]> WPIA git - gigi.git/blob - src/org/cacert/gigi/pages/main/Signup.java
projects / gigi.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Refactor "Email checker" (for testing purposes)
[gigi.git] / src / org / cacert / gigi / pages / main / Signup.java
1 package org.cacert.gigi.pages.main;
2
3 import java.io.IOException;
4 import java.io.InputStreamReader;
5 import java.io.PrintWriter;
6 import java.io.UnsupportedEncodingException;
7 import java.sql.PreparedStatement;
8 import java.sql.ResultSet;
9 import java.sql.SQLException;
10 import java.util.Date;
11 import java.util.HashMap;
12
13 import javax.servlet.ServletRequest;
14 import javax.servlet.http.HttpServletRequest;
15
16 import org.cacert.gigi.Language;
17 import org.cacert.gigi.User;
18 import org.cacert.gigi.database.DatabaseConnection;
19 import org.cacert.gigi.email.EmailProvider;
20 import org.cacert.gigi.output.DateSelector;
21 import org.cacert.gigi.output.Template;
22 import org.cacert.gigi.pages.Page;
23 import org.cacert.gigi.util.HTMLEncoder;
24 import org.cacert.gigi.util.Notary;
25 import org.cacert.gigi.util.PasswordStrengthChecker;
26 import org.cacert.gigi.util.RandomToken;
27 import org.cacert.gigi.util.ServerConstants;
28
29 public class Signup {
30         User buildup = new User();
31         Template t;
32         boolean general = true, country = true, regional = true, radius = true;
33         public Signup() {
34                 try {
35                         t = new Template(new InputStreamReader(
36                                         Signup.class.getResourceAsStream("Signup.templ"), "UTF-8"));
37                 } catch (UnsupportedEncodingException e) {
38                         e.printStackTrace();
39                 }
40                 buildup.setFname("");
41                 buildup.setMname("");
42                 buildup.setLname("");
43                 buildup.setSuffix("");
44                 buildup.setEmail("");
45                 buildup.setDob(new Date(0));
46         }
47         DateSelector myDoB = new DateSelector("day", "month", "year");
48
49         public void writeForm(PrintWriter out, Language l) {
50                 HashMap<String, Object> vars = new HashMap<String, Object>();
51                 vars.put("fname", HTMLEncoder.encodeHTML(buildup.getFname()));
52                 vars.put("mname", HTMLEncoder.encodeHTML(buildup.getMname()));
53                 vars.put("lname", HTMLEncoder.encodeHTML(buildup.getLname()));
54                 vars.put("suffix", HTMLEncoder.encodeHTML(buildup.getSuffix()));
55                 vars.put("dob", myDoB);
56                 vars.put("email", HTMLEncoder.encodeHTML(buildup.getEmail()));
57                 vars.put("general", general ? " checked=\"checked\"" : "");
58                 vars.put("country", country ? " checked=\"checked\"" : "");
59                 vars.put("regional", regional ? " checked=\"checked\"" : "");
60                 vars.put("radius", radius ? " checked=\"checked\"" : "");
61                 vars.put(
62                                 "helpOnNames",
63                                 String.format(
64                                                 l.getTranslation("Help on Names %sin the wiki%s"),
65                                                 "<a href=\"//wiki.cacert.org/FAQ/HowToEnterNamesInJoinForm\" target=\"_blank\">",
66                                                 "</a>"));
67                 t.output(out, l, vars);
68         }
69         private void update(HttpServletRequest r) {
70                 if (r.getParameter("fname") != null) {
71                         buildup.setFname(r.getParameter("fname"));
72                 }
73                 if (r.getParameter("lname") != null) {
74                         buildup.setLname(r.getParameter("lname"));
75                 }
76                 if (r.getParameter("mname") != null) {
77                         buildup.setMname(r.getParameter("mname"));
78                 }
79                 if (r.getParameter("suffix") != null) {
80                         buildup.setSuffix(r.getParameter("suffix"));
81                 }
82                 if (r.getParameter("email") != null) {
83                         buildup.setEmail(r.getParameter("email"));
84                 }
85                 general = "1".equals(r.getParameter("general"));
86                 country = "1".equals(r.getParameter("country"));
87                 regional = "1".equals(r.getParameter("regional"));
88                 radius = "1".equals(r.getParameter("radius"));
89                 myDoB.update(r);
90         }
91
92         public synchronized boolean submit(PrintWriter out, HttpServletRequest req) {
93                 update(req);
94                 boolean failed = false;
95                 out.println("<div class='formError'>");
96                 if (buildup.getFname().equals("") || buildup.getLname().equals("")) {
97                         outputError(out, req, "First and/or last names were blank.");
98                         failed = true;
99                 }
100                 if (!myDoB.isValid()) {
101                         outputError(out, req, "Invalid date of birth");
102                         failed = true;
103                 }
