Fix visuals, output maxpoints

[gigi.git] / src / org / cacert / gigi / pages / LoginPage.java

diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java
index 134a0898c1748f7dbfab96a82512d1f67ffa283c..d88b6983b23611eefda46801db4a6dd6202b2790 100644 (file)
--- a/src/org/cacert/gigi/pages/LoginPage.java
+++ b/src/org/cacert/gigi/pages/LoginPage.java
@@ -18,6 +18,8 @@ import org.cacert.gigi.database.DatabaseConnection;
 import org.cacert.gigi.util.PasswordHash;
 
 public class LoginPage extends Page {
+       public static final String LOGIN_RETURNPATH = "login-returnpath";
+
        public LoginPage(String title) {
                super(title);
        }
@@ -25,6 +27,16 @@ public class LoginPage extends Page {
        @Override
        public void doGet(HttpServletRequest req, HttpServletResponse resp)
                        throws IOException {
+               resp.getWriter()
+                               .println(
+                                               "<form method='POST' action='/login'>"
+                                                               + "<input type='text' name='username'>"
+                                                               + "<input type='password' name='password'> <input type='submit' value='login'></form>");
+       }
+
+       @Override
+       public boolean beforeTemplate(HttpServletRequest req,
+                       HttpServletResponse resp) throws IOException {
                HttpSession hs = req.getSession();
                if (hs.getAttribute("loggedin") == null) {
                        X509Certificate[] cert = (X509Certificate[]) req
@@ -37,16 +49,19 @@ public class LoginPage extends Page {
                        }
                }
 
-               if (hs.getAttribute("loggedin") != null) { // Redir from login
-                       resp.sendRedirect("/");
-                       return;
+               if (hs.getAttribute("loggedin") != null) {
+                       String s = (String) req.getSession().getAttribute(LOGIN_RETURNPATH);
+                       if (s != null) {
+                               if (!s.startsWith("/")) {
+                                       s = "/" + s;
+                               }
+                               resp.sendRedirect(s);
+                       } else {
+                               resp.sendRedirect("/");
+                       }
+                       return true;
                }
-
-               resp.getWriter()
-                               .println(
-                                               "<form method='POST' action='/login'>"
-                                                               + "<input type='text' name='username'>"
-                                                               + "<input type='password' name='password'> <input type='submit' value='login'></form>");
+               return false;
        }
        @Override
        public boolean needsLogin() {
@@ -56,8 +71,10 @@ public class LoginPage extends Page {
                String un = req.getParameter("username");
                String pw = req.getParameter("password");
                try {
-                       PreparedStatement ps = DatabaseConnection.getInstance().prepare(
-                                       "SELECT `password`, `id` FROM `users` WHERE `email`=?");
+                       PreparedStatement ps = DatabaseConnection
+                                       .getInstance()
+                                       .prepare(
+                                                       "SELECT `password`, `id` FROM `users` WHERE `email`=? AND locked='0' AND verified='1'");
                        ps.setString(1, un);
                        ResultSet rs = ps.executeQuery();
                        if (rs.next()) {
@@ -72,6 +89,9 @@ public class LoginPage extends Page {
                        e.printStackTrace();
                }
        }
+       public static User getUser(HttpServletRequest req) {
+               return (User) req.getSession().getAttribute(USER);
+       }
        private void tryAuthWithCertificate(HttpServletRequest req,
                        X509Certificate x509Certificate) {
                String serial = x509Certificate.getSerialNumber().toString(16)