package info;

import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import sun.misc.BASE64Decoder;
import javax.sql.DataSource;
import java.sql.*;

public class admin extends HttpServlet {
  private static final String CONTENT_TYPE = "text/html; charset=GB2312";
  private DataSource dataSource=null;
  //Initialize global variables
  public void init() throws ServletException {
    Init init=new Init(getServletContext().getRealPath("/"));
    dataSource=LinkDB.getDB();
    if (dataSource==null) {
      LinkDB.setDB(init.getDriverName(),init.getDBURL(),init.getDBUser(),init.getDBPassword());
      dataSource=LinkDB.getDB();
    }
  }
  //Process the HTTP Get request
  public void doGet(HttpServletRequest request,
    HttpServletResponse response) throws ServletException,
    IOException
  {
    Init init=new Init(getServletContext().getRealPath("/"));
    response.setContentType(CONTENT_TYPE);

    //get authorization header
    String authorization = request.getHeader("Authorization");

    if (authorization == null)
    {
      challenge(response); //no authorization so challenge
    }
    else
    {
      //determine if client is using basic authentication
      if (!authorization.toLowerCase().startsWith("basic"))
      {
        challenge(response); //not basic so challenge
      }

      //取經過base64編碼后的帳號和密碼，從字符串第六位開始取
      String namePass = authorization.substring(6).trim();

      //instantiate Base64 decoder
      BASE64Decoder decode = new BASE64Decoder();

      //decode username and password
      namePass = new String(decode.decodeBuffer(namePass));

      int colon = namePass.indexOf(":");

      //get username and password from decoded authorization text
      String username = namePass.substring(0, colon);
      String password = namePass.substring(colon+1);

      //validate username and password (case sensitive)
      if (!username.equals(init.getSuperName()) ||!password.equals(init.getSuperPassword()))
      {
        challenge(response); //invalid credentials so challenge
      }
      else
      {
        //驗證通過后就寫入session
        HttpSession mySession=request.getSession(true);
        mySession.setAttribute("supername",username);
        response.sendRedirect("admin.jsp");
      }
    }
  }

  public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    request.setCharacterEncoding("GB2312");
    response.setContentType(CONTENT_TYPE);
    PrintWriter out=response.getWriter();
    ReadDB readDB=new ReadDB();
    Connection conn=null;
    Statement stmt=null;
    try{
      conn=dataSource.getConnection();
      stmt=conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE);
      if (request.getParameter("addc") != null) {
        String sql="alter table info_table2 add class"+(readDB.getNum()-1)+" float";
        stmt.executeUpdate(sql);
        out.println("<script>alert('完成');document.location='admin.jsp';</script>");
        return;
      }
      if(request.getParameter("delc")!=null){
        if(request.getParameter("classname").equals(""))
          out.println("<script>alert('請選擇要刪除的課程');document.location='admin.jsp';</script>");
        else{
          String sql="alter table info_table2 drop column "+request.getParameter("classname");
          stmt.executeUpdate(sql);
          out.println("<script>alert('完成');document.location='admin.jsp';</script>");
        }
        return;
      }
      String id=request.getParameter("id").replaceAll("'","''");
      String s_name=request.getParameter("s_name").replaceAll("'","''");
      String s_sex=request.getParameter("s_sex").replaceAll("'","''");
      String s_birth=request.getParameter("s_birth").replaceAll("'","''");
      String s_grade=request.getParameter("s_grade").replaceAll("'","''");
      float[] classname=new float[readDB.getNum()-2];
      for(int i=1;i<=readDB.getNum()-2;i++)
        classname[i - 1] = Float.parseFloat(request.getParameter("class" + i));
      if(id.equals("")||s_name.equals("")||s_sex.equals("")||s_birth.equals("")||s_grade.equals("")){
        out.println("<script>alert('請將所有信息填寫完整');document.location='javascript:history.go(-1);'</script>");
        return;
      }
      if(id.getBytes().length>20||s_name.getBytes().length>50||s_sex.getBytes().length>10||s_birth.getBytes().length>50||s_grade.getBytes().length>50){
        out.println("<script>alert('填寫的信息太長了，請重新填寫');document.location='javascript:history.go(-1);'</script>");
        return;
      }
      try{
        stmt.executeUpdate("insert into info_table1 values('" + id + "','" +
                           s_name + "','" + s_sex + "','" + s_birth + "','" +
                           s_grade + "','" + Head.getTime() + "')");
        String sql = "insert into info_table2 values('" + id + "','" + s_name +
            "'";
        for (int i = 0; i < classname.length; i++) {
          sql = sql + "," + classname[i];
        }
        sql += ")";
        stmt.executeUpdate(sql);
      }
      catch(SQLException e){
        out.println("<script>alert('寫數據庫時出錯，可能學號有重復');document.location='admin.jsp';</script>");
        return;
      }
      out.println("<script>alert('完成');document.location='admin.jsp';</script>");
    }
    catch(SQLException e){
      out.println(e);
    }
    catch(NumberFormatException e){
      out.println("<script>alert('成績必須為實數');document.location='javascript:history.go(-1);'</script>");
    }
    finally{
      try{
        stmt.close();
        conn.close();
        LinkDB.shutdownDataSource(dataSource);
      }
      catch(SQLException e){
        out.println(e);
      }
    }
  }

//向瀏覽器響應401頭
  private void challenge(HttpServletResponse response)
  {
    response.setStatus(response.SC_UNAUTHORIZED);
    response.setHeader("WWW-Authenticate", "Basic realm=\"Login\"");
  }
}