X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2Fmain%2FSignup.java;h=75a14cfe0a5e16717082fc758add697912581ecd;hb=f1abe1d0fa681917a0a87ce35359d1e204e69867;hp=500598181b003dcca003e646da46cfa118b28d65;hpb=673e3f834a719f3b1bfceedfd801a21ca7842cf2;p=gigi.git diff --git a/src/org/cacert/gigi/pages/main/Signup.java b/src/org/cacert/gigi/pages/main/Signup.java index 50059818..75a14cfe 100644 --- a/src/org/cacert/gigi/pages/main/Signup.java +++ b/src/org/cacert/gigi/pages/main/Signup.java @@ -9,7 +9,6 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.cacert.gigi.GigiApiException; -import org.cacert.gigi.database.DatabaseConnection; import org.cacert.gigi.database.GigiPreparedStatement; import org.cacert.gigi.database.GigiResultSet; import org.cacert.gigi.dbObjects.Name; @@ -20,6 +19,7 @@ import org.cacert.gigi.output.DateSelector; import org.cacert.gigi.output.template.Form; import org.cacert.gigi.output.template.Template; import org.cacert.gigi.pages.Page; +import org.cacert.gigi.util.CalendarUtil; import org.cacert.gigi.util.HTMLEncoder; import org.cacert.gigi.util.Notary; import org.cacert.gigi.util.PasswordStrengthChecker; @@ -99,8 +99,13 @@ public class Signup extends Form { if ( !myDoB.isValid()) { outputError(out, req, "Invalid date of birth"); } - if ( !"1".equals(req.getParameter("cca_agree"))) { - outputError(out, req, "You have to agree to the CAcert Community agreement."); + + if ( !CalendarUtil.isOfAge(myDoB.getDate(), User.MINIMUM_AGE)) { + outputError(out, req, "Entered dated of birth is below the restricted age requirements."); + } + + if ( !"1".equals(req.getParameter("tos_agree"))) { + outputError(out, req, "Acceptance of the ToS is required to continue."); } if (email.equals("")) { outputError(out, req, "Email Address was blank"); @@ -119,26 +124,24 @@ public class Signup extends Form { if (isFailed(out)) { return false; } - GigiPreparedStatement q1 = DatabaseConnection.getInstance().prepare("SELECT * FROM `emails` WHERE `email`=? AND `deleted` IS NULL"); - GigiPreparedStatement q2 = DatabaseConnection.getInstance().prepare("SELECT * FROM `certOwners` INNER JOIN `users` ON `users`.`id`=`certOwners`.`id` WHERE `email`=? AND `deleted` IS NULL"); - q1.setString(1, email); - q2.setString(1, email); - GigiResultSet r1 = q1.executeQuery(); - GigiResultSet r2 = q2.executeQuery(); - if (r1.next() || r2.next()) { - outputError(out, req, "This email address is currently valid in the system."); - } - r1.close(); - r2.close(); - GigiPreparedStatement q3 = DatabaseConnection.getInstance().prepare("SELECT `domain` FROM `baddomains` WHERE `domain`=RIGHT(?, LENGTH(`domain`))"); - q3.setString(1, email); - - GigiResultSet r3 = q3.executeQuery(); - if (r3.next()) { - String domain = r3.getString(1); - outputError(out, req, "We don't allow signups from people using email addresses from %s", domain); - } - r3.close(); + try (GigiPreparedStatement q1 = new GigiPreparedStatement("SELECT * FROM `emails` WHERE `email`=? AND `deleted` IS NULL"); GigiPreparedStatement q2 = new GigiPreparedStatement("SELECT * FROM `certOwners` INNER JOIN `users` ON `users`.`id`=`certOwners`.`id` WHERE `email`=? AND `deleted` IS NULL")) { + q1.setString(1, email); + q2.setString(1, email); + GigiResultSet r1 = q1.executeQuery(); + GigiResultSet r2 = q2.executeQuery(); + if (r1.next() || r2.next()) { + outputError(out, req, "This email address is currently valid in the system."); + } + } + try (GigiPreparedStatement q3 = new GigiPreparedStatement("SELECT `domain` FROM `baddomains` WHERE `domain`=RIGHT(?, LENGTH(`domain`))")) { + q3.setString(1, email); + + GigiResultSet r3 = q3.executeQuery(); + if (r3.next()) { + String domain = r3.getString(1); + outputError(out, req, "We don't allow signups from people using email addresses from %s", domain); + } + } String mailResult = EmailProvider.FAIL; try { mailResult = HTMLEncoder.encodeHTML(EmailProvider.getInstance().checkEmailServer(0, email)); @@ -160,35 +163,33 @@ public class Signup extends Form { if (isFailed(out)) { return false; } + if (RegisterPage.RATE_LIMIT.isLimitExceeded(req.getRemoteAddr())) { + outputError(out, req, "Rate Limit Exceeded"); + return false; + } try { run(req, pw1); } catch (SQLException e) { e.printStackTrace(); } catch (GigiApiException e) { - outputError(out, req, e.getMessage()); + e.format(out, Page.getLanguage(req)); return false; } return true; } private void run(HttpServletRequest req, String password) throws SQLException, GigiApiException { - try { - DatabaseConnection.getInstance().beginTransaction(); - User u = new User(email, password, buildupName, myDoB.getDate(), Page.getLanguage(req).getLocale()); + User u = new User(email, password, buildupName, myDoB.getDate(), Page.getLanguage(req).getLocale()); - GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO `alerts` SET `memid`=?," + " `general`=?, `country`=?, `regional`=?, `radius`=?"); + try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `alerts` SET `memid`=?," + " `general`=?, `country`=?, `regional`=?, `radius`=?")) { ps.setInt(1, u.getId()); ps.setBoolean(2, general); ps.setBoolean(3, country); ps.setBoolean(4, regional); ps.setBoolean(5, radius); ps.execute(); - Notary.writeUserAgreement(u, "CCA", "account creation", "", true, 0); - - DatabaseConnection.getInstance().commitTransaction(); - } finally { - DatabaseConnection.getInstance().quitTransaction(); } + Notary.writeUserAgreement(u, "ToS", "account creation", "", true, 0); } }