X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FLoginPage.java;h=2ece38d6c8f1ee838bbdee01c8af4bf50cead72f;hp=905daf16aa1248252a073f602f6ad6df227018d0;hb=e409ba881965634f63f0b67824bc93dda4ec4327;hpb=f92f284f3a80e1f8fd87d2cc63288e1f1bbfeb9d

diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java
index 905daf16..2ece38d6 100644
--- a/src/org/cacert/gigi/pages/LoginPage.java
+++ b/src/org/cacert/gigi/pages/LoginPage.java
@@ -1,23 +1,115 @@
 package org.cacert.gigi.pages;
 
+import static org.cacert.gigi.Gigi.*;
+
 import java.io.IOException;
+import java.security.cert.X509Certificate;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import org.cacert.gigi.database.DatabaseConnection;
+import org.cacert.gigi.dbObjects.User;
+import org.cacert.gigi.localisation.Language;
+import org.cacert.gigi.util.PasswordHash;
 
 public class LoginPage extends Page {
-	public LoginPage(String title) {
-		super(title);
-	}
-
-	@Override
-	public void doGet(ServletRequest req, ServletResponse resp)
-			throws IOException {
-		resp.getWriter()
-				.println(
-						"<form method='POST' action='/login'>"
-								+ "<input type='text' name='username'>"
-								+ "<input type='password' name='password'> <input type='submit' value='login'></form>");
-	}
 
+    public static final String LOGIN_RETURNPATH = "login-returnpath";
+
+    public LoginPage(String title) {
+        super(title);
+    }
+
+    @Override
+    public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        resp.getWriter().println("<form method='POST' action='/login'>" + "<input type='text' name='username'>" + "<input type='password' name='password'> <input type='submit' value='login'></form>");
+    }
+
+    @Override
+    public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        String redir = (String) req.getSession().getAttribute(LOGIN_RETURNPATH);
+        if (req.getSession().getAttribute("loggedin") == null) {
+            X509Certificate[] cert = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate");
+            if (cert != null && cert[0] != null) {
+                tryAuthWithCertificate(req, cert[0]);
+            }
+            if (req.getMethod().equals("POST")) {
+                tryAuthWithUnpw(req);
+            }
+        }
+
+        if (req.getSession().getAttribute("loggedin") != null) {
+            String s = redir;
+            if (s != null) {
+                if ( !s.startsWith("/")) {
+                    s = "/" + s;
+                }
+                resp.sendRedirect(s);
+            } else {
+                resp.sendRedirect("/");
+            }
+            return true;
+        }
+        return false;
+    }
+
+    @Override
+    public boolean needsLogin() {
+        return false;
+    }
+
+    private void tryAuthWithUnpw(HttpServletRequest req) {
+        String un = req.getParameter("username");
+        String pw = req.getParameter("password");
+        try {
+            PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password`, `id` FROM `users` WHERE `email`=? AND locked='0' AND verified='1'");
+            ps.setString(1, un);
+            ResultSet rs = ps.executeQuery();
+            if (rs.next()) {
+                if (PasswordHash.verifyHash(pw, rs.getString(1))) {
+                    loginSession(req, new User(rs.getInt(2)));
+                }
+            }
+            rs.close();
+        } catch (SQLException e) {
+            e.printStackTrace();
+        }
+    }
+
+    public static User getUser(HttpServletRequest req) {
+        return (User) req.getSession().getAttribute(USER);
+    }
+
+    private void tryAuthWithCertificate(HttpServletRequest req, X509Certificate x509Certificate) {
+        String serial = x509Certificate.getSerialNumber().toString(16).toUpperCase();
+        try {
+            PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `memid` FROM `certs` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` = " + "'0000-00-00 00:00:00'");
+            ps.setString(1, serial);
+            ResultSet rs = ps.executeQuery();
+            if (rs.next()) {
+                loginSession(req, new User(rs.getInt(1)));
+            }
+            rs.close();
+        } catch (SQLException e) {
+            e.printStackTrace();
+        }
+    }
+
+    private void loginSession(HttpServletRequest req, User user) {
+        req.getSession().invalidate();
+        HttpSession hs = req.getSession();
+        hs.setAttribute(LOGGEDIN, true);
+        hs.setAttribute(Language.SESSION_ATTRIB_NAME, user.getPreferredLocale());
+        hs.setAttribute(USER, user);
+    }
+
+    @Override
+    public boolean isPermitted(User u) {
+        return u == null;
+    }
 }