- Timestamp:
- 2004-12-06T11:44:03+13:00 (19 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/gsdl3/extensions/gsdl-as/src/org/greenstone/gsdlas/users/UserManager.java
r8717 r8738 9 9 package org.greenstone.gsdlas.users; 10 10 11 import java.sql.*; 11 12 import java.util.Map; 12 13 13 14 import javax.servlet.http.HttpSession; 15 16 import org.greenstone.gsdlas.database.DatabaseManager; 14 17 15 18 /** … … 40 43 if (session.getCreationTime() - session.getLastAccessedTime() > session.getMaxInactiveInterval()) 41 44 return false; 42 43 // TODO Auto-generated method stub 44 return true; 45 return session.getAttribute("username") != null; 45 46 } 46 47 … … 48 49 * @param arguments 49 50 * @param session 51 * @throws PasswordMismatchException 52 * @throws UserManagementException 50 53 */ 51 public void createUser(Map arguments, HttpSession session) { 52 // TODO Auto-generated method stub 54 public void createUser(Map arguments, HttpSession session) throws PasswordMismatchException, UserManagementException { 55 if (!arguments.get("password").equals(arguments.get("password2"))) { 56 throw new PasswordMismatchException("The passwords don't match"); 57 } 58 String username = (String) arguments.get("username"); 59 60 byte[] password = ((String) arguments.get("password")).getBytes(); 61 62 byte[] pwdHash = password; 63 // try { 64 // pwdHash = MessageDigest.getInstance("MD5").digest(password); 65 // } catch (NoSuchAlgorithmException e) { 66 // e.printStackTrace(); 67 // throw new UserManagementException("could not create user", e); 68 // } 69 70 try { 71 Connection conn = DatabaseManager.getInstance().getDatabaseConnection(); 72 Statement statement = conn.createStatement(); 73 statement.executeUpdate("INSERT INTO users (username, password) " + 74 "VALUES ('" + username + "','" + new String(pwdHash) + "')"); 75 } catch (Exception e) { 76 e.printStackTrace(); 77 throw new UserManagementException("could not create user", e); 78 } 53 79 54 80 } … … 57 83 * @param arguments 58 84 * @param session 85 * @throws UserManagementException 59 86 */ 60 public void loginUser(Map arguments, HttpSession session) {61 // TODO Auto-generated method stub87 public void loginUser(Map arguments, HttpSession session) throws UserManagementException { 88 String username = (String) arguments.get("username"); 62 89 90 if (isLoggedIn(session) && session.getAttribute("username").equals(username)) { 91 return; // already logged in 92 } 93 94 byte[] password = ((String) arguments.get("password")).getBytes(); 95 96 byte[] pwdHash = password; 97 try { 98 // pwdHash = MessageDigest.getInstance("MD5").digest(password); 99 100 Connection conn = DatabaseManager.getInstance().getDatabaseConnection(); 101 Statement statement = conn.createStatement(); 102 ResultSet results = statement.executeQuery("SELECT password " + 103 "FROM users WHERE username like '" + username + "';"); 104 String pwdFromDB = ""; 105 if(results.next()) { 106 pwdFromDB = results.getString("password"); 107 } 108 if (!pwdFromDB.equals(new String(pwdHash))) { 109 throw new PasswordMismatchException("user " + username 110 + " is unknown, or the passwords don't match"); 111 } 112 session.setAttribute("username", username); 113 } catch (Exception e) { 114 e.printStackTrace(); 115 throw new UserManagementException("could not login user", e); 116 } 117 63 118 } 64 119
Note:
See TracChangeset
for help on using the changeset viewer.