action.equalsIgnoreCase("moduserstat") ){
User target_user = User.load(db, Long.parseLong( request.getParameter("id") ) );
// Enable user
if( request.getParameter("enable") != null ){
target_user.setEnabled( true );
// Email the user about the activation
Email email = new Email("admin@koc.se", target_user.getEmail());
email.setSubject("Account activation at "+Zallery.getWebsiteName());
email.setContentType(ContentType.HTML);
email.setMessage("Your account has now been activated by an admin. You can now login and use the site. " +
"<a href='"+Zallery.getWebsiteURL()+"'>"+Zallery.getWebsiteURL()+"</a>");
}
// Disable user, can not disable one self!
else if( request.getParameter("disable") != null && !user.equals( target_user ) )
target_user.setEnabled( false );
// Promote user to Admin
else if( request.getParameter("setadmin") != null )
target_user.setSuperUser( true );
// Degrade Admin to normal user, can not degrade one self!
else if( request.getParameter("unadmin") != null && !user.equals( target_user ) )
target_user.setSuperUser( false );
else{
if( out != null ) out.println("{ }");
return;
}
target_user.save(db);
if( out != null )
out.println("{ }");
else
msgs.add(MessageType.INFO, "Account changes saved.");
return;
}
// User profile changes
else if( action.equalsIgnoreCase("moduser") ){
User target_user = null;
if( request.getParameter("id") != null )
target_user = User.load(db, Long.parseLong( request.getParameter("id") ) );
else // set target user to the logged in user
target_user = user;
if( user.canEdit(target_user) ){
if( request.getParameter("email") != null )
target_user.setEmail( request.getParameter("email") );
if( request.getParameter("password") != null ){
if( target_user.getPassword() == null )
target_user.setPassword( request.getParameter("password") );
else if( request.getParameter("oldPassword") != null )
if( target_user.equalsPassword(request.getParameter("oldPassword")) )
target_user.setPassword( request.getParameter("password") );
else{
if(out != null) out.println("{ \"error\": \"Wrong password!\"}");
else msgs.add(MessageType.ERROR, "Wrong password!");
return;
}
}
if( request.getParameter("name") != null )
target_user.setName( request.getParameter("name") );
target_user.save(db);
if( !user.isEmailVerified() )
sendEmailVerification( target_user );
if( out != null )
out.println("{ }");
else
msgs.add(MessageType.INFO, "Settings saved successfully.");
}
else if(out != null) out.println("{ \"error\": \"You are not authorize to change these values!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize to change these values!");
return;
}
// Remove user
else if( action.equalsIgnoreCase("rmuser") ){
User target_user = null;
if( request.getParameter("id") != null )
target_user = User.load(db, Long.parseLong( request.getParameter("id") ) );
else {
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
if( target_user != null ){
if( user.isSuperUser() ){
target_user.delete(db);
if( out != null ) out.println("{ }");
else msgs.add(MessageType.INFO, "User removed successfully.");
}
else if(out != null) out.println("{ \"error\": \"You are not authorize to delete that user!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize to delete that user!");
}
else {
if(out != null) out.println("{ \"error\": \"No such user!\"}");
else msgs.add(MessageType.ERROR, "No such user!");
}
return;
}
// Remove user
else if( action.equalsIgnoreCase("sendverfemail") ){
User target_user = null;
if( request.getParameter("id") != null )
target_user = User.load(db, Long.parseLong( request.getParameter("id") ) );
else {
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
if( target_user != null ){
if( user.isSuperUser() ){
sendEmailVerification(target_user);
logger.info("Verification email sent successfully to: "+user.getEmail());
if( out != null ) out.println("{ }");
else msgs.add(MessageType.INFO, "Verification email sent successfully.");
}
else if(out != null) out.println("{ \"error\": \"You are not authorize send verification emails!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize send verification emails!");
}
else {
if(out != null) out.println("{ \"error\": \"No such user!\"}");
else msgs.add(MessageType.ERROR, "No such user!");
}
return;
}
///// Media stuff
// Comments for media
else if( action.equalsIgnoreCase("comment") ){
if( request.getParameter("id") == null || request.getParameter("type") == null ){
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
long id = Long.parseLong(request.getParameter("id"));
Media media = Media.load(db, request.getParameter("type"), id);
Comment cm = new Comment();
cm.setUser( user );
cm.setMessage( request.getParameter("msg") );
media.addComment( cm );
media.save( db );
if( out != null ) out.println("{ }");
else msgs.add(MessageType.INFO, "Comment saved.");
return;
}
// Edit media information
else if( action.equalsIgnoreCase("modmedia") ){
if( request.getParameter("id") == null || request.getParameter("type") == null ){
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
long id = Long.parseLong(request.getParameter("id"));
Media media = Media.load(db, request.getParameter("type"), id);
