X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FUser.java;h=0eed2b8c501cfd93aa20754535a20f5e3464c66a;hb=2233a655b4ef4c1122a406e83a0e6334b9fd49b6;hp=79ea8c68e5b8fe0ba3fc033cf517f13fc193fd06;hpb=54b3cdedb79fbb6227b369da0dfae0e74f672a7c;p=gigi.git

diff --git a/src/org/cacert/gigi/User.java b/src/org/cacert/gigi/User.java
index 79ea8c68..0eed2b8c 100644
--- a/src/org/cacert/gigi/User.java
+++ b/src/org/cacert/gigi/User.java
@@ -8,6 +8,7 @@ import java.util.Calendar;
 
 import org.cacert.gigi.database.DatabaseConnection;
 import org.cacert.gigi.util.PasswordHash;
+import org.cacert.gigi.util.PasswordStrengthChecker;
 
 public class User {
 
@@ -116,6 +117,30 @@ public class User {
 		id = DatabaseConnection.lastInsertId(query);
 	}
 
+	public void changePassword(String oldPass, String newPass) throws GigiApiException {
+		try {
+			PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password` FROM users WHERE id=?");
+			ps.setInt(1, id);
+			ResultSet rs = ps.executeQuery();
+			if (!rs.next()) {
+				throw new GigiApiException("User not found... very bad.");
+			}
+			if (!PasswordHash.verifyHash(oldPass, rs.getString(1))) {
+				throw new GigiApiException("Old password does not match.");
+			}
+			rs.close();
+			PasswordStrengthChecker.assertStrongPassword(newPass, this);
+			ps = DatabaseConnection.getInstance().prepare("UPDATE users SET `password`=? WHERE id=?");
+			ps.setString(1, PasswordHash.hash(newPass));
+			ps.setInt(2, id);
+			if (ps.executeUpdate() != 1) {
+				throw new GigiApiException("Password update failed.");
+			}
+		} catch (SQLException e) {
+			throw new GigiApiException(e);
+		}
+	}
+
 	public boolean canAssure() throws SQLException {
 		if (getAssurancePoints() < 100) {
 			return false;
@@ -262,4 +287,17 @@ public class User {
 			e.printStackTrace();
 		}
 	}
+
+	public void deleteEmail(EmailAddress mail) {
+		if (getEmail().equals(mail.getAddress())) {
+			throw new IllegalArgumentException("Can't delete user's default e-mail.");
+		}
+		try {
+			PreparedStatement ps = DatabaseConnection.getInstance().prepare("DELETE FROM email WHERE id=?");
+			ps.setInt(1, mail.getId());
+			ps.execute();
+		} catch (SQLException e) {
+			e.printStackTrace();
+		}
+	}
 }