X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FLoginPage.java;h=ed01ceb6ccc90e9817cbe1fc64546f136ecaa08e;hb=f1f20db659050299bb4bab64d083b4e193ae3f61;hp=7f34f071bb72581aae38ab9299abecf621f28d0c;hpb=ccf3d903ed99ffe0a4ef32b317687b14698d6a75;p=gigi.git diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java index 7f34f071..ed01ceb6 100644 --- a/src/org/cacert/gigi/pages/LoginPage.java +++ b/src/org/cacert/gigi/pages/LoginPage.java @@ -19,7 +19,7 @@ import org.cacert.gigi.database.GigiResultSet; import org.cacert.gigi.dbObjects.Group; import org.cacert.gigi.dbObjects.User; import org.cacert.gigi.localisation.Language; -import org.cacert.gigi.output.Form; +import org.cacert.gigi.output.template.Form; import org.cacert.gigi.util.PasswordHash; public class LoginPage extends Page { @@ -97,8 +97,17 @@ public class LoginPage extends Page { ps.setString(1, un); GigiResultSet rs = ps.executeQuery(); if (rs.next()) { - if (PasswordHash.verifyHash(pw, rs.getString(1))) { + String dbHash = rs.getString(1); + String hash = PasswordHash.verifyHash(pw, dbHash); + if (hash != null) { + if ( !hash.equals(dbHash)) { + GigiPreparedStatement gps = DatabaseConnection.getInstance().prepare("UPDATE `users` SET `password`=? WHERE `email`=?"); + gps.setString(1, hash); + gps.setString(2, un); + gps.executeUpdate(); + } loginSession(req, User.getById(rs.getInt(2))); + req.getSession().setAttribute(LOGIN_METHOD, "Password"); } } rs.close(); @@ -116,6 +125,8 @@ public class LoginPage extends Page { if (rs.next()) { loginSession(req, User.getById(rs.getInt(1))); req.getSession().setAttribute(CERT_SERIAL, serial); + req.getSession().setAttribute(CERT_ISSUER, x509Certificate.getIssuerDN()); + req.getSession().setAttribute(LOGIN_METHOD, "Certificate"); } rs.close(); }