if( media != null ){
if( user.canEdit(media) ){
media.setTitle( request.getParameter("title") );
media.setDescription( request.getParameter("description") );
media.save(db);
if(out != null) out.println("{}");
else msgs.add(MessageType.INFO, "Item edited successfully.");
}
else if(out != null) out.println("{ \"error\": \"You are not authorize to modify this item!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize to modify this item!");
}
else if(out != null) out.println("{ \"error\": \"No such item!\"}");
else msgs.add(MessageType.ERROR, "The item does not exist!");
}
// Remove media
else if( action.equalsIgnoreCase("rmmedia") ){
if( request.getParameter("id") == null || request.getParameter("type") == null ){
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
long id = Long.parseLong(request.getParameter("id"));
Media media = Media.load(db, request.getParameter("type"), id);
if( media != null ){
if( user.canEdit(media) ){
media.delete( db );
if(out != null) out.println("{}");
else msgs.add(MessageType.INFO, "Item removed successfully.");
}
else if(out != null) out.println("{ \"error\": \"You are not authorize to delete the item!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize to delete the item!");
}
else if(out != null) out.println("{ \"error\": \"No such item!\"}");
else msgs.add(MessageType.ERROR, "The item does not exist!");
}
// Toggle folder private
else if( action.equalsIgnoreCase("mkprivate") ){
if( request.getParameter("id") == null){
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
long id = Long.parseLong(request.getParameter("id"));
Folder folder = Folder.load(db, id);
if( folder != null ){
if( user.canEdit(folder) ){
folder.setPrivate( !folder.isPrivate() );
folder.save(db);
if(out != null) out.println("{}");
else{
if(folder.isPrivate()) msgs.add(MessageType.INFO, "Folder is now private (not visible to other users).");
else msgs.add(MessageType.INFO, "Folder is now public (can be viewed by other users).");
}
}
else if(out != null) out.println("{ \"error\": \"You are not authorize to edit this folder!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize to edit this folder!");
}
else if(out != null) out.println("{ \"error\": \"No such folder!\"}");
else msgs.add(MessageType.ERROR, "The folder does not exist!");
}
else if( action.equalsIgnoreCase("rmdir") ){
if( request.getParameter("id") == null){
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
long id = Long.parseLong(request.getParameter("id"));
Folder folder = Folder.load(db, id);
if( folder != null ){
if( !folder.isEmpty(db) ){
if(out != null) out.println("{ \"error\": \"Folder is not empty!\"}");
else msgs.add(MessageType.ERROR, "Folder is not empty!");
} else if( user.canEdit(folder) ){
folder.delete( db );
if(out != null) out.println("{}");
else msgs.add(MessageType.INFO, "Folder removed successfully.");
}
else if(out != null) out.println("{ \"error\": \"You are not authorize to delete this folder!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize to delete this folder!");
}
else if(out != null) out.println("{ \"error\": \"No such folder!\"}");
else msgs.add(MessageType.ERROR, "The folder does not exist!");
}
// Create Folder
else if( action.equalsIgnoreCase("mkdir") ){
String path = request.getParameter("dir");
Folder folder = Folder.load(db, path, user);
logger.info( "Creating new folder: /"+user.getName()+"/"+path );
// parent folder
if( folder == null ){
String[] dirs = path.split("/");
Folder parent = Folder.loadRoot(db, user);
if( user.isSuperUser() && path.charAt(0) == '/' )
path = "";
else{
path = "/{NAME}";
// Get root folder
parent = Folder.load(db, path, user); // Get user root folder
if( parent == null ){ // Create root folder
parent = Folder.loadRoot(db, user); // get root folder
folder = new Folder();
folder.setUser( user );
folder.setParent( parent );
folder.setName( "{NAME}" );
folder.save( db );
parent = folder;
}
}
for(String dir : dirs){
if( dir.trim().isEmpty() ) // skip empty names
continue;
path += "/"+dir;
folder = Folder.load(db, path, user);
if(folder == null){ // create folder
folder = new Folder();
folder.setUser( user );
folder.setParent( parent );
folder.setName( dir );
folder.save( db );
}
parent = folder;
}
if(out != null) out.print( "{\"id\":"+folder.getId()+", \"name\":\""+folder.getPath()+"\"}" );
else msgs.add(MessageType.INFO, "Folder '"+path+"' has been successfully created.!");
}
else if(out != null) out.println("{\"error\":\"The folder '"+path+"' already exists!\"}");
else msgs.add(MessageType.ERROR, "The folder '"+path+"' already exists!");
return;
}
} }
else{ else{
// Unauthorized // Unauthorized
@ -420,6 +102,18 @@ public class ZalleryAjax extends HttpServlet{
logger.severe("Unauthorized user!"); logger.severe("Unauthorized user!");
return; return;
} }
}
else{
// Unauthorized
if( out != null ){
out.print( "{\"error\":\"Unknown action!\"}" );
response.setStatus( 404 );
}
else
msgs.add(MessageType.ERROR, "Unknown action: '"+actionStr+"'!");
logger.severe("Unknown action: '"+actionStr+"'!");
return;
}
} catch (Exception e) { } catch (Exception e) {
if( out != null ){ if( out != null ){

