]> WPIA git - gigi.git/blob - src/org/cacert/gigi/pages/main/Signup.java
projects / gigi.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[EMPTY] Formatting with configured formatter.
[gigi.git] / src / org / cacert / gigi / pages / main / Signup.java
1 package org.cacert.gigi.pages.main;
2
3 import java.io.IOException;
4 import java.io.InputStreamReader;
5 import java.io.PrintWriter;
6 import java.io.UnsupportedEncodingException;
7 import java.sql.PreparedStatement;
8 import java.sql.ResultSet;
9 import java.sql.SQLException;
10 import java.sql.Date;
11 import java.util.HashMap;
12 import java.util.Map;
13
14 import javax.servlet.http.HttpServletRequest;
15
16 import org.cacert.gigi.Language;
17 import org.cacert.gigi.User;
18 import org.cacert.gigi.database.DatabaseConnection;
19 import org.cacert.gigi.email.EmailProvider;
20 import org.cacert.gigi.output.DateSelector;
21 import org.cacert.gigi.output.Form;
22 import org.cacert.gigi.output.Template;
23 import org.cacert.gigi.pages.Page;
24 import org.cacert.gigi.util.HTMLEncoder;
25 import org.cacert.gigi.util.Notary;
26 import org.cacert.gigi.util.PasswordStrengthChecker;
27 import org.cacert.gigi.util.RandomToken;
28 import org.cacert.gigi.util.ServerConstants;
29
30 public class Signup extends Form {
31         User buildup = new User();
32         Template t;
33         boolean general = true, country = true, regional = true, radius = true;
34
35         public Signup() {
36                 try {
37                         t = new Template(new InputStreamReader(Signup.class.getResourceAsStream("Signup.templ"), "UTF-8"));
38                 } catch (UnsupportedEncodingException e) {
39                         e.printStackTrace();
40                 }
41                 buildup.setFname("");
42                 buildup.setMname("");
43                 buildup.setLname("");
44                 buildup.setSuffix("");
45                 buildup.setEmail("");
46                 buildup.setDob(new Date(0));
47         }
48
49         DateSelector myDoB = new DateSelector("day", "month", "year");
50
51         @Override
52         public void outputContent(PrintWriter out, Language l, Map<String, Object> outerVars) {
53                 HashMap<String, Object> vars = new HashMap<String, Object>();
54                 vars.put("fname", HTMLEncoder.encodeHTML(buildup.getFname()));
55                 vars.put("mname", HTMLEncoder.encodeHTML(buildup.getMname()));
56                 vars.put("lname", HTMLEncoder.encodeHTML(buildup.getLname()));
57                 vars.put("suffix", HTMLEncoder.encodeHTML(buildup.getSuffix()));
58                 vars.put("dob", myDoB);
59                 vars.put("email", HTMLEncoder.encodeHTML(buildup.getEmail()));
60                 vars.put("general", general ? " checked=\"checked\"" : "");
61                 vars.put("country", country ? " checked=\"checked\"" : "");
62                 vars.put("regional", regional ? " checked=\"checked\"" : "");
63                 vars.put("radius", radius ? " checked=\"checked\"" : "");
64                 vars.put("helpOnNames", String.format(l.getTranslation("Help on Names %sin the wiki%s"),
65                         "<a href=\"//wiki.cacert.org/FAQ/HowToEnterNamesInJoinForm\" target=\"_blank\">", "</a>"));
66                 t.output(out, l, vars);
67         }
68
69         private void update(HttpServletRequest r) {
70                 if (r.getParameter("fname") != null) {
71                         buildup.setFname(r.getParameter("fname"));
72                 }
73                 if (r.getParameter("lname") != null) {
74                         buildup.setLname(r.getParameter("lname"));
75                 }
76                 if (r.getParameter("mname") != null) {
77                         buildup.setMname(r.getParameter("mname"));
78                 }
79                 if (r.getParameter("suffix") != null) {
80                         buildup.setSuffix(r.getParameter("suffix"));
81                 }
82                 if (r.getParameter("email") != null) {
83                         buildup.setEmail(r.getParameter("email"));
84                 }
85                 general = "1".equals(r.getParameter("general"));
86                 country = "1".equals(r.getParameter("country"));
87                 regional = "1".equals(r.getParameter("regional"));
88                 radius = "1".equals(r.getParameter("radius"));
89                 myDoB.update(r);
90         }
91
92         @Override
93         public synchronized boolean submit(PrintWriter out, HttpServletRequest req) {
94                 update(req);
95                 boolean failed = false;
96                 out.println("<div class='formError'>");
97                 if (buildup.getFname().equals("") || buildup.getLname().equals("")) {
98                         outputError(out, req, "First and/or last names were blank.");
99                         failed = true;
100                 }
101                 if (!myDoB.isValid()) {
102                         outputError(out, req, "Invalid date of birth");
103                         failed = true;
104                 }
105                 if (!"1".equals(req.getParameter("cca_agree"))) {
106                         outputError(out, req, "You have to agree to the CAcert Community agreement.");
107                         failed = true;
108                 }
109                 if (buildup.getEmail().equals("")) {
110                         outputError(out, req, "Email Address was blank");
111                         failed = true;
112                 }
113                 String pw1 = req.getParameter("pword1");
114                 String pw2 = req.getParameter("pword2");
115                 if (pw1 == null || pw1.equals("")) {
116                         outputError(out, req, "Pass Phrases were blank");
117                         failed = true;
118                 } else if (!pw1.equals(pw2)) {
119                         outputError(out, req, "Pass Phrases don't match");
120                         failed = true;
121                 }
122                 int pwpoints = PasswordStrengthChecker.checkpw(pw1, buildup);
123                 if (pwpoints < 3) {
124                         outputError(out, req, "The Pass Phrase you submitted failed to contain enough"
125                                 + " differing characters and/or contained words from" + " your name and/or email address.");
126                         failed = true;
127                 }
128                 if (failed) {
129                         out.println("</div>");
130                         return false;
131                 }
132                 try {
133                         PreparedStatement q1 = DatabaseConnection.getInstance().prepare(
134                                 "select * from `email` where `email`=? and `deleted`=0");
135                         PreparedStatement q2 = DatabaseConnection.getInstance().prepare(
