X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FLoginPage.java;h=49b42dbe264c3a7a47ab01fa1e8f89c8ca3d49b6;hb=ea6ee43a84f9a1f055d97ff0de8196569154e4d0;hp=905daf16aa1248252a073f602f6ad6df227018d0;hpb=7e979cc57595d265f750ac2076a34a3565b1197d;p=gigi.git

diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java
index 905daf16..49b42dbe 100644
--- a/src/org/cacert/gigi/pages/LoginPage.java
+++ b/src/org/cacert/gigi/pages/LoginPage.java
@@ -1,9 +1,21 @@
 package org.cacert.gigi.pages;
 
+import static org.cacert.gigi.Gigi.LOGGEDIN;
+import static org.cacert.gigi.Gigi.USER;
+
 import java.io.IOException;
+import java.security.cert.X509Certificate;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import org.cacert.gigi.User;
+import org.cacert.gigi.database.DatabaseConnection;
+import org.cacert.gigi.util.PasswordHash;
 
 public class LoginPage extends Page {
 	public LoginPage(String title) {
@@ -11,13 +23,78 @@ public class LoginPage extends Page {
 	}
 
 	@Override
-	public void doGet(ServletRequest req, ServletResponse resp)
+	public void doGet(HttpServletRequest req, HttpServletResponse resp)
 			throws IOException {
+		HttpSession hs = req.getSession();
+		if (hs.getAttribute("loggedin") == null) {
+			X509Certificate[] cert = (X509Certificate[]) req
+					.getAttribute("javax.servlet.request.X509Certificate");
+			if (cert != null && cert[0] != null) {
+				tryAuthWithCertificate(req, cert[0]);
+			}
+			if (req.getMethod().equals("POST")) {
+				tryAuthWithUnpw(req);
+			}
+		}
+
+		if (hs.getAttribute("loggedin") != null) { // Redir from login
+			resp.sendRedirect("/");
+			return;
+		}
+
 		resp.getWriter()
 				.println(
 						"<form method='POST' action='/login'>"
 								+ "<input type='text' name='username'>"
 								+ "<input type='password' name='password'> <input type='submit' value='login'></form>");
 	}
-
+	@Override
+	public boolean needsLogin() {
+		return false;
+	}
+	private void tryAuthWithUnpw(HttpServletRequest req) {
+		String un = req.getParameter("username");
+		String pw = req.getParameter("password");
+		try {
+			PreparedStatement ps = DatabaseConnection.getInstance().prepare(
+					"SELECT `password`, `id` FROM `users` WHERE `email`=?");
+			ps.setString(1, un);
+			ResultSet rs = ps.executeQuery();
+			if (rs.next()) {
+				if (PasswordHash.verifyHash(pw, rs.getString(1))) {
+					HttpSession hs = req.getSession();
+					hs.setAttribute(LOGGEDIN, true);
+					hs.setAttribute(USER, new User(rs.getInt(2)));
+				}
+			}
+			rs.close();
+		} catch (SQLException e) {
+			e.printStackTrace();
+		}
+	}
+	public static User getUser(HttpServletRequest req) {
+		return (User) req.getSession().getAttribute(USER);
+	}
+	private void tryAuthWithCertificate(HttpServletRequest req,
+			X509Certificate x509Certificate) {
+		String serial = x509Certificate.getSerialNumber().toString(16)
+				.toUpperCase();
+		try {
+			PreparedStatement ps = DatabaseConnection
+					.getInstance()
+					.prepare(
+							"SELECT `memid` FROM `emailcerts` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` = "
+									+ "'0000-00-00 00:00:00'");
+			ps.setString(1, serial);
+			ResultSet rs = ps.executeQuery();
+			if (rs.next()) {
+				HttpSession hs = req.getSession();
+				hs.setAttribute(LOGGEDIN, true);
+				hs.setAttribute(USER, new User(rs.getInt(1)));
+			}
+			rs.close();
+		} catch (SQLException e) {
+			e.printStackTrace();
+		}
+	}
 }