41
src/zall/action/LoginAction.java Normal file
View file

@ -0,0 +1,41 @@
package zall.action;
import java.io.PrintWriter;
import java.sql.SQLException;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import zall.bean.User;
import zall.util.msg.UserMessage;
import zall.util.msg.UserMessage.MessageType;
import zutil.db.DBConnection;
import zutil.log.LogUtil;
public class LoginAction extends ZalleryAction{
private static final Logger logger = LogUtil.getLogger();
public LoginAction() {
super("login");
}
@Override
public void handleRequest(DBConnection db, HttpServletRequest request, HttpServletResponse response, HttpSession session,
PrintWriter out, User user, UserMessage msgs) throws SQLException {
user = User.load(request, response, db, request.getParameter("email"), request.getParameter("password") );
if( user != null ){
logger.info("Used user input to auth \""+user.getName()+"\"");
session.setAttribute("user", user);
if( out != null )
out.println("{ }");
}
else if(out != null) out.println("{ \"error\":\"Wrong username or password!\"}");
else msgs.add(MessageType.ERROR, "Wrong username or password!");
}
}

51
src/zall/action/RegisterAction.java Normal file
View file

@ -0,0 +1,51 @@
package zall.action;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.SQLException;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import zall.ZalleryAjax;
import zall.bean.User;
import zall.util.msg.UserMessage;
import zall.util.msg.UserMessage.MessageType;
import zutil.db.DBConnection;
import zutil.log.LogUtil;
public class RegisterAction extends ZalleryAction{
private static final Logger logger = LogUtil.getLogger();
public RegisterAction() {
super("register");
}
@Override
public void handleRequest(DBConnection db, HttpServletRequest request, HttpServletResponse response, HttpSession session,
PrintWriter out, User user, UserMessage msgs) throws SQLException, IOException {
if( request.getParameter("email") == null ){
msgs.add(MessageType.ERROR, "Please provide a valid email!");
return;
}
if( User.emailExists(request.getParameter("email"), db) ){
msgs.add(MessageType.ERROR, "An account with that email already exists!");
return;
}
user = new User();
user.setEmail( request.getParameter("email") );
user.setPassword( request.getParameter("password") );
user.setName( request.getParameter("name") );
user.save(db);
ZalleryAjax.sendEmailVerification( user );
logger.info("Registered new user: "+user.getName()+".");
session.setAttribute("user", user);
if(out != null) out.println("{ \"id\":"+user.getId()+" }");
else msgs.add(MessageType.INFO, "Your account has successfully been created. A verification email has been sent to your email, please click the link to continue.");
}
}

44
src/zall/action/ZalleryAction.java Normal file
View file

@ -0,0 +1,44 @@
package zall.action;
import java.io.PrintWriter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import zall.bean.User;
import zall.util.msg.UserMessage;
import zutil.db.DBConnection;
public abstract class ZalleryAction {
private final String actionId;
private final boolean requireUser;
public ZalleryAction(String actionId){
this(actionId, false);
}
public ZalleryAction(String actionId, boolean requireUser){
this.actionId = actionId;
this.requireUser = requireUser;
}
public abstract void handleRequest(
DBConnection db,
HttpServletRequest request,
HttpServletResponse response,
HttpSession session,
PrintWriter out,
User user,
UserMessage msgs) throws Exception;
public String getActionId(){
return actionId;
}
