X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FLoginPage.java;h=ba6e0eecd8f7f2055f11b303a111398c356cd1d3;hb=a6ba2227fa82700906ed246f9513405dcecf4ab5;hp=8129715a99795b6f8f45f6b105008731af56d2ab;hpb=ac2d612bc322ee04e31b611a71765e7ae3f1dcf3;p=gigi.git diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java index 8129715a..ba6e0eec 100644 --- a/src/org/cacert/gigi/pages/LoginPage.java +++ b/src/org/cacert/gigi/pages/LoginPage.java @@ -13,9 +13,9 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.cacert.gigi.GigiApiException; -import org.cacert.gigi.database.DatabaseConnection; import org.cacert.gigi.database.GigiPreparedStatement; import org.cacert.gigi.database.GigiResultSet; +import org.cacert.gigi.dbObjects.CertificateOwner; import org.cacert.gigi.dbObjects.Group; import org.cacert.gigi.dbObjects.User; import org.cacert.gigi.localisation.Language; @@ -99,24 +99,25 @@ public class LoginPage extends Page { private void tryAuthWithUnpw(HttpServletRequest req) { String un = req.getParameter("username"); String pw = req.getParameter("password"); - GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password`, `id` FROM `users` WHERE `email`=? AND verified='1'"); - ps.setString(1, un); - GigiResultSet rs = ps.executeQuery(); - if (rs.next()) { - String dbHash = rs.getString(1); - String hash = PasswordHash.verifyHash(pw, dbHash); - if (hash != null) { - if ( !hash.equals(dbHash)) { - GigiPreparedStatement gps = DatabaseConnection.getInstance().prepare("UPDATE `users` SET `password`=? WHERE `email`=?"); - gps.setString(1, hash); - gps.setString(2, un); - gps.executeUpdate(); + try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `password`, `id` FROM `users` WHERE `email`=? AND verified='1'")) { + ps.setString(1, un); + GigiResultSet rs = ps.executeQuery(); + if (rs.next()) { + String dbHash = rs.getString(1); + String hash = PasswordHash.verifyHash(pw, dbHash); + if (hash != null) { + if ( !hash.equals(dbHash)) { + try (GigiPreparedStatement gps = new GigiPreparedStatement("UPDATE `users` SET `password`=? WHERE `email`=?")) { + gps.setString(1, hash); + gps.setString(2, un); + gps.executeUpdate(); + } + } + loginSession(req, User.getById(rs.getInt(2))); + req.getSession().setAttribute(LOGIN_METHOD, "Password"); } - loginSession(req, User.getById(rs.getInt(2))); - req.getSession().setAttribute(LOGIN_METHOD, "Password"); } } - rs.close(); } public static User getUser(HttpServletRequest req) { @@ -151,17 +152,12 @@ public class LoginPage extends Page { if ( !serial.matches("[A-Fa-f0-9]+")) { throw new Error("serial malformed."); } - GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `memid` FROM `certs` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` is NULL"); - ps.setString(1, serial.toLowerCase()); - GigiResultSet rs = ps.executeQuery(); - User user = null; - if (rs.next()) { - user = User.getById(rs.getInt(1)); - } else { - System.out.println("User with serial " + serial + " not found."); + + CertificateOwner o = CertificateOwner.getByEnabledSerial(serial); + if (o == null || !(o instanceof User)) { + return null; } - rs.close(); - return user; + return (User) o; } public static X509Certificate getCertificateFromRequest(HttpServletRequest req) {