X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2Fwot%2FAssurePage.java;h=015029601bbaeab65177fe572d1b890141bf3632;hb=dc56db5699a7381aadbc5d167aa03ce037bc9b4f;hp=1ff8410c1b06eae6a5dc32989d06866cb1b1fc02;hpb=36af379666d84138230d9c53b583509514ce5e05;p=gigi.git

diff --git a/src/org/cacert/gigi/pages/wot/AssurePage.java b/src/org/cacert/gigi/pages/wot/AssurePage.java
index 1ff8410c..01502960 100644
--- a/src/org/cacert/gigi/pages/wot/AssurePage.java
+++ b/src/org/cacert/gigi/pages/wot/AssurePage.java
@@ -16,11 +16,13 @@ import org.cacert.gigi.User;
 import org.cacert.gigi.database.DatabaseConnection;
 import org.cacert.gigi.output.DateSelector;
 import org.cacert.gigi.output.Template;
+import org.cacert.gigi.output.Form.CSRFError;
 import org.cacert.gigi.pages.LoginPage;
 import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.Notary;
 
 public class AssurePage extends Page {
-	public static final String PATH = "/wot/assure/*";
+	public static final String PATH = "/wot/assure";
 	public static final String SESSION = "/wot/assure/FORM";
 	DateSelector ds = new DateSelector("day", "month", "year");
 	Template t;
@@ -28,7 +30,8 @@ public class AssurePage extends Page {
 	public AssurePage() {
 		super("Assure someone");
 		t = new Template(new InputStreamReader(
-				AssurePage.class.getResourceAsStream("AssureeSearch.templ")));
+				AssuranceForm.class.getResourceAsStream("AssureeSearch.templ")));
+
 	}
 
 	@Override
@@ -36,15 +39,14 @@ public class AssurePage extends Page {
 			throws IOException {
 
 		PrintWriter out = resp.getWriter();
-		String pi = req.getPathInfo().substring(PATH.length() - 2);
+		String pi = req.getPathInfo().substring(PATH.length());
 		if (pi.length() > 1) {
 			User myself = LoginPage.getUser(req);
 			int mid = Integer.parseInt(pi.substring(1));
-			if (mid == myself.getId()) {
-				out.println("Cannot assure myself.");
+
+			if (!Notary.checkAssuranceIsPossible(myself, new User(mid), out)) {
 				return;
 			}
-
 			HttpSession hs = req.getSession();
 			AssuranceForm form = (AssuranceForm) hs.getAttribute(SESSION);
 			if (form == null || form.assuree.getId() != mid) {
@@ -63,41 +65,78 @@ public class AssurePage extends Page {
 	public void doPost(HttpServletRequest req, HttpServletResponse resp)
 			throws IOException {
 		PrintWriter out = resp.getWriter();
-		String pi = req.getPathInfo().substring(PATH.length() - 2);
+		String pi = req.getPathInfo().substring(PATH.length());
 		if (pi.length() > 1) {
+			User myself = LoginPage.getUser(req);
+			int mid = Integer.parseInt(pi.substring(1));
+			if (mid == myself.getId()) {
+				out.println("Cannot assure myself.");
+				return;
+			}
+
 			AssuranceForm form = (AssuranceForm) req.getSession().getAttribute(
 					SESSION);
 			if (form == null) {
 				out.println("No form found. This is an Error. Fill in the form again.");
+				return;
+			}
+			try {
+				form.submit(out, req);
+			} catch (CSRFError e) {
+				resp.sendError(500, "CSRF Failed");
+				out.println(translate(req, "CSRF Token failed."));
 			}
-			form.submit(out, req);
 
 			return;
 		}
 
 		System.out.println("searching for");
+		ResultSet rs = null;
 		try {
-			PreparedStatement ps = DatabaseConnection.getInstance().prepare(
-					"SELECT id FROM users WHERE email=? AND dob=?");
+			PreparedStatement ps = DatabaseConnection
+					.getInstance()
+					.prepare(
+							"SELECT id, verified FROM users WHERE email=? AND dob=? AND deleted=0");
 			ps.setString(1, req.getParameter("email"));
 			String day = req.getParameter("year") + "-"
 					+ req.getParameter("month") + "-" + req.getParameter("day");
 			ps.setString(2, day);
-			ResultSet rs = ps.executeQuery();
+			rs = ps.executeQuery();
 			int id = 0;
 			if (rs.next()) {
 				id = rs.getInt(1);
-			}
-			if (rs.next()) {
-				out.println("Error, ambigous user. Please contact support@cacert.org");
+				int verified = rs.getInt(2);
+				if (rs.next()) {
+					out.println("Error, ambigous user. Please contact support@cacert.org.");
+				} else {
+					if (verified == 0) {
+						out.println(translate(req,
+								"User is not yet verified. Please try again in 24 hours!"));
+					}
+					resp.sendRedirect(PATH + "/" + id);
+				}
 			} else {
-				resp.sendRedirect(PATH.substring(0, PATH.length() - 2) + "/"
-						+ id);
+				out.print("<div class='formError'>");
+
+				out.println(translate(
+						req,
+						"I'm sorry, there was no email and date of birth matching"
+								+ " what you entered in the system. Please double check"
+								+ " your information."));
+				out.print("</div>");
 			}
 
 			rs.close();
 		} catch (SQLException e) {
 			e.printStackTrace();
+		} finally {
+			try {
+				if (rs != null) {
+					rs.close();
+				}
+			} catch (SQLException e) {
+				e.printStackTrace();
+			}
 		}
 	}
 }