public boolean requireUser(){
return requireUser;
}
}

49
src/zall/action/media/CommentAction.java Normal file
View file

@ -0,0 +1,49 @@
package zall.action.media;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.SQLException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import zall.action.ZalleryAction;
import zall.bean.Comment;
import zall.bean.Media;
import zall.bean.User;
import zall.util.msg.UserMessage;
import zall.util.msg.UserMessage.MessageType;
import zutil.db.DBConnection;
public class CommentAction extends ZalleryAction{
public CommentAction() {
super("comment", true);
}
@Override
public void handleRequest(DBConnection db, HttpServletRequest request, HttpServletResponse response, HttpSession session,
PrintWriter out, User user, UserMessage msgs) throws SQLException, IOException {
// Comments for media
if( request.getParameter("id") == null || request.getParameter("type") == null ){
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
long id = Long.parseLong(request.getParameter("id"));
Media media = Media.load(db, request.getParameter("type"), id);
Comment cm = new Comment();
cm.setUser( user );
cm.setMessage( request.getParameter("msg") );
media.addComment( cm );
media.save( db );
if( out != null ) out.println("{ }");
else msgs.add(MessageType.INFO, "Comment saved.");
}
}

79
src/zall/action/media/CreateFolderAction.java Normal file
View file

@ -0,0 +1,79 @@
package zall.action.media;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.SQLException;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import zall.action.ZalleryAction;
import zall.bean.Folder;
import zall.bean.User;
import zall.util.msg.UserMessage;
import zall.util.msg.UserMessage.MessageType;
import zutil.db.DBConnection;
import zutil.log.LogUtil;
public class CreateFolderAction extends ZalleryAction{
private static final Logger logger = LogUtil.getLogger();
public CreateFolderAction() {
super("mkdir", true);
}
@Override
public void handleRequest(DBConnection db, HttpServletRequest request, HttpServletResponse response, HttpSession session,
PrintWriter out, User user, UserMessage msgs) throws SQLException, IOException {
// Create Folder
String path = request.getParameter("dir");
Folder folder = Folder.load(db, path, user);
logger.info( "Creating new folder: /"+user.getName()+"/"+path );
// parent folder
if( folder == null ){
String[] dirs = path.split("/");
Folder parent = Folder.loadRoot(db, user);
if( user.isSuperUser() && path.charAt(0) == '/' )
path = "";
else{
path = "/{NAME}";
// Get root folder
parent = Folder.load(db, path, user); // Get user root folder
if( parent == null ){ // Create root folder
parent = Folder.loadRoot(db, user); // get root folder
folder = new Folder();
folder.setUser( user );
folder.setParent( parent );
folder.setName( "{NAME}" );
folder.save( db );
parent = folder;
}
}
for(String dir : dirs){
if( dir.trim().isEmpty() ) // skip empty names
continue;
path += "/"+dir;
folder = Folder.load(db, path, user);
if(folder == null){ // create folder
folder = new Folder();
folder.setUser( user );
folder.setParent( parent );
folder.setName( dir );
folder.save( db );
}
parent = folder;
}
if(out != null) out.print( "{\"id\":"+folder.getId()+", \"name\":\""+folder.getPath()+"\"}" );
else msgs.add(MessageType.INFO, "Folder '"+path+"' has been successfully created.!");
}
else if(out != null) out.println("{\"error\":\"The folder '"+path+"' already exists!\"}");
else msgs.add(MessageType.ERROR, "The folder '"+path+"' already exists!");
return;
}
}

