import java.io.*;
import java.util.*;
import mixer.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
import com.oreilly.servlet.Base64Decoder;

public class login extends HttpServlet{
	String html = null;
	Connection con = null;
	PreparedStatement pqstmt = null;
	PreparedStatement pqstmt2 = null;
	public void init() throws ServletException {
		try{
			String url = "jdbc:mysql://localhost/booking";
			Class.forName("com.mysql.jdbc.Driver");
			con = DriverManager.getConnection(url, "josef", "cotaidis");
			pqstmt = con.prepareStatement("SELECT * FROM user WHERE username = ? AND password = ?;");
			pqstmt2 = con.prepareStatement("SELECT * FROM admin WHERE name = ? AND password = ?;");
		}catch(ClassNotFoundException cnfe){
			log("Couldn't load database driver: " + cnfe.getMessage());
		}catch(SQLException sqle){
			log("SQLException caught: " + sqle.getMessage());
		}
		if (html == null)
			html = Mixer.getContent(new File(getServletContext().getRealPath("/WEB-INF/classes/login.html")));
	}

	public void destroy(){
		try{
			con.close();
		}catch(SQLException sqle){
			log("SQLException caught: " + sqle.getMessage());
		}
	}
	
	public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
		res.setContentType("text/html");
		PrintWriter out = res.getWriter();
		Mixer mix = new Mixer(html);
		mix.removeHTML("<!--===wrong===-->");
		out.println(mix.getMix());
	}
	
	public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
		res.setContentType("text/html");
		PrintWriter out = res.getWriter();
		HttpSession session = req.getSession();
		Integer uid = null;
		String account = req.getParameter("account");
		String password = req.getParameter("password");
		String admin = req.getParameter("admin");
		if (admin == null){
			//Kolla upp om konto existerar och i så fall om lösenord matchar.
			uid = allowUser(account, password);
			if (uid == null)
				out.println(html);
			else{
				//Sätter attribut till sessionen.
				session.setAttribute("logon.isDone", uid);
				session.setAttribute("logon.username", account);
				try {
					//Kolla vart vi ville gå ifall sessionen dog.
					String target = (String) session.getAttribute("login.target");
					if (target != null) {
						//Gå dit.
						res.sendRedirect(target);
						return;
					}
					//Annars till startsidan.
					res.sendRedirect("/booking/servlet/booking");
				}
				catch (Exception ignored) { }	
			}
		}else{
			uid = allowAdmin(account, password);
			if(uid == null)
				out.println(html);
			else{
				session.setAttribute("adminLogon.isDone", uid);
				session.setAttribute("adminLogon.username", account);
				try {
					String target = (String) session.getAttribute("adminLogin.target");
					if (target != null) {
						res.sendRedirect(target);
						return;
					}
				}
				catch (Exception ignored) { }
				res.sendRedirect("/booking/servlet/adminMain?action=bookings");
			}
		}
	}

	protected Integer allowAdmin(String account, String password) throws IOException {
		ResultSet rs = null;
		Integer uid = null;
		try{
			pqstmt2.setString(1, account);
			pqstmt2.setString(2, password);
			rs = pqstmt2.executeQuery();
			//Kolla om databasen matchar något konto.
			if (rs.next())
				//uid sätts till 0 eftersom funktionaliteten är den samma för alla admins.
				uid = new Integer(0);
		}catch(SQLException sqle){
			log("SQLException caught: " + sqle.getMessage());
		}
		return uid;
	}
	
	protected Integer allowUser(String account, String password) throws IOException {
		ResultSet rs = null;
		Integer uid = null;
		try{
			pqstmt.setString(1, account);
			pqstmt.setString(2, password);
			rs = pqstmt.executeQuery();
			if (rs.next())
				//uid sätts till användarnumret.
				uid = new Integer(rs.getInt("uid"));
		}catch(SQLException sqle){
			log("SQLException caught: " + sqle.getMessage());
		}
		return uid;
	}
}