/* * Juick * Copyright (C) 2008-2011, Ugnich Anton * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ package com.juick.server; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.util.Random; /** * * @author Ugnich Anton */ public class UserQueries { static final String ABCDEF = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; public static com.juick.User getUserByNick(Connection sql, String username) { com.juick.User user = null; PreparedStatement stmt = null; ResultSet rs = null; try { stmt = sql.prepareStatement("SELECT id,nick FROM users WHERE nick=?"); stmt.setString(1, username); rs = stmt.executeQuery(); if (rs.first()) { user = new com.juick.User(); user.UID = rs.getInt(1); user.UName = rs.getString(2); } } catch (SQLException e) { System.err.println(e); } finally { Utils.finishSQL(rs, stmt); } return user; } public static String getJIDbyUID(Connection sql, int UID) { String jid = null; PreparedStatement stmt = null; ResultSet rs = null; try { stmt = sql.prepareStatement("SELECT jid FROM jids WHERE user_id=? AND active=1"); stmt.setInt(1, UID); rs = stmt.executeQuery(); if (rs.first()) { jid = rs.getString(1); } } catch (SQLException e) { System.err.println(e); } finally { Utils.finishSQL(rs, stmt); } return jid; } public static int getUIDbyHash(Connection sql, String hash) { int UID = 0; PreparedStatement stmt = null; ResultSet rs = null; try { stmt = sql.prepareStatement("SELECT user_id FROM logins WHERE hash=?"); stmt.setString(1, hash); rs = stmt.executeQuery(); if (rs.first()) { UID = rs.getInt(1); } } catch (SQLException e) { System.err.println(e); } finally { Utils.finishSQL(rs, stmt); } return UID; } public static com.juick.User getUserByHash(Connection sql, String hash) { com.juick.User user = null; PreparedStatement stmt = null; ResultSet rs = null; try { stmt = sql.prepareStatement("SELECT logins.user_id,users.nick FROM logins INNER JOIN users ON logins.user_id=users.id WHERE logins.hash=?"); stmt.setString(1, hash); rs = stmt.executeQuery(); if (rs.first()) { user = new com.juick.User(); user.UID = rs.getInt(1); user.UName = rs.getString(2); } } catch (SQLException e) { System.err.println(e); } finally { Utils.finishSQL(rs, stmt); } return user; } public static String getHashByUID(Connection sql, int uid) { String hash = null; PreparedStatement stmt = null; ResultSet rs = null; try { stmt = sql.prepareStatement("SELECT logins.hash FROM logins WHERE user_id=?"); stmt.setInt(1, uid); rs = stmt.executeQuery(); if (rs.first()) { hash = rs.getString(2); } } catch (SQLException e) { System.err.println(e); } finally { Utils.finishSQL(rs, stmt); } if (hash == null) { hash = generateHash(16); try { stmt = sql.prepareStatement("INSERT INTO logins(user_id,hash) VALUES (?,?)"); stmt.setInt(1, uid); stmt.setString(2, hash); stmt.executeUpdate(); } catch (SQLException e) { System.err.println(e); } finally { Utils.finishSQL(null, stmt); } } return hash; } public static String generateHash(int len) { Random rnd = new Random(); StringBuilder sb = new StringBuilder(len); for (int i = 0; i < len; i++) { sb.append(ABCDEF.charAt(rnd.nextInt(ABCDEF.length()))); } return sb.toString(); } public static int checkPassword(Connection sql, String username, String password) { int uid = 0; PreparedStatement stmt = null; ResultSet rs = null; try { stmt = sql.prepareStatement("SELECT id,passw FROM users WHERE nick=?"); stmt.setString(1, username); rs = stmt.executeQuery(); if (rs.first()) { if (password.equals(rs.getString(2))) { uid = rs.getInt(1); } else { uid = -1; } } } catch (SQLException e) { System.err.println(e); } finally { Utils.finishSQL(rs, stmt); } return uid; } public static int getUserOptionInt(Connection sql, int uid, String option, int defaultValue) { int ret = defaultValue; PreparedStatement stmt = null; ResultSet rs = null; try { stmt = sql.prepareStatement("SELECT " + option + " FROM useroptions WHERE user_id=?"); stmt.setInt(1, uid); rs = stmt.executeQuery(); if (rs.first()) { ret = rs.getInt(1); } } catch (SQLException e) { System.err.println(e); } finally { Utils.finishSQL(rs, stmt); } return ret; } public static void setUserOptionInt(Connection sql, int uid, String option, int value) { PreparedStatement stmt = null; try { stmt = sql.prepareStatement("UPDATE useroptions SET " + option + "=? WHERE user_id=?"); stmt.setInt(1, value); stmt.setInt(2, uid); stmt.executeUpdate(); } catch (SQLException e) { System.err.println(e); } finally { Utils.finishSQL(null, stmt); } } }