public JSONObject loginUser(
HttpServletRequest request, HttpServletResponse response, JSONRPC2Request jsonReq)
throws Exception {
// define new json for the result
JSONObject jsonLogin = new JSONObject();
// get user info
Map<String, Object> params = jsonReq.getNamedParams();
NamedParamsRetriever np = new NamedParamsRetriever(params);
String password = PassEncript.PassHash(np.getString("password"));
System.out.println("input pass " + password);
String email = np.getString("email");
// establish connection
MySQLDAO dao = new MySQLDAO();
// get user by email
User u = new User();
u = dao.loadUser(email);
if (!(u.getEmail().equals(email))) {
throw new Exception("incorrect email");
} else {
// check if password is correct
if (u.getPassword().equals(password)) {
// create sesssion and cookies
HttpSession session = request.getSession();
session.setAttribute("pass", TimeEncrpyt.TimeHash());
System.out.println("session pass: "******"pass").toString());
session.setAttribute("user", email);
System.out.println("session user: "******"user").toString());
session.setMaxInactiveInterval(30 * 60);
Cookie pass = new Cookie("pass", TimeEncrpyt.TimeHash());
System.out.println("cookie pass: "******"user", u.toJSONObject());
return jsonLogin;
} else {
throw new Exception("password missmatch");
}
}
}
public JSONObject logoutUser(HttpServletRequest request) {
// get session time stamp
HttpSession session = request.getSession();
String sessionPass = (String) session.getAttribute("pass");
// get cookies
Cookie[] cookies = request.getCookies();
// search cookies for match and delete cookie if found
if (cookies != null) {
for (Cookie cookie : cookies) {
if (cookie.getValue().equals(sessionPass)) {
cookie.setMaxAge(0);
}
}
}
// invalidate session
request.getSession().invalidate();
// send result
User u = getCurrentUser(request);
JSONObject jsonLogout = new JSONObject();
jsonLogout.put("user", u.toJSONObject());
return jsonLogout;
}
public JSONObject registerUser(JSONRPC2Request request, JSONRPC2Response response)
throws Exception {
@SuppressWarnings("unused")
JSONRPC2ParamsType paramsType = request.getParamsType();
Map<String, Object> params = request.getNamedParams();
NamedParamsRetriever np = new NamedParamsRetriever(params);
JSONObject jsonRegistration = new JSONObject();
// create new user
User u = new User();
// set params
u.setName(np.getString("name"));
u.setEmail(np.getString("email"));
u.setPassword(PassEncript.PassHash(np.getString("password")));
// add user
MySQLDAO dao = new MySQLDAO();
dao.insertUser(u);
jsonRegistration.put("user", u.toJSONObject());
return jsonRegistration;
}
