package zall;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.SQLException;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import zall.bean.Comment;
import zall.bean.Folder;
import zall.bean.Media;
import zall.bean.User;
import zall.util.Email;
import zall.util.Email.ContentType;
import zall.util.msg.UserMessage;
import zall.util.msg.UserMessage.MessageType;
import zutil.db.DBConnection;
import zutil.log.LogUtil;
public class ZalleryAjax extends HttpServlet{
public static final Logger logger = LogUtil.getLogger();
private static final long serialVersionUID = 1L;
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException{
try {
doGet(request, response, response.getWriter());
} catch (IOException e) {
throw new ServletException(e);
}
}
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException{
doGet(request, response, null);
}
/**
* @param out is the PrintStream that will be used, no output will be generated if it is null
*/
public void doGet(HttpServletRequest request, HttpServletResponse response, PrintWriter out) throws ServletException{
DBConnection db = null;
try {
HttpSession session = request.getSession();
User user = (User) session.getAttribute("user");
String action = request.getParameter("action");
if( action == null ) action = "";
db = Zallery.getDB();
UserMessage msgs = UserMessage.getUserMessage(session);
// Login
if( action.equalsIgnoreCase("login") ){
user = User.load(request, response, db, request.getParameter("email"), request.getParameter("password") );
if( user != null ){
logger.info("Used user input to auth \""+user.getName()+"\"");
session.setAttribute("user", user);
if( out != null )
out.println("{ }");
}
else if(out != null) out.println("{ \"error\":\"Wrong username or password!\"}");
else msgs.add(MessageType.ERROR, "Wrong username or password!");
return;
}
// Register
if( action.equalsIgnoreCase("register") ){
if( request.getParameter("email") == null ){
msgs.add(MessageType.ERROR, "Please provide a valid email!");
return;
}
if( User.emailExists(request.getParameter("email"), db) ){
msgs.add(MessageType.ERROR, "An account with that email already exists!");
return;
}
user = new User();
user.setEmail( request.getParameter("email") );
user.setPassword( request.getParameter("password") );
user.setName( request.getParameter("name") );
user.save(db);
sendEmailVerification( user );
logger.info("Registered new user: "+user.getName()+".");
session.setAttribute("user", user);
if(out != null) out.println("{ \"id\":"+user.getId()+" }");
else msgs.add(MessageType.INFO, "Your account has successfully been created. A verification email has been sent to your email, please click the link to continue.");
return;
}
// Verify email address
if( action.equalsIgnoreCase("verfemail") ){
User verfuser = User.load(db, Long.parseLong(request.getParameter("id")));
if( verfuser.verifyEmail(request.getParameter("hash")) ){
if( verfuser.isEnabled() )
if(out != null) out.println("{ }");
else msgs.add(MessageType.INFO, "Your email has been successfully verified");
else {
sendEmailNewUserToAdmin(verfuser, db);
if(out != null) out.println("{ }");
else msgs.add(MessageType.INFO, "Your email has been successfully verified, the account is waiting account activation by an admin.");
}
verfuser.save(db);
}
else if(out != null) out.println("{ \"error\":\"Invalid email verification hash!\" }");
else msgs.add(MessageType.ERROR, "Invalid email verification hash!");
return;
}
// Other
else if( user != null ){
// Administration things of users
if( user.isSuperUser() && action.equalsIgnoreCase("moduserstat") ){
User target_user = User.load(db, Long.parseLong( request.getParameter("id") ) );
// Enable user
if( request.getParameter("enable") != null ){
target_user.setEnabled( true );
// Email the user about the activation
Email email = new Email("admin@koc.se", target_user.getEmail());
email.setSubject("Account activation at "+Zallery.getWebsiteName());
email.setContentType(ContentType.HTML);
email.setMessage("Your account has now been activated by an admin. You can now login and use the site. " +
""+Zallery.getWebsiteURL()+"");
}
// Disable user, can not disable one self!
else if( request.getParameter("disable") != null && !user.equals( target_user ) )
target_user.setEnabled( false );
// Promote user to Admin
else if( request.getParameter("setadmin") != null )
target_user.setSuperUser( true );
// Degrade Admin to normal user, can not degrade one self!
