1 | /*
|
---|
2 | * Created on Dec 1, 2004
|
---|
3 | * Copyright (C) Andrea Schweer, 2004
|
---|
4 | *
|
---|
5 | * This file is part of the Greenstone Alerting Service.
|
---|
6 | * Refer to the COPYING file in the base directory of this package
|
---|
7 | * for licensing information.
|
---|
8 | */
|
---|
9 | package org.greenstone.gsdlas.users;
|
---|
10 |
|
---|
11 | import java.sql.*;
|
---|
12 | import java.util.Map;
|
---|
13 |
|
---|
14 | import javax.servlet.http.HttpSession;
|
---|
15 |
|
---|
16 | import org.greenstone.gsdlas.database.DatabaseManager;
|
---|
17 |
|
---|
18 | /**
|
---|
19 | * @author andrea
|
---|
20 | *
|
---|
21 | * TODO To change the template for this generated type comment go to
|
---|
22 | * Window - Preferences - Java - Code Style - Code Templates
|
---|
23 | */
|
---|
24 | public class UserManager {
|
---|
25 | private static UserManager instance;
|
---|
26 |
|
---|
27 | private UserManager() {
|
---|
28 | // hide constructor
|
---|
29 | }
|
---|
30 |
|
---|
31 | static public UserManager getInstance() {
|
---|
32 | if (instance == null) {
|
---|
33 | instance = new UserManager();
|
---|
34 | }
|
---|
35 | return instance;
|
---|
36 | }
|
---|
37 |
|
---|
38 | /**
|
---|
39 | * @param session
|
---|
40 | * @return
|
---|
41 | */
|
---|
42 | public boolean isLoggedIn(HttpSession session) {
|
---|
43 | if (session.getCreationTime() - session.getLastAccessedTime() > session.getMaxInactiveInterval())
|
---|
44 | return false;
|
---|
45 | return session.getAttribute("username") != null;
|
---|
46 | }
|
---|
47 |
|
---|
48 | /**
|
---|
49 | * @param arguments
|
---|
50 | * @param session
|
---|
51 | * @throws PasswordMismatchException
|
---|
52 | * @throws UserManagementException
|
---|
53 | */
|
---|
54 | public void createUser(Map arguments, HttpSession session) throws PasswordMismatchException, UserManagementException {
|
---|
55 | if (!arguments.get("password").equals(arguments.get("password2"))) {
|
---|
56 | throw new PasswordMismatchException("The passwords don't match");
|
---|
57 | }
|
---|
58 | String username = (String) arguments.get("username");
|
---|
59 |
|
---|
60 | byte[] password = ((String) arguments.get("password")).getBytes();
|
---|
61 |
|
---|
62 | byte[] pwdHash = password;
|
---|
63 | // try {
|
---|
64 | // pwdHash = MessageDigest.getInstance("MD5").digest(password);
|
---|
65 | // } catch (NoSuchAlgorithmException e) {
|
---|
66 | // e.printStackTrace();
|
---|
67 | // throw new UserManagementException("could not create user", e);
|
---|
68 | // }
|
---|
69 |
|
---|
70 | try {
|
---|
71 | Connection conn = DatabaseManager.getInstance().getDatabaseConnection();
|
---|
72 | Statement statement = conn.createStatement();
|
---|
73 | statement.executeUpdate("INSERT INTO users (username, password) " +
|
---|
74 | "VALUES ('" + username + "','" + new String(pwdHash) + "')");
|
---|
75 | } catch (Exception e) {
|
---|
76 | e.printStackTrace();
|
---|
77 | throw new UserManagementException("could not create user", e);
|
---|
78 | }
|
---|
79 |
|
---|
80 | }
|
---|
81 |
|
---|
82 | /**
|
---|
83 | * @param arguments
|
---|
84 | * @param session
|
---|
85 | * @throws UserManagementException
|
---|
86 | */
|
---|
87 | public void loginUser(Map arguments, HttpSession session) throws UserManagementException {
|
---|
88 | String username = (String) arguments.get("username");
|
---|
89 |
|
---|
90 | if (isLoggedIn(session) && session.getAttribute("username").equals(username)) {
|
---|
91 | return; // already logged in
|
---|
92 | }
|
---|
93 |
|
---|
94 | byte[] password = ((String) arguments.get("password")).getBytes();
|
---|
95 |
|
---|
96 | byte[] pwdHash = password;
|
---|
97 | try {
|
---|
98 | // pwdHash = MessageDigest.getInstance("MD5").digest(password);
|
---|
99 |
|
---|
100 | Connection conn = DatabaseManager.getInstance().getDatabaseConnection();
|
---|
101 | Statement statement = conn.createStatement();
|
---|
102 | ResultSet results = statement.executeQuery("SELECT password " +
|
---|
103 | "FROM users WHERE username like '" + username + "';");
|
---|
104 | String pwdFromDB = "";
|
---|
105 | if(results.next()) {
|
---|
106 | pwdFromDB = results.getString("password");
|
---|
107 | }
|
---|
108 | if (!pwdFromDB.equals(new String(pwdHash))) {
|
---|
109 | throw new PasswordMismatchException("user " + username
|
---|
110 | + " is unknown, or the passwords don't match");
|
---|
111 | }
|
---|
112 | session.setAttribute("username", username);
|
---|
113 | } catch (Exception e) {
|
---|
114 | e.printStackTrace();
|
---|
115 | throw new UserManagementException("could not login user", e);
|
---|
116 | }
|
---|
117 |
|
---|
118 | }
|
---|
119 |
|
---|
120 |
|
---|
121 | }
|
---|