104                 if (!"1".equals(req.getParameter("cca_agree"))) {
105                         outputError(out, req,
106                                         "You have to agree to the CAcert Community agreement.");
107                         failed = true;
108                 }
109                 if (buildup.getEmail().equals("")) {
110                         outputError(out, req, "Email Address was blank");
111                         failed = true;
112                 }
113                 String pw1 = req.getParameter("pword1");
114                 String pw2 = req.getParameter("pword2");
115                 if (pw1 == null || pw1.equals("")) {
116                         outputError(out, req, "Pass Phrases were blank");
117                         failed = true;
118                 } else if (!pw1.equals(pw2)) {
119                         outputError(out, req, "Pass Phrases don't match");
120                         failed = true;
121                 }
122                 int pwpoints = PasswordStrengthChecker.checkpw(pw1, buildup);
123                 if (pwpoints < 3) {
124                         outputError(
125                                         out,
126                                         req,
127                                         "The Pass Phrase you submitted failed to contain enough"
128                                                         + " differing characters and/or contained words from"
129                                                         + " your name and/or email address.");
130                         failed = true;
131                 }
132                 if (failed) {
133                         out.println("</div>");
134                         return false;
135                 }
136                 try {
137                         PreparedStatement q1 = DatabaseConnection.getInstance().prepare(
138                                         "select * from `email` where `email`=? and `deleted`=0");
139                         PreparedStatement q2 = DatabaseConnection.getInstance().prepare(
140                                         "select * from `users` where `email`=? and `deleted`=0");
141                         q1.setString(1, buildup.getEmail());
142                         q2.setString(1, buildup.getEmail());
143                         ResultSet r1 = q1.executeQuery();
144                         ResultSet r2 = q2.executeQuery();
145                         if (r1.next() || r2.next()) {
146                                 outputError(out, req,
147                                                 "This email address is currently valid in the system.");
148                                 failed = true;
149                         }
150                         r1.close();
151                         r2.close();
152                         PreparedStatement q3 = DatabaseConnection
153                                         .getInstance()
154                                         .prepare(
155                                                         "select `domain` from `baddomains` where `domain`=RIGHT(?, LENGTH(`domain`))");
156                         q3.setString(1, buildup.getEmail());
157
158                         ResultSet r3 = q3.executeQuery();
159                         if (r3.next()) {
160                                 String domain = r3.getString(1);
161                                 out.print("<div>");
162                                 out.print(String.format(
163                                                 Page.translate(req,
164                                                                 "We don't allow signups from people using email addresses from %s"),
165                                                 domain));
166                                 out.println("</div>");
167                                 failed = true;
168                         }
169                         r3.close();
170                 } catch (SQLException e) {
171                         e.printStackTrace();
172                         failed = true;
173                 }
174                 String mailResult = EmailProvider.FAIL;
175                 try {
176                         mailResult = EmailProvider.getInstance().checkEmailServer(0,
177                                         buildup.getEmail());
178                 } catch (IOException e) {
179                 }
180                 if (!mailResult.equals(EmailProvider.OK)) {
181                         if (mailResult.startsWith("4")) {
182                                 outputError(
183                                                 out,
184                                                 req,
185                                                 "The mail server responsible for your domain indicated"
186                                                                 + " a temporary failure. This may be due to anti-SPAM measures, such"
187                                                                 + " as greylisting. Please try again in a few minutes.");
188                         } else {
189                                 outputError(
190                                                 out,
191                                                 req,
