- private void authWithUnpw(HttpServletRequest req) {
- String un = req.getParameter("username");
- String pw = req.getParameter("password");
- try {
- PreparedStatement ps = DatabaseConnection.getInstance().prepare(
- "SELECT `password`, `id` FROM `users` WHERE `email`=?");
- ps.setString(1, un);
- ResultSet rs = ps.executeQuery();
- if (rs.next()) {
- if (PasswordHash.verifyHash(pw, rs.getString(1))) {
- HttpSession hs = req.getSession();
- hs.setAttribute(LOGGEDIN, true);
- hs.setAttribute(USER, new User(rs.getInt(2)));
- }
- }
- rs.close();
- } catch (SQLException e) {
- e.printStackTrace();
- }
- }
- private void tryAuthWithCertificate(HttpServletRequest req,
- X509Certificate x509Certificate) {
- // TODO ckeck if certificate is valid
- HttpSession hs = req.getSession();
- hs.setAttribute(LOGGEDIN, true);
- }