fix: SQL change database call pattern

[gigi.git] / src / org / cacert / gigi / pages / wot / AssurePage.java

diff --git a/src/org/cacert/gigi/pages/wot/AssurePage.java b/src/org/cacert/gigi/pages/wot/AssurePage.java
index aa99a2fbb7e992278bea88d93a4becdc587352d9..39a5aa901b83d6a529dec7c733f04fc352b8ce04 100644 (file)
--- a/src/org/cacert/gigi/pages/wot/AssurePage.java
+++ b/src/org/cacert/gigi/pages/wot/AssurePage.java
@@ -2,21 +2,23 @@ package org.cacert.gigi.pages.wot;
 
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.sql.Date;
+import java.util.Calendar;
 import java.util.HashMap;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.cacert.gigi.GigiApiException;
-import org.cacert.gigi.database.DatabaseConnection;
 import org.cacert.gigi.database.GigiPreparedStatement;
 import org.cacert.gigi.database.GigiResultSet;
 import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.output.DateSelector;
-import org.cacert.gigi.output.Form;
+import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.output.template.Template;
 import org.cacert.gigi.pages.LoginPage;
 import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.AuthorizationContext;
 import org.cacert.gigi.util.Notary;
 
 public class AssurePage extends Page {
@@ -37,15 +39,14 @@ public class AssurePage extends Page {
     public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
 
         PrintWriter out = resp.getWriter();
-        String pi = req.getPathInfo().substring(PATH.length());
         HashMap<String, Object> vars = new HashMap<String, Object>();
         vars.put("DoB", ds);
         t.output(out, getLanguage(req), vars);
     }
 
     @Override
-    public boolean isPermitted(User u) {
-        return u != null && u.canAssure();
+    public boolean isPermitted(AuthorizationContext ac) {
+        return ac != null && ac.canAssure();
     }
 
     private void outputForm(HttpServletRequest req, PrintWriter out, AssuranceForm form) {
@@ -73,21 +74,20 @@ public class AssurePage extends Page {
             return;
         }
 
-        GigiResultSet rs = null;
-        try {
-            GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id, verified FROM users WHERE email=? AND dob=? AND deleted=0");
+        try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `users`.`id`, `verified` FROM `users` INNER JOIN `certOwners` ON `certOwners`.`id`=`users`.`id` WHERE `email`=? AND `dob`=? AND `deleted` IS NULL")) {
             ps.setString(1, req.getParameter("email"));
-            String day = req.getParameter("year") + "-" + req.getParameter("month") + "-" + req.getParameter("day");
-            ps.setString(2, day);
-            rs = ps.executeQuery();
+            Calendar c = Calendar.getInstance();
+            c.set(Integer.parseInt(req.getParameter("year")), Integer.parseInt(req.getParameter("month")) - 1, Integer.parseInt(req.getParameter("day")));
+            ps.setDate(2, new Date(c.getTimeInMillis()));
+            GigiResultSet rs = ps.executeQuery();
             int id = 0;
             if (rs.next()) {
                 id = rs.getInt(1);
-                int verified = rs.getInt(2);
+                boolean verified = rs.getBoolean(2);
                 if (rs.next()) {
                     out.println("Error, ambigous user. Please contact support@cacert.org.");
                 } else {
-                    if (verified == 0) {
+                    if ( !verified) {
                         out.println(translate(req, "User is not yet verified. Please try again in 24 hours!"));
                     } else if (getUser(req).getId() == id) {
 
@@ -103,11 +103,6 @@ public class AssurePage extends Page {
                 out.print("</div>");
             }
 
-            rs.close();
-        } finally {
-            if (rs != null) {
-                rs.close();
-            }
         }
     }
 }