- try {
- PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `memid` FROM `certs` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` = " + "'0000-00-00 00:00:00'");
- ps.setString(1, serial);
- ResultSet rs = ps.executeQuery();
- if (rs.next()) {
- req.getSession().invalidate();
- HttpSession hs = req.getSession();
- hs.setAttribute(LOGGEDIN, true);
- hs.setAttribute(USER, new User(rs.getInt(1)));
- }
- rs.close();
- } catch (SQLException e) {
- e.printStackTrace();
+ GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `memid` FROM `certs` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` is NULL");
+ ps.setString(1, serial);
+ GigiResultSet rs = ps.executeQuery();
+ if (rs.next()) {
+ loginSession(req, User.getById(rs.getInt(1)));
+ }
+ rs.close();
+ }
+
+ private static final Group LOGIN_BLOCKED = Group.getByString("blockedlogin");
+
+ private void loginSession(HttpServletRequest req, User user) {
+ if (user.isInGroup(LOGIN_BLOCKED)) {
+ return;