1 43 package net.jforum.view.forum; 44 45 import java.util.Date ; 46 import java.util.HashMap ; 47 import java.util.Iterator ; 48 import java.util.List ; 49 50 import net.jforum.ActionServletRequest; 51 import net.jforum.Command; 52 import net.jforum.ControllerUtils; 53 import net.jforum.JForumExecutionContext; 54 import net.jforum.SessionFacade; 55 import net.jforum.dao.DataAccessDriver; 56 import net.jforum.dao.UserDAO; 57 import net.jforum.dao.UserSessionDAO; 58 import net.jforum.entities.Bookmark; 59 import net.jforum.entities.User; 60 import net.jforum.entities.UserSession; 61 import net.jforum.repository.ForumRepository; 62 import net.jforum.repository.RankingRepository; 63 import net.jforum.repository.SecurityRepository; 64 import net.jforum.security.SecurityConstants; 65 import net.jforum.util.I18n; 66 import net.jforum.util.MD5; 67 import net.jforum.util.concurrent.executor.QueuedExecutor; 68 import net.jforum.util.mail.ActivationKeySpammer; 69 import net.jforum.util.mail.EmailException; 70 import net.jforum.util.mail.EmailSenderTask; 71 import net.jforum.util.mail.LostPasswordSpammer; 72 import net.jforum.util.preferences.ConfigKeys; 73 import net.jforum.util.preferences.SystemGlobals; 74 import net.jforum.util.preferences.TemplateKeys; 75 import net.jforum.view.forum.common.UserCommon; 76 import net.jforum.view.forum.common.ViewCommon; 77 78 import org.apache.log4j.Logger; 79 80 84 public class UserAction extends Command 85 { 86 private static final Logger logger = Logger.getLogger(UserAction.class); 87 88 private boolean canEdit() throws Exception 89 { 90 int tmpId = SessionFacade.getUserSession().getUserId(); 91 boolean canEdit = SessionFacade.isLogged() && tmpId == this.request.getIntParameter("user_id"); 92 93 if (!canEdit) { 94 this.profile(); 95 } 96 97 return canEdit; 98 } 99 100 public void edit() throws Exception 101 { 102 if (this.canEdit()) { 103 int userId = this.request.getIntParameter("user_id"); 104 UserDAO um = DataAccessDriver.getInstance().newUserDAO(); 105 User u = um.selectById(userId); 106 107 this.context.put("u", u); 108 this.context.put("action", "editSave"); 109 this.context.put("pageTitle", I18n.getMessage("UserProfile.profileFor")+" "+u.getUsername()); 110 this.setTemplateName(TemplateKeys.USER_EDIT); 111 } 112 } 113 114 public void editDone() throws Exception 115 { 116 this.context.put("editDone", true); 117 this.edit(); 118 } 119 120 public void editSave() throws Exception 121 { 122 if (this.canEdit()) { 123 int userId = this.request.getIntParameter("user_id"); 124 List warns = UserCommon.saveUser(userId); 125 126 if (warns.size() > 0) { 127 this.context.put("warns", warns); 128 this.edit(); 129 } 130 else { 131 JForumExecutionContext.setRedirect(this.request.getContextPath() 132 + "/user/editDone/" + userId 133 + SystemGlobals.getValue(ConfigKeys.SERVLET_EXTENSION)); 134 } 135 } 136 } 137 138 private void registrationDisabled() 139 { 140 this.setTemplateName(TemplateKeys.USER_REGISTRATION_DISABLED); 141 this.context.put("message", I18n.getMessage("User.registrationDisabled")); 142 } 143 144 public void insert() 145 { 146 int userId = SessionFacade.getUserSession().getUserId(); 147 148 if ((!SystemGlobals.getBoolValue(ConfigKeys.REGISTRATION_ENABLED) 149 && !SecurityRepository.get(userId).canAccess(SecurityConstants.PERM_ADMINISTRATION)) 150 || ConfigKeys.TYPE_SSO.equals(SystemGlobals.getValue(ConfigKeys.AUTHENTICATION_TYPE))) { 151 this.registrationDisabled(); 152 