import java.io.*;
import mixer.*;
import java.util.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class guestBook extends HttpServlet{
	Connection con = null;
	String htmlDynamic = null;
	PreparedStatement pstmt1 = null;
	PreparedStatement pstmt2 = null;
	
	/*Skapar en connection till databasen guestbook
	Skapar två st prepared statements för att förhindra sqlinjektion (insertsatsen)
	läser in ett html-dokument
	*/
	public void init() throws ServletException{
		try{
			String url = "jdbc:mysql://localhost/guestbook";
			Class.forName("com.mysql.jdbc.Driver");
			con = DriverManager.getConnection(url, "josef", "cotaidis");
			pstmt1 = con.prepareStatement("INSERT INTO message (datim, name, email, homepage, comment)  values (now(), ?, ?, ?, ?)");
			pstmt2 = con.prepareStatement("SELECT * FROM message;");
		}catch(ClassNotFoundException cnfe){
			log("Couldn't load database driver: " + cnfe.getMessage());
		}catch(SQLException sqle){
			log("SQLException caught: " + sqle.getMessage());
		}
		if (htmlDynamic == null) {
			htmlDynamic = Mixer.getContent(new File(getServletContext().getRealPath("guestbook.html")));
		}
	}
	
	//Stänger databasen
	public void destroy(){
		try{
			con.close();
		}catch(SQLException sqle){
			log("SQLException caught: " + sqle.getMessage());
		}
	}
	
	/*Htmlkod substitioners bort genom att ersätta < och > tecknena med motsvarande kod
	*/
	public void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException{
		Mixer mix = new Mixer(htmlDynamic);
		res.setContentType("text/html");
		PrintWriter out = res.getWriter();
		try{
			if(req.getParameter("name") != null){
				pstmt1.setString(1, req.getParameter("name").replaceAll("<", "&lt;").replaceAll(">", "&gt;"));
				pstmt1.setString(2, req.getParameter("email").replaceAll("<", "&lt;").replaceAll(">", "&gt;"));
				pstmt1.setString(3, req.getParameter("homepage").replaceAll("<", "&lt;").replaceAll(">", "&gt;"));
				pstmt1.setString(4, req.getParameter("comment").replaceAll("<", "&lt;").replaceAll(">", "&gt;"));
				pstmt1.executeUpdate();
			}
			Boolean flag = true;
			ResultSet rs = pstmt2.executeQuery();
			if(rs.first()){
				while(flag){
					mix.add("<!--===messages===-->", "===id===", rs.getString("id"));
					mix.add("<!--===messages===-->", "===datim===", rs.getString("datim"));
					mix.add("<!--===messages===-->", "===email===", rs.getString("email"));
					mix.add("<!--===messages===-->", "===homepage===", rs.getString("homepage"));
					mix.add("<!--===messages===-->", "===name===", rs.getString("name"));
					mix.add("<!--===messages===-->", "===comment===", rs.getString("comment"));
					flag = rs.next();
				}
				rs.close();
			}else{
				mix.removeHTML("<!--===messages===-->");
			}
		}catch(SQLException sqle){
			log("SQLException caught: " + sqle.getMessage());
		}
		out.println(mix.getMix());
	}
	public void doPost(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {
		doGet(request, response);
	}
}