X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FLoginPage.java;h=7be7117735599bf26fb28706b0764600a4009078;hb=d1bf1011c6d19aede47a12d249415e8679abb0d3;hp=583a6da88168dd380ab70e3864f6bd94e2613d47;hpb=dc71766639ada349bb35f676ad811eb113311d4c;p=gigi.git
diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java
index 583a6da8..7be71177 100644
--- a/src/org/cacert/gigi/pages/LoginPage.java
+++ b/src/org/cacert/gigi/pages/LoginPage.java
@@ -25,22 +25,17 @@ public class LoginPage extends Page {
}
@Override
- public void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws IOException {
- resp.getWriter()
- .println(
- "");
+ public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ resp.getWriter().println(
+ "");
}
@Override
- public boolean beforeTemplate(HttpServletRequest req,
- HttpServletResponse resp) throws IOException {
- HttpSession hs = req.getSession();
- if (hs.getAttribute("loggedin") == null) {
- X509Certificate[] cert = (X509Certificate[]) req
- .getAttribute("javax.servlet.request.X509Certificate");
+ public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ String redir = (String) req.getSession().getAttribute(LOGIN_RETURNPATH);
+ if (req.getSession().getAttribute("loggedin") == null) {
+ X509Certificate[] cert = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate");
if (cert != null && cert[0] != null) {
tryAuthWithCertificate(req, cert[0]);
}
@@ -49,8 +44,8 @@ public class LoginPage extends Page {
}
}
- if (hs.getAttribute("loggedin") != null) {
- String s = (String) req.getSession().getAttribute(LOGIN_RETURNPATH);
+ if (req.getSession().getAttribute("loggedin") != null) {
+ String s = redir;
if (s != null) {
if (!s.startsWith("/")) {
s = "/" + s;
@@ -63,20 +58,23 @@ public class LoginPage extends Page {
}
return false;
}
+
@Override
public boolean needsLogin() {
return false;
}
+
private void tryAuthWithUnpw(HttpServletRequest req) {
String un = req.getParameter("username");
String pw = req.getParameter("password");
try {
PreparedStatement ps = DatabaseConnection.getInstance().prepare(
- "SELECT `password`, `id` FROM `users` WHERE `email`=?");
+ "SELECT `password`, `id` FROM `users` WHERE `email`=? AND locked='0' AND verified='1'");
ps.setString(1, un);
ResultSet rs = ps.executeQuery();
if (rs.next()) {
if (PasswordHash.verifyHash(pw, rs.getString(1))) {
+ req.getSession().invalidate();
HttpSession hs = req.getSession();
hs.setAttribute(LOGGEDIN, true);
hs.setAttribute(USER, new User(rs.getInt(2)));
@@ -87,22 +85,21 @@ public class LoginPage extends Page {
e.printStackTrace();
}
}
+
public static User getUser(HttpServletRequest req) {
return (User) req.getSession().getAttribute(USER);
}
- private void tryAuthWithCertificate(HttpServletRequest req,
- X509Certificate x509Certificate) {
- String serial = x509Certificate.getSerialNumber().toString(16)
- .toUpperCase();
+
+ private void tryAuthWithCertificate(HttpServletRequest req, X509Certificate x509Certificate) {
+ String serial = x509Certificate.getSerialNumber().toString(16).toUpperCase();
try {
- PreparedStatement ps = DatabaseConnection
- .getInstance()
- .prepare(
- "SELECT `memid` FROM `emailcerts` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` = "
- + "'0000-00-00 00:00:00'");
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare(
+ "SELECT `memid` FROM `emailcerts` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` = "
+ + "'0000-00-00 00:00:00'");
ps.setString(1, serial);
ResultSet rs = ps.executeQuery();
if (rs.next()) {
+ req.getSession().invalidate();
HttpSession hs = req.getSession();
hs.setAttribute(LOGGEDIN, true);
hs.setAttribute(USER, new User(rs.getInt(1)));