return; 153 } 154 155 this.setTemplateName(TemplateKeys.USER_INSERT); 156 this.context.put("action", "insertSave"); 157 this.context.put("username", this.request.getParameter("username")); 158 this.context.put("email", this.request.getParameter("email")); 159 this.context.put("pageTitle", I18n.getMessage("ForumBase.register")); 160 161 162 if (SystemGlobals.getBoolValue(ConfigKeys.CAPTCHA_REGISTRATION)){ 163 SessionFacade.getUserSession().createNewCaptcha(); 165 this.context.put("captcha_reg", true); 166 } 167 } 168 169 public void insertSave() throws Exception 170 { 171 int userId = SessionFacade.getUserSession().getUserId(); 172 173 if ((!SystemGlobals.getBoolValue(ConfigKeys.REGISTRATION_ENABLED) 174 && !SecurityRepository.get(userId).canAccess(SecurityConstants.PERM_ADMINISTRATION)) 175 || ConfigKeys.TYPE_SSO.equals(SystemGlobals.getValue(ConfigKeys.AUTHENTICATION_TYPE))) { 176 this.registrationDisabled(); 177 return; 178 } 179 180 User u = new User(); 181 UserDAO um = DataAccessDriver.getInstance().newUserDAO(); 182 183 String username = this.request.getParameter("username"); 184 String password = this.request.getParameter("password"); 185 String captchaResponse = this.request.getParameter("captchaResponse"); 186 187 boolean error = false; 188 if (username == null || username.trim().equals("") 189 || password == null || password.trim().equals("")) { 190 this.context.put("error", I18n.getMessage("UsernamePasswordCannotBeNull")); 191 error = true; 192 } 193 194 if (username != null) { 195 username = username.trim(); 196 } 197 198 if (!error && username.length() > SystemGlobals.getIntValue(ConfigKeys.USERNAME_MAX_LENGTH)) { 199 this.context.put("error", I18n.getMessage("User.usernameTooBig")); 200 error = true; 201 } 202 203 if (!error && username.indexOf('<') > -1 || username.indexOf('>') > -1) { 204 this.context.put("error", I18n.getMessage("User.usernameInvalidChars")); 205 error = true; 206 } 207 208 if (!error && um.isUsernameRegistered(this.request.getParameter("username"))) { 209 this.context.put("error", I18n.getMessage("UsernameExists")); 210 error = true; 211 } 212 213 if (!error && !SessionFacade.getUserSession().validateCaptchaResponse(captchaResponse)){ 214 this.context.put("error", I18n.getMessage("CaptchaResponseFails")); 215 error = true; 216 } 217 218 if (error) { 219 this.insert(); 220 221 return; 222 } 223 224 u.setUsername(username); 225 u.setPassword(MD5.crypt(password)); 226 u.setEmail(this.request.getParameter("email")); 227 228 if (SystemGlobals.getBoolValue(ConfigKeys.MAIL_USER_EMAIL_AUTH)) { 229 u.setActivationKey(MD5.crypt(username + System.currentTimeMillis())); 230 } 231 232 int newUserId = um.addNew(u); 233 234 if (SystemGlobals.getBoolValue(ConfigKeys.MAIL_USER_EMAIL_AUTH)) { 235 try { 236 QueuedExecutor.getInstance().execute( 238 new EmailSenderTask(new ActivationKeySpammer(u))); 239 } 240 catch (Exception e) { 241 logger.warn("Error while trying to send an email: " + e); 242 e.printStackTrace(); 243 } 244 245 this.setTemplateName(TemplateKeys.USER_INSERT_ACTIVATE_MAIL); 246 this.context.put("message", I18n.getMessage("User.GoActivateAccountMessage")); 247 } 248 else if(SecurityRepository.get(userId).canAccess(SecurityConstants.PERM_ADMINISTRATION)) { 249 JForumExecutionContext.setRedirect(this.request.getContextPath() 250 + "/adminUsers/list" 251 + SystemGlobals.getValue(ConfigKeys.SERVLET_EXTENSION)); 252 } 253 else { 254 this.logNewRegisteredUserIn(newUserId, u); 255 } 256 } 