/* * Juick * Copyright (C) 2008-2013, Ugnich Anton * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ package com.juick.http.www; import org.springframework.jdbc.core.JdbcTemplate; import java.io.IOException; import java.io.PrintWriter; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.SQLException; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * * @author Ugnich Anton */ public class Settings { protected void doGet(JdbcTemplate sql, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { com.juick.User visitor = Utils.getVisitorUser(sql, request, response); response.setContentType("text/html; charset=UTF-8"); try (PrintWriter out = response.getWriter()) { PageTemplates.pageHead(out, "Логин", ""); PageTemplates.pageNavigation(out, visitor, null); out.println("
"); out.println("
"); out.println("
"); out.println("
"); out.println("

Имя пользователя:

"); out.println("

Пароль:

"); out.println("

"); out.println("
"); out.println("
"); out.println("
"); out.println("
"); // topwrapper PageTemplates.pageFooter(request, out, visitor, false); PageTemplates.pageEnd(out); } } protected void doPost(JdbcTemplate sql, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String username = request.getParameter("username"); String password = request.getParameter("password"); if (username == null || password == null || username.length() > 32 || password.isEmpty()) { response.sendError(400); return; } int uid = com.juick.server.UserQueries.checkPassword(sql, username, password); if (uid > 0) { String hash = com.juick.server.UserQueries.getHashByUID(sql, uid); Cookie c = new Cookie("hash", hash); c.setDomain(".juick.com"); c.setMaxAge(365 * 24 * 60 * 60); response.addCookie(c); if (uid > 0) { throw new IOException("Settings"); } String referer = request.getHeader("Referer"); if (referer != null && referer.startsWith("http://juick.com/") && !referer.equals("http://juick.com/login")) { response.sendRedirect(referer); } else { response.sendRedirect("/"); } } else { response.sendError(403); } } }