FU-Hola · midori-suzune · Nov 6, 2025 · Nov 6, 2025 · Nov 6, 2025 · Nov 6, 2025
diff --git a/src/java/com/library/controller/admin/book/AddBookController.java b/src/java/com/library/controller/admin/book/AddBookController.java
@@ -32,10 +32,10 @@
  *
  * @author laptop gigabyte
  */
+
 @WebServlet(name = "saveBooks", urlPatterns = {"/admin/book/add"})
 @MultipartConfig
-public class AddBookController extends HttpServlet {
-
+public class AddBookController extends HttpServlet {        
     BookService bookService = ServiceFactory.getBookService();
     private static final Logger logger = LoggerFactory.getLogger(AddBookController.class);
 

diff --git a/src/java/com/library/controller/user/ChangePassword.java b/src/java/com/library/controller/user/ChangePassword.java
@@ -0,0 +1,68 @@
+/*
+ * Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license
+ * Click nbfs://nbhost/SystemFileSystem/Templates/JSP_Servlet/Servlet.java to edit this template
+ */
+package com.library.controller.user;
+
+import com.library.factory.ServiceFactory;
+import com.library.service.UserService;
+import com.library.util.HashPassword;
+import java.io.IOException;
+import java.io.PrintWriter;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.annotation.WebServlet;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
+
+/**
+ *
+ * @author laptop gigabyte
+ */
+@WebServlet(name = "ChangePassword", urlPatterns = {"/user/change-password"})
+public class ChangePassword extends HttpServlet {
+
+    private UserService userService = ServiceFactory.getUserService();
+
+    @Override
+    protected void doPost(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        String currentPassword = request.getParameter("currentPassword");
+        String newPassword = request.getParameter("newPassword");
+        String confirmPassword = request.getParameter("confirmPassword");
+        HttpSession session = request.getSession(false);
+        String account = (String) session.getAttribute("account");
+        String getHashedPassword = userService.getHashedPassword(account);
+        String hashedPassword = HashPassword.hash(newPassword);
+        if (newPassword.trim().isEmpty()) {
+            session.setAttribute("changePasswordError", "Mật khẩu không được bao gồm khoảng trắng!");
+            response.sendRedirect(request.getContextPath() + "/user/setting");
+            return;
+        } else if (newPassword.contains(" ")) {
+            session.setAttribute("changePasswordError", "Mật khẩu không được bao gồm khoảng trắng!");
+            response.sendRedirect(request.getContextPath() + "/user/setting");
+            return;
+        }else if(!newPassword.equals(confirmPassword)){
+            session.setAttribute("changePasswordError", "Mật khẩu xác nhận không giống   mật khẩu mới!");
+            response.sendRedirect(request.getContextPath() + "/user/setting");
+            return;
+        }
+        if (HashPassword.checkPassword(currentPassword, getHashedPassword)) {
+            if (userService.updatePassword(account, hashedPassword)) {
+                session.setAttribute("changePasswordSuccess", "Cập nhật mật khẩu thành công!");
+                response.sendRedirect(request.getContextPath() + "/user/setting");
+                return;
+            } else {
+                session.setAttribute("changePasswordError", "Cập nhật mật khẩu không thành công!");
+                response.sendRedirect(request.getContextPath() + "/user/setting");
+                return;
+            }
+        } else {
+            session.setAttribute("changePasswordError", "Mật khẩu hiện tại sai!");
+            response.sendRedirect(request.getContextPath() + "/user/setting");
+            return;
+        }
+    }
+
+}
diff --git a/src/java/com/library/controller/user/SettingController.java b/src/java/com/library/controller/user/SettingController.java
@@ -45,6 +45,12 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
             response.sendRedirect(request.getContextPath() + "/user/login");
             return;
         }
+        String error = (String) session.getAttribute("changePasswordError");
+        String success = (String) session.getAttribute("changePasswordSuccess");
+        request.setAttribute("error", error);
+        request.setAttribute("success", success);
+        session.removeAttribute("changePasswordError");
+        session.removeAttribute("changePasswordSuccess");
         session.setAttribute("user", dto);
         request.getRequestDispatcher("/WEB-INF/views/user/setting.jsp").forward(request, response);
         return;

diff --git a/src/java/com/library/dao/UserDao.java b/src/java/com/library/dao/UserDao.java
@@ -15,7 +15,12 @@
  * @author hieuchu
  */
 public interface UserDao {
+
       List<User> getALLUser();     
+
+
+//      boolean checkLogin(String username,String pass);
+
 
       boolean checkUserExistence(String username);
 
