// Copyright © 2001 by Apple Computer, Inc., All Rights Reserved.
//
// You may incorporate this Apple sample code into your own code
// without restriction. This Apple sample code has been provided "AS IS"
// and the responsibility for its operation is yours. You may redistribute
// this code, but you are not permitted to redistribute it as
// "Apple sample code" after having made changes.
package jblog;
import java.io.*;
import java.text.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;
import java.net.URLEncoder;
/**
* data recording servlet for
* a very simple java web log
*
* @author Liz Warner
*/
public class Write extends HttpServlet {
private MySQLConnector mydb = null;
private PrintWriter out = null;
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException
{
response.setContentType("text/html");
out = response.getWriter();
// write the HTML header
out.println("<html><head><title>Java Web log</title></head>");
out.println("<body bgcolor=\"white\">");
// get the parameters "data" and "password"
// from the local environment (if they exist)
String data = request.getParameter("data");
String password = request.getParameter("password");
if ( (data != null) && (password != null) )
{
//then the user has submitted an entry. call the writeData method
writeData(data,password);
}
else
{
// the user submitted either data or password, but not both
out.println("Missing data or password, please <a href=\"add_data.jsp\"> try again</a>.");
}
out.println("</body>");
out.println("</html>");
}
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException
{
// doPost just calls goGet
doGet(request,response);
}
// writeData checks for a valid password,
// and writes the log entry to the db table
private void writeData(String data, String password)
{
try
{
// create a new MySQLConnector object
mydb = new MySQLConnector();
// get a valid Statement object from the connector
Statement stmt = mydb.connect();
// first some really trivial security
ResultSet rs = stmt.executeQuery("select count(*) as okay from blog_pass where password = \"" + password + "\"");
if ( rs.next() && rs.getInt("okay") > 0 ) // trivial password checked out okay
{
// write the log entry
int written = stmt.executeUpdate("insert into blog (data) values (\"" + data + "\")");
out.println("Your entry was recorded. <br><br><br><a href=\"/blog/Show\"<View Entries</a>");
}
else
{
// bad password
// redirect the jsp entry form
out.println("Bad password, please <a href=\"add_data.jsp?data=" + URLEncoder.encode(data) + "\">try again</a>.");
}
// disconnect from MySQL
mydb.disconnect(stmt);
}
catch (Exception ex)
{
out.println("Whoops, your entry was not recorded! <br><br> " + ex.toString() );
}
}
}