X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FUser.java;h=10a10fd34283e8e03e3940af4bd3db17a736cc76;hb=562f4e5fabe180a8dfc4894241a89cae0d1655ee;hp=50e13ac044e14b9e187117b44ac72a4ea533939f;hpb=06c5d96d7dc2df71a1658e1c7c9e34ad065d10d7;p=gigi.git

diff --git a/src/org/cacert/gigi/User.java b/src/org/cacert/gigi/User.java
index 50e13ac0..10a10fd3 100644
--- a/src/org/cacert/gigi/User.java
+++ b/src/org/cacert/gigi/User.java
@@ -3,17 +3,18 @@ package org.cacert.gigi;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
-import java.util.Date;
+import java.sql.Date;
+import java.util.Calendar;
 
 import org.cacert.gigi.database.DatabaseConnection;
+import org.cacert.gigi.util.PasswordHash;
+import org.cacert.gigi.util.PasswordStrengthChecker;
 
 public class User {
 
 	private int id;
-	String fname;
-	String mname;
-	String lname;
-	String suffix;
+	Name name = new Name(null, null, null, null);
+
 	Date dob;
 	String email;
 
@@ -21,61 +22,249 @@ public class User {
 		this.id = id;
 		try {
 			PreparedStatement ps = DatabaseConnection.getInstance().prepare(
-					"SELECT `fname`, `lname` FROM `users` WHERE id=?");
+				"SELECT `fname`, `lname`,`mname`, `suffix`, `dob`, `email` FROM `users` WHERE id=?");
 			ps.setInt(1, id);
 			ResultSet rs = ps.executeQuery();
 			if (rs.next()) {
-				fname = rs.getString(1);
-				lname = rs.getString(2);
+				name = new Name(rs.getString(1), rs.getString(2), rs.getString(3), rs.getString(4));
+				dob = rs.getDate(5);
+				email = rs.getString(6);
 			}
 			rs.close();
 		} catch (SQLException e) {
 			e.printStackTrace();
 		}
 	}
+
 	public User() {
 	}
+
 	public int getId() {
 		return id;
 	}
+
 	public String getFname() {
-		return fname;
+		return name.fname;
 	}
+
 	public String getLname() {
-		return lname;
+		return name.lname;
 	}
+
 	public String getMname() {
-		return mname;
+		return name.mname;
+	}
+
+	public Name getName() {
+		return name;
 	}
+
 	public void setMname(String mname) {
-		this.mname = mname;
+		this.name.mname = mname;
 	}
+
 	public String getSuffix() {
-		return suffix;
+		return name.suffix;
 	}
+
 	public void setSuffix(String suffix) {
-		this.suffix = suffix;
+		this.name.suffix = suffix;
 	}
+
 	public Date getDob() {
 		return dob;
 	}
+
 	public void setDob(Date dob) {
 		this.dob = dob;
 	}
+
 	public String getEmail() {
 		return email;
 	}
+
 	public void setEmail(String email) {
 		this.email = email;
 	}
+
 	public void setId(int id) {
 		this.id = id;
 	}
+
 	public void setFname(String fname) {
-		this.fname = fname;
+		this.name.fname = fname;
 	}
+
 	public void setLname(String lname) {
-		this.lname = lname;
+		this.name.lname = lname;
+	}
+
+	public void insert(String password) throws SQLException {
+		if (id != 0) {
+			throw new Error("refusing to insert");
+		}
+		PreparedStatement query = DatabaseConnection.getInstance().prepare(
+			"insert into `users` set `email`=?, `password`=?, " + "`fname`=?, `mname`=?, `lname`=?, "
+				+ "`suffix`=?, `dob`=?, `created`=NOW(), locked=0");
+		query.setString(1, email);
+		query.setString(2, PasswordHash.hash(password));
+		query.setString(3, name.fname);
+		query.setString(4, name.mname);
+		query.setString(5, name.lname);
+		query.setString(6, name.suffix);
+		query.setDate(7, new java.sql.Date(dob.getTime()));
+		query.execute();
+		id = DatabaseConnection.lastInsertId(query);
+	}
+
+	public void changePassword(String oldPass, String newPass) throws GigiApiException {
+		try {
+			PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password` FROM users WHERE id=?");
+			ps.setInt(1, id);
+			ResultSet rs = ps.executeQuery();
+			if (!rs.next()) {
+				throw new GigiApiException("User not found... very bad.");
+			}
+			if (!PasswordHash.verifyHash(oldPass, rs.getString(1))) {
+				throw new GigiApiException("Old password does not match.");
+			}
+			rs.close();
+			PasswordStrengthChecker.assertStrongPassword(newPass, this);
+			ps = DatabaseConnection.getInstance().prepare("UPDATE users SET `password`=? WHERE id=?");
+			ps.setString(1, PasswordHash.hash(newPass));
+			ps.setInt(2, id);
+			if (ps.executeUpdate() != 1) {
+				throw new GigiApiException("Password update failed.");
+			}
+		} catch (SQLException e) {
+			throw new GigiApiException(e);
+		}
+	}
+
+	public boolean canAssure() throws SQLException {
+		if (getAssurancePoints() < 100) {
+			return false;
+		}
+
+		return hasPassedCATS();
+
+	}
+
+	public boolean hasPassedCATS() throws SQLException {
+		PreparedStatement query = DatabaseConnection.getInstance().prepare(
+			"SELECT 1 FROM `cats_passed` where `user_id`=?");
+		query.setInt(1, id);
+		ResultSet rs = query.executeQuery();
+		if (rs.next()) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+
+	public int getAssurancePoints() throws SQLException {
+		PreparedStatement query = DatabaseConnection.getInstance().prepare(
+			"SELECT sum(points) FROM `notary` where `to`=? AND `deleted`=0");
+		query.setInt(1, id);
+		ResultSet rs = query.executeQuery();
+		int points = 0;
+		if (rs.next()) {
+			points = rs.getInt(1);
+		}
+		rs.close();
+		return points;
+	}
+
+	public int getExperiencePoints() throws SQLException {
+		PreparedStatement query = DatabaseConnection.getInstance().prepare(
+			"SELECT count(*) FROM `notary` where `from`=? AND `deleted`=0");
+		query.setInt(1, id);
+		ResultSet rs = query.executeQuery();
+		int points = 0;
+		if (rs.next()) {
+			points = rs.getInt(1) * 2;
+		}
+		rs.close();
+		return points;
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if (!(obj instanceof User)) {
+			return false;
+		}
+		User s = (User) obj;
+		return name.equals(s.name) && email.equals(s.email) && dob.toString().equals(s.dob.toString()); // This
+																										// is
+																										// due
+																										// to
+																										// day
+																										// cutoff
 	}
 