else if( request.getParameter("unadmin") != null && !user.equals( target_user ) )
target_user.setSuperUser( false );
else{
if( out != null ) out.println("{ }");
return;
}
target_user.save(db);
if( out != null )
out.println("{ }");
else
msgs.add(MessageType.INFO, "Account changes saved.");
return;
}
// User profile changes
else if( action.equalsIgnoreCase("moduser") ){
User target_user = null;
if( request.getParameter("id") != null )
target_user = User.load(db, Long.parseLong( request.getParameter("id") ) );
else // set target user to the logged in user
target_user = user;
if( user.canEdit(target_user) ){
if( request.getParameter("email") != null )
target_user.setEmail( request.getParameter("email") );
if( request.getParameter("password") != null ){
if( target_user.getPassword() == null )
target_user.setPassword( request.getParameter("password") );
else if( request.getParameter("oldPassword") != null )
if( target_user.equalsPassword(request.getParameter("oldPassword")) )
target_user.setPassword( request.getParameter("password") );
else{
if(out != null) out.println("{ \"error\": \"Wrong password!\"}");
else msgs.add(MessageType.ERROR, "Wrong password!");
return;
}
}
if( request.getParameter("name") != null )
target_user.setName( request.getParameter("name") );
target_user.save(db);
if( !user.isEmailVerified() )
sendEmailVerification( target_user );
if( out != null )
out.println("{ }");
else
msgs.add(MessageType.INFO, "Settings saved successfully.");
}
else if(out != null) out.println("{ \"error\": \"You are not authorize to change these values!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize to change these values!");
return;
}
// Remove user
else if( action.equalsIgnoreCase("rmuser") ){
User target_user = null;
if( request.getParameter("id") != null )
target_user = User.load(db, Long.parseLong( request.getParameter("id") ) );
else {
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
if( target_user != null ){
if( user.isSuperUser() ){
target_user.delete(db);
if( out != null ) out.println("{ }");
else msgs.add(MessageType.INFO, "User removed successfully.");
}
else if(out != null) out.println("{ \"error\": \"You are not authorize to delete that user!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize to delete that user!");
}
else {
if(out != null) out.println("{ \"error\": \"No such user!\"}");
else msgs.add(MessageType.ERROR, "No such user!");
}
return;
}
// Remove user
else if( action.equalsIgnoreCase("sendverfemail") ){
User target_user = null;
if( request.getParameter("id") != null )
target_user = User.load(db, Long.parseLong( request.getParameter("id") ) );
else {
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
if( target_user != null ){
if( user.isSuperUser() ){
sendEmailVerification(target_user);
logger.info("Verification email sent successfully to: "+user.getEmail());
if( out != null ) out.println("{ }");
else msgs.add(MessageType.INFO, "Verification email sent successfully.");
}
else if(out != null) out.println("{ \"error\": \"You are not authorize send verification emails!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize send verification emails!");
}
else {
if(out != null) out.println("{ \"error\": \"No such user!\"}");
else msgs.add(MessageType.ERROR, "No such user!");
}
return;
}
///// Media stuff
// Comments for media
else if( action.equalsIgnoreCase("comment") ){
if( request.getParameter("id") == null || request.getParameter("type") == null ){
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
long id = Long.parseLong(request.getParameter("id"));
Media media = Media.load(db, request.getParameter("type"), id);
Comment cm = new Comment();
cm.setUser( user );
cm.setMessage( request.getParameter("msg") );
media.addComment( cm );
media.save( db );
if( out != null ) out.println("{ }");
else msgs.add(MessageType.INFO, "Comment saved.");
return;
}
// Edit media information
else if( action.equalsIgnoreCase("modmedia") ){
if( request.getParameter("id") == null || request.getParameter("type") == null ){
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
long id = Long.parseLong(request.getParameter("id"));
Media media = Media.load(db, request.getParameter("type"), id);
if( media != null ){
if( user.canEdit(media) ){
media.setTitle( request.getParameter("title") );
media.setDescription( request.getParameter("description") );
media.save(db);
if(out != null) out.println("{}");
else msgs.add(MessageType.INFO, "Item edited successfully.");
}
else if(out != null) out.println("{ \"error\": \"You are not authorize to modify this item!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize to modify this item!");
}
else if(out != null) out.println("{ \"error\": \"No such item!\"}");
else msgs.add(MessageType.ERROR, "The item does not exist!");
}
// Remove media
else if( action.equalsIgnoreCase("rmmedia") ){
if( request.getParameter("id") == null || request.getParameter("type") == null ){
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
long id = Long.parseLong(request.getParameter("id"));
Media media = Media.load(db, request.getParameter("type"), id);
if( media != null ){
if( user.canEdit(media) ){
media.delete( db );
if(out != null) out.println("{}");
else msgs.add(MessageType.INFO, "Item removed successfully.");
}
else if(out != null) out.println("{ \"error\": \"You are not authorize to delete the item!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize to delete the item!");
