]> WPIA git - gigi.git/blob - src/org/cacert/gigi/pages/main/Signup.java
projects / gigi.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'templateHotDeploy' into newm
[gigi.git] / src / org / cacert / gigi / pages / main / Signup.java
1 package org.cacert.gigi.pages.main;
2
3 import java.io.IOException;
4 import java.io.PrintWriter;
5 import java.sql.PreparedStatement;
6 import java.sql.ResultSet;
7 import java.sql.SQLException;
8 import java.sql.Date;
9 import java.util.HashMap;
10 import java.util.Map;
11
12 import javax.servlet.http.HttpServletRequest;
13
14 import org.cacert.gigi.Language;
15 import org.cacert.gigi.User;
16 import org.cacert.gigi.database.DatabaseConnection;
17 import org.cacert.gigi.email.EmailProvider;
18 import org.cacert.gigi.output.DateSelector;
19 import org.cacert.gigi.output.Form;
20 import org.cacert.gigi.output.Template;
21 import org.cacert.gigi.pages.Page;
22 import org.cacert.gigi.util.HTMLEncoder;
23 import org.cacert.gigi.util.Notary;
24 import org.cacert.gigi.util.PasswordStrengthChecker;
25 import org.cacert.gigi.util.RandomToken;
26 import org.cacert.gigi.util.ServerConstants;
27
28 public class Signup extends Form {
29         User buildup = new User();
30         Template t;
31         boolean general = true, country = true, regional = true, radius = true;
32
33         public Signup(HttpServletRequest hsr) {
34                 super(hsr);
35                 t = new Template(Signup.class.getResource("Signup.templ"));
36                 buildup.setFname("");
37                 buildup.setMname("");
38                 buildup.setLname("");
39                 buildup.setSuffix("");
40                 buildup.setEmail("");
41                 buildup.setDob(new Date(0));
42         }
43
44         DateSelector myDoB = new DateSelector("day", "month", "year");
45
46         @Override
47         public void outputContent(PrintWriter out, Language l, Map<String, Object> outerVars) {
48                 HashMap<String, Object> vars = new HashMap<String, Object>();
49                 vars.put("fname", HTMLEncoder.encodeHTML(buildup.getFname()));
50                 vars.put("mname", HTMLEncoder.encodeHTML(buildup.getMname()));
51                 vars.put("lname", HTMLEncoder.encodeHTML(buildup.getLname()));
52                 vars.put("suffix", HTMLEncoder.encodeHTML(buildup.getSuffix()));
53                 vars.put("dob", myDoB);
54                 vars.put("email", HTMLEncoder.encodeHTML(buildup.getEmail()));
55                 vars.put("general", general ? " checked=\"checked\"" : "");
56                 vars.put("country", country ? " checked=\"checked\"" : "");
57                 vars.put("regional", regional ? " checked=\"checked\"" : "");
58                 vars.put("radius", radius ? " checked=\"checked\"" : "");
59                 vars.put("helpOnNames", String.format(l.getTranslation("Help on Names %sin the wiki%s"),
60                         "<a href=\"//wiki.cacert.org/FAQ/HowToEnterNamesInJoinForm\" target=\"_blank\">", "</a>"));
61                 vars.put("csrf", getCSRFToken());
62                 t.output(out, l, vars);
63         }
64
65         private void update(HttpServletRequest r) {
66                 if (r.getParameter("fname") != null) {
67                         buildup.setFname(r.getParameter("fname"));
68                 }
69                 if (r.getParameter("lname") != null) {
70                         buildup.setLname(r.getParameter("lname"));
71                 }
72                 if (r.getParameter("mname") != null) {
73                         buildup.setMname(r.getParameter("mname"));
74                 }
75                 if (r.getParameter("suffix") != null) {
76                         buildup.setSuffix(r.getParameter("suffix"));
77                 }
78                 if (r.getParameter("email") != null) {
79                         buildup.setEmail(r.getParameter("email"));
80                 }
81                 general = "1".equals(r.getParameter("general"));
82                 country = "1".equals(r.getParameter("country"));
83                 regional = "1".equals(r.getParameter("regional"));
84                 radius = "1".equals(r.getParameter("radius"));
85                 myDoB.update(r);
86         }
87
88         @Override
89         public synchronized boolean submit(PrintWriter out, HttpServletRequest req) {
90                 update(req);
91                 boolean failed = false;
92                 out.println("<div class='formError'>");
93                 if (buildup.getFname().equals("") || buildup.getLname().equals("")) {
94                         outputError(out, req, "First and/or last names were blank.");
95                         failed = true;
96                 }
97                 if (!myDoB.isValid()) {
98                         outputError(out, req, "Invalid date of birth");
99                         failed = true;
100                 }
101                 if (!"1".equals(req.getParameter("cca_agree"))) {
102                         outputError(out, req, "You have to agree to the CAcert Community agreement.");
103                         failed = true;
104                 }
105                 if (buildup.getEmail().equals("")) {
106                         outputError(out, req, "Email Address was blank");
107                         failed = true;
108                 }
109                 String pw1 = req.getParameter("pword1");
110                 String pw2 = req.getParameter("pword2");
111                 if (pw1 == null || pw1.equals("")) {
112                         outputError(out, req, "Pass Phrases were blank");
113                         failed = true;
114                 } else if (!pw1.equals(pw2)) {
115                         outputError(out, req, "Pass Phrases don't match");
116                         failed = true;
117                 }
118                 int pwpoints = PasswordStrengthChecker.checkpw(pw1, buildup);
119                 if (pwpoints < 3) {
120                         outputError(out, req, "The Pass Phrase you submitted failed to contain enough"
121                                 + " differing characters and/or contained words from" + " your name and/or email address.");
122                         failed = true;
123                 }
124                 if (failed) {
125                         out.println("</div>");
126                         return false;
127                 }
128                 try {
129                         PreparedStatement q1 = DatabaseConnection.getInstance().prepare(
130                                 "select * from `email` where `email`=? and `deleted`=0");
131                         PreparedStatement q2 = DatabaseConnection.getInstance().prepare(
132                                 "select * from `users` where `email`=? and `deleted`=0");
