package org.owasp.webgoat;

import java.io.IOException;
import java.util.Enumeration;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.session.Course;
import org.owasp.webgoat.session.WebSession;

/*******************************************************************************
 * 
 * 
 * This file is part of WebGoat, an Open Web Application Security Project
 * utility. For details, please see http://www.owasp.org/
 * 
 * Copyright (c) 2002 - 2007 Bruce Mayhew
 * 
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
 * Foundation; either version 2 of the License, or (at your option) any later
 * version.
 * 
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 * details.
 * 
 * You should have received a copy of the GNU General Public License along with
 * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
 * Place - Suite 330, Boston, MA 02111-1307, USA.
 * 
 * Getting Source ==============
 * 
 * Source for this application is maintained at code.google.com, a repository
 * for free software projects.
 * 
 * For details, please see http://code.google.com/p/webgoat/
 *
 * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created    March 13, 2007
 */
public class Catcher extends HammerHead
{

    /**
     *  Description of the Field
     */
    public final static String START_SOURCE_SKIP = "START_OMIT_SOURCE";

    public final static String END_SOURCE_SKIP = "END_OMIT_SOURCE";

    public static final String PROPERTY = "PROPERTY";

    public static final String EMPTY_STRING = "";


    /**
     *  Description of the Method
     *
     * @param  request               Description of the Parameter
     * @param  response              Description of the Parameter
     * @exception  IOException       Description of the Exception
     * @exception  ServletException  Description of the Exception
     */
    public void doPost(HttpServletRequest request, HttpServletResponse response)
	    throws IOException, ServletException
    {
		try
		{
		    //System.out.println( "Entering doPost: " );
		    //System.out.println( "	- request "   + request);
		    //System.out.println( "	- principle: "   + request.getUserPrincipal() );
		    //setCacheHeaders(response, 0);
		    WebSession session = (WebSession) request.getSession(true)
			    .getAttribute(WebSession.SESSION);
		    session.update(request, response, this.getServletName()); // FIXME: Too much in this call.
	
		    int scr = session.getCurrentScreen();
		    Course course = session.getCourse();
		    AbstractLesson lesson = course.getLesson(session, scr,
			    AbstractLesson.USER_ROLE);

		    log(request, lesson.getClass().getName() + " | "
				    + session.getParser().toString());
		    
		    String property = new String(session.getParser().getStringParameter(
				    PROPERTY, EMPTY_STRING));
		    
		    // if the PROPERTY parameter is available - write all the parameters to the 
		    // property file.  No other control parameters are supported at this time.
		    if ( !property.equals(EMPTY_STRING))
		    {
		    	Enumeration e = session.getParser().getParameterNames();

		    	while (e.hasMoreElements())
		    	{
		    	    String name = (String) e.nextElement();
		    	    String value= session.getParser().getParameterValues(name)[0];
				    lesson.getLessonTracker(session).getLessonProperties().setProperty(
						    name, value);
		    	}
		    }	    
		    lesson.getLessonTracker(session).store(session, lesson);
		    
		}
		catch (Throwable t)
		{
		    t.printStackTrace();
		    log("ERROR: " + t);
		}
    }
}