}
else if(out != null) out.println("{ \"error\": \"No such item!\"}");
else msgs.add(MessageType.ERROR, "The item does not exist!");
}
// Toggle folder private
else if( action.equalsIgnoreCase("mkprivate") ){
if( request.getParameter("id") == null){
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
long id = Long.parseLong(request.getParameter("id"));
Folder folder = Folder.load(db, id);
if( folder != null ){
if( user.canEdit(folder) ){
folder.setPrivate( !folder.isPrivate() );
folder.save(db);
if(out != null) out.println("{}");
else{
if(folder.isPrivate()) msgs.add(MessageType.INFO, "Folder is now private (not visible to other users).");
else msgs.add(MessageType.INFO, "Folder is now public (can be viewed by other users).");
}
}
else if(out != null) out.println("{ \"error\": \"You are not authorize to edit this folder!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize to edit this folder!");
}
else if(out != null) out.println("{ \"error\": \"No such folder!\"}");
else msgs.add(MessageType.ERROR, "The folder does not exist!");
}
else if( action.equalsIgnoreCase("rmdir") ){
if( request.getParameter("id") == null){
if(out != null) out.println("{ \"error\": \"Missing parameters!\"}");
else msgs.add(MessageType.ERROR, "Missing parameters!");
return;
}
long id = Long.parseLong(request.getParameter("id"));
Folder folder = Folder.load(db, id);
if( folder != null ){
if( !folder.isEmpty(db) ){
if(out != null) out.println("{ \"error\": \"Folder is not empty!\"}");
else msgs.add(MessageType.ERROR, "Folder is not empty!");
} else if( user.canEdit(folder) ){
folder.delete( db );
if(out != null) out.println("{}");
else msgs.add(MessageType.INFO, "Folder removed successfully.");
}
else if(out != null) out.println("{ \"error\": \"You are not authorize to delete this folder!\"}");
else msgs.add(MessageType.ERROR, "You are not authorize to delete this folder!");
}
else if(out != null) out.println("{ \"error\": \"No such folder!\"}");
else msgs.add(MessageType.ERROR, "The folder does not exist!");
}
// Create Folder
else if( action.equalsIgnoreCase("mkdir") ){
String path = request.getParameter("dir");
Folder folder = Folder.load(db, path, user);
logger.info( "Creating new folder: /"+user.getName()+"/"+path );
// parent folder
if( folder == null ){
String[] dirs = path.split("/");
Folder parent = Folder.loadRoot(db, user);
if( user.isSuperUser() && path.charAt(0) == '/' )
path = "";
else{
path = "/{NAME}";
// Get root folder
parent = Folder.load(db, path, user); // Get user root folder
if( parent == null ){ // Create root folder
parent = Folder.loadRoot(db, user); // get root folder
folder = new Folder();
folder.setUser( user );
folder.setParent( parent );
folder.setName( "{NAME}" );
folder.save( db );
parent = folder;
}
}
for(String dir : dirs){
if( dir.trim().isEmpty() ) // skip empty names
continue;
path += "/"+dir;
folder = Folder.load(db, path, user);
if(folder == null){ // create folder
folder = new Folder();
folder.setUser( user );
folder.setParent( parent );
folder.setName( dir );
folder.save( db );
}
parent = folder;
}
if(out != null) out.print( "{\"id\":"+folder.getId()+", \"name\":\""+folder.getPath()+"\"}" );
else msgs.add(MessageType.INFO, "Folder '"+path+"' has been successfully created.!");
}
else if(out != null) out.println("{\"error\":\"The folder '"+path+"' already exists!\"}");
else msgs.add(MessageType.ERROR, "The folder '"+path+"' already exists!");
return;
}
}
else{
// Unauthorized
if( out != null ){
out.print( "{\"error\":\"Unauthorized user!\"}" );
response.setStatus( 401 );
}
else
msgs.add(MessageType.ERROR, "Unauthorized user!");
logger.severe("Unauthorized user!");
return;
}
} catch (Exception e) {
if( out != null ){
out.println("{\"error\":\""+e.getMessage().replaceAll("\"", "\\\"")+"\"}");
logger.log(Level.SEVERE, "Exception in ajax page!", e);
}
else
throw new ServletException(e);
} finally{
if(db != null) db.close();
}
}
public static void sendEmailVerification(User user) throws IOException{
// Email
Email smtpEmail = new Email("admin@koc.se", user.getEmail());
smtpEmail.setNiceFrom("Koc.se Admin");
smtpEmail.setSubject("Registration at "+Zallery.getWebsiteName());
smtpEmail.setContentType(ContentType.HTML);
smtpEmail.setMessage("You receive this message because you have requested an account" +
"
at "+Zallery.getWebsiteName()+". Please click the link to verify your email address: " +
""+Zallery.getWebsiteURL()+"?action=verfemail&id="+user.getId()+"&hash="+user.getEmailVerificationHash()+"" +
"
You will have to wait for an admin to activate your account after you have verified your email.");
smtpEmail.send();
}
public static void sendEmailNewUserToAdmin(User newuser, DBConnection db) throws SQLException, IOException{
// Email the admin about new user
Email email = new Email("admin@koc.se", "admin@koc.se");
email.setNiceFrom("Koc.se Admin");
email.setSubject("New user activation request at "+Zallery.getWebsiteName());
email.setContentType(ContentType.HTML);
email.setMessage("A new user has registered for an account at " +
""+Zallery.getWebsiteName()+":" +
"
Email: " + newuser.getEmail() + "" +
"
Name: " + newuser.getName() + "" +
"
Facebook: "+newuser.getFacebookUid()+"");
List admins = User.loadSuperUsers(db);
for(User admin : admins){
if( admin.isEmailVerified() ){
email.setTo( admin.getEmail() );
email.send();
}
}
}
}