X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FGigi.java;h=8fbdbc22b71e06ded2748347f76331b685e0ac22;hb=457c7c1aeadfb4145572ec1155603ae4bebfedd3;hp=0cf0c62cc8739dfc8cc37bb85aef2ef52ba8bb0b;hpb=f92f284f3a80e1f8fd87d2cc63288e1f1bbfeb9d;p=gigi.git

diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java
index 0cf0c62c..8fbdbc22 100644
--- a/src/org/cacert/gigi/Gigi.java
+++ b/src/org/cacert/gigi/Gigi.java
@@ -6,6 +6,9 @@ import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStreamReader;
 import java.security.cert.X509Certificate;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
 import java.util.Calendar;
 import java.util.HashMap;
 
@@ -15,12 +18,17 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import org.cacert.gigi.database.DatabaseConnection;
 import org.cacert.gigi.pages.LoginPage;
 import org.cacert.gigi.pages.MainPage;
 import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.pages.main.RegisterPage;
+import org.cacert.gigi.util.PasswordHash;
 import org.eclipse.jetty.util.log.Log;
 
 public class Gigi extends HttpServlet {
+	public static final String LOGGEDIN = "loggedin";
+	public static final String USER = "user";
 	private static final long serialVersionUID = -6386785421902852904L;
 	private String[] baseTemplate;
 	private HashMap<String, Page> pages = new HashMap<String, Page>();
@@ -29,6 +37,7 @@ public class Gigi extends HttpServlet {
 	public void init() throws ServletException {
 		pages.put("/login", new LoginPage("CACert - Login"));
 		pages.put("/", new MainPage("CACert - Home"));
+		pages.put(RegisterPage.PATH, new RegisterPage());
 		String templ = "";
 		try {
 			BufferedReader reader = new BufferedReader(new InputStreamReader(
@@ -51,7 +60,7 @@ public class Gigi extends HttpServlet {
 		X509Certificate[] cert = (X509Certificate[]) req
 				.getAttribute("javax.servlet.request.X509Certificate");
 		HttpSession hs = req.getSession(false);
-		if (hs == null || !((Boolean) hs.getAttribute("loggedin"))) {
+		if (hs == null || hs.getAttribute(LOGGEDIN) == null) {
 			if (cert != null) {
 				tryAuthWithCertificate(req, cert[0]);
 				hs = req.getSession(false);
@@ -70,7 +79,7 @@ public class Gigi extends HttpServlet {
 		}
 		if (req.getPathInfo() != null && req.getPathInfo().equals("/logout")) {
 			if (hs != null) {
-				hs.setAttribute("loggedin", false);
+				hs.setAttribute(LOGGEDIN, null);
 				hs.invalidate();
 			}
 			resp.sendRedirect("/");
@@ -89,6 +98,10 @@ public class Gigi extends HttpServlet {
 			b0 = makeDynTempl(b0, p);
 			resp.setContentType("text/html");
 			resp.getWriter().print(b0);
+			if (hs != null && hs.getAttribute(LOGGEDIN) != null) {
+				resp.getWriter().println(
+						"Hi " + ((User) hs.getAttribute(USER)).getFname());
+			}
 			p.doGet(req, resp);
 			String b1 = baseTemplate[1];
 			b1 = makeDynTempl(b1, p);
@@ -98,7 +111,6 @@ public class Gigi extends HttpServlet {
 		}
 
 	}
-
 	private String makeDynTempl(String in, Page p) {
 		int year = Calendar.getInstance().get(Calendar.YEAR);
 		in = in.replaceAll("\\$title\\$", p.getTitle());
@@ -108,15 +120,43 @@ public class Gigi extends HttpServlet {
 	private void authWithUnpw(HttpServletRequest req) {
 		String un = req.getParameter("username");
 		String pw = req.getParameter("password");
-		// TODO dummy password check if (un.equals(pw)) {
-		HttpSession hs = req.getSession();
-		hs.setAttribute("loggedin", true);
+		try {
+			PreparedStatement ps = DatabaseConnection.getInstance().prepare(
+					"SELECT `password`, `id` FROM `users` WHERE `email`=?");
+			ps.setString(1, un);
+			ResultSet rs = ps.executeQuery();
+			if (rs.next()) {
+				if (PasswordHash.verifyHash(pw, rs.getString(1))) {
+					HttpSession hs = req.getSession();
+					hs.setAttribute(LOGGEDIN, true);
+					hs.setAttribute(USER, new User(rs.getInt(2)));
+				}
+			}
+			rs.close();
+		} catch (SQLException e) {
+			e.printStackTrace();
+		}
 	}
-
 	private void tryAuthWithCertificate(HttpServletRequest req,
 			X509Certificate x509Certificate) {
-		// TODO ckeck if certificate is valid
-		HttpSession hs = req.getSession();
-		hs.setAttribute("loggedin", true);
+		String serial = x509Certificate.getSerialNumber().toString(16)
+				.toUpperCase();
+		try {
+			PreparedStatement ps = DatabaseConnection
+					.getInstance()
+					.prepare(
+							"SELECT `memid` FROM `emailcerts` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` = "
+									+ "'0000-00-00 00:00:00'");
+			ps.setString(1, serial);
+			ResultSet rs = ps.executeQuery();
+			if (rs.next()) {
+				HttpSession hs = req.getSession();
+				hs.setAttribute(LOGGEDIN, true);
+				hs.setAttribute(USER, new User(rs.getInt(1)));
+			}
+			rs.close();
+		} catch (SQLException e) {
+			e.printStackTrace();
+		}
 	}
 }