54
src/zall/action/media/ModifyMediaAction.java Normal file
View file

@ -0,0 +1,54 @@
package zall.action.media;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.SQLException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import zall.action.ZalleryAction;
import zall.bean.Media;
import zall.bean.User;
import zall.util.msg.UserMessage;
import zall.util.msg.UserMessage.MessageType;
import zutil.db.DBConnection;
public class ModifyMediaAction extends ZalleryAction{
public ModifyMediaAction() {
super("modmedia", true);
}
@Override
public void handleRequest(DBConnection db, HttpServletRequest request, HttpServletResponse response, HttpSession session,
PrintWriter out, User user, UserMessage msgs) throws SQLException, IOException {
// Edit media information
if( request.getParameter("id") == null || request.getParameter("type") == null ){
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
long id = Long.parseLong(request.getParameter("id"));
Media media = Media.load(db, request.getParameter("type"), id);
if( media != null ){
if( user.canEdit(media) ){
media.setTitle( request.getParameter("title") );
media.setDescription( request.getParameter("description") );
media.save(db);
if(out != null) out.println("{}");
else msgs.add(MessageType.INFO, "Item edited successfully.");
}
else if(out != null) out.println("{ \"error\": \"You are not authorize to modify this item!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize to modify this item!");
}
else if(out != null) out.println("{ \"error\": \"No such item!\"}");
else msgs.add(MessageType.ERROR, "The item does not exist!");
}
}

54
src/zall/action/media/RemoveFolderAction.java Normal file
View file

@ -0,0 +1,54 @@
package zall.action.media;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.SQLException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import zall.action.ZalleryAction;
import zall.bean.Folder;
import zall.bean.User;
import zall.util.msg.UserMessage;
import zall.util.msg.UserMessage.MessageType;
import zutil.db.DBConnection;
public class RemoveFolderAction extends ZalleryAction{
public RemoveFolderAction() {
super("rmdir", true);
}
@Override
public void handleRequest(DBConnection db, HttpServletRequest request, HttpServletResponse response, HttpSession session,
PrintWriter out, User user, UserMessage msgs) throws SQLException, IOException {
//Remove Media
if( request.getParameter("id") == null){
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
long id = Long.parseLong(request.getParameter("id"));
Folder folder = Folder.load(db, id);
if( folder != null ){
if( !folder.isEmpty(db) ){
if(out != null) out.println("{ \"error\": \"Folder is not empty!\"}");
else msgs.add(MessageType.ERROR, "Folder is not empty!");
} else if( user.canEdit(folder) ){
folder.delete( db );
if(out != null) out.println("{}");
else msgs.add(MessageType.INFO, "Folder removed successfully.");
}
else if(out != null) out.println("{ \"error\": \"You are not authorize to delete this folder!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize to delete this folder!");
}
else if(out != null) out.println("{ \"error\": \"No such folder!\"}");
else msgs.add(MessageType.ERROR, "The folder does not exist!");
}
}

