<%@page contentType="text/xml"%><%@page pageEncoding="UTF-8"%><%@include file="../Framework/TreeGridFramework.jsp"%><% /*----------------------------------------------------------------------------------------------------------------- ! Support file only, run Schools.html instead ! This file is used as Data_Url and Upload_Url Main application for Schools, generates data, saves changes, adds or modifies users and so on Uses TreeGridFramework.jsp ------------------------------------------------------------------------------------------------------------------*/ //------------------------------------------------------------------------------------------------------------------ response.addHeader("Cache-Control","max-age=1, must-revalidate"); // --- Database connection --- java.sql.Statement Cmd = getHsqlStatement(request,out,"../Database","sa",""); java.sql.ResultSet R; // --- Input parameters initalization --- String User = getParameter(request,"User").toLowerCase(); String Pass = getParameter(request,"Pass"); boolean NewUser = getParameter(request,"New").equals("1"); out.print(""); boolean Err = false; // --- Adding new user --- if(NewUser) { R = Cmd.executeQuery("SELECT Pass FROM Schools_Users WHERE Name=" + toSQL(User)); if(!R.next()) { //Ok, possible R.close(); Cmd.executeUpdate("INSERT INTO Schools_Users(Name,Pass) VALUES (" + toSQL(User) + "," + toSQL(Pass) + ")"); out.print (""); } else { R.close(); out.print (""); Err = true; } } // --- Password verification --- if (!Err && User.length()>0){ R = Cmd.executeQuery ("SELECT Pass FROM Schools_Users WHERE Name=" + toSQL(User)); if(!R.next() || !Pass.equals(R.getString(1))) { out.print (""); Err = true; } R.close(); } boolean Admin = User.equals("admin"); // @@@ Or change this code to another admin //------------------------------------------------------------------------------------------------------------------ // --- Saves data --- org.w3c.dom.Element[] Ch = getChanges(request.getParameter("TGData")); if(Ch!=null) { if(User.length()==0) out.print (""); //Attack or bug else { for(int i=0;i0) { Cmd.executeUpdate("UPDATE Schools_Schools SET " + trimSQL(Str) + " WHERE " + id); } if(Str2.length()>0) { //Updates changes in user/id in Ratings Cmd.executeUpdate("UPDATE Schools_Ratings SET " + trimSQL(Str2) + " WHERE " + id); } } } } out.print(""); } //------------------------------------------------------------------------------------------------------------------ // --- Reads data --- else if (!Err) { StringBuffer Str = new StringBuffer(); if (User.length()==0) Str.append(""); else { Str.append(""); Str.append( ""); } if(!Admin) Str.append(""); Str.append(""); String SQL = "SELECT * FROM Schools_Schools"; if (User.length()>0 && !Admin) SQL += " WHERE Owner=" + toSQL(User); R = Cmd.executeQuery(SQL); while(R.next()) { String id = toXML("Ident",R,"ID") + toXML("CUser",R,"Owner"); Str.append(""); Str.append(""); Str.append(""); Str.append(""); Str.append(""); Str.append(""); Str.append(""); Str.append("\n"); } Str.append(""); out.print(Str); } //------------------------------------------------------------------------------------------------------------------ %>