public void login() {
Candidate candidate = getCandidateService().findCandidateByEmailService(email);
if (null != candidate) {
// is this account created with username and password?
if (matchOAuthLoginMethod(candidate, "SIMPLE")) {
// does password match?
// password is md5+random nonce hashed, this is more secure because of sql injection attact
if (null != candidate.getPassword()
&& candidate.getPassword().equals(UserProfile.MD5(password))) {
getJobSearchController().setIsUserLoggedIn(true);
getJobSearchController().setLoggedInUser(candidate);
// redirect to hidden page
try {
if (null != redirect) {
String copyRedirect = redirect;
setRedirect(null);
FacesContext.getCurrentInstance().getExternalContext().redirect(copyRedirect);
} else {
FacesContext.getCurrentInstance().getExternalContext().redirect("index.xhtml");
}
} catch (IOException e) {
e.printStackTrace();
}
} else {
// display user not found message
LabelController lblController = new LabelController();
FacesContext.getCurrentInstance()
.addMessage("atsForm", new FacesMessage(lblController.getUserNamePasswordNotMatch()));
}
}
}
}
