/*
** For user change TMD password
** Class: ChangePasswd
** Author: Yuping Zhu
** Date: 11-03-1999
*/

package ascdb.users;

import java.sql.*;
import java.io.*;

import javax.servlet.http.*;
import javax.servlet.*;
import oracle.html.*;

import ascdb.conf;

public class ChangePasswd extends HttpServlet
{
    public void doGet(HttpServletRequest req, HttpServletResponse res)
           throws ServletException, IOException
    {
	res.setContentType("text/html");
	PrintWriter out = res.getWriter();

	if ((req.getParameter("passwd")) == null)
	{
	    out.println(InputForm());
	    return;
	}

	conf dbconf = new conf(req);

	String uid = req.getParameter("uid");
	String passwd = req.getParameter("passwd");
	String ssan = req.getParameter("ssan");
	String passwd1 = req.getParameter("passwd1");
	String passwd2 = req.getParameter("passwd2");

	try {
	    //load JDBC driver
	    Class.forName(dbconf.JdbcDriver);
	    //create a connection
	    Connection conn =
		DriverManager.getConnection(dbconf.ConnectStr,dbconf.DBName,dbconf.DBPassword);
	    //create a statement
	    Statement stmt = conn.createStatement();

	    ResultSet rset = stmt.executeQuery("select oracle_uid from user_info where oracle_uid='" + uid + "' and tmd_password='" + passwd + "' and ssan_last4='" + ssan + "'");

	    out.println("<body bgcolor=white><font size=+1>");
	    int count;
	    if (rset.next())
	    {
		count = stmt.executeUpdate("update addl_users set tmd_password ='" + passwd1 + "' where oracle_uid='" + uid +"'");
		if (count == 1)
		    out.println("Your password has been changed!");
		else
		    out.println("Can not change your password!");
	    }
	    else
		out.println("Your oracle_uid, or old password, or 4-digit number is wrong!");
	    out.println(BackHome() + "</font>");
	}
	catch (ClassNotFoundException e) {
	    out.println("Can not load JDBC Driver!");
	}
	catch (SQLException e) {
	    out.println(e.getMessage());
	}
    }
    
    private HtmlStringBuffer InputForm()
    {
	HtmlStringBuffer HTMLStr = new HtmlStringBuffer();
	HTMLStr.appendln("<html>");
	HTMLStr.appendln("<head><title>User Change Password</title></head>");
     	HTMLStr.appendln("<SCRIPT Language=\"JavaScript\">");
		HTMLStr.appendln("function CheckPasswd(form) {\n"
		   +"   if (form.uid.value == \"\") {\n"
		   +"       alert(\"Please input your TMD user ID!\")\n"
		   +"       return false\n"
		   +"   }\n"
		   +"   if (form.passwd.value == \"\") {\n"
		   +"      alert(\"Please input your old password!\")\n"
                   +"      return false\n"
                   +"   }\n"
		   +"   if (form.ssan.value == \"\") {\n"
		   +"      alert(\"Pleas input your 4-digit number!\")\n"
                   +"      return false\n"
                   +"   }\n"
		   +"   if (form.passwd1.value == \"\") {\n"
		   +"      alert(\"Pleas input your new password!\")\n"
                   +"      return false\n"
                   +"   }\n"
		   +"   if (form.passwd1.value != form.passwd2.value){\n" 
		   +"      alert(\"Your New Password confirm is not the same as the New Password input!\")\n"
		   +"      return false\n"
		   +"   }\n"
		   +"   return true\n"
		   +"}\n");
	HTMLStr.appendln("</SCRIPT>");
	HTMLStr.appendln("<body bgcolor=white>");
	HTMLStr.appendln("<center><font size=+5 color=red>You can change your TMD password now ...</font></center>");
	HTMLStr.appendln("<form method=\"POST\" action=\"ascdb.users.ChangePasswd\" onSubmit=\"return CheckPasswd(this)\">");
	HTMLStr.appendln("<font size=+1>TMD User ID:  ");
	HTMLStr.appendln("<input type=text name=\"uid\" value=\"\" size=20><br>");
	HTMLStr.appendln("Old Password:  ");
	HTMLStr.appendln("<input type=password name=\"passwd\" value=\"\" size=30><br>");
	HTMLStr.appendln("Your 4-digit Number:  ");
	HTMLStr.appendln("<input type=password name=\"ssan\" value=\"\" size=4><br>");
	HTMLStr.appendln("New Password:  ");
	HTMLStr.appendln("<input type=password name=\"passwd1\" value=\"\" size=30><br>");
	HTMLStr.appendln("New Password Confirm:  ");
	HTMLStr.appendln("<input type=password name=\"passwd2\" value=\"\" size=30><br>");
	HTMLStr.appendln("<input type=submit name=\"submit\" value=\"Change!\">");
	HTMLStr.appendln("<input type=reset name=\"reset\" value=\"Reset\"></font>");
	HTMLStr.appendln("</form></html>");
	return HTMLStr;
    }
    
    private HtmlStringBuffer BackHome()
    {
	HtmlStringBuffer HTMLBuf = new HtmlStringBuffer();
	
	HTMLBuf.appendln("<form method=\"GET\" action=\"ascdb.pub.WelcomePage\">");
	HTMLBuf.appendln("<input type=submit name=\"submit\" value=\"Back Main Menu\">");
	HTMLBuf.appendln("</form>");
	return HTMLBuf;
    }

    public void doPost(HttpServletRequest req, HttpServletResponse res)
           throws ServletException, IOException
    {
	doGet(req,res);
    }
}