coderoad
diff --git a/‎online-store.persistence/src/main/java/com/itbulls/learnit/onlinestore/persistence/enteties/User.java
Lines changed: 1 addition & 1 deletion b/‎online-store.persistence/src/main/java/com/itbulls/learnit/onlinestore/persistence/enteties/User.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎online-store.persistence/src/main/java/com/itbulls/learnit/onlinestore/persistence/enteties/impl/DefaultUser.java
Lines changed: 1 addition & 1 deletion b/‎online-store.persistence/src/main/java/com/itbulls/learnit/onlinestore/persistence/enteties/impl/DefaultUser.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎online-store.persistence/src/main/java/com/itbulls/learnit/onlinestore/persistence/enteties/impl/UserForHashTables.java
Lines changed: 1 addition & 1 deletion b/‎online-store.persistence/src/main/java/com/itbulls/learnit/onlinestore/persistence/enteties/impl/UserForHashTables.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎online-store.web/src/main/java/com/itbulls/learnit/onlinestore/web/owasp/bfla/problem/BflaProblemUserProfileServlet.java
Lines changed: 34 additions & 0 deletions b/‎online-store.web/src/main/java/com/itbulls/learnit/onlinestore/web/owasp/bfla/problem/BflaProblemUserProfileServlet.java
Lines changed: 34 additions & 0 deletions
diff --git a/‎online-store.web/src/main/java/com/itbulls/learnit/onlinestore/web/owasp/bfla/solution/BflaSolutionUserProfileServlet.java
Lines changed: 59 additions & 0 deletions b/‎online-store.web/src/main/java/com/itbulls/learnit/onlinestore/web/owasp/bfla/solution/BflaSolutionUserProfileServlet.java
Lines changed: 59 additions & 0 deletions
@@ -12,7 +12,7 @@ public interface User {
 
 	String getEmail();
 
-	int getId();
+	Integer getId();
 	void setId(int id);
 
 	void setPassword(String newPassword);
 
@@ -107,7 +107,7 @@ public void setEmail(String newEmail) {
 	}
 
 	@Override
-	public int getId() {
+	public Integer getId() {
 		return this.id;
 	}
 
 
@@ -87,7 +87,7 @@ public void setEmail(String newEmail) {
 	}
 
 	@Override
-	public int getId() {
+	public Integer getId() {
 		return this.id;
 	}
 
 
@@ -0,0 +1,34 @@
+package com.itbulls.learnit.onlinestore.web.owasp.bfla.problem;
+
+import jakarta.servlet.*;
+import jakarta.servlet.http.*;
+import java.io.IOException;
+
+import com.itbulls.learnit.onlinestore.core.facades.UserFacade;
+import com.itbulls.learnit.onlinestore.core.facades.impl.DefaultUserFacade;
+import com.itbulls.learnit.onlinestore.persistence.enteties.User;
+
+public class BflaProblemUserProfileServlet extends HttpServlet {
+
+	private UserFacade userFacade = DefaultUserFacade.getInstance();
+	
+    @Override
+    protected void doPost(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        String action = request.getParameter("action");
+        Integer userId = Integer.valueOf(request.getParameter("user_id"));
+
+        User user = userFacade.getUserById(userId);
+        if ("updateProfile".equals(action)) {
+            user.setCreditCard(request.getParameter("credit_card_number"));
+            user.setEmail(request.getParameter("email"));
+
+            // Update profile in the database
+            userFacade.updateUser(user);
+            response.sendRedirect("/profile");
+        } else {
+            // Handle other actions
+            response.getWriter().println("Invalid action");
+        }
+    }
+}
@@ -0,0 +1,59 @@
+package com.itbulls.learnit.onlinestore.web.owasp.bfla.solution;
+
+import jakarta.servlet.*;
+import jakarta.servlet.http.*;
+import java.io.IOException;
+
+import com.itbulls.learnit.onlinestore.core.facades.UserFacade;
+import com.itbulls.learnit.onlinestore.core.facades.impl.DefaultUserFacade;
+import com.itbulls.learnit.onlinestore.persistence.enteties.User;
+
+public class BflaSolutionUserProfileServlet extends HttpServlet {
+
+	private UserFacade userFacade = DefaultUserFacade.getInstance();
+
+	@Override
+	protected void doPost(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+		String action = request.getParameter("action");
+
+		// Ensure the user is logged in and retrieve the logged-in user's ID
+		HttpSession session = request.getSession();
+		User loggedInUser = (User) session.getAttribute("user");
+
+		if (loggedInUser == null) {
+			response.sendError(HttpServletResponse.SC_FORBIDDEN, 
+					"You must be logged in to perform this action.");
+			return;
+		}
+
+		Integer userId = Integer.valueOf(request.getParameter("user_id"));
+
+		// Authorization check: Ensure that the user can only update their own profile or ADMIN user
+		if (!loggedInUser.getId().equals(userId) && !loggedInUser.getRoleName().equals("ROLE_ADMIN")) {
+			response.sendError(HttpServletResponse.SC_FORBIDDEN, "You are not authorized to update this profile.");
+			return;
+		}
+
+		if ("updateProfile".equals(action)) {
+			User user = userFacade.getUserById(userId);
+
+			// Ensure that user exists
+			if (user == null) {
+				response.sendError(HttpServletResponse.SC_NOT_FOUND, "User not found.");
+				return;
+			}
+
+			// Update profile information
+			user.setCreditCard(request.getParameter("credit_card_number"));
+			user.setEmail(request.getParameter("email"));
+
+			// Update profile in the database
+			userFacade.updateUser(user);
+			response.sendRedirect("/profile");
+		} else {
+			// Handle other actions
+			response.getWriter().println("Invalid action");
+		}
+	}
+}
Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,7 @@ public void setEmail(String newEmail) {`
`107`	`107`	`}`
`108`	`108`
`109`	`109`	`@Override`
`110`		`- public int getId() {`
	`110`	`+ public Integer getId() {`
`111`	`111`	`return this.id;`
`112`	`112`	`}`
`113`	`113`
Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ public void setEmail(String newEmail) {`
`87`	`87`	`}`
`88`	`88`
`89`	`89`	`@Override`
`90`		`- public int getId() {`
	`90`	`+ public Integer getId() {`
`91`	`91`	`return this.id;`
`92`	`92`	`}`
`93`	`93`