/* * Created on Dec 1, 2004 * Copyright (C) Andrea Schweer, 2004 * * This file is part of the Greenstone Alerting Service. * Refer to the COPYING file in the base directory of this package * for licensing information. */ package org.greenstone.gsdlas.users; import java.sql.*; import java.util.Map; import javax.servlet.http.HttpSession; import org.greenstone.gsdlas.database.DatabaseManager; /** * @author andrea * * TODO To change the template for this generated type comment go to * Window - Preferences - Java - Code Style - Code Templates */ public class UserManager { private static UserManager instance; private UserManager() { // hide constructor } static public UserManager getInstance() { if (instance == null) { instance = new UserManager(); } return instance; } /** * @param session * @return */ public boolean isLoggedIn(HttpSession session) { if (session.getCreationTime() - session.getLastAccessedTime() > session.getMaxInactiveInterval()) return false; return session.getAttribute("username") != null; } /** * @param arguments * @param session * @throws PasswordMismatchException * @throws UserManagementException */ public void createUser(Map arguments, HttpSession session) throws PasswordMismatchException, UserManagementException { if (!arguments.get("password").equals(arguments.get("password2"))) { throw new PasswordMismatchException("The passwords don't match"); } String username = (String) arguments.get("username"); byte[] password = ((String) arguments.get("password")).getBytes(); byte[] pwdHash = password; // try { // pwdHash = MessageDigest.getInstance("MD5").digest(password); // } catch (NoSuchAlgorithmException e) { // e.printStackTrace(); // throw new UserManagementException("could not create user", e); // } try { Connection conn = DatabaseManager.getInstance().getDatabaseConnection(); Statement statement = conn.createStatement(); statement.executeUpdate("INSERT INTO users (username, password) " + "VALUES ('" + username + "','" + new String(pwdHash) + "')"); } catch (Exception e) { e.printStackTrace(); throw new UserManagementException("could not create user", e); } } /** * @param arguments * @param session * @throws UserManagementException */ public void loginUser(Map arguments, HttpSession session) throws UserManagementException { String username = (String) arguments.get("username"); if (isLoggedIn(session) && session.getAttribute("username").equals(username)) { return; // already logged in } byte[] password = ((String) arguments.get("password")).getBytes(); byte[] pwdHash = password; try { // pwdHash = MessageDigest.getInstance("MD5").digest(password); Connection conn = DatabaseManager.getInstance().getDatabaseConnection(); Statement statement = conn.createStatement(); ResultSet results = statement.executeQuery("SELECT password " + "FROM users WHERE username like '" + username + "';"); String pwdFromDB = ""; if(results.next()) { pwdFromDB = results.getString("password"); } if (!pwdFromDB.equals(new String(pwdHash))) { throw new PasswordMismatchException("user " + username + " is unknown, or the passwords don't match"); } session.setAttribute("username", username); } catch (Exception e) { e.printStackTrace(); throw new UserManagementException("could not login user", e); } } }