133                         q1.setString(1, buildup.getEmail());
134                         q2.setString(1, buildup.getEmail());
135                         ResultSet r1 = q1.executeQuery();
136                         ResultSet r2 = q2.executeQuery();
137                         if (r1.next() || r2.next()) {
138                                 outputError(out, req, "This email address is currently valid in the system.");
139                                 failed = true;
140                         }
141                         r1.close();
142                         r2.close();
143                         PreparedStatement q3 = DatabaseConnection.getInstance().prepare(
144                                 "select `domain` from `baddomains` where `domain`=RIGHT(?, LENGTH(`domain`))");
145                         q3.setString(1, buildup.getEmail());
146
147                         ResultSet r3 = q3.executeQuery();
148                         if (r3.next()) {
149                                 String domain = r3.getString(1);
150                                 out.print("<div>");
151                                 out.print(String.format(
152                                         Page.translate(req, "We don't allow signups from people using email addresses from %s"), domain));
153                                 out.println("</div>");
154                                 failed = true;
155                         }
156                         r3.close();
157                 } catch (SQLException e) {
158                         e.printStackTrace();
159                         failed = true;
160                 }
161                 String mailResult = EmailProvider.FAIL;
162                 try {
163                         mailResult = EmailProvider.getInstance().checkEmailServer(0, buildup.getEmail());
164                 } catch (IOException e) {
165                 }
166                 if (!mailResult.equals(EmailProvider.OK)) {
167                         if (mailResult.startsWith("4")) {
168                                 outputError(out, req, "The mail server responsible for your domain indicated"
169                                         + " a temporary failure. This may be due to anti-SPAM measures, such"
170                                         + " as greylisting. Please try again in a few minutes.");
171                         } else {
172                                 outputError(out, req, "Email Address given was invalid, or a test connection"
173                                         + " couldn't be made to your server, or the server" + " rejected the email address as invalid");
174                         }
175                         if (mailResult.equals(EmailProvider.FAIL)) {
176                                 outputError(out, req, "Failed to make a connection to the mail server");
177                         } else {
178                                 out.print("<div>");
179                                 out.print(mailResult);
180                                 out.println("</div>");
181                         }
182                         failed = true;
183                 }
184
185                 out.println("</div>");
186                 if (failed) {
187                         return false;
188                 }
189                 try {
190                         run(req, pw1);
191                 } catch (SQLException e) {
192                         e.printStackTrace();
193                 }
194                 return true;
195         }
196
197         private void run(HttpServletRequest req, String password) throws SQLException {
198                 try {
199                         DatabaseConnection.getInstance().beginTransaction();
200                         String hash = RandomToken.generateToken(16);
201
202                         buildup.setDob(myDoB.getDate());
203                         buildup.insert(password);
204                         int memid = buildup.getId();
205                         PreparedStatement ps = DatabaseConnection.getInstance().prepare(
206                                 "insert into `email` set `email`=?," + " `hash`=?, `created`=NOW(),`memid`=?");
207                         ps.setString(1, buildup.getEmail());
208                         ps.setString(2, hash);
209                         ps.setInt(3, memid);
210                         ps.execute();
211                         int emailid = DatabaseConnection.lastInsertId(ps);
212                         ps = DatabaseConnection.getInstance().prepare(
213                                 "insert into `alerts` set `memid`=?," + " `general`=?, `country`=?, `regional`=?, `radius`=?");
214                         ps.setInt(1, memid);
215                         ps.setString(2, general ? "1" : "0");
216                         ps.setString(3, country ? "1" : "0");
217                         ps.setString(4, regional ? "1" : "0");
218                         ps.setString(5, radius ? "1" : "0");
219                         ps.execute();
220                         Notary.writeUserAgreement(memid, "CCA", "account creation", "", true, 0);
221
222                         StringBuffer body = new StringBuffer();
223                         body.append(Page
224                                 .translate(
225                                         req,
226                                         "Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!"));
227                         body.append("\n\nhttps://");
228                         body.append(ServerConstants.getWwwHostNamePort());
229                         body.append("/verify?type=email&id=");
230                         body.append(emailid);
231                         body.append("&hash=");
232                         body.append(hash);
233                         body.append("\n\n");
234                         body.append(Page.translate(req, "Best regards"));
235                         body.append("\n");
236                         body.append(Page.translate(req, "CAcert.org Support!"));
237                         try {
238                                 EmailProvider.getInstance().sendmail(buildup.getEmail(),
239                                         "[CAcert.org] " + Page.translate(req, "Mail Probe"), body.toString(), "support@cacert.org", null,
240                                         null, null, null, false);
241                         } catch (IOException e) {
242                                 e.printStackTrace();
243                         }
244                         DatabaseConnection.getInstance().commitTransaction();
245                 } finally {
246                         DatabaseConnection.getInstance().quitTransaction();
247                 }
248
249         }
250 }
WPIA Certificate Web Issuance Platform