X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2Fmain%2FSignup.java;h=d341df280f237ed2417d406c47f5570431211b20;hp=a7a1a88a9c1681a9a32483a42bc18eca1e99851b;hb=d23d7a6fa9dc38c6193fea70017e0bff11257be5;hpb=d895448cb685adc4c2bfac8d92759252d2ce8c36 diff --git a/src/org/cacert/gigi/pages/main/Signup.java b/src/org/cacert/gigi/pages/main/Signup.java index a7a1a88a..d341df28 100644 --- a/src/org/cacert/gigi/pages/main/Signup.java +++ b/src/org/cacert/gigi/pages/main/Signup.java @@ -2,31 +2,33 @@ package org.cacert.gigi.pages.main; import java.io.IOException; import java.io.PrintWriter; -import java.sql.Date; -import java.sql.PreparedStatement; -import java.sql.ResultSet; import java.sql.SQLException; import java.util.HashMap; import java.util.Map; import javax.servlet.http.HttpServletRequest; -import org.cacert.gigi.EmailAddress; -import org.cacert.gigi.User; -import org.cacert.gigi.database.DatabaseConnection; +import org.cacert.gigi.GigiApiException; +import org.cacert.gigi.database.GigiPreparedStatement; +import org.cacert.gigi.database.GigiResultSet; +import org.cacert.gigi.dbObjects.Name; +import org.cacert.gigi.dbObjects.User; import org.cacert.gigi.email.EmailProvider; import org.cacert.gigi.localisation.Language; import org.cacert.gigi.output.DateSelector; -import org.cacert.gigi.output.Form; +import org.cacert.gigi.output.template.Form; import org.cacert.gigi.output.template.Template; import org.cacert.gigi.pages.Page; +import org.cacert.gigi.util.CalendarUtil; import org.cacert.gigi.util.HTMLEncoder; import org.cacert.gigi.util.Notary; import org.cacert.gigi.util.PasswordStrengthChecker; public class Signup extends Form { - private User buildup = new User(); + Name buildupName = new Name("", "", "", ""); + + String email = ""; private Template t; @@ -35,12 +37,6 @@ public class Signup extends Form { public Signup(HttpServletRequest hsr) { super(hsr); t = new Template(Signup.class.getResource("Signup.templ")); - buildup.setFname(""); - buildup.setMname(""); - buildup.setLname(""); - buildup.setSuffix(""); - buildup.setEmail(""); - buildup.setDob(new Date(0)); } DateSelector myDoB = new DateSelector("day", "month", "year"); @@ -48,57 +44,76 @@ public class Signup extends Form { @Override public void outputContent(PrintWriter out, Language l, Map outerVars) { HashMap vars = new HashMap(); - vars.put("fname", HTMLEncoder.encodeHTML(buildup.getFname())); - vars.put("mname", HTMLEncoder.encodeHTML(buildup.getMname())); - vars.put("lname", HTMLEncoder.encodeHTML(buildup.getLname())); - vars.put("suffix", HTMLEncoder.encodeHTML(buildup.getSuffix())); + vars.put("fname", HTMLEncoder.encodeHTML(buildupName.getFname())); + vars.put("mname", HTMLEncoder.encodeHTML(buildupName.getMname())); + vars.put("lname", HTMLEncoder.encodeHTML(buildupName.getLname())); + vars.put("suffix", HTMLEncoder.encodeHTML(buildupName.getSuffix())); vars.put("dob", myDoB); - vars.put("email", HTMLEncoder.encodeHTML(buildup.getEmail())); + vars.put("email", HTMLEncoder.encodeHTML(email)); vars.put("general", general ? " checked=\"checked\"" : ""); vars.put("country", country ? " checked=\"checked\"" : ""); vars.put("regional", regional ? " checked=\"checked\"" : ""); vars.put("radius", radius ? " checked=\"checked\"" : ""); vars.put("helpOnNames", String.format(l.getTranslation("Help on Names %sin the wiki%s"), "", "")); vars.put("csrf", getCSRFToken()); + vars.put("dobmin", User.MINIMUM_AGE + ""); t.output(out, l, vars); } private void update(HttpServletRequest r) { + String fname = buildupName.getFname(); + String lname = buildupName.getLname(); + String mname = buildupName.getMname(); + String suffix = buildupName.getSuffix(); if (r.getParameter("fname") != null) { - buildup.setFname(r.getParameter("fname")); + fname = r.getParameter("fname"); } if (r.getParameter("lname") != null) { - buildup.setLname(r.getParameter("lname")); + lname = r.getParameter("lname"); } if (r.getParameter("mname") != null) { - buildup.setMname(r.getParameter("mname")); + mname = r.getParameter("mname"); } if (r.getParameter("suffix") != null) { - buildup.setSuffix(r.getParameter("suffix")); + suffix = r.getParameter("suffix"); } if (r.getParameter("email") != null) { - buildup.setEmail(r.getParameter("email")); + email = r.getParameter("email"); } + buildupName = new Name(fname, lname, mname, suffix); general = "1".equals(r.getParameter("general")); country = "1".equals(r.getParameter("country")); regional = "1".equals(r.getParameter("regional")); radius = "1".equals(r.getParameter("radius")); - myDoB.update(r); + try { + myDoB.update(r); + } catch (GigiApiException e) { + } } @Override public synchronized boolean submit(PrintWriter out, HttpServletRequest req) { + if (RegisterPage.RATE_LIMIT.isLimitExceeded(req.getRemoteAddr())) { + outputError(out, req, "Rate Limit Exceeded"); + return false; + } + update(req); - if (buildup.getFname().equals("") || buildup.getLname().equals("")) { - outputError(out, req, "First and/or last names were