@@ -41,7 +46,9 @@ public interface UserDao {
 
       String findHashedPassword(String account);
 
-      List<Integer> getAllUserID();
-
+      List<Integer> getAllUserID();      
+
+      boolean updatePassword(String account,String password);
+
 
 }
diff --git a/src/java/com/library/dao/UserDaoImpl.java b/src/java/com/library/dao/UserDaoImpl.java
@@ -14,6 +14,7 @@
 import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.logging.Level;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -251,16 +252,35 @@ public List<Integer> getAllUserID() {
         String sql = "select user_id from users ";
         List<Integer> list = new ArrayList<>();
         try (
-                Connection conn = DBConnection.getInstance().getConnection(); PreparedStatement ps = conn.prepareStatement(sql)) {
+              Connection conn = DBConnection.getInstance().getConnection(); 
+             PreparedStatement ps = conn.prepareStatement(sql)) {
             ResultSet rs = ps.executeQuery();
             while (rs.next()) {
                 int id = rs.getInt("user_id");
                 list.add(id);
             }
+        } catch (SQLException ex) {
+            ex.printStackTrace();
+        }
+        return list ;
+    }
+
+    public boolean updatePassword(String account, String password) {
+        String sql = "UPDATE users\n"
+                + "SET password = ?\n"
+                + "WHERE account = ?;";
+        try (
+                Connection conn = DBConnection.getInstance().getConnection(); PreparedStatement ps = conn.prepareStatement(sql)) {
+            ps.setString(1, password);
+            ps.setString(2, account);
+            int rs = ps.executeUpdate();
+            if(rs > 0){
+                return true;
+            }
         } catch (SQLException s) {
             s.printStackTrace();
         }
-        return list;
+        return false ;
     }
 
     @Override
@@ -272,7 +292,7 @@ public void setOfflineAll() {
             ps.executeUpdate();
         } catch (SQLException s) {
             s.printStackTrace();
-        }
+        } 
     }
 
 }
diff --git a/src/java/com/library/service/UserService.java b/src/java/com/library/service/UserService.java
@@ -99,6 +99,7 @@ public int getUserIDByAccount(String account){
     public String getHashedPassword(String account){
         return this.userDao.findHashedPassword(account);
     }
+
 
     public void logoutAllUser(){
         Collection<HttpSession> session = SessionTracker.getAllValue();
@@ -110,4 +111,14 @@ public void logoutAllUser(){
 
     }
 
+
+    public boolean updatePassword(String account,String password){
+        if(userDao.updatePassword(account, password)){
+            logger.info("update completed ()",account);
+            return true;
+        }
+        logger.info("update failed!");
+        return false;
+    }
+
 }
diff --git a/web/WEB-INF/views/user/setting.jsp b/web/WEB-INF/views/user/setting.jsp
@@ -472,7 +472,7 @@
         </style>
 
         <script>
-     
+
             function toggleEdit(fieldId) {
                 const input = document.getElementById(fieldId);
                 const saveBtn = document.getElementById('saveProfileBtn');
@@ -491,16 +491,16 @@
                         input.focus();
                     }
 
- 
+
                     saveBtn.style.display = 'inline-flex';
                 } else {
-       
+
                     if (isFile) {
                         input.disabled = true;
                     } else {
                         input.readOnly = true;
                     }
-  
+
                 }
             }
 
@@ -645,6 +645,12 @@
                     </h3>
 
                     <form action="${pageContext.request.contextPath}/user/change-password" method="post">
+                        <% if (request.getAttribute("error") != null) { %>
+                        <p style="color:red"><%= request.getAttribute("error") %></p>
+                        <% } %>
+                        <% if (request.getAttribute("success") != null) { %>
+                        <p style="color:#28a745"><%= request.getAttribute("success") %></p>
+                        <% } %>
                         <div class="form-group">
                             <label for="currentPassword">Current Password</label>
                             <input type="password" id="currentPassword" name="currentPassword"