1 41 package com.mvnforum.user; 42 43 import java.io.*; 44 import java.sql.Date ; 45 import java.sql.Timestamp ; 46 import java.util.*; 47 48 import javax.mail.MessagingException ; 49 import javax.servlet.http.HttpServletRequest ; 50 import javax.servlet.http.HttpServletResponse ; 51 52 import net.myvietnam.mvncore.exception.*; 53 import net.myvietnam.mvncore.filter.DisableHtmlTagFilter; 54 import net.myvietnam.mvncore.interceptor.InterceptorService; 55 import net.myvietnam.mvncore.security.*; 56 import net.myvietnam.mvncore.service.BinaryStorage; 57 import net.myvietnam.mvncore.util.*; 58 import net.myvietnam.mvncore.web.*; 59 import net.myvietnam.mvncore.web.fileupload.FileItem; 60 import net.myvietnam.mvncore.web.fileupload.FileUploadException; 61 62 import org.apache.commons.io.IOUtils; 63 import org.apache.commons.logging.Log; 64 import org.apache.commons.logging.LogFactory; 65 66 import com.mvnforum.*; 67 import com.mvnforum.auth.*; 68 import com.mvnforum.common.SendMailUtil; 69 import com.mvnforum.db.*; 70 import com.mvnforum.search.member.MemberIndexer; 71 72 import freemarker.template.*; 73 74 public class MemberWebHandler { 75 76 private static Log log = LogFactory.getLog(MemberWebHandler.class); 77 78 private OnlineUserManager onlineUserManager = OnlineUserManager.getInstance(); 79 80 public MemberWebHandler() { 81 } 82 83 public void prepareAdd(GenericRequest request) 84 throws AssertionException, DatabaseException, AuthenticationException { 85 86 Locale locale = I18nUtil.getLocaleInRequest(request); 87 88 if (MVNForumConfig.getEnableNewMember() == false) { 89 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.AssertionException.cannot_register.new_member_is_disabled"); 90 throw new AssertionException(localizedMessage); 91 } 93 94 OnlineUser onlineUser = onlineUserManager.getOnlineUser(request); 95 if (MVNForumConfig.getEnableCaptcha()) { 96 onlineUser.buildNewCaptcha(); 97 } 98 } 99 100 public void processAdd(GenericRequest request, GenericResponse response) 101 throws BadInputException, ObjectNotFoundException, CreateException, DatabaseException, InterceptorException, 102 DuplicateKeyException, ForeignKeyNotFoundException, AssertionException, FloodException, AssertionException, 103 DatabaseException, AuthenticationException { 104 105 Locale locale = I18nUtil.getLocaleInRequest(request); 106 if (MVNForumConfig.getEnableNewMember() == false) { 107 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.AssertionException.cannot_register.new_member_is_disabled"); 108 throw new AssertionException(localizedMessage); 109 } 111 112 OnlineUser onlineUser = onlineUserManager.getOnlineUser(request); 114 115 MyUtil.saveVNTyperMode(request, response); 116 117 String currentIP = request.getRemoteAddr(); 118 try { 119 FloodControl.ensureNotReachMaximum(MVNForumGlobal.FLOOD_ID_NEW_MEMBER, currentIP); 120 } catch (FloodException fe) { 121 Integer maxRegisters = new Integer (FloodControl.getActionsPerHour(MVNForumGlobal.FLOOD_ID_NEW_MEMBER)); 123 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.FloodException.register_too_many_times", new Object [] { maxRegisters }); 124 throw new FloodException(localizedMessage); 125 } 126 Timestamp now = DateUtil.getCurrentGMTTimestamp(); 127 128 String memberName = GenericParamUtil.getParameterSafe(request, "MemberName", true); 130 if ( memberName.equalsIgnoreCase(MVNForumConfig.getDefaultGuestName()) || 131 memberName.equalsIgnoreCase("Guest") || 132 memberName.equalsIgnoreCase("Administrator") || 133 memberName.equalsIgnoreCase("Moderator") ) { 134 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.BadInputException.cannot_register_with_reserved_name", new Object [] {memberName}); 135 throw new BadInputException(localizedMessage); 136 } 138 StringUtil.checkGoodName(memberName); 139 InterceptorService.getInstance().validateLoginID(memberName); 140 if (memberName.length() > MVNForumGlobal.MAX_MEMBER_LOGIN_LENGTH) { 141 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.BadInputException.member_name_too_long"); 142 throw new BadInputException(localizedMessage); 143 } 145 146 String memberPassword1 = GenericParamUtil.getParameterPassword(request, "MemberMatkhau", 3, 0); 147 String memberPassword2 = GenericParamUtil.getParameterPassword(request, "MemberMatkhauConfirm", 3, 0); 148 if (!memberPassword1.equals(memberPassword2)) { 149 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.BadInputException.confirmed_password_is_not_match"); 150 throw new BadInputException(localizedMessage); 151 } 153 String memberPassword = Encoder.getMD5_Base64(memberPassword1); 154 155 String memberEmail = GenericParamUtil.getParameterEmail(request, "MemberEmail"); 156 String memberEmailConfirm = GenericParamUtil.getParameterEmail(request, "MemberEmailConfirm"); 157 if (!memberEmail.equals(memberEmailConfirm)) { 158 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.BadInputException.confirmed_email_is_not_match"); 159 throw new BadInputException(localizedMessage); 160 } 162 String memberFirstEmail = memberEmail; 163 if (memberEmail.length() > MVNForumGlobal.MAX_MEMBER_EMAIL_LENGTH) { 164 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.BadInputException.member_email_too_long"); 165 throw new BadInputException(localizedMessage); 166 } 168 InterceptorService.getInstance().validateMail(memberFirstEmail); 