136                                 "select * from `users` where `email`=? and `deleted`=0");
137                         q1.setString(1, buildup.getEmail());
138                         q2.setString(1, buildup.getEmail());
139                         ResultSet r1 = q1.executeQuery();
140                         ResultSet r2 = q2.executeQuery();
141                         if (r1.next() || r2.next()) {
142                                 outputError(out, req, "This email address is currently valid in the system.");
143                                 failed = true;
144                         }
145                         r1.close();
146                         r2.close();
147                         PreparedStatement q3 = DatabaseConnection.getInstance().prepare(
148                                 "select `domain` from `baddomains` where `domain`=RIGHT(?, LENGTH(`domain`))");
149                         q3.setString(1, buildup.getEmail());
150
151                         ResultSet r3 = q3.executeQuery();
152                         if (r3.next()) {
153                                 String domain = r3.getString(1);
154                                 out.print("<div>");
155                                 out.print(String.format(
156                                         Page.translate(req, "We don't allow signups from people using email addresses from %s"), domain));
157                                 out.println("</div>");
158                                 failed = true;
159                         }
160                         r3.close();
161                 } catch (SQLException e) {
162                         e.printStackTrace();
163                         failed = true;
164                 }
165                 String mailResult = EmailProvider.FAIL;
166                 try {
167                         mailResult = EmailProvider.getInstance().checkEmailServer(0, buildup.getEmail());
168                 } catch (IOException e) {
169                 }
170                 if (!mailResult.equals(EmailProvider.OK)) {
171                         if (mailResult.startsWith("4")) {
172                                 outputError(out, req, "The mail server responsible for your domain indicated"
173                                         + " a temporary failure. This may be due to anti-SPAM measures, such"
174                                         + " as greylisting. Please try again in a few minutes.");
175                         } else {
176                                 outputError(out, req, "Email Address given was invalid, or a test connection"
177                                         + " couldn't be made to your server, or the server" + " rejected the email address as invalid");
178                         }
179                         if (mailResult.equals(EmailProvider.FAIL)) {
180                                 outputError(out, req, "Failed to make a connection to the mail server");
181                         } else {
182                                 out.print("<div>");
183                                 out.print(mailResult);
184                                 out.println("</div>");
185                         }
186                         failed = true;
187                 }
188
189                 out.println("</div>");
190                 if (failed) {
191                         return false;
192                 }
193                 try {
194                         run(req, pw1);
195                 } catch (SQLException e) {
196                         e.printStackTrace();
197                 }
198                 return true;
199         }
200
201         private void run(HttpServletRequest req, String password) throws SQLException {
202                 try {
203                         DatabaseConnection.getInstance().beginTransaction();
204                         String hash = RandomToken.generateToken(16);
205
206                         buildup.setDob(myDoB.getDate());
207                         buildup.insert(password);
208                         int memid = buildup.getId();
209                         PreparedStatement ps = DatabaseConnection.getInstance().prepare(
210                                 "insert into `email` set `email`=?," + " `hash`=?, `created`=NOW(),`memid`=?");
211                         ps.setString(1, buildup.getEmail());
212                         ps.setString(2, hash);
213                         ps.setInt(3, memid);
214                         ps.execute();
215                         int emailid = DatabaseConnection.lastInsertId(ps);
216                         ps = DatabaseConnection.getInstance().prepare(
217                                 "insert into `alerts` set `memid`=?," + " `general`=?, `country`=?, `regional`=?, `radius`=?");
218                         ps.setInt(1, memid);
219                         ps.setString(2, general ? "1" : "0");
220                         ps.setString(3, country ? "1" : "0");
221                         ps.setString(4, regional ? "1" : "0");
222                         ps.setString(5, radius ? "1" : "0");
223                         ps.execute();
224                         Notary.writeUserAgreement(memid, "CCA", "account creation", "", true, 0);
225
226                         StringBuffer body = new StringBuffer();
227                         body.append(Page
228                                 .translate(
229                                         req,
230                                         "Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!"));
231                         body.append("\n\nhttps://");
232                         body.append(ServerConstants.getWwwHostNamePort());
233                         body.append("/verify?type=email&id=");
234                         body.append(emailid);
235                         body.append("&hash=");
236                         body.append(hash);
237                         body.append("\n\n");
238                         body.append(Page.translate(req, "Best regards"));
239                         body.append("\n");
240                         body.append(Page.translate(req, "CAcert.org Support!"));
241                         try {
242                                 EmailProvider.getInstance().sendmail(buildup.getEmail(),
243                                         "[CAcert.org] " + Page.translate(req, "Mail Probe"), body.toString(), "support@cacert.org", null,
244                                         null, null, null, false);
245                         } catch (IOException e) {
246                                 e.printStackTrace();
247                         }
248                         DatabaseConnection.getInstance().commitTransaction();
249                 } finally {
250                         DatabaseConnection.getInstance().quitTransaction();
251                 }
252
253         }
254 }
WPIA Certificate Web Issuance Platform