login.html <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> <h1> LOGIN </h1> <form method="POST" action="ControllerServlet?action=loginUser"> <table> <tr> <td>Username</td> <td><input type="text" name="txtUsername" style="width:150px" /></td> </tr> <tr> <td>Password</td> <td><input type="password" name="txtPassword" style="width:150px" /></td> </tr> <tr> <td>&nbsp;</td> <td><input type="submit" value="Login" /></td> </tr> <tr><td>&nbsp;</td></tr> <tr> <td>&nbsp;</td> <td><a href="ControllerServlet?action=formRegister">New user ?</a></td> </tr> </table> </form> </body> </html> Account.java package myEntities; public class Account { private String username; private String password; public Account(String username, String password) { this.username = username; this.password = password; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } } ConfigDB.java package myEntities; import javax.servlet.ServletContext; public class ConfigDB { private String driverDB, urlDB, userDB, passDB; public ConfigDB(ServletContext context) { this.driverDB = context.getInitParameter("DriverDB").trim(); this.urlDB = context.getInitParameter("UrlDB").trim(); this.userDB = context.getInitParameter("UserDB").trim(); this.passDB = context.getInitParameter("PassDB").trim(); } public String getDriverDB() { return driverDB; } public void setDriverDB(String driverDB) { this.driverDB = driverDB; } public String getPassDB() { return passDB; } public void setPassDB(String passDB) { this.passDB = passDB; } public String getUrlDB() { return urlDB; } public void setUrlDB(String urlDB) { this.urlDB = urlDB; } public String getUserDB() { return userDB; } public void setUserDB(String userDB) { this.userDB = userDB; } } AccountDAO.java package myDAOs; import myEntities.*; import java.sql.*; public class AccountDAO { private ConfigDB cfgDB; public AccountDAO(ConfigDB cfgDB) { this.cfgDB = cfgDB; } private Connection createConnection() throws Exception { Class.forName(cfgDB.getDriverDB()); Connection con = DriverManager.getConnection(cfgDB.getUrlDB(),cfgDB.getUserDB(),cfgDB.getPassDB()); return con; } public boolean isExistAccount(Account account) throws Exception { String strQuery = "SELECT * FROM Account WHERE Username=? AND Password=?"; PreparedStatement pst = createConnection().prepareStatement(strQuery); pst.setString(1, account.getUsername()); pst.setString(2, account.getPassword()); ResultSet rs = pst.executeQuery(); if (rs.next()) return true; else return false; } public boolean insertAccount(Account account) throws Exception { String strQuery = "INSERT INTO Account VALUES(?,?)"; PreparedStatement pst = createConnection().prepareStatement(strQuery); pst.setString(1, account.getUsername()); pst.setString(2, account.getPassword()); int rowsAffect = pst.executeUpdate(); if (rowsAffect > 0) return true; else return false; } } ControllerServlet.java package myServlets; import myEntities.*; import myDAOs.*; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ControllerServlet extends HttpServlet { protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String action = request.getParameter("action"); if (action.equals("loginUser")) { handleLoginUser(request, response); } else if (action.equals("home")) { response.sendRedirect("login.html"); } else if (action.equals("formRegister")) { response.sendRedirect("register.html"); } else if (action.equals("registerUser")) { handleRegisterUser(request, response); } else if (action.equals("pagingPage")) { String pageID = request.getParameter("pageID"); response.sendRedirect("book-list.jsp?pageID=" + pageID); } else if (action.equals("formNewBook")) { response.sendRedirect("book-new.html"); } else if (action.equals("newBook")) { handleNewBook(request, response); } else if (action.equals("deleteBook")) { handleDeleteBook(request, response); } else if (action.equals("formEditBook")) { String strCode = request.getParameter("code"); response.sendRedirect("book-edit.jsp?code=" + strCode); } else if (action.equals("editBook")) { handleEditBook(request, response); } else if (action.equals("logoutUser")) { request.getSession(true).removeAttribute("username"); response.sendRedirect("ControllerServlet?action=home"); } } private void handleLoginUser(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String strUser = request.getParameter("txtUsername"); String strPass = request.getParameter("txtPassword"); Account acc = new Account(strUser, strPass); ConfigDB cfgDB = new ConfigDB(this.getServletContext()); AccountDAO accDAO = new AccountDAO(cfgDB); boolean result = false; try { if (accDAO.isExistAccount(acc)) { request.getSession(true).setAttribute("username", strUser); result = true; } } catch (Exception ex) { ex.printStackTrace(); } if (result) response.sendRedirect("book-list.jsp"); else response.sendRedirect("login-fail.html"); } private void handleRegisterUser(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String strUser = request.getParameter("txtUsername"); String strPass = request.getParameter("txtPassword"); Account acc = new Account(strUser, strPass); ConfigDB cfgDB = new ConfigDB(this.getServletContext()); AccountDAO accDAO = new AccountDAO(cfgDB); boolean result = false; try { if (accDAO.insertAccount(acc)) result = true; } catch (Exception ex) { ex.printStackTrace(); } if (result) response.sendRedirect("ControllerServlet?action=home"); else response.sendRedirect("register-fail.html"); } private void handleNewBook(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String name = request.getParameter("txtBookName"); String author = request.getParameter("txtBookAuthor"); String price = request.getParameter("txtBookPrice"); Book b = new Book(0, name, author, Integer.parseInt(price)); ConfigDB cfgDB = new ConfigDB(this.getServletContext()); BookDAO bDAO = new BookDAO(cfgDB); boolean result = false; try { if (bDAO.insertBook(b)) result = true; } catch (Exception ex) { ex.printStackTrace(); } if (result) response.sendRedirect("book-list.jsp"); else response.sendRedirect("book-fail.html"); } private void handleDeleteBook(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String strCode = request.getParameter("code"); ConfigDB cfgDB = new ConfigDB(this.getServletContext()); BookDAO bDAO = new BookDAO(cfgDB); boolean result = false; try { if (bDAO.deleteBook(Integer.parseInt(strCode))) result = true; } catch (Exception ex) { ex.printStackTrace(); } if (result) response.sendRedirect("book-list.jsp"); else response.sendRedirect("book-fail.html"); } private void handleEditBook(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String code = request.getParameter("txtBookCode"); String name = request.getParameter("txtBookName"); String author = request.getParameter("txtBookAuthor"); String price = request.getParameter("txtBookPrice"); Book b = new Book(Integer.parseInt(code), name, author, Integer.parseInt(price)); ConfigDB cfgDB = new ConfigDB(this.getServletContext()); BookDAO bDAO = new BookDAO(cfgDB); boolean result = false; try { if (bDAO.updateBook(b)) result = true; } catch (Exception ex) { ex.printStackTrace(); } if (result) response.sendRedirect("book-list.jsp"); else response.sendRedirect("book-fail.html"); } } login-fail.html <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> <h1> LOGIN </h1> Invalid user . Please, <a href="ControllerServlet?action=home"> login </a> again </body> </html> Book.java package myEntities; public class Book { private int code; private String name; private String author; private int price; public Book(int code, String name, String author, int price) { this.code = code; this.name = name; this.author = author; this.price = price; } public String getAuthor() { return author; } public void setAuthor(String author) { this.author = author; } public int getCode() { return code; } public void setCode(int code) { this.code = code; } public String getName() { return name; } public void setName(String name) { this.name = name; } public int getPrice() { return price; } public void setPrice(int price) { this.price = price; } } BookDAO.java package myDAOs; import myEntities.*; import java.sql.*; import java.util.*; public class BookDAO { private ConfigDB cfgDB; public BookDAO(ConfigDB cfgDB) { this.cfgDB = cfgDB; } private Connection createConnection() throws Exception { Class.forName(cfgDB.getDriverDB()); Connection con = DriverManager.getConnection(cfgDB.getUrlDB(),cfgDB.getUserDB(),cfgDB.getPassDB()); return con; } public ArrayList getAllBooks() throws Exception { ArrayList<Book> result = new ArrayList<Book>(); String strQuery = "SELECT * FROM Book"; Statement st = createConnection().createStatement(); ResultSet rs = st.executeQuery(strQuery); while (rs.next()) { Book book = new Book(rs.getInt("BookCode"), rs.getString("BookName"), rs.getString("BookAuthor"), rs.getInt("BookPrice")); result.add(book); } return result; } public ArrayList getBooks(int numOfRowsOnePage, int indexOfPage) throws Exception { ArrayList<Book> result = new ArrayList<Book>(); int startRow = (indexOfPage - 1) * numOfRowsOnePage; String strQuery = " SELECT TOP " + numOfRowsOnePage + " * FROM Book WHERE BookCode NOT IN"; strQuery += " (SELECT TOP " + startRow + " BookCode FROM Book ORDER BY BookCode)"; strQuery += " ORDER BY BookCode"; Statement st = createConnection().createStatement(); ResultSet rs = st.executeQuery(strQuery); while (rs.next()) { Book book = new Book(rs.getInt("BookCode"), rs.getString("BookName"), rs.getString("BookAuthor"), rs.getInt("BookPrice")); result.add(book); } return result; } public int getRowCount() throws Exception { String strQuery = "SELECT COUNT(*) FROM Book"; Statement st = createConnection().createStatement(); ResultSet rs = st.executeQuery(strQuery); if (rs.next()) return rs.getInt(1); else return 0; } public boolean insertBook(Book book) throws Exception { String strQuery = "INSERT INTO Book VALUES(?,?,?)"; PreparedStatement pst = createConnection().prepareStatement(strQuery); pst.setString(1, book.getName()); pst.setString(2, book.getAuthor()); pst.setInt(3, book.getPrice()); int rowsAffect = pst.executeUpdate(); if (rowsAffect > 0) return true; else return false; } public boolean deleteBook(int code) throws Exception { String strQuery = "DELETE FROM Book WHERE BookCode=?"; PreparedStatement pst = createConnection().prepareStatement(strQuery); pst.setInt(1, code); int rowsAffect = pst.executeUpdate(); if (rowsAffect > 0) return true; else return false; } public Book getBook(int code) throws Exception { Book book = new Book(code, "", "", 0); String strQuery = "SELECT * FROM Book WHERE BookCode=?"; PreparedStatement pst = createConnection().prepareStatement(strQuery); pst.setInt(1, code); ResultSet rs = pst.executeQuery(); if (rs.next()) { book.setName(rs.getString("BookName")); book.setAuthor(rs.getString("BookAuthor")); book.setPrice(rs.getInt("BookPrice")); } return book; } public boolean updateBook(Book book) throws Exception { String strQuery = "UPDATE Book SET BookName=?, BookAuthor=?, BookPrice=? WHERE BookCode=?"; PreparedStatement pst = createConnection().prepareStatement(strQuery); pst.setString(1, book.getName()); pst.setString(2, book.getAuthor()); pst.setInt(3, book.getPrice()); pst.setInt(4, book.getCode()); int rowsAffect = pst.executeUpdate(); if (rowsAffect > 0) return true; else return false; } } book-list.jsp <%@page contentType="text/html" pageEncoding="UTF-8"%> <%@page import="myEntities.*, myDAOs.*, java.util.*"%> <% if (session.getAttribute("username") == null) response.sendRedirect("ControllerServlet? action=home"); %> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>JSP Page</title> </head> <body> <h1>LIST BOOK</h1> <table border="1" width="100%"> <tr> <td><b>Book Code</b></td> <td><b>Book Name</b></td> <td><b>Book Author</b></td> <td><b>Book Price</b></td> <td colspan="2"><b>Management</b></td> </tr> <% int numOfRowsOnePage = 2; String strPageID = request.getParameter("pageID"); int pageID = (strPageID != null) ? Integer.parseInt(strPageID) : 1; ConfigDB cfgDB = new ConfigDB(config.getServletContext()); BookDAO bDAO = new BookDAO(cfgDB); ArrayList<Book> arrBooks = bDAO.getBooks(numOfRowsOnePage, pageID); String strRows = ""; for(Book book : arrBooks) { strRows += "<tr>"; strRows += "<td>" + book.getCode() + "</td>"; strRows += "<td>" + book.getName() + "</td>"; strRows += "<td>" + book.getAuthor() + "</td>"; strRows += "<td>" + book.getPrice() + "</td>"; strRows += "<td><a href='ControllerServlet?action=formEditBook&code=" + book.getCode() + "'>Edit</a></td>"; strRows += "<td><a href='ControllerServlet?action=deleteBook&code=" + book.getCode() + "'>Delete</a></td>"; strRows += "</tr>"; } out.print(strRows); %> </table> <!-- paging pages --> <p> <% int numOfRows = bDAO.getRowCount(); int numOfPages = (int) Math.ceil(numOfRows * 1.0 / numOfRowsOnePage); String strPaging = " | "; for (int i=1; i<=numOfPages; i++) { if (i == pageID) strPaging += i; else strPaging += "<a href='ControllerServlet?action=pagingPage&pageID=" + i + "'>" + i + "</a>"; strPaging += " | "; } out.print(strPaging); %> </p> <!-- new book --> <div align="left"> <a href="ControllerServlet?action=formNewBook"> New Book ? </a> </div> <!-- logout --> <div align="right"> <a href="ControllerServlet?action=logoutUser"> Logout </a> </div> </body> </html> register.html <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> <h1> REGISTER </h1> <form method="POST" action="ControllerServlet?action=registerUser"> <table> <tr> <td>Username</td> <td><input type="text" name="txtUsername" style="width:150px" /></td> </tr> . login. html < ;html& gt; <head> <title></title> <meta http-equiv="Content-Type" content="text /html; charset=UTF-8">. (action.equals("loginUser")) { handleLoginUser(request, response); } else if (action.equals("home")) { response.sendRedirect(" ;login. html& quot;);