import java.io.*;
import java.sql.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class AddToCart extends HttpServlet {

  public void doGet (HttpServletRequest request,
                     HttpServletResponse response)
      throws ServletException, IOException {

    doPost(request,response);
  }

  public void doPost (HttpServletRequest request,
                     HttpServletResponse response)
      throws ServletException, IOException {

    response.setContentType("text/html");                     
    PrintWriter out = response.getWriter();

    String cno[] = request.getParameterValues("customerId");
    String uAccess[] = request.getParameterValues("uAccess");
                                                                      
    try {
      Class.forName("oracle.jdbc.driver.OracleDriver");
    } catch(ClassNotFoundException e){
        out.println("Error loading the Driver:"+e.getMessage());
        return;
      }

    Connection conn = null;

    try {
      conn = DriverManager.getConnection (
        MyUtilities.CONNECTSTRING,MyUtilities.ID,MyUtilities.PASSWORD);
    } catch (SQLException e1) {
        out.println("Error connecting to Oracle:"+e1.getMessage());
        return;
      }
    if (conn == null) {
      out.println("Null Connection");
      return;
    }

    Statement stmt = null;
    try {
      stmt = conn.createStatement ();
    } catch (SQLException e) {
        out.println("createStatement " + e.getMessage());
        try {conn.close();} catch (SQLException e2) {};
        return;
      }

    ResultSet rset = null;

    String query0 = "select u_access from customers where cno='"+ cno[0]+"'";
    try {
        rset = stmt.executeQuery(query0);
    } catch (SQLException e) {
        out.println("executeQuery " + e.getMessage());
        return;
      }                                                    

    try {
      if (!(rset.next())) {
          out.println("<html>");
          out.println("  <head>");
          out.println("    <title>Logout Page</title>");
          out.println("  </head>");
          out.println("  <body>");
          out.println("1You are not authorized to access this page");
          out.println("</body>");
          out.println("</html>");
        return;
      }
      else if (!(uAccess[0].equals(rset.getString(1)))) {
          out.println("<html>");
          out.println("  <head>");
          out.println("    <title>Logout Page</title>");
          out.println("  </head>");
          out.println("  <body>");
          out.println("2You are not authorized to access this page");
          out.println("</body>");
          out.println("</html>");
          return;
        }
      else { // everything is fine           
        String sTrack = "select 1440*(sysdate-l_access) from customers where cno='" + cno[0] + "'";
        rset = stmt.executeQuery(sTrack);
        rset.next();
        if (rset.getDouble(1) > 10.0) {
          out.println("<html>");
          out.println("  <head>");
          out.println("    <title>Logout Page</title>");
          out.println("  </head>");
          out.println("  <body>");

          int nRows = stmt.executeUpdate("update customers set u_access = null where cno='" + cno[0] + "'");
          out.println("Your session has expired!<BR> Please Login again to continue shopping.");
          out.println("</center>");
          out.println("</body>");
          out.println("</html>");
          return;
        }   

        int nRows = stmt.executeUpdate("update customers set l_access = sysdate where cno='" + cno[0] + "'");


        int numParams = 0;
        String parts[] = new String[100];
        String pValues[] = new String[100];
        Enumeration enum = request.getParameterNames();
        while (enum.hasMoreElements()) {
          String x = (String) enum.nextElement();
          if (x.equals("uAccess") || x.equals("customerId"))
            continue;
          parts[numParams] = x;
          pValues[numParams] = request.getParameter(parts[numParams]);
          numParams++;
        }
        out.println("<html>");
        out.println("  <head>");
        out.println("    <title>Add To Cart</title>");
        out.println("  </head>");
        out.println("  <body>");

        rset = null;

        String query1 = "select cartno from cart where cno='"+cno[0]+"'";
        rset = stmt.executeQuery(query1);
        boolean hasCart = false;
        int cartNum = 0;
        if (rset.next()) {
          hasCart = true;
          cartNum = rset.getInt(1);
          for (int i = 0; i < numParams; i++) {
            if (pValues[i].equals(""))
              continue;
            String query11 = "select qty from cart where cno='"+cno[0]+"' and pno=" + parts[i];
            rset = stmt.executeQuery(query11);
            if (rset.next()) { // need to update
              String query12 = "update cart set qty = qty + " + pValues[i] + " where cno = '" + cno[0] + "' and pno = " + parts[i];
              nRows = stmt.executeUpdate(query12);
            }
            else {
              String query2 = "insert into cart values (" + cartNum + ",'" +
                            cno[0] + "'," + parts[i] + "," + pValues[i] + ")";
              nRows = stmt.executeUpdate(query2);
            }
          }
        }
        else {
          String query31 = "select cart_seq.nextval from dual";
          rset = stmt.executeQuery(query31);
          rset.next();
          cartNum = rset.getInt(1);
          for (int i = 0; i < numParams; i++) {
            if (pValues[i].equals(""))
              continue;
            String query32 = "insert into cart values ("+ cartNum + ",'" +
                          cno[0] + "'," + parts[i] + "," + pValues[i] + ")";
            nRows = stmt.executeUpdate(query32);
          } 
        }
                                                 
        out.println("Successfully added items to your cart<P>");
        out.println("If you would like to view or edit your cart, please use the View/Edit Link<P>If you are done shopping, please use the CheckOut link<P>");
        out.println("</body>");
        out.println("</html>");               
      } // else ends here

    } catch (SQLException e) {
        out.println("executeQuery " + e.getMessage());
        return;
      }


    try {
     stmt.close();
     conn.close();
    } catch (SQLException e) {
        out.println("executeQuery " + e.getMessage());
        return;
      }                                    
    out.close();
  }


  public String getServletInfo() {
    return "This Servlet processes Customer Login";
  }


}