package org.cacert.gigi;
+import java.sql.Date;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
-import java.sql.Date;
import java.util.Calendar;
import org.cacert.gigi.database.DatabaseConnection;
import org.cacert.gigi.util.PasswordHash;
+import org.cacert.gigi.util.PasswordStrengthChecker;
public class User {
public User(int id) {
this.id = id;
try {
- PreparedStatement ps = DatabaseConnection
- .getInstance()
- .prepare(
- "SELECT `fname`, `lname`,`mname`, `suffix`, `dob`, `email` FROM `users` WHERE id=?");
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare(
+ "SELECT `fname`, `lname`,`mname`, `suffix`, `dob`, `email` FROM `users` WHERE id=?");
ps.setInt(1, id);
ResultSet rs = ps.executeQuery();
if (rs.next()) {
- name = new Name(rs.getString(1), rs.getString(2),
- rs.getString(3), rs.getString(4));
+ name = new Name(rs.getString(1), rs.getString(2), rs.getString(3), rs.getString(4));
dob = rs.getDate(5);
email = rs.getString(6);
}
e.printStackTrace();
}
}
+
public User() {
}
+
public int getId() {
return id;
}
+
public String getFname() {
return name.fname;
}
+
public String getLname() {
return name.lname;
}
+
public String getMname() {
return name.mname;
}
+
public Name getName() {
return name;
}
+
public void setMname(String mname) {
this.name.mname = mname;
}
+
public String getSuffix() {
return name.suffix;
}
+
public void setSuffix(String suffix) {
this.name.suffix = suffix;
}
+
public Date getDob() {
return dob;
}
+
public void setDob(Date dob) {
this.dob = dob;
}
+
public String getEmail() {
return email;
}
+
public void setEmail(String email) {
this.email = email;
}
+
public void setId(int id) {
this.id = id;
}
+
public void setFname(String fname) {
this.name.fname = fname;
}
+
public void setLname(String lname) {
this.name.lname = lname;
}
+
public void insert(String password) throws SQLException {
if (id != 0) {
throw new Error("refusing to insert");
}
PreparedStatement query = DatabaseConnection.getInstance().prepare(
- "insert into `users` set `email`=?, `password`=?, "
- + "`fname`=?, `mname`=?, `lname`=?, "
- + "`suffix`=?, `dob`=?, `created`=NOW(), locked=0");
+ "insert into `users` set `email`=?, `password`=?, " + "`fname`=?, `mname`=?, `lname`=?, "
+ + "`suffix`=?, `dob`=?, `created`=NOW(), locked=0");
query.setString(1, email);
query.setString(2, PasswordHash.hash(password));
query.setString(3, name.fname);
query.setDate(7, new java.sql.Date(dob.getTime()));
query.execute();
id = DatabaseConnection.lastInsertId(query);
- System.out.println("Inserted: " + id);
+ }
+
+ public void changePassword(String oldPass, String newPass) throws GigiApiException {
+ try {
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password` FROM users WHERE id=?");
+ ps.setInt(1, id);
+ ResultSet rs = ps.executeQuery();
+ if (!rs.next()) {
+ throw new GigiApiException("User not found... very bad.");
+ }
+ if (!PasswordHash.verifyHash(oldPass, rs.getString(1))) {
+ throw new GigiApiException("Old password does not match.");
+ }
+ rs.close();
+ PasswordStrengthChecker.assertStrongPassword(newPass, this);
+ ps = DatabaseConnection.getInstance().prepare("UPDATE users SET `password`=? WHERE id=?");
+ ps.setString(1, PasswordHash.hash(newPass));
+ ps.setInt(2, id);
+ if (ps.executeUpdate() != 1) {
+ throw new GigiApiException("Password update failed.");
+ }
+ } catch (SQLException e) {
+ throw new GigiApiException(e);
+ }
}
public boolean canAssure() throws SQLException {
return hasPassedCATS();
}
+
public boolean hasPassedCATS() throws SQLException {
PreparedStatement query = DatabaseConnection.getInstance().prepare(
- "SELECT 1 FROM `cats_passed` where `user_id`=?");
+ "SELECT 1 FROM `cats_passed` where `user_id`=?");
query.setInt(1, id);
ResultSet rs = query.executeQuery();
if (rs.next()) {
return false;
}
}
+
public int getAssurancePoints() throws SQLException {
- PreparedStatement query = DatabaseConnection
- .getInstance()
- .prepare(
- "SELECT sum(points) FROM `notary` where `to`=? AND `deleted`=0");
+ PreparedStatement query = DatabaseConnection.getInstance().prepare(
+ "SELECT sum(points) FROM `notary` where `to`=? AND `deleted`=0");
query.setInt(1, id);
ResultSet rs = query.executeQuery();
int points = 0;
rs.close();
return points;
}
+
public int getExperiencePoints() throws SQLException {
PreparedStatement query = DatabaseConnection.getInstance().prepare(
- "SELECT count(*) FROM `notary` where `from`=? AND `deleted`=0");
+ "SELECT count(*) FROM `notary` where `from`=? AND `deleted`=0");
query.setInt(1, id);
ResultSet rs = query.executeQuery();
int points = 0;
rs.close();
return points;
}
+
@Override
public boolean equals(Object obj) {
if (!(obj instanceof User)) {
return false;
}
User s = (User) obj;
- return name.equals(s.name) && email.equals(s.email)
- && dob.toString().equals(s.dob.toString()); // This is due to
- // day cutoff
+ return name.equals(s.name) && email.equals(s.email) && dob.toString().equals(s.dob.toString()); // This
+ // is
+ // due
+ // to
+ // day
+ // cutoff
}
+
+ /**
+ * Gets the maximum allowed points NOW. Note that an assurance needs to
+ * re-check PoJam as it has taken place in the past.
+ *
+ * @return the maximal points
+ * @throws SQLException
+ */
public int getMaxAssurePoints() throws SQLException {
int exp = getExperiencePoints();
int points = 10;
}
return points;
}
+
+ public static User getById(int id) {
+ return new User(id);
+ }
+
+ public EmailAddress[] getEmails() {
+ try {
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id FROM email WHERE memid=?");
+ ps.setInt(1, id);
+ ResultSet rs = ps.executeQuery();
+ rs.last();
+ int count = rs.getRow();
+ EmailAddress[] data = new EmailAddress[count];
+ rs.beforeFirst();
+ for (int i = 0; i < data.length; i++) {
+ if (!rs.next()) {
+ throw new Error("Internal sql api violation.");
+ }
+ data[i] = EmailAddress.getById(rs.getInt(1));
+ }
+ rs.close();
+ return data;
+ } catch (SQLException e) {
+ e.printStackTrace();
+ }
+
+ return null;
+ }
+
+ public void updateDefaultEmail(EmailAddress newMail) {
+ try {
+ EmailAddress[] adrs = getEmails();
+ for (int i = 0; i < adrs.length; i++) {
+ if (adrs[i].getAddress().equals(newMail.getAddress())) {
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare(
+ "UPDATE users SET email=? WHERE id=?");
+ ps.setString(1, newMail.getAddress());
+ ps.setInt(2, getId());
+ ps.execute();
+ email = newMail.getAddress();
+ return;
+ }
+ }
+ throw new IllegalArgumentException("Given address not an address of the user.");
+ } catch (SQLException e) {
+ e.printStackTrace();
+ }
+ }
}