src/org/cacert/gigi/pages/wot/AssurePage.java

   1 package org.cacert.gigi.pages.wot;
   2
   3 import java.io.IOException;
   4 import java.io.InputStreamReader;
   5 import java.io.PrintWriter;
   6 import java.sql.PreparedStatement;
   7 import java.sql.ResultSet;
   8 import java.sql.SQLException;
   9 import java.util.HashMap;
  10
  11 import javax.servlet.http.HttpServletRequest;
  12 import javax.servlet.http.HttpServletResponse;
  13 import javax.servlet.http.HttpSession;
  14
  15 import org.cacert.gigi.User;
  16 import org.cacert.gigi.database.DatabaseConnection;
  17 import org.cacert.gigi.output.DateSelector;
  18 import org.cacert.gigi.output.Template;
  19 import org.cacert.gigi.output.Form.CSRFError;
  20 import org.cacert.gigi.pages.LoginPage;
  21 import org.cacert.gigi.pages.Page;
  22 import org.cacert.gigi.util.Notary;
  23 import org.cacert.gigi.util.Notary.AssuranceResult;
  24
  25 public class AssurePage extends Page {
  26         public static final String PATH = "/wot/assure";
  27         public static final String SESSION = "/wot/assure/FORM";
  28         DateSelector ds = new DateSelector("day", "month", "year");
  29         Template t;
  30
  31         public AssurePage() {
  32                 super("Assure someone");
  33                 t = new Template(new InputStreamReader(
  34                                 AssuranceForm.class.getResourceAsStream("AssureeSearch.templ")));
  35
  36         }
  37
  38         @Override
  39         public void doGet(HttpServletRequest req, HttpServletResponse resp)
  40                         throws IOException {
  41
  42                 PrintWriter out = resp.getWriter();
  43                 String pi = req.getPathInfo().substring(PATH.length());
  44                 if (pi.length() > 1) {
  45                         User myself = LoginPage.getUser(req);
  46                         int mid = Integer.parseInt(pi.substring(1));
  47                         AssuranceResult check = Notary.checkAssuranceIsPossible(myself,
  48                                         new User(mid));
  49                         if (check != AssuranceResult.ASSURANCE_SUCCEDED) {
  50                                 out.println(translate(req, check.getMessage()));
  51                                 return;
  52                         }
  53                         HttpSession hs = req.getSession();
  54                         AssuranceForm form = (AssuranceForm) hs.getAttribute(SESSION);
  55                         if (form == null || form.assuree.getId() != mid) {
  56                                 form = new AssuranceForm(mid);
  57                                 hs.setAttribute(SESSION, form);
  58                         }
  59
  60                         form.output(out, getLanguage(req), new HashMap<String, Object>());;
  61                 } else {
  62                         HashMap<String, Object> vars = new HashMap<String, Object>();
  63                         vars.put("DoB", ds);
  64                         t.output(out, getLanguage(req), vars);
  65                 }
  66         }
  67         @Override
  68         public void doPost(HttpServletRequest req, HttpServletResponse resp)
  69                         throws IOException {
  70                 PrintWriter out = resp.getWriter();
  71                 String pi = req.getPathInfo().substring(PATH.length());
  72                 if (pi.length() > 1) {
  73                         User myself = LoginPage.getUser(req);
  74                         int mid = Integer.parseInt(pi.substring(1));
  75                         if (mid == myself.getId()) {
  76                                 out.println("Cannot assure myself.");
  77                                 return;
  78                         }
  79
  80                         AssuranceForm form = (AssuranceForm) req.getSession().getAttribute(
  81                                         SESSION);
  82                         if (form == null) {
  83                                 out.println("No form found. This is an Error. Fill in the form again.");
  84                                 return;
  85                         }
  86                         try {
  87                                 form.submit(out, req);
  88                         } catch (CSRFError e) {
  89                                 resp.sendError(500, "CSRF Failed");
  90                                 out.println(translate(req, "CSRF Token failed."));
  91                         }
  92
  93                         return;
  94                 }
  95
  96                 System.out.println("searching for");
  97                 ResultSet rs = null;
  98                 try {
  99                         PreparedStatement ps = DatabaseConnection
 100                                         .getInstance()
 101                                         .prepare(
 102                                                         "SELECT id, verified FROM users WHERE email=? AND dob=? AND deleted=0");
 103                         ps.setString(1, req.getParameter("email"));
 104                         String day = req.getParameter("year") + "-"
 105                                         + req.getParameter("month") + "-" + req.getParameter("day");
 106                         ps.setString(2, day);
 107                         rs = ps.executeQuery();
 108                         int id = 0;
 109                         if (rs.next()) {
 110                                 id = rs.getInt(1);
 111                                 int verified = rs.getInt(2);
 112                                 if (rs.next()) {
 113                                         out.println("Error, ambigous user. Please contact support@cacert.org.");
 114                                 } else {
 115                                         if (verified == 0) {
 116                                                 out.println(translate(req,
 117                                                                 "User is not yet verified. Please try again in 24 hours!"));
 118                                         }
 119                                         resp.sendRedirect(PATH + "/" + id);
 120                                 }
 121                         } else {
 122                                 out.print("<div class='formError'>");
 123
 124                                 out.println(translate(
 125                                                 req,
 126                                                 "I'm sorry, there was no email and date of birth matching"
 127                                                                 + " what you entered in the system. Please double check"
 128                                                                 + " your information."));
 129                                 out.print("</div>");
 130                         }
 131
 132                         rs.close();
 133                 } catch (SQLException e) {
 134                         e.printStackTrace();
 135                 } finally {
 136                         try {
 137                                 if (rs != null) {
 138                                         rs.close();
 139                                 }
 140                         } catch (SQLException e) {
 141                                 e.printStackTrace();
 142                         }
 143                 }
 144         }
 145 }