Only permit login to verified users. Fix in "TestEmailProvider"

author Felix Dörre <felix@dogcraft.de>

Wed, 25 Jun 2014 13:31:29 +0000 (15:31 +0200)

committer Felix Dörre <felix@dogcraft.de>

Wed, 25 Jun 2014 13:31:29 +0000 (15:31 +0200)
author Felix Dörre <felix@dogcraft.de>
Wed, 25 Jun 2014 13:31:29 +0000 (15:31 +0200)
committer Felix Dörre <felix@dogcraft.de>
Wed, 25 Jun 2014 13:31:29 +0000 (15:31 +0200)
diff --git a/src/org/cacert/gigi/email/TestEmailProvider.java b/src/org/cacert/gigi/email/TestEmailProvider.java

index 9f37be97f3966bcb7091c1fa328eae5446de830f..009ecf930c134c508264dcd6ea8a503b6dfe7569 100644 (file)
--- a/src/org/cacert/gigi/email/TestEmailProvider.java
+++ b/src/org/cacert/gigi/email/TestEmailProvider.java
@@ -28,11 +28,7 @@ class TestEmailProvider extends EmailProvider {
                         String fromname, String errorsto, boolean extra) throws IOException {
                 boolean sent = false;
                 while (!sent) {
-                       if (client == null || client.isClosed()) {
-                               client = servs.accept();
-                               out = new DataOutputStream(client.getOutputStream());
-                               in = new DataInputStream(client.getInputStream());
-                       }
+                       assureLocalConnection();
                         try {
                                 out.writeUTF("mail");
                                 write(to);
@@ -47,9 +43,17 @@ class TestEmailProvider extends EmailProvider {
                         }
                 }
         }
+       private void assureLocalConnection() throws IOException {
+               if (client == null || client.isClosed()) {
+                       client = servs.accept();
+                       out = new DataOutputStream(client.getOutputStream());
+                       in = new DataInputStream(client.getInputStream());
+               }
+       }
         @Override
         public String checkEmailServer(int forUid, String address)
                         throws IOException {
+               assureLocalConnection();
                 out.writeUTF("challengeAddrBox");
                 out.writeUTF(address);
                 return in.readUTF();
diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java

index 583a6da88168dd380ab70e3864f6bd94e2613d47..d88b6983b23611eefda46801db4a6dd6202b2790 100644 (file)
--- a/src/org/cacert/gigi/pages/LoginPage.java
+++ b/src/org/cacert/gigi/pages/LoginPage.java
@@ -71,8 +71,10 @@ public class LoginPage extends Page {
                 String un = req.getParameter("username");
                 String pw = req.getParameter("password");
                 try {
-                       PreparedStatement ps = DatabaseConnection.getInstance().prepare(
-                                       "SELECT `password`, `id` FROM `users` WHERE `email`=?");
+                       PreparedStatement ps = DatabaseConnection
+                                       .getInstance()
+                                       .prepare(
+                                                       "SELECT `password`, `id` FROM `users` WHERE `email`=? AND locked='0' AND verified='1'");
                         ps.setString(1, un);
                         ResultSet rs = ps.executeQuery();
                         if (rs.next()) {
author	Felix Dörre <felix@dogcraft.de>
	Wed, 25 Jun 2014 13:31:29 +0000 (15:31 +0200)
committer	Felix Dörre <felix@dogcraft.de>
	Wed, 25 Jun 2014 13:31:29 +0000 (15:31 +0200)
src/org/cacert/gigi/email/TestEmailProvider.java		patch \| blob \| history
src/org/cacert/gigi/pages/LoginPage.java		patch \| blob \| history