257 258 public void activateAccount() throws Exception 259 { 260 String hash = this.request.getParameter("hash"); 261 int userId = (new Integer (this.request.getParameter("user_id"))).intValue(); 262 263 String message = ""; 264 265 UserDAO um = DataAccessDriver.getInstance().newUserDAO(); 266 User u = um.selectById(userId); 267 268 boolean isOk = um.validateActivationKeyHash(userId, hash); 269 if (isOk) { 270 um.writeUserActive(userId); 272 this.logNewRegisteredUserIn(userId, u); 273 } 274 else { 275 message = I18n.getMessage("User.invalidActivationKey"); 276 this.setTemplateName(TemplateKeys.USER_INVALID_ACTIVATION); 277 this.context.put("message", message); 278 } 279 280 } 281 282 private void logNewRegisteredUserIn(int userId, User u) 283 { 284 SessionFacade.setAttribute("logged", "1"); 285 286 UserSession userSession = new UserSession(); 287 userSession.setAutoLogin(true); 288 userSession.setUserId(userId); 289 userSession.setUsername(u.getUsername()); 290 userSession.setLastVisit(new Date (System.currentTimeMillis())); 291 userSession.setStartTime(new Date (System.currentTimeMillis())); 292 293 SessionFacade.add(userSession); 294 295 JForumExecutionContext.setRedirect(this.request.getContextPath() 297 + "/user/registrationComplete" 298 + SystemGlobals.getValue(ConfigKeys.SERVLET_EXTENSION)); 299 } 300 301 public void registrationComplete() throws Exception 302 { 303 int userId = SessionFacade.getUserSession().getUserId(); 304 305 ForumRepository.setLastRegisteredUser( 306 DataAccessDriver.getInstance().newUserDAO().selectById(userId)); 307 ForumRepository.incrementTotalUsers(); 308 309 String profilePage = JForumExecutionContext.getRequest().getJForumContext().encodeURL("/user/edit/" + userId); 310 String homePage = JForumExecutionContext.getRequest().getJForumContext().encodeURL("/forums/list"); 311 312 String message = I18n.getMessage("User.RegistrationCompleteMessage", 313 new Object [] { profilePage, homePage }); 314 this.context.put("message", message); 315 this.setTemplateName(TemplateKeys.USER_REGISTRATION_COMPLETE); 316 } 317 318 public void validateLogin() throws Exception 319 { 320 String password; 321 String username; 322 323 if (parseBasicAuthentication()) { 324 username = (String ) this.request.getAttribute("username"); 325 password = (String ) this.request.getAttribute("password"); 326 } 327 else { 328 username = this.request.getParameter("username"); 329 password = this.request.getParameter("password"); 330 } 331 332 boolean validInfo = false; 333 if (password.length() > 0) { 334 User user = this.validateLogin(username, password); 335 336 if (user != null) { 337 if (JForumExecutionContext.getRedirectTo() == null) { 340 JForumExecutionContext.setRedirect(this.request.getContextPath() 341 + "/forums/list" 342 + SystemGlobals.getValue(ConfigKeys.SERVLET_EXTENSION)); 343 } 344 345 SessionFacade.setAttribute("logged", "1"); 346 347 UserSession tmpUs = null; 348 String sessionId = SessionFacade.isUserInSession(user.getId()); 349 350 UserSession userSession = new UserSession(SessionFacade.getUserSession()); 351 352 SessionFacade.remove(userSession.getSessionId()); 354 355 userSession.dataToUser(user); 356 357 UserSession currentUs = SessionFacade.getUserSession(sessionId); 358 359 if (sessionId != null && currentUs != null) { 362 SessionFacade.storeSessionData(sessionId, JForumExecutionContext.getConnection()); 364 tmpUs = new UserSession(currentUs); 365 SessionFacade.remove(sessionId); 366 } 