X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FLoginPage.java;h=8e920d092c0ea0fb9fcfbc08ff0d4b142738640e;hp=ee6a6e981daaf329ae7caaca45a86bfb36babfff;hb=4f532bd35f41121838756b67dfc0ca330940079e;hpb=e87392fd58e9152531a8d1cb34cb46e370062108 diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java index ee6a6e98..8e920d09 100644 --- a/src/org/cacert/gigi/pages/LoginPage.java +++ b/src/org/cacert/gigi/pages/LoginPage.java @@ -3,21 +3,46 @@ package org.cacert.gigi.pages; import static org.cacert.gigi.Gigi.*; import java.io.IOException; +import java.io.PrintWriter; import java.security.cert.X509Certificate; +import java.util.HashMap; +import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.cacert.gigi.GigiApiException; import org.cacert.gigi.database.DatabaseConnection; import org.cacert.gigi.database.GigiPreparedStatement; import org.cacert.gigi.database.GigiResultSet; +import org.cacert.gigi.dbObjects.Group; import org.cacert.gigi.dbObjects.User; import org.cacert.gigi.localisation.Language; +import org.cacert.gigi.output.Form; import org.cacert.gigi.util.PasswordHash; public class LoginPage extends Page { + public class LoginForm extends Form { + + public LoginForm(HttpServletRequest hsr) { + super(hsr); + } + + @Override + public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + tryAuthWithUnpw(req); + return false; + } + + @Override + protected void outputContent(PrintWriter out, Language l, Map vars) { + getDefaultTemplate().output(out, l, vars); + } + + } + public static final String LOGIN_RETURNPATH = "login-returnpath"; public LoginPage(String title) { @@ -26,7 +51,7 @@ public class LoginPage extends Page { @Override public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - resp.getWriter().println("
" + "" + "
"); + new LoginForm(req).output(resp.getWriter(), getLanguage(req), new HashMap()); } @Override @@ -38,7 +63,10 @@ public class LoginPage extends Page { tryAuthWithCertificate(req, cert[0]); } if (req.getMethod().equals("POST")) { - tryAuthWithUnpw(req); + try { + Form.getForm(req, LoginForm.class).submit(resp.getWriter(), req); + } catch (GigiApiException e) { + } } } @@ -65,7 +93,7 @@ public class LoginPage extends Page { private void tryAuthWithUnpw(HttpServletRequest req) { String un = req.getParameter("username"); String pw = req.getParameter("password"); - GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password`, `id` FROM `users` WHERE `email`=? AND locked='0' AND verified='1'"); + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password`, `id` FROM `users` WHERE `email`=? AND verified='1'"); ps.setString(1, un); GigiResultSet rs = ps.executeQuery(); if (rs.next()) { @@ -82,7 +110,7 @@ public class LoginPage extends Page { private void tryAuthWithCertificate(HttpServletRequest req, X509Certificate x509Certificate) { String serial = x509Certificate.getSerialNumber().toString(16).toUpperCase(); - GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `memid` FROM `certs` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` = " + "'0000-00-00 00:00:00'"); + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `memid` FROM `certs` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` is NULL"); ps.setString(1, serial); GigiResultSet rs = ps.executeQuery(); if (rs.next()) { @@ -91,7 +119,12 @@ public class LoginPage extends Page { rs.close(); } + private static final Group LOGIN_BLOCKED = Group.getByString("blockedlogin"); + private void loginSession(HttpServletRequest req, User user) { + if (user.isInGroup(LOGIN_BLOCKED)) { + return; + } req.getSession().invalidate(); HttpSession hs = req.getSession(); hs.setAttribute(LOGGEDIN, true);