52
src/zall/action/media/RemoveMediaAction.java Normal file
View file

@ -0,0 +1,52 @@
package zall.action.media;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.SQLException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import zall.action.ZalleryAction;
import zall.bean.Media;
import zall.bean.User;
import zall.util.msg.UserMessage;
import zall.util.msg.UserMessage.MessageType;
import zutil.db.DBConnection;
public class RemoveMediaAction extends ZalleryAction{
public RemoveMediaAction() {
super("rmmedia", true);
}
@Override
public void handleRequest(DBConnection db, HttpServletRequest request, HttpServletResponse response, HttpSession session,
PrintWriter out, User user, UserMessage msgs) throws SQLException, IOException {
// Remove media
if( request.getParameter("id") == null || request.getParameter("type") == null ){
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
long id = Long.parseLong(request.getParameter("id"));
Media media = Media.load(db, request.getParameter("type"), id);
if( media != null ){
if( user.canEdit(media) ){
media.delete( db );
if(out != null) out.println("{}");
else msgs.add(MessageType.INFO, "Item removed successfully.");
}
else if(out != null) out.println("{ \"error\": \"You are not authorize to delete the item!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize to delete the item!");
}
else if(out != null) out.println("{ \"error\": \"No such item!\"}");
else msgs.add(MessageType.ERROR, "The item does not exist!");
}
}

55
src/zall/action/media/TogglePrivateAction.java Normal file
View file

@ -0,0 +1,55 @@
package zall.action.media;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.SQLException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import zall.action.ZalleryAction;
import zall.bean.Folder;
import zall.bean.User;
import zall.util.msg.UserMessage;
import zall.util.msg.UserMessage.MessageType;
import zutil.db.DBConnection;
public class TogglePrivateAction extends ZalleryAction{
public TogglePrivateAction() {
super("mkprivate", true);
}
@Override
public void handleRequest(DBConnection db, HttpServletRequest request, HttpServletResponse response, HttpSession session,
PrintWriter out, User user, UserMessage msgs) throws SQLException, IOException {
// Toggle folder private
if( request.getParameter("id") == null){
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
long id = Long.parseLong(request.getParameter("id"));
Folder folder = Folder.load(db, id);
if( folder != null ){
if( user.canEdit(folder) ){
folder.setPrivate( !folder.isPrivate() );
folder.save(db);
if(out != null) out.println("{}");
else{
if(folder.isPrivate()) msgs.add(MessageType.INFO, "Folder is now private (not visible to other users).");
else msgs.add(MessageType.INFO, "Folder is now public (can be viewed by other users).");
}
}
else if(out != null) out.println("{ \"error\": \"You are not authorize to edit this folder!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize to edit this folder!");
}
else if(out != null) out.println("{ \"error\": \"No such folder!\"}");
else msgs.add(MessageType.ERROR, "The folder does not exist!");
}
}