blank."); + if (buildupName.getLname().trim().equals("")) { + outputError(out, req, "Last name were blank."); } if ( !myDoB.isValid()) { outputError(out, req, "Invalid date of birth"); } - if ( !"1".equals(req.getParameter("cca_agree"))) { - outputError(out, req, "You have to agree to the CAcert Community agreement."); + + if ( !CalendarUtil.isOfAge(myDoB.getDate(), User.MINIMUM_AGE)) { + outputError(out, req, "Entered dated of birth is below the restricted age requirements."); + } + + if ( !"1".equals(req.getParameter("tos_agree"))) { + outputError(out, req, "Acceptance of the ToS is required to continue."); } - if (buildup.getEmail().equals("")) { + if (email.equals("")) { outputError(out, req, "Email Address was blank"); } String pw1 = req.getParameter("pword1"); @@ -108,41 +123,34 @@ public class Signup extends Form { } else if ( !pw1.equals(pw2)) { outputError(out, req, "Pass Phrases don't match"); } - int pwpoints = PasswordStrengthChecker.checkpw(pw1, buildup); + int pwpoints = PasswordStrengthChecker.checkpw(pw1, buildupName, email); if (pwpoints < 3) { outputError(out, req, "The Pass Phrase you submitted failed to contain enough" + " differing characters and/or contained words from" + " your name and/or email address."); } if (isFailed(out)) { return false; } - try { - PreparedStatement q1 = DatabaseConnection.getInstance().prepare("select * from `emails` where `email`=? and `deleted`=0"); - PreparedStatement q2 = DatabaseConnection.getInstance().prepare("select * from `users` where `email`=? and `deleted`=0"); - q1.setString(1, buildup.getEmail()); - q2.setString(1, buildup.getEmail()); - ResultSet r1 = q1.executeQuery(); - ResultSet r2 = q2.executeQuery(); + try (GigiPreparedStatement q1 = new GigiPreparedStatement("SELECT * FROM `emails` WHERE `email`=? AND `deleted` IS NULL"); GigiPreparedStatement q2 = new GigiPreparedStatement("SELECT * FROM `certOwners` INNER JOIN `users` ON `users`.`id`=`certOwners`.`id` WHERE `email`=? AND `deleted` IS NULL")) { + q1.setString(1, email); + q2.setString(1, email); + GigiResultSet r1 = q1.executeQuery(); + GigiResultSet r2 = q2.executeQuery(); if (r1.next() || r2.next()) { outputError(out, req, "This email address is currently valid in the system."); } - r1.close(); - r2.close(); - PreparedStatement q3 = DatabaseConnection.getInstance().prepare("select `domain` from `baddomains` where `domain`=RIGHT(?, LENGTH(`domain`))"); - q3.setString(1, buildup.getEmail()); + } + try (GigiPreparedStatement q3 = new GigiPreparedStatement("SELECT `domain` FROM `baddomains` WHERE `domain`=RIGHT(?, LENGTH(`domain`))")) { + q3.setString(1, email); - ResultSet r3 = q3.executeQuery(); + GigiResultSet r3 = q3.executeQuery(); if (r3.next()) { String domain = r3.getString(1); outputError(out, req, "We don't allow signups from people using email addresses from %s", domain); } - r3.close(); - } catch (SQLException e) { - e.printStackTrace(); - outputError(out, req, "an internal error happened"); } String mailResult = EmailProvider.FAIL; try { - mailResult = EmailProvider.getInstance().checkEmailServer(0, buildup.getEmail()); + mailResult = HTMLEncoder.encodeHTML(EmailProvider.getInstance().checkEmailServer(0, email)); } catch (IOException e) { } if ( !mailResult.equals(EmailProvider.OK)) { @@ -165,33 +173,25 @@ public class Signup extends Form { run(req, pw1); } catch (SQLException e) { e.printStackTrace(); + } catch (GigiApiException e) { + e.format(out, Page.getLanguage(req)); + return false; } return true; } - private void run(HttpServletRequest req, String password) throws SQLException { - try { - DatabaseConnection.getInstance().beginTransaction(); - - buildup.setDob(myDoB.getDate()); - buildup.insert(password); - int memid = buildup.getId(); - EmailAddress ea = new EmailAddress(buildup.getEmail(), buildup); - ea.insert(Page.getLanguage(req)); - - PreparedStatement ps = DatabaseConnection.getInstance().prepare("insert into `alerts` set `memid`=?," + " `general`=?, `country`=?, `regional`=?, `radius`=?"); - ps.setInt(1, memid); - ps.setString(2, general ? "1" : "0"); - ps.setString(3, country ? "1" : "0"); - ps.setString(4, regional ? "1" : "0"); - ps.setString(5, radius ? "1" : "0"); - ps.execute(); - Notary.writeUserAgreement(memid, "CCA", "account creation", "", true, 0); + private void run(HttpServletRequest req, String password) throws SQLException, GigiApiException { + User u = new User(email, password, buildupName, myDoB.getDate(), Page.getLanguage(req).getLocale()); - DatabaseConnection.getInstance().commitTransaction(); - } finally { - DatabaseConnection.getInstance().quitTransaction(); + try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `alerts` SET `memid`=?," + " `general`=?, `country`=?, `regional`=?, `radius`=?")) { + ps.setInt(1, u.getId()); + ps.setBoolean(2, general); + ps.setBoolean(3, country); + ps.setBoolean(4, regional); + ps.setBoolean(5, radius); + ps.execute(); } + Notary.writeUserAgreement(u, "ToS", "account creation", "", true, 0); } }