Ignore:
Timestamp:
2004-12-06T11:44:03+13:00 (19 years ago)
Author:
schweer
Message:

user authentication works; user information and subscriptions/predicates are stored to thedatabase

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/gsdl3/extensions/gsdl-as/src/org/greenstone/gsdlas/users/UserManager.java

    r8717 r8738  
    99package org.greenstone.gsdlas.users;
    1010
     11import java.sql.*;
    1112import java.util.Map;
    1213
    1314import javax.servlet.http.HttpSession;
     15
     16import org.greenstone.gsdlas.database.DatabaseManager;
    1417
    1518/**
     
    4043        if (session.getCreationTime() - session.getLastAccessedTime() > session.getMaxInactiveInterval())
    4144            return false;
    42        
    43         // TODO Auto-generated method stub
    44         return true;
     45        return session.getAttribute("username") != null;
    4546    }
    4647
     
    4849     * @param arguments
    4950     * @param session
     51     * @throws PasswordMismatchException
     52     * @throws UserManagementException
    5053     */
    51     public void createUser(Map arguments, HttpSession session) {
    52         // TODO Auto-generated method stub
     54    public void createUser(Map arguments, HttpSession session) throws PasswordMismatchException, UserManagementException {
     55        if (!arguments.get("password").equals(arguments.get("password2"))) {
     56            throw new PasswordMismatchException("The passwords don't match");
     57        }
     58        String username = (String) arguments.get("username");
     59       
     60        byte[] password = ((String) arguments.get("password")).getBytes();
     61       
     62        byte[] pwdHash = password;
     63//        try {
     64//            pwdHash = MessageDigest.getInstance("MD5").digest(password);
     65//        } catch (NoSuchAlgorithmException e) {
     66//            e.printStackTrace();
     67//            throw new UserManagementException("could not create user", e);
     68//        }
     69       
     70        try {
     71            Connection conn = DatabaseManager.getInstance().getDatabaseConnection();
     72            Statement statement = conn.createStatement();
     73            statement.executeUpdate("INSERT INTO users (username, password) " +
     74                    "VALUES ('" + username + "','" + new String(pwdHash) + "')");
     75        } catch (Exception e) {
     76            e.printStackTrace();
     77            throw new UserManagementException("could not create user", e);
     78        }
    5379       
    5480    }
     
    5783     * @param arguments
    5884     * @param session
     85     * @throws UserManagementException
    5986     */
    60     public void loginUser(Map arguments, HttpSession session) {
    61         // TODO Auto-generated method stub
     87    public void loginUser(Map arguments, HttpSession session) throws UserManagementException {
     88        String username = (String) arguments.get("username");
    6289       
     90        if (isLoggedIn(session) && session.getAttribute("username").equals(username)) {
     91            return; // already logged in
     92        }
     93       
     94        byte[] password = ((String) arguments.get("password")).getBytes();
     95       
     96        byte[] pwdHash = password;
     97        try {
     98//            pwdHash = MessageDigest.getInstance("MD5").digest(password);
     99           
     100            Connection conn = DatabaseManager.getInstance().getDatabaseConnection();
     101            Statement statement = conn.createStatement();
     102            ResultSet results = statement.executeQuery("SELECT password " +
     103                    "FROM users WHERE username like '" + username + "';");
     104            String pwdFromDB = "";
     105            if(results.next()) {
     106                pwdFromDB = results.getString("password");
     107            }
     108            if (!pwdFromDB.equals(new String(pwdHash))) {
     109                throw new PasswordMismatchException("user " + username
     110                        + " is unknown, or the passwords don't match");
     111            }
     112            session.setAttribute("username", username);
     113        } catch (Exception e) {
     114            e.printStackTrace();
     115            throw new UserManagementException("could not login user", e);
     116        }
     117
    63118    }
    64119   
Note: See TracChangeset for help on using the changeset viewer.