import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.util.*;
import java.sql.*;
import com.brainysoftware.java.StringUtil;

public class PersistentCookieServlet extends HttpServlet {

  String persistedUserName;

  public void doGet(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {
    Cookie[] cookies = request.getCookies();
    int length = cookies.length;
    for (int i=0; i<length; i++) {
      Cookie cookie = cookies[i];
      if (cookie.getName().equals("userName"))
        persistedUserName = cookie.getValue();
    }
    sendLoginForm(response, false);
  }

  public void doPost(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {

    String userName = request.getParameter("userName");
    String password = request.getParameter("password");
    if (login(userName, password)) {
      //send cookie to the browser
      Cookie c1 = new Cookie("userName", userName);
      Cookie c2 = new Cookie("password", password);
      c1.setMaxAge(10000);

      response.addCookie(c1);
      response.addCookie(c2);
      response.setContentType("text/html");
      PrintWriter out = response.getWriter();
      //response.sendRedirect does not work here.
      // use a Meta tag to redirect to ContentServlet
      out.println("<META HTTP-EQUIV=Refresh CONTENT=0;URL=ContentServlet>");
    }
    else {
      sendLoginForm(response, true);
    }
  }

  private void sendLoginForm(HttpServletResponse response, boolean withErrorMessage)
    throws ServletException, IOException {
    response.setContentType("text/html");
    PrintWriter out = response.getWriter();
    out.println("<HTML>");
    out.println("<HEAD>");
    out.println("<TITLE>Login</TITLE>");
    out.println("</HEAD>");
    out.println("<BODY>");
    out.println("<CENTER>");

    if (withErrorMessage) {
      out.println("Login failed. Please try again.<BR>");
      out.println("If you think you have entered the correct user name" +
        " and password, the cookie setting in your browser might be off." +
        "<BR>Click <A HREF=InfoPage.html>here</A> for information" +
        " on how to turn it on.<BR>");
    }
    out.println("<BR>");
    out.println("<BR><H2>Login Page</H2>");
    out.println("<BR>");
    out.println("<BR>Please enter your user name and password.");
    out.println("<BR>");
    out.println("<BR><FORM METHOD=POST>");
    out.println("<TABLE>");
    out.println("<TR>");
    out.println("<TD>User Name:</TD>");
    out.print("<TD><INPUT TYPE=TEXT NAME=userName");

    if (persistedUserName!=null)
      out.print(" VALUE=\"" + persistedUserName + "\"");
    out.print("></TD>");
    out.println("</TR>");
    out.println("<TR>");
    out.println("<TD>Password:</TD>");
    out.println("<TD><INPUT TYPE=PASSWORD NAME=password></TD>");
    out.println("</TR>");
    out.println("<TR>");
    out.println("<TD ALIGN=RIGHT COLSPAN=2>");
    out.println("<INPUT TYPE=SUBMIT VALUE=Login></TD>");
    out.println("</TR>");
    out.println("</TABLE>");
    out.println("</FORM>");
    out.println("</CENTER>");
    out.println("</BODY>");
    out.println("</HTML>");
  }

  public static boolean login(String userName, String password) {
    try {
      Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
      Connection con = DriverManager.getConnection("jdbc:odbc:JavaWeb");
      Statement s = con.createStatement();
      String sql = "SELECT UserName FROM Users" +
        " WHERE UserName='" + StringUtil.fixSqlFieldValue(userName) + "'" +
        " AND Password='" + StringUtil.fixSqlFieldValue(password) + "'";

      ResultSet rs = s.executeQuery(sql);

      if (rs.next()) {
        rs.close();
        s.close();
        con.close();
        return true;
      }
      rs.close();
      s.close();
      con.close();
    }
    catch (ClassNotFoundException e) {
      System.out.println(e.toString());
    }
    catch (SQLException e) {
      System.out.println(e.toString());
    }
    catch (Exception e) {
      System.out.println(e.toString());
    }
    return false;
  }
}