import java.io.*; import java.sql.*; import javax.servlet.*; import javax.servlet.http.*; public class CheckOrderStatus extends HttpServlet { public void doGet (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request,response); } public void doPost (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); String cno[] = request.getParameterValues("customerId"); String uAccess[] = request.getParameterValues("uAccess"); try { Class.forName("oracle.jdbc.driver.OracleDriver"); } catch(ClassNotFoundException e){ out.println("Error loading the Driver:"+e.getMessage()); return; } Connection conn = null; try { conn = DriverManager.getConnection ( MyUtilities.CONNECTSTRING,MyUtilities.ID,MyUtilities.PASSWORD); } catch (SQLException e1) { out.println("Error connecting to Oracle:"+e1.getMessage()); return; } if (conn == null) { out.println("Null Connection"); return; } Statement stmt = null; try { stmt = conn.createStatement (); } catch (SQLException e) { out.println("createStatement " + e.getMessage()); try {conn.close();} catch (SQLException e2) {}; return; } ResultSet rset = null; String query0 = "select u_access from customers where cno='"+ cno[0]+"'"; try { rset = stmt.executeQuery(query0); } catch (SQLException e) { out.println("executeQuery " + e.getMessage()); return; } try { if (!(rset.next())) { out.println("1You are not authorized to access this page"); return; } else if (!(uAccess[0].equals(rset.getString(1)))) { out.println("2You are not authorized to access this page"); return; } else { // everything is fine String sTrack = "select 1440*(sysdate-l_access) from customers where cno='" + cno[0] + "'"; rset = stmt.executeQuery(sTrack); rset.next(); if (rset.getDouble(1) > 10.0) { out.println(""); out.println(" "); out.println(" Logout Page"); out.println(" "); out.println(" "); int nRows = stmt.executeUpdate("update customers set u_access = null where cno='" + cno[0] + "'"); out.println("Your session has expired!
Please Login again to continue shopping."); out.println(""); out.println(""); out.println(""); return; } int nRows = stmt.executeUpdate("update customers set l_access = sysdate where cno='" + cno[0] + "'"); String query1 = "select ono, to_char(received, 'DD MONTH, YYYY'), to_char(shipped, 'DD MONTH, YYYY') from orders where cno='" + cno[0] + "'"; try { rset = stmt.executeQuery(query1); } catch (SQLException e) { out.println("executeQuery1 " + e.getMessage()); return; } if ( !(rset.next()) ) { out.println(""); out.println(" "); out.println(" Order Status"); out.println(" "); out.println(" "); out.println("No orders have been placed in this account!"); out.println(""); out.println(""); return; } else { out.println(""); out.println(" "); out.println(" Order Status"); out.println(" "); out.println(" "); out.println("
"); out.println("
"); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); do { out.println(""); out.println(""); out.println(""); if (rset.getString(3) == null) out.println(""); else out.println(""); out.println(""); } while (rset.next()); out.println("
ONORECEIVEDSHIPPED
" + rset.getString(1) + "" + rset.getString(2) + "Not yet shipped" + rset.getString(3) + "
"); out.println("
"); out.println(""); out.println(""); } } } catch (SQLException e) { out.println("executeQuery3 " + e.getMessage()); return; } try { stmt.close(); conn.close(); } catch (SQLException e) { out.println("executeQuery " + e.getMessage()); return; } out.close(); } public String getServletInfo() { return "This Servlet processes Customer Login"; } }