169 170 int memberEmailVisible = GenericParamUtil.getParameterBoolean(request, "MemberEmailVisible")? MemberBean.MEMBER_EMAIL_VISIBLE : MemberBean.MEMBER_EMAIL_INVISIBLE; 171 int memberNameVisible = GenericParamUtil.getParameterBoolean(request, "MemberNameVisible") ? MemberBean.MEMBER_NAME_VISIBLE : MemberBean.MEMBER_NAME_INVISIBLE; 172 String memberFirstIP = currentIP; 173 String memberLastIP = currentIP; 174 Timestamp memberCreationDate= now; 175 Timestamp memberModifiedDate= now; 176 Timestamp memberLastLogon = now; int memberOption = 0; int memberStatus = MemberBean.MEMBER_STATUS_ENABLE; String memberActivateCode = ""; int memberMessageOption = 0; int memberPostsPerPage = GenericParamUtil.getParameterInt(request, "MemberPostsPerPage", 10); 182 if (memberPostsPerPage < 5) { 183 memberPostsPerPage = 5; 184 } 185 String memberTitle = ""; 186 double memberTimeZone = GenericParamUtil.getParameterTimeZone(request, "MemberTimeZone"); 187 String memberSkin = ""; 188 String memberLanguage = GenericParamUtil.getParameterSafe(request, "MemberLanguage", false); 189 String memberFirstname = GenericParamUtil.getParameterSafe(request, "MemberFirstname", true); 190 String memberLastname = GenericParamUtil.getParameterSafe(request, "MemberLastname", true); 191 int memberGender = GenericParamUtil.getParameterBoolean(request, "MemberGender") ? 1 : 0; 192 193 Date memberBirthday = GenericParamUtil.getParameterDate(request, "day", "month", "year"); 195 196 205 206 String memberAddress = GenericParamUtil.getParameterSafe(request, "MemberAddress", false); 207 String memberCity = GenericParamUtil.getParameterSafe(request, "MemberCity", false); 208 String memberState = GenericParamUtil.getParameterSafe(request, "MemberState", false); 209 String memberCountry = GenericParamUtil.getParameterSafe(request, "MemberCountry", false); 210 String memberPhone = GenericParamUtil.getParameterSafe(request, "MemberPhone", false); 211 String memberMobile = GenericParamUtil.getParameterSafe(request, "MemberMobile", false); 212 String memberFax = GenericParamUtil.getParameterSafe(request, "MemberFax", false); 213 String memberCareer = GenericParamUtil.getParameterSafe(request, "MemberCareer", false); 214 String memberHomepage = GenericParamUtil.getParameterUrl(request, "MemberHomepage"); 215 String memberYahoo = GenericParamUtil.getParameterSafe(request, "MemberYahoo", false); 216 String memberAol = GenericParamUtil.getParameterSafe(request, "MemberAol", false); 217 String memberIcq = GenericParamUtil.getParameterSafe(request, "MemberIcq", false); 218 String memberMsn = GenericParamUtil.getParameterSafe(request, "MemberMsn", false); 219 String memberCoolLink1 = GenericParamUtil.getParameterUrl(request, "MemberCoolLink1"); 220 String memberCoolLink2 = GenericParamUtil.getParameterUrl(request, "MemberCoolLink2"); 221 222 if (MVNForumConfig.getEnableCaptcha()) { 224 String captchaResponse = GenericParamUtil.getParameterSafe(request, "CaptchaResponse", false); 225 onlineUser.ensureCorrectCaptchaResponse(captchaResponse); 226 } 227 Timestamp memberExpireDate = memberCreationDate; if (MVNForumConfig.getEnableCompany()) { 229 memberExpireDate = DateUtil.getCurrentGMTTimestampExpiredDay(MVNForumConfig.getExpireDateTutor()); 230 } 231 232 DAOFactory.getMemberDAO().create(memberName, memberPassword, memberFirstEmail, 233 memberEmail, memberEmailVisible, memberNameVisible, 234 memberFirstIP, memberLastIP, 0, 235 0, memberCreationDate, memberModifiedDate, memberExpireDate, 236 memberLastLogon, memberOption, memberStatus, 237 memberActivateCode, "", 0, 238 memberMessageOption, memberPostsPerPage, 0, 239 0, 0, 0, 240 memberTitle, memberTimeZone, "", 241 "", memberSkin, memberLanguage, 242 memberFirstname, memberLastname, memberGender, 243 memberBirthday, memberAddress, memberCity, 244 memberState, memberCountry, memberPhone, 245 memberMobile, memberFax, memberCareer, 246 memberHomepage, memberYahoo, memberAol, 247 memberIcq, memberMsn, memberCoolLink1, 248 memberCoolLink2); 249 250 int memberID = 0; 252 try { 253 memberID = DAOFactory.getMemberDAO().getMemberIDFromMemberName(memberName); 254 } catch (ObjectNotFoundException e) { 255 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.ObjectNotFoundException.membername_not_exists", new Object [] {memberName}); 256 throw new ObjectNotFoundException(localizedMessage); 257 } 258 259 int folderStatus = 0; 260 int folderOption = 0; 261 int folderType = 0; 262 DAOFactory.getMessageFolderDAO().create(MVNForumConstant.MESSAGE_FOLDER_INBOX, memberID, 0, folderStatus, folderOption, folderType, now, now); 263 DAOFactory.getMessageFolderDAO().create(MVNForumConstant.MESSAGE_FOLDER_DRAFT, memberID, 1, folderStatus, folderOption, folderType, now, now); 264 DAOFactory.getMessageFolderDAO().create(MVNForumConstant.MESSAGE_FOLDER_SENT, memberID, 2, folderStatus, folderOption, folderType, now, now); 265 DAOFactory.getMessageFolderDAO().create(MVNForumConstant.MESSAGE_FOLDER_TRASH, memberID, 3, folderStatus, folderOption, folderType, now, now); 266 267 FloodControl.increaseCount(MVNForumGlobal.FLOOD_ID_NEW_MEMBER, currentIP); 268 269 if (MVNForumConfig.getEnableCaptcha()) { 270 onlineUser.destroyCurrentCaptcha(); 271 } 272 273 MemberBean memberBean = null; 275 try { 276 memberBean = DAOFactory.getMemberDAO().getMember_forPublic(memberID); 