+	/**
+	 * Gets the maximum allowed points NOW. Note that an assurance needs to
+	 * re-check PoJam as it has taken place in the past.
+	 * 
+	 * @return the maximal points
+	 * @throws SQLException
+	 */
+	public int getMaxAssurePoints() throws SQLException {
+		int exp = getExperiencePoints();
+		int points = 10;
+		Calendar c = Calendar.getInstance();
+		c.setTime(dob);
+		int year = c.get(Calendar.YEAR);
+		int month = c.get(Calendar.MONTH);
+		int day = c.get(Calendar.DAY_OF_MONTH);
+		c.set(year + 18, month, day);
+		if (System.currentTimeMillis() < c.getTime().getTime()) {
+			return points; // not 18 Years old.
+		}
+
+		if (exp >= 10) {
+			points += 5;
+		}
+		if (exp >= 20) {
+			points += 5;
+		}
+		if (exp >= 30) {
+			points += 5;
+		}
+		if (exp >= 40) {
+			points += 5;
+		}
+		if (exp >= 50) {
+			points += 5;
+		}
+		return points;
+	}
+
+	public static User getById(int id) {
+		return new User(id);
+	}
+
+	public EmailAddress[] getEmails() {
+		try {
+			PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id FROM email WHERE memid=?");
+			ps.setInt(1, id);
+			ResultSet rs = ps.executeQuery();
+			rs.last();
+			int count = rs.getRow();
+			EmailAddress[] data = new EmailAddress[count];
+			rs.beforeFirst();
+			for (int i = 0; i < data.length; i++) {
+				if (!rs.next()) {
+					throw new Error("Internal sql api violation.");
+				}
+				data[i] = EmailAddress.getById(rs.getInt(1));
+			}
+			rs.close();
+			return data;
+		} catch (SQLException e) {
+			e.printStackTrace();
+		}
+
+		return null;
+	}
 }