From e0e234dd2fe92484e185e12d1eb15537a80fd875 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Wed, 25 Jun 2014 15:31:29 +0200
Subject: [PATCH] Only permit login to verified users. Fix in
 "TestEmailProvider"

---
 src/org/cacert/gigi/email/TestEmailProvider.java | 14 +++++++++-----
 src/org/cacert/gigi/pages/LoginPage.java         |  6 ++++--
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/src/org/cacert/gigi/email/TestEmailProvider.java b/src/org/cacert/gigi/email/TestEmailProvider.java
index 9f37be97..009ecf93 100644
--- a/src/org/cacert/gigi/email/TestEmailProvider.java
+++ b/src/org/cacert/gigi/email/TestEmailProvider.java
@@ -28,11 +28,7 @@ class TestEmailProvider extends EmailProvider {
 			String fromname, String errorsto, boolean extra) throws IOException {
 		boolean sent = false;
 		while (!sent) {
-			if (client == null || client.isClosed()) {
-				client = servs.accept();
-				out = new DataOutputStream(client.getOutputStream());
-				in = new DataInputStream(client.getInputStream());
-			}
+			assureLocalConnection();
 			try {
 				out.writeUTF("mail");
 				write(to);
@@ -47,9 +43,17 @@ class TestEmailProvider extends EmailProvider {
 			}
 		}
 	}
+	private void assureLocalConnection() throws IOException {
+		if (client == null || client.isClosed()) {
+			client = servs.accept();
+			out = new DataOutputStream(client.getOutputStream());
+			in = new DataInputStream(client.getInputStream());
+		}
+	}
 	@Override
 	public String checkEmailServer(int forUid, String address)
 			throws IOException {
+		assureLocalConnection();
 		out.writeUTF("challengeAddrBox");
 		out.writeUTF(address);
 		return in.readUTF();
diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java
index 583a6da8..d88b6983 100644
--- a/src/org/cacert/gigi/pages/LoginPage.java
+++ b/src/org/cacert/gigi/pages/LoginPage.java
@@ -71,8 +71,10 @@ public class LoginPage extends Page {
 		String un = req.getParameter("username");
 		String pw = req.getParameter("password");
 		try {
-			PreparedStatement ps = DatabaseConnection.getInstance().prepare(
-					"SELECT `password`, `id` FROM `users` WHERE `email`=?");
+			PreparedStatement ps = DatabaseConnection
+					.getInstance()
+					.prepare(
+							"SELECT `password`, `id` FROM `users` WHERE `email`=? AND locked='0' AND verified='1'");
 			ps.setString(1, un);
 			ResultSet rs = ps.executeQuery();
 			if (rs.next()) {
-- 
2.39.2