277 } catch(ObjectNotFoundException ex) { 278 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.ObjectNotFoundException.memberid_not_exists", new Object [] {new Integer (memberID)}); 279 throw new ObjectNotFoundException(localizedMessage); 280 } 281 MemberIndexer.scheduleAddMemberTask(memberBean); 282 283 request.setAttribute("MemberBean", memberBean); 284 285 if (MVNForumConfig.getRequireActivation()) { 287 String serverName = ParamUtil.getServerPath(); try { 289 SendMailUtil.sendActivationCodeEmail(memberID, serverName); 290 } catch (Exception ex) { 291 log.error("Cannot send mail after registration!", ex); 292 request.setAttribute("mvnforum.mail.failed", "Cannot send activation email after registration!"); 293 } 295 } 296 297 String companySpaceName = GenericParamUtil.getParameterSafe(request, "CompanySpaceName", false); 299 if (companySpaceName.length() > 0) { 300 try { 301 int companyID = DAOFactory.getCompanyDAO().getCompanyIDFromCompanySpaceName(companySpaceName); 302 CompanyBean companyBean = DAOFactory.getCompanyDAO().getCompany(companyID); 303 304 int privilege = 0; 305 DAOFactory.getMemberGroupDAO().create(companyBean.getGroupID(), memberName, privilege, 306 now, now); 307 308 int isActive = 0; 309 int relationType = 0; 310 int relationOption = 0; 311 int relationStatus = 0; 312 Timestamp expireDate = new Timestamp (now.getTime() + DateUtil.DAY * 90); 313 DAOFactory.getMemberCompanyDAO().create(memberID, memberName, companyID, 314 now, expireDate, isActive, 315 relationType, relationOption, relationStatus); 316 } catch (ObjectNotFoundException ex) { 317 } 319 } 320 } 322 323 public void processUpdate(GenericRequest request, GenericResponse response) 324 throws BadInputException, ObjectNotFoundException, DatabaseException, AuthenticationException, AssertionException { 325 326 OnlineUser onlineUser = onlineUserManager.getOnlineUser(request); 327 MVNForumPermission permission = onlineUser.getPermission(); 328 permission.ensureIsAuthenticated(); 329 330 MyUtil.saveVNTyperMode(request, response); 331 332 int memberID = onlineUser.getMemberID(); 333 334 Timestamp now = DateUtil.getCurrentGMTTimestamp(); 335 336 int memberEmailVisible = GenericParamUtil.getParameterBoolean(request, "MemberEmailVisible")? MemberBean.MEMBER_EMAIL_VISIBLE : MemberBean.MEMBER_EMAIL_INVISIBLE; 338 int memberNameVisible = GenericParamUtil.getParameterBoolean(request, "MemberNameVisible") ? MemberBean.MEMBER_NAME_VISIBLE : MemberBean.MEMBER_NAME_INVISIBLE; 339 int memberOption = 0; int memberStatus = 0; int memberMessageOption = 0; int memberPostsPerPage = GenericParamUtil.getParameterInt(request, "MemberPostsPerPage"); 343 if (memberPostsPerPage < 5) { 344 memberPostsPerPage = 5; 345 } 346 double memberTimeZone = GenericParamUtil.getParameterTimeZone(request, "MemberTimeZone"); 347 String memberSkin = GenericParamUtil.getParameterSafe(request, "MemberSkin", false); 348 String memberLanguage = GenericParamUtil.getParameterSafe(request, "MemberLanguage", false); 349 String memberFirstname = GenericParamUtil.getParameterSafe(request, "MemberFirstname", true); 350 String memberLastname = GenericParamUtil.getParameterSafe(request, "MemberLastname", true); 351 int memberGender = GenericParamUtil.getParameterBoolean(request, "MemberGender")? 1 : 0; 352 Date memberBirthday = GenericParamUtil.getParameterDate(request, "MemberBirthday"); 353 String memberAddress = GenericParamUtil.getParameterSafe(request, "MemberAddress", false); 354 String memberCity = GenericParamUtil.getParameterSafe(request, "MemberCity", false); 355 String memberState = GenericParamUtil.getParameterSafe(request, "MemberState", false); 356 String memberCountry = GenericParamUtil.getParameterSafe(request, "MemberCountry", false); 357 String memberPhone = GenericParamUtil.getParameterSafe(request, "MemberPhone", false); 358 String memberMobile = GenericParamUtil.getParameterSafe(request, "MemberMobile", false); 359 String memberFax = GenericParamUtil.getParameterSafe(request, "MemberFax", false); 360 String memberCareer = GenericParamUtil.getParameterSafe(request, "MemberCareer", false); 361 String memberHomepage = GenericParamUtil.getParameterUrl(request, "MemberHomepage"); 362 String memberYahoo = GenericParamUtil.getParameterSafe(request, "MemberYahoo", false); 363 String memberAol = GenericParamUtil.getParameterSafe(request, "MemberAol", false); 364 String memberIcq = GenericParamUtil.getParameterSafe(request, "MemberIcq", false); 365 String memberMsn = GenericParamUtil.getParameterSafe(request, "MemberMsn", false); 366 String memberCoolLink1 = GenericParamUtil.getParameterUrl(request, "MemberCoolLink1"); 367 String memberCoolLink2 = GenericParamUtil.getParameterUrl(request, "MemberCoolLink2"); 368 369 DAOFactory.getMemberDAO().update(memberID, memberEmailVisible, memberNameVisible, now, 371 memberOption, memberStatus, memberMessageOption, 372 memberPostsPerPage, memberTimeZone, memberSkin, 373 memberLanguage, memberFirstname, memberLastname, 374 memberGender, memberBirthday, memberAddress, 375 memberCity, memberState, memberCountry, 376 memberPhone, memberMobile, memberFax, 377 memberCareer, memberHomepage, memberYahoo, 378 memberAol, memberIcq, memberMsn, 379 memberCoolLink1, memberCoolLink2); 380 381 onlineUser.reloadProfile(); 383 MemberBean