BuyMe: Vintage Clothing Auction Web App

A full-stack Java/JSP auction web application featuring multi-role support (buyers, sellers, customer reps, admins), real-time bidding with auto-bid functionality, item alerts, and question/answer workflows. Built as a learning project demonstrating servlet-based web development with MySQL integration.

---

What this project does

BuyMe is a vintage fashion auction platform with distinct user roles and workflows:

User Roles

• Buyers – Browse auctions, place bids, set auto-bids, manage watchlists, view bid history, ask questions about items
• Sellers – Create items and auctions, manage inventory, view bid history, close auctions
• Customer Reps – Answer buyer questions about items, view pending Q&As
• Admins – View auction statistics, manage earnings reports, create customer reps, manage all user accounts

Core Capabilities

• User registration/login with session-based role routing
• Real-time auction management with automatic auction closing
• Bidding engine with auto-bid support and bid validation
• Alert system for matching items (by color, size, price range)
• Question/answer workflow for pre-purchase queries
• Buyer watchlists for tracking favorite auctions
• Admin dashboards with earnings reports and auction statistics

---

Why this project is useful

Full-stack learning resource:

• Demonstrates servlet-based web development patterns (request routing, session management, form handling)
• Shows practical MySQL integration with JDBC and prepared statements
• Implements multi-role access control and authorization patterns
• Real-world features: bidding logic, auction expiration, auto-notifications

Reference implementation for:

• Session management and role-based routing in Java web apps
• Database design for auction systems (bids, items, auctions, alerts)
• JSP form handling and dynamic content generation
• Servlet lifecycle and request/response processing

---

Getting started

Prerequisites

• Java 8+ (JDK)
• Apache Tomcat 9+ (or compatible servlet container)
• MySQL 5.7+ (or MariaDB equivalent)
• IDE (Eclipse, IntelliJ IDEA, or VS Code with Java extensions)

Installation & setup

1. Clone and navigate to project:

   git clone <repository-url>
   cd PrinciplesProject

2. Create database and tables:

   mysql -u root -p < database/login_database.sql

   This creates the database with all required tables.

3. Configure database connection: The project currently uses hard-coded credentials in servlet files. Update the following in each servlet that connects to the database (default: jdbc:mysql://localhost:3306/login_app, user: root, password: Pallavi@1000):

4. Build and deploy:

   Using Eclipse/IntelliJ:

   • Import as a Dynamic Web Project
   • Configure with Tomcat server runtime
   • Run on server

5. Access the application:

   • Open http://localhost:8080/buyme/ (or your configured context root)
   • Create a new account or use test credentials (see database/login_database.sql for sample data)

Quick start example

Sign up as a buyer:

URL: http://localhost:8080/buyme/signup
Method: POST
Form fields:
  name=John Doe
  email=john@example.com
  password=SecurePass123
  type=buyer

Log in:

URL: http://localhost:8080/buyme/login
Method: POST
Form fields:
  email=john@example.com
  password=SecurePass123

---

Project architecture

Technology stack

• Backend: Java 8+, Servlets (javax.servlet)
• Frontend: JSP, HTML, CSS
• Database: MySQL with JDBC
• Server: Apache Tomcat

Directory structure

PrinciplesProject/
├── WebContent/                    # Web root (JSPs, static files)
│   ├── index.jsp                 # Landing page
│   ├── login.jsp, signup.jsp     # Authentication
│   ├── buyer*/                   # Buyer pages (browse, bid, alerts)
│   ├── seller*/                  # Seller pages (create auctions, items)
│   ├── admin*/                   # Admin dashboards
│   ├── rep*/                     # Rep pages (answer questions)
│   └── css/style.css             # Shared styles
├── src/main/java/com/
│   ├── login/                    # LoginServlet, SignupServlet, RoleRouterServlet
│   ├── buyer/                    # PlaceBidServlet, AutoBidServlet, WatchlistServlet, etc.
│   ├── seller/                   # CreateAuctionServlet, EditItemServlet, etc.
│   ├── rep/                      # AnswerServlet, EditAccountServlet
│   └── admin/                    # AdminEarningsServlet, AdminAuctionStatsServlet
├── database/
│   ├── login_database.sql        # Schema and initial data
│   └── *.sql                     # Additional schema scripts
└── WebContent/WEB-INF/
    └── web.xml                   # Servlet mappings

Request flow

1. User request → JSP form or direct servlet URL
2. Servlet routing → @WebServlet annotation or web.xml mapping
3. Session check → Verify authentication and role
4. DB operation → Execute SQL (prepared statements)
5. Response → Redirect to JSP or display results

Example flow for placing a bid:

itemDetails.jsp (form) 
  → POST /placeBid 
  → PlaceBidServlet 
  → Check role (buyer) 
  → Validate bid amount 
  → Insert into bidsOn_bid_itemBid table 
  → Redirect to itemDetails.jsp with success/error

---

Core features

1. Authentication & Authorization

• Signup: SignupServlet – Creates user accounts with role assignment
• Login: LoginServlet – Authenticates user and sets session attributes
• Role routing: RoleRouterServlet – Redirects authenticated users to role-appropriate dashboard