65
src/zall/action/user/ModifyUserAction.java Normal file
View file

@ -0,0 +1,65 @@
package zall.action.user;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.SQLException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import zall.Zallery;
import zall.action.ZalleryAction;
import zall.bean.User;
import zall.util.Email;
import zall.util.Email.ContentType;
import zall.util.msg.UserMessage;
import zall.util.msg.UserMessage.MessageType;
import zutil.db.DBConnection;
public class ModifyUserAction extends ZalleryAction{
public ModifyUserAction() {
super("moduserstat", true);
}
@Override
public void handleRequest(DBConnection db, HttpServletRequest request, HttpServletResponse response, HttpSession session,
PrintWriter out, User user, UserMessage msgs) throws SQLException, IOException {
// Administration things of users
if( user.isSuperUser() ){
User target_user = User.load(db, Long.parseLong( request.getParameter("id") ) );
// Enable user
if( request.getParameter("enable") != null ){
target_user.setEnabled( true );
// Email the user about the activation
Email email = new Email("admin@koc.se", target_user.getEmail());
email.setSubject("Account activation at "+Zallery.getWebsiteName());
email.setContentType(ContentType.HTML);
email.setMessage("Your account has now been activated by an admin. You can now login and use the site. " +
"<a href='"+Zallery.getWebsiteURL()+"'>"+Zallery.getWebsiteURL()+"</a>");
}
// Disable user, can not disable one self!
else if( request.getParameter("disable") != null && !user.equals( target_user ) )
target_user.setEnabled( false );
// Promote user to Admin
else if( request.getParameter("setadmin") != null )
target_user.setSuperUser( true );
// Degrade Admin to normal user, can not degrade one self!
else if( request.getParameter("unadmin") != null && !user.equals( target_user ) )
target_user.setSuperUser( false );
else{
if( out != null ) out.println("{ }");
return;
}
target_user.save(db);
if( out != null )
out.println("{ }");
else
msgs.add(MessageType.INFO, "Account changes saved.");
return;
}
}
}

63
src/zall/action/user/ModifyUserStatusAction.java Normal file
View file

@ -0,0 +1,63 @@
package zall.action.user;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.SQLException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import zall.ZalleryAjax;
import zall.action.ZalleryAction;
import zall.bean.User;
import zall.util.msg.UserMessage;
import zall.util.msg.UserMessage.MessageType;
import zutil.db.DBConnection;
public class ModifyUserStatusAction extends ZalleryAction{
public ModifyUserStatusAction() {
super("moduser", true);
}
@Override
public void handleRequest(DBConnection db, HttpServletRequest request, HttpServletResponse response, HttpSession session,
PrintWriter out, User user, UserMessage msgs) throws SQLException, IOException {
User target_user = null;
if( request.getParameter("id") != null )
target_user = User.load(db, Long.parseLong( request.getParameter("id") ) );
else // set target user to the logged in user
target_user = user;
if( user.canEdit(target_user) ){
if( request.getParameter("email") != null )
target_user.setEmail( request.getParameter("email") );
if( request.getParameter("password") != null ){
if( target_user.getPassword() == null )
target_user.setPassword( request.getParameter("password") );
else if( request.getParameter("oldPassword") != null )
if( target_user.equalsPassword(request.getParameter("oldPassword")) )
target_user.setPassword( request.getParameter("password") );
else{
if(out != null) out.println("{ \"error\": \"Wrong password!\"}");
else msgs.add(MessageType.ERROR, "Wrong password!");
return;
}
}
if( request.getParameter("name") != null )
target_user.setName( request.getParameter("name") );
target_user.save(db);
if( !user.isEmailVerified() )
ZalleryAjax.sendEmailVerification( target_user );
if( out != null )
out.println("{ }");
else
msgs.add(MessageType.INFO, "Settings saved successfully.");
}
else if(out != null) out.println("{ \"error\": \"You are not authorize to change these values!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize to change these values!");
}
}

53
src/zall/action/user/RemoveUserAction.java Normal file
View file

@ -0,0 +1,53 @@
package zall.action.user;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.SQLException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import zall.action.ZalleryAction;
import zall.bean.User;
import zall.util.msg.UserMessage;
import zall.util.msg.UserMessage.MessageType;
import zutil.db.DBConnection;
public class RemoveUserAction extends ZalleryAction{
public RemoveUserAction() {
super("rmuser", true);
}
@Override
public void handleRequest(DBConnection db, HttpServletRequest request, HttpServletResponse response, HttpSession session,
PrintWriter out, User user, UserMessage msgs) throws SQLException, IOException {
// Remove user
User target_user = null;
if( request.getParameter("id") != null )
target_user = User.load(db, Long.parseLong( request.getParameter("id") ) );
else {
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
if( target_user != null ){
if( user.isSuperUser() ){
target_user.delete(db);
if( out != null ) out.println("{ }");
else msgs.add(MessageType.INFO, "User removed successfully.");
}
else if(out != null) out.println("{ \"error\": \"You are not authorize to delete that user!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize to delete that user!");
}
else {
if(out != null) out.println("{ \"error\": \"No such user!\"}");
else msgs.add(MessageType.ERROR, "No such user!");
}
}
}