justAddedMemberBean = null; 384 try { 385 justAddedMemberBean = DAOFactory.getMemberDAO().getMember_forPublic(memberID); 386 } catch(ObjectNotFoundException ex) { 387 Locale locale = I18nUtil.getLocaleInRequest(request); 388 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.ObjectNotFoundException.memberid_not_exists", new Object [] {new Integer (memberID)}); 389 throw new ObjectNotFoundException(localizedMessage); 390 } 391 MemberIndexer.scheduleUpdateMemberTask(justAddedMemberBean); 392 393 } 394 395 398 public void prepareEditEmail(GenericRequest request) 399 throws DatabaseException, ObjectNotFoundException, AuthenticationException, AssertionException { 400 401 OnlineUser onlineUser = onlineUserManager.getOnlineUser(request); 402 MVNForumPermission permission = onlineUser.getPermission(); 403 permission.ensureIsAuthenticated(); 404 405 int memberID = onlineUser.getMemberID(); 406 MemberBean memberBean = DAOFactory.getMemberDAO().getMember_forViewCurrentMember(memberID); 407 request.setAttribute("MemberEmail", memberBean.getMemberEmail()); 408 } 409 410 public void processUpdateEmail(GenericRequest request) 411 throws BadInputException, ObjectNotFoundException, DatabaseException, InterceptorException, 412 DuplicateKeyException, AuthenticationException, AssertionException, MessagingException ,IOException, TemplateException { 413 414 OnlineUser onlineUser = onlineUserManager.getOnlineUser(request); 415 MVNForumPermission permission = onlineUser.getPermission(); 416 permission.ensureIsAuthenticated(); 417 Locale locale = I18nUtil.getLocaleInRequest(request); 418 419 int memberID = onlineUser.getMemberID(); 420 421 String memberEmail = GenericParamUtil.getParameterEmail(request, "MemberEmail"); 423 String memberEmailConfirm = GenericParamUtil.getParameterEmail(request, "MemberEmailConfirm"); 424 if (memberEmail.length() > MVNForumGlobal.MAX_MEMBER_EMAIL_LENGTH) { 425 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.BadInputException.member_email_too_long"); 426 throw new BadInputException(localizedMessage); 427 } 429 InterceptorService.getInstance().validateMail(memberEmail); 430 431 MyUtil.ensureCorrectCurrentPassword(request); 433 434 if (!memberEmail.equals(memberEmailConfirm)) { 435 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.BadInputException.confirmed_email_is_not_match"); 436 throw new BadInputException(localizedMessage); 437 } 439 440 DAOFactory.getMemberDAO().updateActivateCode(memberID, ""); 442 443 DAOFactory.getMemberDAO().updateEmail(memberID, memberEmail); 444 445 onlineUser.reloadPermission(); 447 448 if (MVNForumConfig.getRequireActivation()) { 450 String serverName = ParamUtil.getServerPath(); SendMailUtil.sendActivationCodeEmail(memberID, serverName); 452 } 453 } 454 455 public void processUpdatePassword(GenericRequest request) 456 throws BadInputException, ObjectNotFoundException, DatabaseException, 457 AuthenticationException, AssertionException { 458 459 OnlineUser onlineUser = onlineUserManager.getOnlineUser(request); 460 MVNForumPermission permission = onlineUser.getPermission(); 461 permission.ensureIsAuthenticated(); 462 463 int memberID = onlineUser.getMemberID(); 464 Locale locale = I18nUtil.getLocaleInRequest(request); 465 466 MyUtil.ensureCorrectCurrentPassword(request); 468 478 479 String memberPassword1 = GenericParamUtil.getParameterPassword(request, "MemberMatkhau", 3, 0); 481 String memberPassword2 = GenericParamUtil.getParameterPassword(request, "MemberMatkhauConfirm", 3, 0); 482 if (!memberPassword1.equals(memberPassword2)) { 483 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.BadInputException.confirmed_password_is_not_match"); 484 throw new BadInputException(localizedMessage); 485 } 487 String memberPassword = Encoder.getMD5_Base64(memberPassword1); 488 489 String currentPassword = DAOFactory.getMemberDAO().getPassword(memberID); 490 if (currentPassword.equals(memberPassword)) { 491 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.BadInputException.old_password_and_new_password_cannot_equal"); 492 throw new BadInputException(localizedMessage); 493 } 495 496 DAOFactory.getMemberDAO().updatePassword(memberID, memberPassword); 498 } 499 500 public void prepareView_forCurrentMember(GenericRequest request) 501 throws DatabaseException, ObjectNotFoundException, AuthenticationException, AssertionException { 502 503 OnlineUser onlineUser = onlineUserManager.getOnlineUser(request); 504 MVNForumPermission permission = onlineUser.getPermission(); 505 permission.ensureIsAuthenticated(); 506 507 onlineUser.updateNewMessageCount(true); 509 510 int memberID = onlineUser.getMemberID(); 511 MemberBean memberBean = DAOFactory.getMemberDAO().getMember_forViewCurrentMember(memberID); 512 request.setAttribute("MemberBean", memberBean); 513 } 514 515 public void prepareEdit_forCurrentMember(GenericRequest request) 516 throws DatabaseException, ObjectNotFoundException, AuthenticationException, AssertionException { 517 518 OnlineUser onlineUser = onlineUserManager.getOnlineUser(request); 519 MVNForumPermission permission = onlineUser.getPermission(); 520 permission.ensureIsAuthenticated(); 521 522 int memberID = onlineUser.getMemberID(); 523 MemberBean memberBean = DAOFactory.getMemberDAO().getMember_forEditCurrentMember(memberID); 524 request.setAttribute("MemberBean", memberBean); 