2. Buyer features

• Browse auctions: SearchAuctionsServlet with filters
• Place bid: PlaceBidServlet – Validates bid amount and updates auction
• Auto-bid: AutoBidServlet – Sets maximum bid limit
• Watchlist: WatchlistServlet – Track favorite auctions
• Alerts: SetAlertServlet – Get notifications for matching items
• Q&A: AskQuestionServlet – Ask reps about items

3. Seller features

• Create item: CreateItemServlet – Define item (color, size, price)
• Create auction: CreateAuctionServlet – Set auction duration and minimum price
• Manage auctions: Edit, delete, or close auctions
• View bids: BidHistoryServlet – Track all bids on seller's auctions

4. Customer Rep features

• Answer questions: AnswerServlet – Respond to buyer queries
• View dashboard: RepDashboardServlet – Pending and answered questions
• Manage account: EditAccountServlet – Update profile

5. Admin features

• Auction stats: AdminAuctionStatsServlet – View active, closed, and created auctions
• Earnings reports: AdminEarningsServlet – Revenue breakdown by item and buyer
• User management: UserListServlet – View all accounts
• Create reps: CreateRepServlet – Onboard customer representatives

---

Database schema

Core tables (see database/login_database.sql for full schema):

Table	Purpose
user	User accounts (email, password, role)
item	Item inventory (color, size, price)
T_Auction_isAuctioned	Auction listings (min/max price, dates)
bidsOn_bid_itemBid	Bid records (amount, auto-bid limit, timestamp)
T_QuestionAnswers	Q&A between buyers and reps
watchlist	Favorite auctions tracked by buyers
saved_alert / T_ItemAlerts	Price/attribute alerts for auto-notification
earnings_report	Admin earnings summary reports

---

Key endpoints

Authentication

Endpoint	Method	Role	Purpose
/signup	POST	Any	Register new account
/login	POST	Any	Authenticate user
/logout	GET	Authenticated	Clear session
/roleRouter	GET	Authenticated	Redirect to role dashboard

Buyer

Endpoint	Method	Purpose
/searchAuctions	GET/POST	Browse and filter auctions
/placeBid	POST	Submit a bid
/autoBid	POST	Set auto-bid maximum
/watchlist	GET/POST	Add/view watchlisted auctions
/setAlert	POST	Create item alert
/askQuestion	POST	Ask rep about an item

Seller

Endpoint	Method	Purpose
/createItem	POST	Add new item to inventory
/createAuction	POST	Create auction for an item
/editAuction	POST	Modify auction details
/deleteAuction	POST	Remove auction
/bidHistory	GET	View bids on own auctions

Rep

Endpoint	Method	Purpose
/answerQuestion	POST	Respond to buyer question

Admin

Endpoint	Method	Purpose
/adminAuctionStats	GET	View auction statistics
/adminEarnings	GET	Generate earnings report
/userList	GET	List all users
/createRep	POST	Create new customer rep

---

Production considerations

Security issues to address before deploying to production:

1. Password storage:

   • Currently: Passwords stored and compared in plaintext
   • Action: Use bcrypt, Argon2, or PBKDF2 for hashing
   • See: com.rep.EditAccountServlet

2. Database credentials:

   • Currently: Hard-coded in servlet source files
   • Action: Move to environment variables, properties files, or JNDI

   // Instead of:
   DriverManager.getConnection("jdbc:mysql://localhost:3306/login_app", "root", "Pallavi@1000");
   
   // Use:
   String url = System.getenv("DB_URL");
   String user = System.getenv("DB_USER");
   String pass = System.getenv("DB_PASSWORD");

3. Session security:

   • Configure HTTPS-only cookies in web.xml
   • Set secure and HttpOnly flags on session cookies

   <session-config>
       <secure>true</secure>
       <http-only>true</http-only>
   </session-config>

4. SQL injection: Already mitigated with prepared statements; maintain this practice

5. CSRF protection: Consider adding token-based CSRF protection for state-changing requests

---

Support & contribution

Getting help

• Code documentation: Review servlet source files for implementation details:

  • Authentication: LoginServlet, RoleRouterServlet
  • Bidding: PlaceBidServlet
  • Auction lifecycle: CloseAuctionServlet

• GitHub Issues: Report bugs or request features via the repository's issue tracker

Contributing

Contributions are welcome! To contribute:

1. Fork the repository
2. Create a feature branch: git checkout -b feature/your-feature
3. Make focused, well-documented commits
4. Push to your fork and open a pull request

Code style guidelines:

• Follow existing servlet patterns (role checking, session handling, DB resource cleanup)
• Use prepared statements for all SQL queries
• Close DB resources in try-finally or try-with-resources blocks
• Keep JSPs focused on presentation; move logic to servlets

Suggested improvements for contributors:

• Externalize database configuration
• Add input validation and sanitization utilities
• Implement password hashing
• Add unit/integration tests and CI/CD pipeline
• Improve error handling and user-facing error messages
• Add API documentation or Swagger/OpenAPI specs
• Migrate to modern frameworks (Spring Boot, Quarkus) if desired

Maintainer

Project maintained by the repository owner. For questions or coordination on major changes, please open an issue first.

---

License

This project is provided as-is for educational purposes. See the LICENSE file (if present) for specific terms.