- GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password`, `id` FROM `users` WHERE `email`=? AND locked='0' AND verified='1'");
+ GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password`, `id` FROM `users` WHERE `email`=? AND verified='1'");
ps.setString(1, un);
GigiResultSet rs = ps.executeQuery();
if (rs.next()) {
ps.setString(1, un);
GigiResultSet rs = ps.executeQuery();
if (rs.next()) {
@@ -81,7+83,7 @@ public class LoginPage extends Page {
String serial = x509Certificate.getSerialNumber().toString(16).toUpperCase();
- GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `memid` FROM `certs` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` = " + "'0000-00-00 00:00:00'");
+ GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `memid` FROM `certs` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` is NULL");
ps.setString(1, serial);
GigiResultSet rs = ps.executeQuery();
if (rs.next()) {
ps.setString(1, serial);
GigiResultSet rs = ps.executeQuery();
if (rs.next()) {
@@ -90,7+92,12 @@ public class LoginPage extends Page {
rs.close();
}
rs.close();
}
+ private static final Group LOGIN_BLOCKED = Group.getByString("blockedlogin");
+
private void loginSession(HttpServletRequest req, User user) {
private void loginSession(HttpServletRequest req, User user) {