525 } 526 527 530 public void prepareEditSignature(GenericRequest request) 531 throws DatabaseException, ObjectNotFoundException, AuthenticationException, AssertionException { 532 533 OnlineUser onlineUser = onlineUserManager.getOnlineUser(request); 534 MVNForumPermission permission = onlineUser.getPermission(); 535 permission.ensureIsAuthenticated(); 536 537 boolean isPreviewing = GenericParamUtil.getParameterBoolean(request, "preview"); 538 if (isPreviewing) { 539 String signature = GenericParamUtil.getParameter(request, "MemberSignature"); 540 if (signature.length() > 250) { 541 signature = signature.substring(0, 250); } 543 request.setAttribute("MemberSignature", signature); 544 } else { 545 int memberID = onlineUser.getMemberID(); 546 MemberBean memberBean = DAOFactory.getMemberDAO().getMember_forViewCurrentMember(memberID); 547 request.setAttribute("MemberSignature", memberBean.getMemberSignature()); 548 } 549 } 550 551 public void processUpdateSignature(GenericRequest request, GenericResponse response) 552 throws ObjectNotFoundException, DatabaseException, AuthenticationException, AssertionException { 553 554 OnlineUser onlineUser = onlineUserManager.getOnlineUser(request); 555 MVNForumPermission permission = onlineUser.getPermission(); 556 permission.ensureIsAuthenticated(); 557 558 MyUtil.saveVNTyperMode(request, response); 559 560 int memberID = onlineUser.getMemberID(); 561 562 String memberSignature = GenericParamUtil.getParameter(request, "MemberSignature"); 564 memberSignature = DisableHtmlTagFilter.filter(memberSignature); 565 566 DAOFactory.getMemberDAO().updateSignature(memberID, memberSignature); 568 } 569 570 573 public void prepareEditAvatar(GenericRequest request) 574 throws DatabaseException, ObjectNotFoundException, AuthenticationException, AssertionException { 575 576 Locale locale = I18nUtil.getLocaleInRequest(request); 577 if (MVNForumConfig.getEnableAvatar() == false) { 578 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.AssertionException.avatar_is_disabled"); 579 throw new AssertionException(localizedMessage); 580 } 582 583 OnlineUser onlineUser = onlineUserManager.getOnlineUser(request); 584 MVNForumPermission permission = onlineUser.getPermission(); 585 permission.ensureIsAuthenticated(); 586 permission.ensureCanUseAvatar(); 587 588 int memberID = onlineUser.getMemberID(); 589 MemberBean memberBean = DAOFactory.getMemberDAO().getMember_forViewCurrentMember(memberID); 590 request.setAttribute("MemberBean", memberBean); 591 } 592 593 597 public void updateMemberAvatar(GenericRequest request) 598 throws ObjectNotFoundException, DatabaseException, AuthenticationException, AssertionException { 599 600 if (MVNForumConfig.getEnableAvatar() == false) { 601 throw new AssertionException("Cannot use avatar because AVATAR feature is disabled by administrator."); 602 } 603 604 OnlineUser onlineUser = onlineUserManager.getOnlineUser(request); 605 MVNForumPermission permission = onlineUser.getPermission(); 606 permission.ensureIsAuthenticated(); 607 permission.ensureCanUseAvatar(); 608 609 int memberID = onlineUser.getMemberID(); 610 611 622 BinaryStorage binaryStorage = ManagerFactory.getBinaryStorage(); 623 try { 624 binaryStorage.deleteData(BinaryStorage.CATEGORY_AVATAR, String.valueOf(memberID), null); 625 } catch (IOException e) { 626 log.error("Cannot delete avatar.", e); 627 } 628 629 String memberPicture = GenericParamUtil.getParameter(request, "MemberAvatar"); 631 DAOFactory.getMemberDAO().updateAvatar(memberID, memberPicture); 632 } 633 634 637 public void uploadAvatar(javax.servlet.ServletConfig config, GenericRequest request) 638 throws BadInputException, AuthenticationException, IOException, 639 AssertionException, ObjectNotFoundException, DatabaseException { 640 641 Locale locale = I18nUtil.getLocaleInRequest(request); 642 643 if (MVNForumConfig.getEnableAvatar() == false) { 644 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.AssertionException.avatar_is_disabled"); 645 throw new AssertionException(localizedMessage); 646 } 648 649 OnlineUser onlineUser = onlineUserManager.getOnlineUser(request); 650 MVNForumPermission permission = onlineUser.getPermission(); 651 permission.ensureIsAuthenticated(); 652 permission.ensureCanUseAvatar(); 653 654 int memberID = onlineUser.getMemberID(); 655 String memberName = onlineUser.getMemberName(); 656 657 int sizeMax = 60000; int sizeThreshold = 100000; 660 List fileItems; 661 try { 662 FileUploadParser uploadParser = FileUploadParserFactory.getFileUploadParser(); 663 fileItems = uploadParser.parseRequest(request, sizeMax, sizeThreshold, null, "UTF-8"); 664 } catch (FileUploadException ex) { 665 log.error("Cannot upload", ex); 666 String localizedMessage = MVNForumResourceBundle.getString(locale, "java.io.IOException.cannot_upload", new Object [] {ex.getMessage()}); 667 throw new IOException(localizedMessage); 668 } 670 671 int fileUploadCount = 0; 673 FileItem myFile = null; 674 for ( int i = 0 ; i < fileItems.size(); i++ ) { 675 myFile = (FileItem)fileItems.get(i); 676 if (!myFile.isFormField()) { 677 break; 678 } 681 682 if (fileUploadCount > 1) { 683 throw new AssertionException("Assertion: Cannot upload more than 1 file while processing upload avatar for Member."); 685 } 686 } 687 688 if (myFile == null || myFile.isFormField() == true) { 