367 else { 368 UserSessionDAO sm = DataAccessDriver.getInstance().newUserSessionDAO(); 369 tmpUs = sm.selectById(userSession, JForumExecutionContext.getConnection()); 370 } 371 372 I18n.load(user.getLang()); 373 374 if (this.request.getParameter("autologin") != null 376 && SystemGlobals.getBoolValue(ConfigKeys.AUTO_LOGIN_ENABLED)) { 377 userSession.setAutoLogin(true); 378 ControllerUtils.addCookie(SystemGlobals.getValue(ConfigKeys.COOKIE_AUTO_LOGIN), "1"); 379 ControllerUtils.addCookie(SystemGlobals.getValue(ConfigKeys.COOKIE_USER_HASH), 380 MD5.crypt(SystemGlobals.getValue(ConfigKeys.USER_HASH_SEQUENCE) + user.getId())); 381 } 382 else { 383 ControllerUtils.addCookie(SystemGlobals.getValue(ConfigKeys.COOKIE_USER_HASH), null); 385 ControllerUtils.addCookie(SystemGlobals.getValue(ConfigKeys.COOKIE_AUTO_LOGIN), null); 386 } 387 388 if (tmpUs == null) { 389 userSession.setLastVisit(new Date (System.currentTimeMillis())); 390 } 391 else { 392 userSession.setLastVisit(new Date (tmpUs.getStartTime().getTime() + tmpUs.getSessionTime())); 394 } 395 396 SessionFacade.add(userSession); 397 398 SessionFacade.setAttribute(ConfigKeys.TOPICS_TRACKING, new HashMap ()); 399 400 ControllerUtils.addCookie(SystemGlobals.getValue(ConfigKeys.COOKIE_NAME_DATA), 401 Integer.toString(user.getId())); 402 403 SecurityRepository.load(user.getId(), true); 404 validInfo = true; 405 } 406 } 407 408 if (validInfo == false) { 410 this.context.put("invalidLogin", "1"); 411 this.setTemplateName(TemplateKeys.USER_VALIDATE_LOGIN); 412 413 if (this.request.getParameter("returnPath") != null) { 414 this.context.put("returnPath", 415 this.request.getParameter("returnPath")); 416 } 417 } 418 else if (ViewCommon.needReprocessRequest()) { 419 ViewCommon.reprocessRequest(); 420 } 421 else if (this.request.getParameter("returnPath") != null) { 422 JForumExecutionContext.setRedirect(this.request.getParameter("returnPath")); 423 } 424 } 425 426 public void validateLogin(ActionServletRequest request) throws Exception { 427 this.request = request; 428 validateLogin(); 429 } 430 431 public static boolean hasBasicAuthentication(ActionServletRequest request) { 432 String auth = request.getHeader("Authorization"); 433 return (auth != null && auth.startsWith("Basic ")); 434 } 435 436 private boolean parseBasicAuthentication() throws Exception { 437 if (hasBasicAuthentication(request)) { 438 String auth = request.getHeader("Authorization"); 439 String decoded = new String (new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(6))); 440 int p = decoded.indexOf(':'); 441 if (p != -1) { 442 request.setAttribute("username", decoded.substring(0, p)); 443 request.setAttribute("password", decoded.substring(p + 1)); 444 return true; 445 } 446 } 447 return false; 448 } 449 450 private User validateLogin(String name, String password) throws Exception 451 { 452 UserDAO um = DataAccessDriver.getInstance().newUserDAO(); 453 User user = um.validateLogin(name, password); 454 return user; 455 } 456 457 public void profile() throws Exception 458 { 459 DataAccessDriver da = DataAccessDriver.getInstance(); 460 UserDAO udao = da.newUserDAO(); 461 462 User u = udao.selectById(this.request.getIntParameter("user_id")); 463 464 if (u.getId() == 0) { 465 this.userNotFound(); 466 } 467 else { 468 this.setTemplateName(TemplateKeys.USER_PROFILE); 469 this.context.put("karmaEnabled", SecurityRepository.canAccess(SecurityConstants.PERM_KARMA_ENABLED)); 470 this.context.put("rank", new