X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;ds=sidebyside;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FLoginPage.java;h=acfc8f51ed310153e9f1d041402167599d91e35d;hb=1cfb44d81a7d919db6670a06b0832c7b398005be;hp=49b42dbe264c3a7a47ab01fa1e8f89c8ca3d49b6;hpb=ea6ee43a84f9a1f055d97ff0de8196569154e4d0;p=gigi.git

diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java
index 49b42dbe..acfc8f51 100644
--- a/src/org/cacert/gigi/pages/LoginPage.java
+++ b/src/org/cacert/gigi/pages/LoginPage.java
@@ -18,6 +18,8 @@ import org.cacert.gigi.database.DatabaseConnection;
 import org.cacert.gigi.util.PasswordHash;
 
 public class LoginPage extends Page {
+	public static final String LOGIN_RETURNPATH = "login-returnpath";
+
 	public LoginPage(String title) {
 		super(title);
 	}
@@ -25,8 +27,17 @@ public class LoginPage extends Page {
 	@Override
 	public void doGet(HttpServletRequest req, HttpServletResponse resp)
 			throws IOException {
-		HttpSession hs = req.getSession();
-		if (hs.getAttribute("loggedin") == null) {
+		resp.getWriter()
+				.println(
+						"<form method='POST' action='/login'>"
+								+ "<input type='text' name='username'>"
+								+ "<input type='password' name='password'> <input type='submit' value='login'></form>");
+	}
+
+	@Override
+	public boolean beforeTemplate(HttpServletRequest req,
+			HttpServletResponse resp) throws IOException {
+		if (req.getSession().getAttribute("loggedin") == null) {
 			X509Certificate[] cert = (X509Certificate[]) req
 					.getAttribute("javax.servlet.request.X509Certificate");
 			if (cert != null && cert[0] != null) {
@@ -37,16 +48,19 @@ public class LoginPage extends Page {
 			}
 		}
 
-		if (hs.getAttribute("loggedin") != null) { // Redir from login
-			resp.sendRedirect("/");
-			return;
+		if (req.getSession().getAttribute("loggedin") != null) {
+			String s = (String) req.getSession().getAttribute(LOGIN_RETURNPATH);
+			if (s != null) {
+				if (!s.startsWith("/")) {
+					s = "/" + s;
+				}
+				resp.sendRedirect(s);
+			} else {
+				resp.sendRedirect("/");
+			}
+			return true;
 		}
-
-		resp.getWriter()
-				.println(
-						"<form method='POST' action='/login'>"
-								+ "<input type='text' name='username'>"
-								+ "<input type='password' name='password'> <input type='submit' value='login'></form>");
+		return false;
 	}
 	@Override
 	public boolean needsLogin() {
@@ -56,12 +70,15 @@ public class LoginPage extends Page {
 		String un = req.getParameter("username");
 		String pw = req.getParameter("password");
 		try {
-			PreparedStatement ps = DatabaseConnection.getInstance().prepare(
-					"SELECT `password`, `id` FROM `users` WHERE `email`=?");
+			PreparedStatement ps = DatabaseConnection
+					.getInstance()
+					.prepare(
+							"SELECT `password`, `id` FROM `users` WHERE `email`=? AND locked='0' AND verified='1'");
 			ps.setString(1, un);
 			ResultSet rs = ps.executeQuery();
 			if (rs.next()) {
 				if (PasswordHash.verifyHash(pw, rs.getString(1))) {
+					req.getSession().invalidate();
 					HttpSession hs = req.getSession();
 					hs.setAttribute(LOGGEDIN, true);
 					hs.setAttribute(USER, new User(rs.getInt(2)));
@@ -88,6 +105,7 @@ public class LoginPage extends Page {
 			ps.setString(1, serial);
 			ResultSet rs = ps.executeQuery();
 			if (rs.next()) {
+				req.getSession().invalidate();
 				HttpSession hs = req.getSession();
 				hs.setAttribute(LOGGEDIN, true);
 				hs.setAttribute(USER, new User(rs.getInt(1)));
