X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;ds=inline;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FPasswordResetPage.java;h=4090bdd49b140822e7d516a879acdf0c6f9df9e1;hb=d7faeb9059063a213bfb0dad5d91f5732c3c6a48;hp=c25fe5c1b7fed60bba5087738fe469a0de780c6c;hpb=851b2db2211e0f7770065dc4558cc0de74a39df4;p=gigi.git diff --git a/src/org/cacert/gigi/pages/PasswordResetPage.java b/src/org/cacert/gigi/pages/PasswordResetPage.java index c25fe5c1..4090bdd4 100644 --- a/src/org/cacert/gigi/pages/PasswordResetPage.java +++ b/src/org/cacert/gigi/pages/PasswordResetPage.java @@ -2,6 +2,7 @@ package org.cacert.gigi.pages; import java.io.IOException; import java.io.PrintWriter; +import java.net.URLEncoder; import java.util.HashMap; import java.util.Map; @@ -9,14 +10,21 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.cacert.gigi.GigiApiException; +import org.cacert.gigi.database.GigiPreparedStatement; import org.cacert.gigi.dbObjects.User; import org.cacert.gigi.localisation.Language; import org.cacert.gigi.output.template.Form; +import org.cacert.gigi.output.template.MailTemplate; import org.cacert.gigi.output.template.Template; import org.cacert.gigi.util.AuthorizationContext; +import org.cacert.gigi.util.HTMLEncoder; +import org.cacert.gigi.util.RandomToken; +import org.cacert.gigi.util.ServerConstants; public class PasswordResetPage extends Page { + public static final int HOUR_MAX = 96; + public static final String PATH = "/passwordReset"; public PasswordResetPage() { @@ -25,7 +33,7 @@ public class PasswordResetPage extends Page { public static class PasswordResetForm extends Form { - private static Template t = new Template(PasswordResetForm.class.getResource("PasswordResetForm.templ")); + private static final Template t = new Template(PasswordResetForm.class.getResource("PasswordResetForm.templ")); private User u; @@ -52,6 +60,11 @@ public class PasswordResetPage extends Page { @Override public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + try (GigiPreparedStatement passwordReset = new GigiPreparedStatement("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `used` IS NULL AND `created` < CURRENT_TIMESTAMP - interval '1 hours' * ?;")) { + passwordReset.setInt(1, HOUR_MAX); + passwordReset.execute(); + } + String p1 = req.getParameter("pword1"); String p2 = req.getParameter("pword2"); String tok = req.getParameter("private_token"); @@ -76,14 +89,13 @@ public class PasswordResetPage extends Page { @Override public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { PasswordResetForm form = Form.getForm(req, PasswordResetForm.class); - try { - form.submit(resp.getWriter(), req); - resp.getWriter().println(getLanguage(req).getTranslation("Password reset successful.")); + PrintWriter w = resp.getWriter(); + if (form.submitProtected(w, req)) { + w.println("