Move the "dbObject"s to their own package.

[gigi.git] / src / org / cacert / gigi / pages / LoginPage.java

diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java
index 19b8853d30162e807eb9b2348f0ea9dfe0fd4cf8..2ece38d6c8f1ee838bbdee01c8af4bf50cead72f 100644 (file)
--- a/src/org/cacert/gigi/pages/LoginPage.java
+++ b/src/org/cacert/gigi/pages/LoginPage.java
@@ -1,7 +1,6 @@
 package org.cacert.gigi.pages;
 
-import static org.cacert.gigi.Gigi.LOGGEDIN;
-import static org.cacert.gigi.Gigi.USER;
+import static org.cacert.gigi.Gigi.*;
 
 import java.io.IOException;
 import java.security.cert.X509Certificate;
@@ -13,8 +12,9 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.cacert.gigi.User;
 import org.cacert.gigi.database.DatabaseConnection;
+import org.cacert.gigi.dbObjects.User;
+import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.util.PasswordHash;
 
 public class LoginPage extends Page {
@@ -72,10 +72,7 @@ public class LoginPage extends Page {
             ResultSet rs = ps.executeQuery();
             if (rs.next()) {
                 if (PasswordHash.verifyHash(pw, rs.getString(1))) {
-                    req.getSession().invalidate();
-                    HttpSession hs = req.getSession();
-                    hs.setAttribute(LOGGEDIN, true);
-                    hs.setAttribute(USER, new User(rs.getInt(2)));
+                    loginSession(req, new User(rs.getInt(2)));
                 }
             }
             rs.close();
@@ -91,18 +88,28 @@ public class LoginPage extends Page {
     private void tryAuthWithCertificate(HttpServletRequest req, X509Certificate x509Certificate) {
         String serial = x509Certificate.getSerialNumber().toString(16).toUpperCase();
         try {
-            PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `memid` FROM `emailcerts` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` = " + "'0000-00-00 00:00:00'");
+            PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `memid` FROM `certs` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` = " + "'0000-00-00 00:00:00'");
             ps.setString(1, serial);
             ResultSet rs = ps.executeQuery();
             if (rs.next()) {
-                req.getSession().invalidate();
-                HttpSession hs = req.getSession();
-                hs.setAttribute(LOGGEDIN, true);
-                hs.setAttribute(USER, new User(rs.getInt(1)));
+                loginSession(req, new User(rs.getInt(1)));
             }
             rs.close();
         } catch (SQLException e) {
             e.printStackTrace();
         }
     }
+
+    private void loginSession(HttpServletRequest req, User user) {
+        req.getSession().invalidate();
+        HttpSession hs = req.getSession();
+        hs.setAttribute(LOGGEDIN, true);
+        hs.setAttribute(Language.SESSION_ATTRIB_NAME, user.getPreferredLocale());
+        hs.setAttribute(USER, user);
+    }
+
+    @Override
+    public boolean isPermitted(User u) {
+        return u == null;
+    }
 }