RankingRepository()); 471 this.context.put("u", u); 472 473 int loggedId = SessionFacade.getUserSession().getUserId(); 474 int count = 0; 475 476 List bookmarks = da.newBookmarkDAO().selectByUser(u.getId()); 477 for (Iterator iter = bookmarks.iterator(); iter.hasNext(); ) { 478 Bookmark b = (Bookmark)iter.next(); 479 480 if (b.isPublicVisible() || loggedId == u.getId()) { 481 count++; 482 } 483 } 484 485 this.context.put("pageTitle", I18n.getMessage("UserProfile.allAbout")+" "+u.getUsername()); 486 this.context.put("nbookmarks", new Integer (count)); 487 this.context.put("ntopics", new Integer (da.newTopicDAO().countUserTopics(u.getId()))); 488 } 489 } 490 491 private void userNotFound() 492 { 493 this.context.put("message", I18n.getMessage("User.notFound")); 494 this.setTemplateName(TemplateKeys.USER_NOT_FOUND); 495 } 496 497 public void logout() throws Exception 498 { 499 JForumExecutionContext.setRedirect(this.request.getContextPath() 500 + "/forums/list" 501 + SystemGlobals.getValue(ConfigKeys.SERVLET_EXTENSION)); 502 503 UserSession userSession = SessionFacade.getUserSession(); 504 SessionFacade.storeSessionData(userSession.getSessionId(), JForumExecutionContext.getConnection()); 505 506 SessionFacade.remove(userSession.getSessionId()); 507 508 userSession.setAutoLogin(false); 510 userSession.setUserId(SystemGlobals.getIntValue(ConfigKeys.ANONYMOUS_USER_ID)); 511 512 SessionFacade.setAttribute("logged", "0"); 513 SessionFacade.add(userSession); 514 515 ControllerUtils.addCookie(SystemGlobals.getValue(ConfigKeys.COOKIE_AUTO_LOGIN), null); 516 ControllerUtils.addCookie(SystemGlobals.getValue(ConfigKeys.COOKIE_NAME_DATA), 517 SystemGlobals.getValue(ConfigKeys.ANONYMOUS_USER_ID)); 518 } 519 520 public void login() throws Exception 521 { 522 if (ConfigKeys.TYPE_SSO.equals(SystemGlobals.getValue(ConfigKeys.AUTHENTICATION_TYPE))) { 523 this.registrationDisabled(); 524 return; 525 } 526 527 if (this.request.getParameter("returnPath") != null) { 528 this.context.put("returnPath", this.request.getParameter("returnPath")); 529 } 530 531 this.context.put("pageTitle", I18n.getMessage("ForumBase.login")); 532 this.setTemplateName(TemplateKeys.USER_LOGIN); 533 } 534 535 public void lostPassword() 537 { 538 this.setTemplateName(TemplateKeys.USER_LOSTPASSWORD); 539 this.context.put("pageTitle", I18n.getMessage("PasswordRecovery.title")); 540 } 541 542 public User prepareLostPassword(String username, String email) throws Exception 543 { 544 User user = null; 545 UserDAO um = DataAccessDriver.getInstance().newUserDAO(); 546 547 if (email != null && !email.trim().equals("")) { 548 username = um.getUsernameByEmail(email); 549 } 550 551 if (username != null && !username.trim().equals("")) { 552 List l = um.findByName(username, true); 553 if (l.size() > 0) { 554 user = (User)l.get(0); 555 } 556 } 557 558 if (user == null) { 559 return null; 560 } 561 562 String hash = MD5.crypt(user.getEmail() + System.currentTimeMillis()); 563 um.writeLostPasswordHash(user.getEmail(), hash); 564 565 user.setActivationKey(hash); 566 567 return user; 568 } 569 570 public void lostPasswordSend() throws Exception 572 { 573 String email = this.request.getParameter("email"); 574 String username = this.request.getParameter("username"); 575 576 User user = this.prepareLostPassword(username, email); 577 if (user == null) { 578 this.context.put("message", 580 I18n.getMessage("PasswordRecovery.invalidUserEmail")); 581 this.lostPassword(); 582 return; 583 } 584 585 try { 586 QueuedExecutor.getInstance().execute( 587 new EmailSenderTask(new LostPasswordSpammer(user, 588 SystemGlobals.getValue(ConfigKeys.MAIL_LOST_PASSWORD_SUBJECT)))); 589 } 590 catch (EmailException e) { 591 logger.warn("Error while sending email: " + e); 592 } 593 594 this.setTemplateName(TemplateKeys.USER_LOSTPASSWORD_SEND); 595 this.context.put("message", I18n.getMessage( 596 "PasswordRecovery.emailSent", 597 new String [] { 598 this.request.getContextPath() 599 + "/user/login" 600 + SystemGlobals.getValue(ConfigKeys.SERVLET_EXTENSION) 601 })); 602 } 603 604 public void recoverPassword() throws Exception 606 { 607 String hash = this.request.getParameter("hash"); 608 609 this.setTemplateName(TemplateKeys.USER_RECOVERPASSWORD); 610 this.context.put("recoverHash", hash); 611 } 612 613 public void recoverPasswordValidate() throws Exception 614 { 615 String hash = this.request.getParameter("recoverHash"); 616 String email = this.request.getParameter("email"); 617 618 String message = ""; 619 620 boolean isOk = DataAccessDriver.getInstance().newUserDAO().validateLostPasswordHash(email, hash); 621 if (isOk) { 622 String password = this.request.getParameter("newPassword"); 623 DataAccessDriver.getInstance().newUserDAO().saveNewPassword(MD5.crypt(password), email); 624 625 message = I18n.getMessage("PasswordRecovery.ok", 626 new String [] { this.request.getContextPath() 627 + "/user/login" 628 + SystemGlobals.getValue(ConfigKeys.SERVLET_EXTENSION) }); 629 } 630 else { 631 message = I18n.getMessage("PasswordRecovery.invalidData"); 632 } 633 634 this.setTemplateName(TemplateKeys.USER_RECOVERPASSWORD_VALIDATE); 635 this.context.put("message", message); 636 } 637 638 639 public void list() throws Exception 640 { 641 int start = this.preparePagination(DataAccessDriver.getInstance().newUserDAO().getTotalUsers()); 642 int usersPerPage = SystemGlobals.getIntValue(ConfigKeys.USERS_PER_PAGE); 643 644 List users = DataAccessDriver.getInstance().newUserDAO().selectAll(start ,usersPerPage); 645 this.context.put("users", users); 646 this.context.put("pageTitle", I18n.getMessage("ForumBase.usersList")); 647 this.setTemplateName(TemplateKeys.USER_LIST); 648 } 649 650 public void listGroup() throws Exception 651 { 652 int groupId = this.request.getIntParameter("group_id"); 653 654 int start = this.preparePagination(DataAccessDriver.getInstance().newUserDAO().getTotalUsersByGroup(groupId)); 655 int usersPerPage = SystemGlobals.getIntValue(ConfigKeys.USERS_PER_PAGE); 656 657 List users = DataAccessDriver.getInstance().newUserDAO().selectAllByGroup(groupId, start ,usersPerPage); 658 659 this.context.put("users", users); 660 this.setTemplateName(TemplateKeys.USER_LIST); 661 } 662 663 667 public void searchKarma() throws Exception 668 { 669 int start = this.preparePagination(DataAccessDriver.getInstance().newUserDAO().getTotalUsers()); 670 int usersPerPage = SystemGlobals.getIntValue(ConfigKeys.USERS_PER_PAGE); 671 672 List users = DataAccessDriver.getInstance().newUserDAO().selectAllWithKarma(start ,usersPerPage); 674 this.context.put("users", users); 675 this.setTemplateName(TemplateKeys.USER_SEARCH_KARMA); 676 } 677 678 679 private int preparePagination(int totalUsers) 680 { 681 int start = ViewCommon.getStartPage(); 682 int usersPerPage = SystemGlobals.getIntValue(ConfigKeys.USERS_PER_PAGE); 683 684 ViewCommon.contextToPagination(start, totalUsers, usersPerPage); 685 686 return start; 687 } 688 } 689 | Popular Tags |