1 package org.paneris.user.controller;
2
3 import java.sql.Connection;
4 import java.sql.ResultSet;
5 import java.sql.Statement;
6
7 import org.paneris.jal.model.DBConnectionManager;
8 import org.paneris.jal.model.DDField;
9 import org.paneris.user.model.User;
10 import org.paneris.util.SessionUtil;
11 import org.webmacro.Template;
12 import org.webmacro.servlet.HandlerException;
13 import org.webmacro.servlet.PanerisPage;
14 import org.webmacro.servlet.WebContext;
15
16 public class LoginUser extends PanerisPage {
17
18 private static final long serialVersionUID = 1L;
19 private static final boolean debug = false;
20 String db;
21
22 public Template handle(WebContext context) throws HandlerException {
23 db = (String) context.getForm("db");
24 context.put("db",db);
25 String idString = (String) context.getForm("username");
26 String loginid = (String) context.getForm("loginid");
27 String send = (String) context.getForm("send");
28 String message = (String) context.getForm("message");
29 context.put("message",message);
30 Integer id = null;
31 String templateName = (String) context.getForm("wmtemplate");
32 if (templateName == null) {
33 templateName = "user/view/UserLogin.wm";
34 }
35
36 if (send == null && idString == null && loginid == null) {
37 if (context.getCGI().getHTTP_REFERER() != null) context.getSession().setAttribute("LoginUserReturnURL", context.getCGI().getHTTP_REFERER());
38 }
39
40 SessionUtil.setReturnURL("LoginUserReturnURL",context);
41 try {
42 DBConnectionManager connMgr = DBConnectionManager.getInstance();
43 Connection conn = connMgr.getConnection("LoginUser",db);
44 Statement s = conn.createStatement();
45 User user;
46 if (send != null) {
47 context.put("error","Your password has been sent to you via email.");
48 } else {
49 if (idString == null) {
50 if (loginid == null) {
51 templateName = User.getLoginPage(context, message);
52 } else {
53 String sqlString = "SELECT id FROM users WHERE loginid = '" + loginid + "'";
54 if (debug)
55 System.err.println("sqlString:" + sqlString);
56 ResultSet rs = s.executeQuery(sqlString);
57 if (rs.next()) {
58 id = new Integer(rs.getInt(1));
59 } else {
60 context.put("error","Sorry, we were unable to log you in, please re-enter your details.");
61 }
62 }
63 } else {
64 id = new Integer(idString);
65 String sqlString = "SELECT id FROM users WHERE id = " + id;
66 if (debug)
67 System.err.println("sqlString:" + sqlString);
68 ResultSet rs = s.executeQuery(sqlString);
69 if (rs.next()) {
70 id = new Integer(rs.getInt(1));
71 } else {
72 id = null;
73 context.put("error","Sorry, we were unable to log you in, please re-enter your details.");
74 }
75 }
76 if (id != null) {
77 user = new User(db,id);
78 DDField passwordField = (DDField) user.get("password");
79
80 if (!loginid.equals("") && user.checkPassword((String) context.getForm("password"))) {
81 user.setLoggedOn(true);
82
83 user.refresh(context);
84 if (debug)
85 System.err.println("Passwords ok for user "+id);
86 templateName = (String) context.getForm("SuccessTemplateName");
87 if (templateName == null) {
88 templateName = "user/view/LoginSuccess.wm";
89 }
90 } else {
91 context.put("error","Sorry, we were unable to log you in, please re-enter your details.");
92 }
93 passwordField.setValue("");
94 }
95 }
96 connMgr.freeConnection(db, conn);
97 } catch (Exception e) {
98 throw new HandlerException(e.toString());
99 }
100
101 try {
102 return (Template) context.getBroker().get("template",templateName);
103 } catch (Exception e) {
104 throw new HandlerException("Could not locate template: " + templateName);
105 }
106 }
107
108 }