package blog;

import blog.*;
import java.sql.ResultSet;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.util.Date;

public class Op_user implements java.io.Serializable{
	
	String sqlStr = "";
	Connection conn = null;
	PreparedStatement pstmt = null;
	
	public String adduser(javax.servlet.http.HttpServletRequest request) throws 
		java.lang.Exception,java.sql.SQLException {
		
		if(request.getParameter("userName")==null){
			return "請輸入用戶名";
		}
		DataBase db = new DataBase();
		sqlStr = "select * from userinfo where userName = ? and password = ?";
		conn = db.getconn();
		pstmt = conn.prepareStatement(sqlStr);
		pstmt.setString(1,request.getParameter("userName"));
		pstmt.setString(2,request.getParameter("password"));
		ResultSet rs = pstmt.executeQuery();
		
		if(rs.next()){
			return "該用戶名已存在";
		}
		sqlStr = "insert into userinfo (userName,password,sex,email,phone,regTime,regIP) values("+
		"?,?,?,?,?,DATE_ADD(now(),Interval 1 year),?)";

		pstmt = conn.prepareStatement(sqlStr);
		pstmt.setString(1,request.getParameter("userName"));
		pstmt.setString(2,request.getParameter("password"));
		pstmt.setString(3,request.getParameter("sex"));
		pstmt.setString(4,request.getParameter("email"));
		pstmt.setString(5,request.getParameter("phone"));
		pstmt.setString(6,request.getRemoteAddr());

		
		pstmt.executeUpdate();
		db.free();
		return "ok";

		
	}
	
	public int finduser(javax.servlet.http.HttpServletRequest request) throws 
		java.lang.Exception,java.sql.SQLException {		//用戶登陸
	
		String sqlStr = "";
		sqlStr = "select * from userinfo where userName= ? and password= ?";		
		DataBase db = new DataBase();
		conn = db.getconn();
		if(conn==null){
			System.out.println ("conn is null------------");
		}
		pstmt = conn.prepareStatement(sqlStr);
		pstmt.setString(1,request.getParameter("userName"));
		pstmt.setString(2,request.getParameter("password"));
		ResultSet rs = pstmt.executeQuery();
		int userID =0;
		if(rs.next()){
			userID = rs.getInt("userID");
		    db.free();			
			return userID;
		}
		else{
		    db.free();	
			return 0;
		}

	}
	public boolean checkAdmin(javax.servlet.http.HttpServletRequest request,javax.servlet.http.HttpSession session)
		throws java.sql.SQLException,Exception {
			String sqlStr = "select userID from userInfo where property >5 and userID = ?";
			blog.DataBase db = new blog.DataBase();
			java.sql.Connection conn = db.getconn();
			java.sql.PreparedStatement pstmt = conn.prepareStatement(sqlStr);
			pstmt.setInt(1,Integer.parseInt((String)session.getAttribute("userID")));
			java.sql.ResultSet rs = pstmt.executeQuery();
			if(!rs.next()){
				db.free();
				return false;

			}
			else{
				db.free();
				return true;
			}			
	}
}