X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FLoginPage.java;h=d2d39ba4fa1d6b9e2b26ff4ee2ffd89b8adb930a;hb=ed2a1041c12f9fcdba56472e1d938bb121166566;hp=19b8853d30162e807eb9b2348f0ea9dfe0fd4cf8;hpb=943d8e7ed0ea5a9d56e7e694a3cbd849c52bad16;p=gigi.git diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java index 19b8853d..d2d39ba4 100644 --- a/src/org/cacert/gigi/pages/LoginPage.java +++ b/src/org/cacert/gigi/pages/LoginPage.java @@ -1,20 +1,20 @@ package org.cacert.gigi.pages; -import static org.cacert.gigi.Gigi.LOGGEDIN; -import static org.cacert.gigi.Gigi.USER; +import static org.cacert.gigi.Gigi.*; import java.io.IOException; import java.security.cert.X509Certificate; -import java.sql.PreparedStatement; -import java.sql.ResultSet; -import java.sql.SQLException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import org.cacert.gigi.User; import org.cacert.gigi.database.DatabaseConnection; +import org.cacert.gigi.database.GigiPreparedStatement; +import org.cacert.gigi.database.GigiResultSet; +import org.cacert.gigi.dbObjects.Group; +import org.cacert.gigi.dbObjects.User; +import org.cacert.gigi.localisation.Language; import org.cacert.gigi.util.PasswordHash; public class LoginPage extends Page { @@ -66,22 +66,15 @@ public class LoginPage extends Page { private void tryAuthWithUnpw(HttpServletRequest req) { String un = req.getParameter("username"); String pw = req.getParameter("password"); - try { - PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password`, `id` FROM `users` WHERE `email`=? AND locked='0' AND verified='1'"); - ps.setString(1, un); - ResultSet rs = ps.executeQuery(); - if (rs.next()) { - if (PasswordHash.verifyHash(pw, rs.getString(1))) { - req.getSession().invalidate(); - HttpSession hs = req.getSession(); - hs.setAttribute(LOGGEDIN, true); - hs.setAttribute(USER, new User(rs.getInt(2))); - } + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password`, `id` FROM `users` WHERE `email`=? AND verified='1'"); + ps.setString(1, un); + GigiResultSet rs = ps.executeQuery(); + if (rs.next()) { + if (PasswordHash.verifyHash(pw, rs.getString(1))) { + loginSession(req, User.getById(rs.getInt(2))); } - rs.close(); - } catch (SQLException e) { - e.printStackTrace(); } + rs.close(); } public static User getUser(HttpServletRequest req) { @@ -90,19 +83,30 @@ public class LoginPage extends Page { private void tryAuthWithCertificate(HttpServletRequest req, X509Certificate x509Certificate) { String serial = x509Certificate.getSerialNumber().toString(16).toUpperCase(); - try { - PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `memid` FROM `emailcerts` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` = " + "'0000-00-00 00:00:00'"); - ps.setString(1, serial); - ResultSet rs = ps.executeQuery(); - if (rs.next()) { - req.getSession().invalidate(); - HttpSession hs = req.getSession(); - hs.setAttribute(LOGGEDIN, true); - hs.setAttribute(USER, new User(rs.getInt(1))); - } - rs.close(); - } catch (SQLException e) { - e.printStackTrace(); + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `memid` FROM `certs` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` is NULL"); + ps.setString(1, serial); + GigiResultSet rs = ps.executeQuery(); + if (rs.next()) { + loginSession(req, User.getById(rs.getInt(1))); } + rs.close(); + } + + private static final Group LOGIN_BLOCKED = Group.getByString("blockedlogin"); + + private void loginSession(HttpServletRequest req, User user) { + if (user.isInGroup(LOGIN_BLOCKED)) { + return; + } + req.getSession().invalidate(); + HttpSession hs = req.getSession(); + hs.setAttribute(LOGGEDIN, true); + hs.setAttribute(Language.SESSION_ATTRIB_NAME, user.getPreferredLocale()); + hs.setAttribute(USER, user); + } + + @Override + public boolean isPermitted(User u) { + return u == null; } }