1 package org.cacert.gigi.pages.main;
3 import java.io.IOException;
4 import java.io.PrintWriter;
5 import java.sql.PreparedStatement;
6 import java.sql.ResultSet;
7 import java.sql.SQLException;
9 import java.util.HashMap;
12 import javax.servlet.http.HttpServletRequest;
14 import org.cacert.gigi.Language;
15 import org.cacert.gigi.User;
16 import org.cacert.gigi.database.DatabaseConnection;
17 import org.cacert.gigi.email.EmailProvider;
18 import org.cacert.gigi.output.DateSelector;
19 import org.cacert.gigi.output.Form;
20 import org.cacert.gigi.output.template.Template;
21 import org.cacert.gigi.pages.Page;
22 import org.cacert.gigi.util.HTMLEncoder;
23 import org.cacert.gigi.util.Notary;
24 import org.cacert.gigi.util.PasswordStrengthChecker;
25 import org.cacert.gigi.util.RandomToken;
26 import org.cacert.gigi.util.ServerConstants;
28 public class Signup extends Form {
29 User buildup = new User();
31 boolean general = true, country = true, regional = true, radius = true;
33 public Signup(HttpServletRequest hsr) {
35 t = new Template(Signup.class.getResource("Signup.templ"));
39 buildup.setSuffix("");
41 buildup.setDob(new Date(0));
44 DateSelector myDoB = new DateSelector("day", "month", "year");
47 public void outputContent(PrintWriter out, Language l, Map<String, Object> outerVars) {
48 HashMap<String, Object> vars = new HashMap<String, Object>();
49 vars.put("fname", HTMLEncoder.encodeHTML(buildup.getFname()));
50 vars.put("mname", HTMLEncoder.encodeHTML(buildup.getMname()));
51 vars.put("lname", HTMLEncoder.encodeHTML(buildup.getLname()));
52 vars.put("suffix", HTMLEncoder.encodeHTML(buildup.getSuffix()));
53 vars.put("dob", myDoB);
54 vars.put("email", HTMLEncoder.encodeHTML(buildup.getEmail()));
55 vars.put("general", general ? " checked=\"checked\"" : "");
56 vars.put("country", country ? " checked=\"checked\"" : "");
57 vars.put("regional", regional ? " checked=\"checked\"" : "");
58 vars.put("radius", radius ? " checked=\"checked\"" : "");
59 vars.put("helpOnNames", String.format(l.getTranslation("Help on Names %sin the wiki%s"),
60 "<a href=\"//wiki.cacert.org/FAQ/HowToEnterNamesInJoinForm\" target=\"_blank\">", "</a>"));
61 vars.put("csrf", getCSRFToken());
62 t.output(out, l, vars);
65 private void update(HttpServletRequest r) {
66 if (r.getParameter("fname") != null) {
67 buildup.setFname(r.getParameter("fname"));
69 if (r.getParameter("lname") != null) {
70 buildup.setLname(r.getParameter("lname"));
72 if (r.getParameter("mname") != null) {
73 buildup.setMname(r.getParameter("mname"));
75 if (r.getParameter("suffix") != null) {
76 buildup.setSuffix(r.getParameter("suffix"));
78 if (r.getParameter("email") != null) {
79 buildup.setEmail(r.getParameter("email"));
81 general = "1".equals(r.getParameter("general"));
82 country = "1".equals(r.getParameter("country"));
83 regional = "1".equals(r.getParameter("regional"));
84 radius = "1".equals(r.getParameter("radius"));
89 public synchronized boolean submit(PrintWriter out, HttpServletRequest req) {
91 boolean failed = false;
92 out.println("<div class='formError'>");
93 if (buildup.getFname().equals("") || buildup.getLname().equals("")) {
94 outputError(out, req, "First and/or last names were blank.");
97 if (!myDoB.isValid()) {
98 outputError(out, req, "Invalid date of birth");
101 if (!"1".equals(req.getParameter("cca_agree"))) {
102 outputError(out, req, "You have to agree to the CAcert Community agreement.");
105 if (buildup.getEmail().equals("")) {
106 outputError(out, req, "Email Address was blank");
109 String pw1 = req.getParameter("pword1");
110 String pw2 = req.getParameter("pword2");
111 if (pw1 == null || pw1.equals("")) {
112 outputError(out, req, "Pass Phrases were blank");
114 } else if (!pw1.equals(pw2)) {
115 outputError(out, req, "Pass Phrases don't match");