689 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.AssertionException.cannot_process_upload_avatar_with_form_field"); 690 throw new AssertionException(localizedMessage); 691 } 693 694 696 700 706 708 712 716 String binaryMimeType = myFile.getContentType(); 717 binaryMimeType = DisableHtmlTagFilter.filter(binaryMimeType); 718 int binaryFileSize = (int)myFile.getSize(); 719 String fullFilePath = myFile.getName(); 720 String binaryFilename = FileUtil.getFileName(fullFilePath); 721 binaryFilename = DisableHtmlTagFilter.filter(binaryFilename); 722 String binaryCreationIP = request.getRemoteAddr(); 723 724 BinaryStorage binaryStorage = ManagerFactory.getBinaryStorage(); 725 binaryStorage.storeData(BinaryStorage.CATEGORY_AVATAR, String.valueOf(memberID), binaryFilename, 726 myFile.getInputStream(), binaryFileSize, 0, 0, binaryMimeType, binaryCreationIP); 727 } 728 729 public void prepareForgotPassword(GenericRequest request) 730 throws AssertionException, DatabaseException, AuthenticationException { 731 732 OnlineUser onlineUser = onlineUserManager.getOnlineUser(request); 733 if (MVNForumConfig.getEnableCaptcha()) { 734 onlineUser.buildNewCaptcha(); 735 } 736 } 737 738 public void forgotPassword(GenericRequest request) 739 throws BadInputException, ObjectNotFoundException, DatabaseException, MessagingException , 740 AssertionException, AssertionException, DatabaseException, AuthenticationException, IOException,TemplateException { 741 742 OnlineUser onlineUser = onlineUserManager.getOnlineUser(request); 744 Locale locale = I18nUtil.getLocaleInRequest(request); 745 746 int memberID = 0; 747 String memberName = GenericParamUtil.getParameter(request, "MemberName"); 748 StringUtil.checkGoodName(memberName); 749 String memberEmail = GenericParamUtil.getParameter(request, "MemberEmail"); 750 if (memberEmail.length() > 0) { 751 memberEmail = GenericParamUtil.getParameterEmail(request, "MemberEmail"); 752 } 753 754 if (memberName.length() > 0) { try { 757 memberID = DAOFactory.getMemberDAO().getMemberIDFromMemberName(memberName); 758 } catch (ObjectNotFoundException e) { 759 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.ObjectNotFoundException.membername_not_exists", new Object [] {memberName}); 760 throw new ObjectNotFoundException(localizedMessage); 761 } 762 MemberBean bean = DAOFactory.getMemberDAO().getMember_forPublic(memberID); 763 memberEmail = bean.getMemberEmail(); 764 } else if (memberEmail.length() > 0) { memberID = DAOFactory.getMemberDAO().getMemberIDFromMemberEmail(memberEmail); 767 MemberBean bean = DAOFactory.getMemberDAO().getMember_forPublic(memberID); 768 memberName = bean.getMemberName(); 769 } else { String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.BadInputException.your_member_name_or_email_is_not_entered"); 771 throw new BadInputException(localizedMessage); 772 } 774 775 777 MemberBean memberBean = DAOFactory.getMemberDAO().getMember_forPublic(memberID); 779 if (!memberEmail.equalsIgnoreCase(memberBean.getMemberEmail())) { 780 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.AssertionException.serious_bug"); 781 throw new AssertionException(localizedMessage); 782 } 784 786 if (MVNForumConfig.getEnableCaptcha()) { 788 String captchaResponse = GenericParamUtil.getParameterSafe(request, "CaptchaResponse", false); 789 onlineUser.ensureCorrectCaptchaResponse(captchaResponse); 790 } 791 792 String currentTempPassword = DAOFactory.getMemberDAO().getTempPassword(memberID); 793 794 if (currentTempPassword.length() < 5) { 798 currentTempPassword = RandomGenerator.getRandomMD5_Base64(); 800 DAOFactory.getMemberDAO().updateTempPassword(memberID, currentTempPassword); 801 } 802 803 String urlEncodedTempPassword = Encoder.encodeURL(currentTempPassword); 805 806 String serverName = ParamUtil.getServerPath(); 809 StringBuffer passwordResetUrl = new StringBuffer (256); 810 passwordResetUrl.append(serverName); 811 passwordResetUrl.append(ParamUtil.getContextPath()); 812 passwordResetUrl.append(UserModuleConfig.getUrlPattern()); 813 passwordResetUrl.append("/resetpassword?temppassword="); 814 passwordResetUrl.append(urlEncodedTempPassword); 815 passwordResetUrl.append("&member="); 816 passwordResetUrl.append(memberName); 817 818 Configuration cfg = MVNForumConfig.getFreeMarkerConfiguration(); 820 821 Map root = new HashMap(); 823 root.put("serverName", serverName); 824 root.put("MVNForumInfo", MVNForumInfo.getProductDesc()); 825 root.put("passwordResetUrl", passwordResetUrl.toString()); 826 root.put("memberName", memberName); 827 root.put("currentTempPassword", currentTempPassword); 828 829 StringWriter subjectWriter = new StringWriter(256); 830 Template subjectTemplate = cfg.getTemplate(MVNForumGlobal.TEMPLATE_FORGOTPASSWORD_SUBJECT, "UTF-8"); 831 subjectTemplate.process(root, subjectWriter); 832 String subject = subjectWriter.toString(); 833 834 StringWriter bodyWriter = new StringWriter(1024); 835 Template bodyTemplate = cfg.getTemplate(MVNForumGlobal.TEMPLATE_FORGOTPASSWORD_BODY, "UTF-8"); 836 bodyTemplate.process(root, bodyWriter); 837 String body = bodyWriter.toString(); 838 839 log.debug("subject = " + subject); 840 log.debug("body = " + body); 841 try { 842 MailUtil.sendMail(MVNForumConfig.getWebMasterEmail() , 843 memberEmail , "" , "" , subject, body); 844 } catch (UnsupportedEncodingException