X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FGigi.java;h=1464a8b3942275c6c7a9c37e754c30c1fcaaa80b;hb=1de729f545658d412e9fb8828bad41dd00271e00;hp=7c2d1c8f584e95acc7158fe22ea8148afd989560;hpb=908f9be394c1d05be10eee5e88ed3f12ed55a3de;p=gigi.git

diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java
index 7c2d1c8f..1464a8b3 100644
--- a/src/org/cacert/gigi/Gigi.java
+++ b/src/org/cacert/gigi/Gigi.java
@@ -6,6 +6,10 @@ import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStreamReader;
 import java.security.cert.X509Certificate;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.Calendar;
 import java.util.HashMap;
 
 import javax.servlet.ServletException;
@@ -14,12 +18,17 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import org.cacert.gigi.database.DatabaseConnection;
 import org.cacert.gigi.pages.LoginPage;
 import org.cacert.gigi.pages.MainPage;
 import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.pages.main.RegisterPage;
+import org.cacert.gigi.util.PasswordHash;
 import org.eclipse.jetty.util.log.Log;
 
 public class Gigi extends HttpServlet {
+	public static final String LOGGEDIN = "loggedin";
+	public static final String USER = "user";
 	private static final long serialVersionUID = -6386785421902852904L;
 	private String[] baseTemplate;
 	private HashMap<String, Page> pages = new HashMap<String, Page>();
@@ -28,6 +37,7 @@ public class Gigi extends HttpServlet {
 	public void init() throws ServletException {
 		pages.put("/login", new LoginPage("CACert - Login"));
 		pages.put("/", new MainPage("CACert - Home"));
+		pages.put(RegisterPage.PATH, new RegisterPage());
 		String templ = "";
 		try {
 			BufferedReader reader = new BufferedReader(new InputStreamReader(
@@ -49,14 +59,14 @@ public class Gigi extends HttpServlet {
 			throws ServletException, IOException {
 		X509Certificate[] cert = (X509Certificate[]) req
 				.getAttribute("javax.servlet.request.X509Certificate");
-		HttpSession hs = req.getSession(false);
-		if (hs == null || !((Boolean) hs.getAttribute("loggedin"))) {
+		HttpSession hs = req.getSession();
+		if (hs.getAttribute(LOGGEDIN) == null) {
 			if (cert != null) {
 				tryAuthWithCertificate(req, cert[0]);
-				hs = req.getSession(false);
+				hs = req.getSession();
 			}
 		}
-		if (hs != null && ((Boolean) hs.getAttribute("loggedin"))
+		if (((Boolean) hs.getAttribute("loggedin"))
 				&& req.getPathInfo().equals("/login")) {
 			resp.sendRedirect("/");
 			return;
@@ -69,7 +79,7 @@ public class Gigi extends HttpServlet {
 		}
 		if (req.getPathInfo() != null && req.getPathInfo().equals("/logout")) {
 			if (hs != null) {
-				hs.setAttribute("loggedin", false);
+				hs.setAttribute(LOGGEDIN, null);
 				hs.invalidate();
 			}
 			resp.sendRedirect("/");
@@ -85,28 +95,68 @@ public class Gigi extends HttpServlet {
 		if (pages.containsKey(req.getPathInfo())) {
 			String b0 = baseTemplate[0];
 			Page p = pages.get(req.getPathInfo());
-			b0 = b0.replaceAll("\\$title\\$", p.getTitle());
+			b0 = makeDynTempl(b0, p);
+			resp.setContentType("text/html");
 			resp.getWriter().print(b0);
+			if (hs != null && hs.getAttribute(LOGGEDIN) != null) {
+				resp.getWriter().println(
+						"Hi " + ((User) hs.getAttribute(USER)).getFname());
+			}
 			p.doGet(req, resp);
-			resp.getWriter().print(baseTemplate[1]);
+			String b1 = baseTemplate[1];
+			b1 = makeDynTempl(b1, p);
+			resp.getWriter().print(b1);
 		} else {
 			resp.sendError(404, "Page not found.");
 		}
 
 	}
-
+	private String makeDynTempl(String in, Page p) {
+		int year = Calendar.getInstance().get(Calendar.YEAR);
+		in = in.replaceAll("\\$title\\$", p.getTitle());
+		in = in.replaceAll("\\$year\\$", year + "");
+		return in;
+	}
 	private void authWithUnpw(HttpServletRequest req) {
 		String un = req.getParameter("username");
 		String pw = req.getParameter("password");
-		// TODO dummy password check if (un.equals(pw)) {
-		HttpSession hs = req.getSession();
-		hs.setAttribute("loggedin", true);
+		try {
+			PreparedStatement ps = DatabaseConnection.getInstance().prepare(
+					"SELECT `password`, `id` FROM `users` WHERE `email`=?");
+			ps.setString(1, un);
+			ResultSet rs = ps.executeQuery();
+			if (rs.next()) {
+				if (PasswordHash.verifyHash(pw, rs.getString(1))) {
+					HttpSession hs = req.getSession();
+					hs.setAttribute(LOGGEDIN, true);
+					hs.setAttribute(USER, new User(rs.getInt(2)));
+				}
+			}
+			rs.close();
+		} catch (SQLException e) {
+			e.printStackTrace();
+		}
 	}
-
 	private void tryAuthWithCertificate(HttpServletRequest req,
 			X509Certificate x509Certificate) {
-		// TODO ckeck if certificate is valid
-		HttpSession hs = req.getSession();
-		hs.setAttribute("loggedin", true);
+		String serial = x509Certificate.getSerialNumber().toString(16)
+				.toUpperCase();
+		try {
+			PreparedStatement ps = DatabaseConnection
+					.getInstance()
+					.prepare(
+							"SELECT `memid` FROM `emailcerts` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` = "
+									+ "'0000-00-00 00:00:00'");
+			ps.setString(1, serial);
+			ResultSet rs = ps.executeQuery();
+			if (rs.next()) {
+				HttpSession hs = req.getSession();
+				hs.setAttribute(LOGGEDIN, true);
+				hs.setAttribute(USER, new User(rs.getInt(1)));
+			}
+			rs.close();
+		} catch (SQLException e) {
+			e.printStackTrace();
+		}
 	}
 }