package de.cismet.web.timetracker.servlets;

import de.cismet.web.timetracker.Database;
import de.cismet.web.timetracker.TimeTrackerFunctions;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.sql.SQLException;
import java.text.SimpleDateFormat;
import java.util.GregorianCalendar;
import java.util.Locale;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:de/cismet/web/timetracker/servlets/Users.class */
public class Users extends HttpServlet {
    ServletContext application;

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }

    public String getServletInfo() {
        return "Short description";
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        this.application = servletConfig.getServletContext();
    }

    protected void processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Database database = new Database(this.application.getRealPath("/").replace('\\', '/'));
        if (!database.isConnectionOk()) {
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL("User.jsp?u_id=" + httpServletRequest.getParameter("u_id") + "&errorMsg=Fehler beim Verbinden mit der Datenbank: " + database.getErrorMessage()));
            database.close();
            return;
        }
        String parameter = httpServletRequest.getParameter("userId");
        String parameter2 = httpServletRequest.getParameter("name");
        String parameter3 = httpServletRequest.getParameter("pwd");
        String parameter4 = httpServletRequest.getParameter("company");
        String parameter5 = httpServletRequest.getParameter("buddyname");
        boolean z = httpServletRequest.getParameter("exactHolidays") != null && httpServletRequest.getParameter("exactHolidays").equals("ja");
        boolean z2 = httpServletRequest.getParameter("netHoursOfWork") != null && httpServletRequest.getParameter("netHoursOfWork").equals("ja");
        if (!((String) httpServletRequest.getSession().getAttribute("id")).equals(parameter) && (!httpServletRequest.getSession().getAttribute("role").equals("admin") || !((String) httpServletRequest.getSession().getAttribute("company")).equalsIgnoreCase(parameter4))) {
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL("User.jsp?u_id=" + httpServletRequest.getParameter("u_id") + "&errorMsg=Sie sind nicht befugt, diese Aktion auszufuehren. Das darf nur ein Administrator."));
            return;
        }
        try {
            try {
                if (httpServletRequest.getParameter("submitButton") != null && parameter != null) {
                    if (parameter.equals("new")) {
                        String str = parameter3 == null ? "null" : "'" + TimeTrackerFunctions.calcSHA1(parameter3) + "'";
                        parameter = "" + (database.getMaxId("tt_user") + 1);
                        StringBuffer stringBuffer = new StringBuffer("INSERT INTO tt_user (id, name, pass, buddyname, company, \"exactHoliday\") VALUES(");
                        stringBuffer.append(parameter);
                        stringBuffer.append(", " + TimeTrackerFunctions.prepareString(parameter2));
                        stringBuffer.append(", " + str);
                        stringBuffer.append(", " + TimeTrackerFunctions.prepareString(parameter5));
                        stringBuffer.append(", " + TimeTrackerFunctions.prepareString(parameter4));
                        stringBuffer.append(", " + z + ")");
                        database.executeUpdate(stringBuffer.toString());
                    } else {
                        String str2 = "";
                        for (int i = 0; i < parameter3.length(); i++) {
                            str2 = str2 + "?";
                        }
                        StringBuffer stringBuffer2 = new StringBuffer("UPDATE tt_user SET name = " + TimeTrackerFunctions.prepareString(parameter2));
                        if (parameter3 == null || !parameter3.equals(str2)) {
                            stringBuffer2.append(", pass = " + (parameter3 == null ? "null" : "'" + TimeTrackerFunctions.calcSHA1(parameter3) + "'"));
                        }
                        stringBuffer2.append(", buddyname = " + TimeTrackerFunctions.prepareString(parameter5));
                        stringBuffer2.append(", company = " + TimeTrackerFunctions.prepareString(parameter4));
                        stringBuffer2.append(", \"exactHoliday\" = " + z);
                        stringBuffer2.append(" WHERE id = " + parameter);
                        database.executeUpdate(stringBuffer2.toString());
                    }
                    if (z2 != database.isUserInNetMode(Integer.parseInt(parameter))) {
                        insertNetHoursOfWork(database, z2, parameter);
                    }
                }
                database.close();
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL("User.jsp?u_id=" + httpServletRequest.getParameter("u_id")));
            } catch (NoSuchAlgorithmException e) {
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL("User.jsp?u_id=" + httpServletRequest.getParameter("u_id") + "&errorMsg=" + e.getMessage()));
                database.close();
            } catch (SQLException e2) {
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL("User.jsp?u_id=" + httpServletRequest.getParameter("u_id") + "&errorMsg=" + e2.getMessage()));
                database.close();
            }
        } catch (Throwable th) {
            database.close();
            throw th;
        }
    }

    private void insertNetHoursOfWork(Database database, boolean z, String str) throws SQLException {
        String str2 = "INSERT INTO tt_timesheet (time, action, u_id, manual) VALUES ('" + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss", Locale.US).format(new GregorianCalendar().getTime()) + "', " + (z ? 14 : 15) + ", " + str + ", true)";
        System.out.println("query:\n" + str2);
        database.executeUpdate(str2);
    }
}
