X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;ds=sidebyside;f=src%2Forg%2Fcacert%2Fgigi%2FUser.java;h=2c1178171c797a2b32fbcab0058ea869940d8f06;hb=6b985b637949909402c2e7be5e682b33d5e6abcd;hp=d5b0a9043bce2ff0575a8d48ba9129e05f40a21a;hpb=09f0476b47711ec02bb96bdd2090ea1930f434a5;p=gigi.git

diff --git a/src/org/cacert/gigi/User.java b/src/org/cacert/gigi/User.java
index d5b0a904..2c117817 100644
--- a/src/org/cacert/gigi/User.java
+++ b/src/org/cacert/gigi/User.java
@@ -1,13 +1,14 @@
 package org.cacert.gigi;
 
+import java.sql.Date;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
-import java.sql.Date;
 import java.util.Calendar;
 
 import org.cacert.gigi.database.DatabaseConnection;
 import org.cacert.gigi.util.PasswordHash;
+import org.cacert.gigi.util.PasswordStrengthChecker;
 
 public class User {
 
@@ -116,6 +117,30 @@ public class User {
 		id = DatabaseConnection.lastInsertId(query);
 	}
 
+	public void changePassword(String oldPass, String newPass) throws GigiApiException {
+		try {
+			PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password` FROM users WHERE id=?");
+			ps.setInt(1, id);
+			ResultSet rs = ps.executeQuery();
+			if (!rs.next()) {
+				throw new GigiApiException("User not found... very bad.");
+			}
+			if (!PasswordHash.verifyHash(oldPass, rs.getString(1))) {
+				throw new GigiApiException("Old password does not match.");
+			}
+			rs.close();
+			PasswordStrengthChecker.assertStrongPassword(newPass, this);
+			ps = DatabaseConnection.getInstance().prepare("UPDATE users SET `password`=? WHERE id=?");
+			ps.setString(1, PasswordHash.hash(newPass));
+			ps.setInt(2, id);
+			if (ps.executeUpdate() != 1) {
+				throw new GigiApiException("Password update failed.");
+			}
+		} catch (SQLException e) {
+			throw new GigiApiException(e);
+		}
+	}
+
 	public boolean canAssure() throws SQLException {
 		if (getAssurancePoints() < 100) {
 			return false;
@@ -242,4 +267,24 @@ public class User {
 
 		return null;
 	}
+
+	public void updateDefaultEmail(EmailAddress newMail) {
+		try {
+			EmailAddress[] adrs = getEmails();
+			for (int i = 0; i < adrs.length; i++) {
+				if (adrs[i].getAddress().equals(newMail.getAddress())) {
+					PreparedStatement ps = DatabaseConnection.getInstance().prepare(
+						"UPDATE users SET email=? WHERE id=?");
+					ps.setString(1, newMail.getAddress());
+					ps.setInt(2, getId());
+					ps.execute();
+					email = newMail.getAddress();
+					return;
+				}
+			}
+			throw new IllegalArgumentException("Given address not an address of the user.");
+		} catch (SQLException e) {
+			e.printStackTrace();
+		}
+	}
 }