e) { 845 log.error("Cannot support encoding", e); 846 } 847 848 if (MVNForumConfig.getEnableCaptcha()) { 850 onlineUser.destroyCurrentCaptcha(); 851 } 852 } 853 854 public void resetPassword(GenericRequest request) 855 throws BadInputException, ObjectNotFoundException, DatabaseException { 856 857 Locale locale = I18nUtil.getLocaleInRequest(request); 858 859 String memberName = GenericParamUtil.getParameter(request, "member", true); 860 StringUtil.checkGoodName(memberName); 861 String memberTempPassword = GenericParamUtil.getParameter(request, "temppassword", true); 864 865 int memberID = 0; 866 try { 867 memberID = DAOFactory.getMemberDAO().getMemberIDFromMemberName(memberName); 868 } catch (ObjectNotFoundException e) { 869 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.ObjectNotFoundException.membername_not_exists", new Object [] {memberName}); 870 throw new ObjectNotFoundException(localizedMessage); 871 } 872 873 String currentTempPassword = DAOFactory.getMemberDAO().getTempPassword(memberID); 874 if (memberTempPassword.equals(currentTempPassword) == false) { 875 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.BadInputException.wrong_temporary_password"); 876 throw new BadInputException(localizedMessage); 877 } 879 880 String memberPassword1 = GenericParamUtil.getParameterPassword(request, "MemberMatkhau", 3, 0); 881 String memberPassword2 = GenericParamUtil.getParameterPassword(request, "MemberMatkhauConfirm", 3, 0); 882 if (!memberPassword1.equals(memberPassword2)) { 883 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.BadInputException.confirmed_password_is_not_match"); 884 throw new BadInputException(localizedMessage); 885 } 887 String memberPassword = Encoder.getMD5_Base64(memberPassword1); 888 889 DAOFactory.getMemberDAO().updatePassword(memberID, memberPassword); 890 DAOFactory.getMemberDAO().updateTempPassword(memberID, ""); } 892 893 public void sendActivateCode(GenericRequest request) 894 throws BadInputException, ObjectNotFoundException, DatabaseException, 895 MessagingException , IOException, TemplateException { 896 897 Locale locale = I18nUtil.getLocaleInRequest(request); 898 int memberID = 0; 899 String memberName = GenericParamUtil.getParameter(request, "MemberName", true); 900 StringUtil.checkGoodName(memberName); 901 String memberEmail = GenericParamUtil.getParameterEmail(request, "MemberEmail"); 902 903 try { 905 memberID = DAOFactory.getMemberDAO().getMemberIDFromMemberName(memberName); 906 } catch (ObjectNotFoundException e) { 907 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.ObjectNotFoundException.membername_not_exists", new Object [] {memberName}); 908 throw new ObjectNotFoundException(localizedMessage); 909 } 910 911 MemberBean memberBean = DAOFactory.getMemberDAO().getMember_forPublic(memberID); 913 if (!memberEmail.equalsIgnoreCase(memberBean.getMemberEmail())) { 914 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.BadInputException.provided_email_not_equals_member_email"); 915 throw new BadInputException(localizedMessage); 916 } 918 919 String serverName = ParamUtil.getServerPath(); SendMailUtil.sendActivationCodeEmail(memberID, serverName); 922 } 923 924 public void activateMember(GenericRequest request) 925 throws BadInputException, ObjectNotFoundException, DatabaseException, 926 AuthenticationException, AssertionException { 927 928 String memberName = GenericParamUtil.getParameter(request, "member", true); 929 StringUtil.checkGoodName(memberName); 930 Locale locale = I18nUtil.getLocaleInRequest(request); 931 932 String memberActivateCode = GenericParamUtil.getParameter(request, "activatecode", true); 935 if (memberActivateCode.equals(MemberBean.MEMBER_ACTIVATECODE_ACTIVATED)) { 936 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.BadInputException.cannot_activate.invalid_activation_code"); 937 throw new BadInputException(localizedMessage); 938 } 940 int memberID = 0; 941 try { 942 memberID = DAOFactory.getMemberDAO().getMemberIDFromMemberName(memberName); 943 } catch (ObjectNotFoundException e) { 944 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.ObjectNotFoundException.membername_not_exists", new Object [] {memberName}); 945 throw new ObjectNotFoundException(localizedMessage); 946 } 947 948 if (DAOFactory.getMemberDAO().getActivateCode(memberID).equals(MemberBean.MEMBER_ACTIVATECODE_ACTIVATED)) { 951 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.BadInputException.cannot_activate.is_activated_member"); 952 throw new BadInputException(localizedMessage); 953 } 955 956 String currentActivateCode = DAOFactory.getMemberDAO().getActivateCode(memberID); 957 if (memberActivateCode.equals(currentActivateCode) == false) { 958 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.BadInputException.cannot_activate.wrong_activation_code"); 959 throw new BadInputException(localizedMessage); 960 } 962 963 DAOFactory.getMemberDAO().updateActivateCode(memberID, MemberBean.MEMBER_ACTIVATECODE_ACTIVATED); 965 OnlineUser onlineUser = onlineUserManager.getOnlineUser(request); 967 if (memberID == onlineUser.getMemberID()) { 968 onlineUser.reloadPermission(); 969 } 970 } 971 972 975 public void prepareView_forPublic(GenericRequest request) 976 throws BadInputException, ObjectNotFoundException, DatabaseException { 977 978 String memberName = GenericParamUtil.getParameter(request, "member", false); 979 Locale locale = I18nUtil.getLocaleInRequest(request); 980 int memberID = -1; 982 if (memberName.length() == 0) { 983 memberID = GenericParamUtil.getParameterInt(request, "memberid"); 984 } else { 987 StringUtil.checkGoodName(memberName); try { 989 memberID = DAOFactory.getMemberDAO().getMemberIDFromMemberName(memberName); 990 } catch (ObjectNotFoundException e) { 991 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.ObjectNotFoundException.membername_not_exists", new Object [] {memberName}); 992 throw new ObjectNotFoundException(localizedMessage); 993 } 994 } 995 996 try { 997 DAOFactory.getMemberDAO().increaseViewCount(memberID); 998 } catch (ObjectNotFoundException e) { 999 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.ObjectNotFoundException.memberid_not_exists", new Object [] {new Integer (memberID)}); 1000 throw new ObjectNotFoundException(localizedMessage); 1001 } 1002 1003 MemberBean memberBean = DAOFactory.getMemberDAO().getMember_forPublic(memberID); 1004 1005 request.setAttribute("MemberBean", memberBean); 1006 } 1007 1008 1011 public void prepareListMembers_forPublic(GenericRequest request) 1012 throws DatabaseException, AssertionException, BadInputException, AuthenticationException { 1013 1014 Locale locale = I18nUtil.getLocaleInRequest(request); 1015 if (MVNForumConfig.getEnableListMembers() == false) { 1016 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.AssertionException.list_members_is_disabled"); 1017 throw new AssertionException(localizedMessage); 1018 } 1020 1021 OnlineUser onlineUser = onlineUserManager.getOnlineUser(request); 1022 1025 String sort = GenericParamUtil.getParameter(request, "sort"); 1027 String order = GenericParamUtil.getParameter(request, "order"); 1028 if (sort.length() == 0) sort = "MemberCreationDate"; 1029 if (order.length()== 0) order = "DESC"; 1030 1031 int postsPerPage = onlineUser.getPostsPerPage(); 1033 int offset = 0; 1034 try { 1035 offset = GenericParamUtil.getParameterInt(request, "offset"); 1036 } catch (BadInputException e) { 1037 } 1039 1040 int totalMembers = DAOFactory.getMemberDAO().getNumberOfMembers(); 1041 if (offset > totalMembers) { 1042 String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.BadInputException.offset_greater_than_total_rows"); 1043 throw new BadInputException(localizedMessage); 1044 } 1046 1047 Collection memberBeans = DAOFactory.getMemberDAO().getMembers_withSortSupport_limit(offset, postsPerPage, sort, order); 1048 1049 request.setAttribute("MemberBeans", memberBeans); 1050 request.setAttribute("TotalMembers", new Integer (totalMembers)); 1051 } 1052 1053 public void getAvatar(HttpServletRequest request, HttpServletResponse response) 1055 throws BadInputException, DatabaseException, IOException { 1056 1057 if (MVNForumConfig.getEnableAvatar() == false) { 1058 response.sendError(HttpServletResponse.SC_FORBIDDEN); 1059 return; 1060 } 1061 1062 int memberID = ParamUtil.getParameterInt(request, "memberid"); 1063 1064 MemberBean member = null; 1065 try { 1066 member = DAOFactory.getMemberDAO().getMember_forPublic(memberID); 1067 } catch (ObjectNotFoundException e) { 1068 response.sendError(HttpServletResponse.SC_BAD_REQUEST); 1069 return; 1070 } 1071 1072 String memberAvatar = member.getMemberAvatar(); 1073 if (memberAvatar.equals(MemberBean.MEMBER_AVATAR_USING_UPLOAD) || 1074 memberAvatar.startsWith(BinaryStorage.BINARY_STORAGE)|| 1075 memberAvatar.startsWith(MVNForumGlobal.UPLOADED_AVATAR_DIR)) { 1076 memberAvatar = member.getMemberName() + ".jpg"; 1077 } else { 1078 response.sendError(HttpServletResponse.SC_BAD_REQUEST); 1079 return; 1080 } 1081 String imageMimeType = "image/jpeg"; 1082 1083 File avatarFile = new File(MVNForumConfig.getAvatarDir() + File.separator + memberAvatar); 1084 if (!avatarFile.exists()) { 1085 response.sendError(HttpServletResponse.SC_NOT_FOUND); 1086 return; 1087 } 1088 if (!avatarFile.isFile()) { 1089 response.sendError(HttpServletResponse.SC_NO_CONTENT); 1090 return; 1091 } 1092 1093 long lastModified = avatarFile.lastModified(); 1094 long ifModifiedSince = request.getDateHeader("If-Modified-Since"); 1095 if (ifModifiedSince != -1) { 1097 if ((lastModified <= ifModifiedSince )) { 1099 response.setStatus(HttpServletResponse.SC_NOT_MODIFIED); 1102 return; 1103 } 1104 } 1105 1106 OutputStream outputStream = null; 1107 try { 1108 String httpModified = DateUtil.getHTTPHeaderTime(new Date (lastModified)); 1109 response.setContentType(imageMimeType); 1110 response.setHeader("Location", memberAvatar); 1111 response.setHeader("Last-Modified", httpModified); 1112 1115 try { 1117 outputStream = response.getOutputStream(); 1118 BinaryStorage binaryStorage = ManagerFactory.getBinaryStorage(); 1120 InputStream inputStream = binaryStorage.getInputStream(BinaryStorage.CATEGORY_AVATAR, String.valueOf(memberID), null); 1121 IOUtils.copy(inputStream, outputStream); 1122 } catch (IOException ex) { 1123 log.error("Error while trying to send avatar from server", ex); 1125 } 1126 1127 outputStream.flush(); 1128 outputStream.close(); 1129 outputStream = null; } catch (IOException ex) { 1131 throw ex; 1132 } finally { 1133 if (outputStream != null) { 1134 try { 1135 outputStream.close(); 1136 } catch (IOException ex) { } 1137 } 1138 } 1139 } 1140} 1141 | Popular Tags |