118 int pwpoints = PasswordStrengthChecker.checkpw(pw1, buildup);
120 outputError(out, req, "The Pass Phrase you submitted failed to contain enough"
121 + " differing characters and/or contained words from" + " your name and/or email address.");
125 out.println("</div>");
129 PreparedStatement q1 = DatabaseConnection.getInstance().prepare(
130 "select * from `email` where `email`=? and `deleted`=0");
131 PreparedStatement q2 = DatabaseConnection.getInstance().prepare(
132 "select * from `users` where `email`=? and `deleted`=0");
133 q1.setString(1, buildup.getEmail());
134 q2.setString(1, buildup.getEmail());
135 ResultSet r1 = q1.executeQuery();
136 ResultSet r2 = q2.executeQuery();
137 if (r1.next() || r2.next()) {
138 outputError(out, req, "This email address is currently valid in the system.");
143 PreparedStatement q3 = DatabaseConnection.getInstance().prepare(
144 "select `domain` from `baddomains` where `domain`=RIGHT(?, LENGTH(`domain`))");
145 q3.setString(1, buildup.getEmail());
147 ResultSet r3 = q3.executeQuery();
149 String domain = r3.getString(1);
151 out.print(String.format(
152 Page.translate(req, "We don't allow signups from people using email addresses from %s"), domain));
153 out.println("</div>");
157 } catch (SQLException e) {
161 String mailResult = EmailProvider.FAIL;
163 mailResult = EmailProvider.getInstance().checkEmailServer(0, buildup.getEmail());
164 } catch (IOException e) {
166 if (!mailResult.equals(EmailProvider.OK)) {
167 if (mailResult.startsWith("4")) {
168 outputError(out, req, "The mail server responsible for your domain indicated"
169 + " a temporary failure. This may be due to anti-SPAM measures, such"
170 + " as greylisting. Please try again in a few minutes.");
172 outputError(out, req, "Email Address given was invalid, or a test connection"
173 + " couldn't be made to your server, or the server" + " rejected the email address as invalid");
175 if (mailResult.equals(EmailProvider.FAIL)) {
176 outputError(out, req, "Failed to make a connection to the mail server");
179 out.print(mailResult);
180 out.println("</div>");
185 out.println("</div>");
191 } catch (SQLException e) {
197 private void run(HttpServletRequest req, String password) throws SQLException {
199 DatabaseConnection.getInstance().beginTransaction();
200 String hash = RandomToken.generateToken(16);
202 buildup.setDob(myDoB.getDate());
203 buildup.insert(password);
204 int memid = buildup.getId();
205 PreparedStatement ps = DatabaseConnection.getInstance().prepare(
206 "insert into `email` set `email`=?," + " `hash`=?, `created`=NOW(),`memid`=?");
207 ps.setString(1, buildup.getEmail());
208 ps.setString(2, hash);
211 int emailid = DatabaseConnection.lastInsertId(ps);
212 ps = DatabaseConnection.getInstance().prepare(
213 "insert into `alerts` set `memid`=?," + " `general`=?, `country`=?, `regional`=?, `radius`=?");
215 ps.setString(2, general ? "1" : "0");
216 ps.setString(3, country ? "1" : "0");
217 ps.setString(4, regional ? "1" : "0");
218 ps.setString(5, radius ? "1" : "0");
220 Notary.writeUserAgreement(memid, "CCA", "account creation", "", true, 0);
222 StringBuffer body = new StringBuffer();
226 "Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!"));
227 body.append("\n\nhttps://");
228 body.append(ServerConstants.getWwwHostNamePort());
229 body.append("/verify?type=email&id=");
230 body.append(emailid);
231 body.append("&hash=");
234 body.append(Page.translate(req, "Best regards"));
236 body.append(Page.translate(req, "CAcert.org Support!"));
238 EmailProvider.getInstance().sendmail(buildup.getEmail(),
239 "[CAcert.org] " + Page.translate(req, "Mail Probe"), body.toString(), "support@cacert.org", null,
240 null, null, null, false);
241 } catch (IOException e) {
244 DatabaseConnection.getInstance().commitTransaction();
246 DatabaseConnection.getInstance().quitTransaction();