192                                                 "Email Address given was invalid, or a test connection"
193                                                                 + " couldn't be made to your server, or the server"
194                                                                 + " rejected the email address as invalid");
195                         }
196                         if (mailResult.equals(EmailProvider.FAIL)) {
197                                 outputError(out, req,
198                                                 "Failed to make a connection to the mail server");
199                         } else {
200                                 out.print("<div>");
201                                 out.print(mailResult);
202                                 out.println("</div>");
203                         }
204                         failed = true;
205                 }
206
207                 out.println("</div>");
208                 if (failed) {
209                         return false;
210                 }
211                 try {
212                         run(req, pw1);
213                 } catch (SQLException e) {
214                         e.printStackTrace();
215                 }
216                 return true;
217         }
218         private void outputError(PrintWriter out, ServletRequest req, String text) {
219                 out.print("<div>");
220                 out.print(Page.translate(req, text));
221                 out.println("</div>");
222         }
223
224         private void run(HttpServletRequest req, String password)
225                         throws SQLException {
226                 try {
227                         DatabaseConnection.getInstance().beginTransaction();
228                         String hash = RandomToken.generateToken(16);
229
230                         buildup.insert(password);
231                         int memid = buildup.getId();
232                         PreparedStatement ps = DatabaseConnection.getInstance().prepare(
233                                         "insert into `email` set `email`=?,"
234                                                         + " `hash`=?, `created`=NOW(),`memid`=?");
235                         ps.setString(1, buildup.getEmail());
236                         ps.setString(2, hash);
237                         ps.setInt(3, memid);
238                         ps.execute();
239                         int emailid = DatabaseConnection.lastInsertId(ps);
240                         ps = DatabaseConnection
241                                         .getInstance()
242                                         .prepare(
243                                                         "insert into `alerts` set `memid`=?,"
244                                                                         + " `general`=?, `country`=?, `regional`=?, `radius`=?");
245                         ps.setInt(1, memid);
246                         ps.setString(2, general ? "1" : "0");
247                         ps.setString(3, country ? "1" : "0");
248                         ps.setString(4, regional ? "1" : "0");
249                         ps.setString(5, radius ? "1" : "0");
250                         ps.execute();
251                         Notary.writeUserAgreement(memid, "CCA", "account creation", "",
252                                         true, 0);
253
254                         StringBuffer body = new StringBuffer();
255                         body.append(Page
256                                         .translate(
257                                                         req,
258                                                         "Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!"));
259                         body.append("\n\n");
260                         body.append("http://");
261                         body.append(ServerConstants.NORMAL_HOST_NAME);
262                         body.append("/verify.php?type=email&emailid=");
263                         body.append(emailid);
264                         body.append("&hash=");
265                         body.append(hash);
266                         body.append("\n\n");
267                         body.append(Page.translate(req, "Best regards"));
268                         body.append("\n");
269                         body.append(Page.translate(req, "CAcert.org Support!"));
270                         try {
271                                 EmailProvider.getInstance().sendmail(buildup.getEmail(),
272                                                 "[CAcert.org] " + Page.translate(req, "Mail Probe"),
273                                                 body.toString(), "support@cacert.org", null, null,
274                                                 null, null, false);
275                         } catch (IOException e) {
276                                 e.printStackTrace();
277                         }
278                         DatabaseConnection.getInstance().commitTransaction();
279                 } finally {
280                         DatabaseConnection.getInstance().quitTransaction();
281                 }
282
283         }
284 }
WPIA Certificate Web Issuance Platform