57
src/zall/action/user/SendVerificationEmailAction.java Normal file
View file

@ -0,0 +1,57 @@
package zall.action.user;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.SQLException;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import zall.ZalleryAjax;
import zall.action.ZalleryAction;
import zall.bean.User;
import zall.util.msg.UserMessage;
import zall.util.msg.UserMessage.MessageType;
import zutil.db.DBConnection;
import zutil.log.LogUtil;
public class SendVerificationEmailAction extends ZalleryAction{
private static final Logger logger = LogUtil.getLogger();
public SendVerificationEmailAction() {
super("sendverfemail", true);
}
@Override
public void handleRequest(DBConnection db, HttpServletRequest request, HttpServletResponse response, HttpSession session,
PrintWriter out, User user, UserMessage msgs) throws SQLException, IOException {
User target_user = null;
if( request.getParameter("id") != null )
target_user = User.load(db, Long.parseLong( request.getParameter("id") ) );
else {
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
if( target_user != null ){
if( user.isSuperUser() ){
ZalleryAjax.sendEmailVerification(target_user);
logger.info("Verification email sent successfully to: "+user.getEmail());
if( out != null ) out.println("{ }");
else msgs.add(MessageType.INFO, "Verification email sent successfully.");
}
else if(out != null) out.println("{ \"error\": \"You are not authorize send verification emails!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize send verification emails!");
}
else {
if(out != null) out.println("{ \"error\": \"No such user!\"}");
else msgs.add(MessageType.ERROR, "No such user!");
}
}
}

45
src/zall/action/user/VerifyEmailAction.java Normal file
View file

@ -0,0 +1,45 @@
package zall.action.user;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.SQLException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import zall.ZalleryAjax;
import zall.action.ZalleryAction;
import zall.bean.User;
import zall.util.msg.UserMessage;
import zall.util.msg.UserMessage.MessageType;
import zutil.db.DBConnection;
public class VerifyEmailAction extends ZalleryAction{
public VerifyEmailAction() {
super("verfemail", true);
}
@Override
public void handleRequest(DBConnection db, HttpServletRequest request, HttpServletResponse response, HttpSession session,
PrintWriter out, User user, UserMessage msgs) throws SQLException, IOException {
User verfuser = User.load(db, Long.parseLong(request.getParameter("id")));
if( verfuser.verifyEmail(request.getParameter("hash")) ){
if( verfuser.isEnabled() )
if(out != null) out.println("{ }");
else msgs.add(MessageType.INFO, "Your email has been successfully verified");
else {
ZalleryAjax.sendEmailNewUserToAdmin(verfuser, db);
if(out != null) out.println("{ }");
else msgs.add(MessageType.INFO, "Your email has been successfully verified, the account is waiting account activation by an admin.");
}
verfuser.save(db);
}
else if(out != null) out.println("{ \"error\":\"Invalid email verification hash!\" }");
else msgs.add(MessageType.ERROR, "Invalid email verification hash!");
}
}

2
src/zall/bean/User.java
View file

@ -138,7 +138,7 @@ public class User extends DBBean{
public static boolean emailExists(String email, DBConnection db) throws SQLException{ public static boolean emailExists(String email, DBConnection db) throws SQLException{
PreparedStatement sql = db.getPreparedStatement( PreparedStatement sql = db.getPreparedStatement(
"SELECT * FROM User WHERE email=? LIMIT 1"); "SELECT email FROM User WHERE email=? LIMIT 1");
sql.setString(1, email); sql.setString(1, email);
String tmp = DBConnection.exec(sql, new SimpleSQLHandler<String>()); String tmp = DBConnection.exec(sql, new SimpleSQLHandler<String>());