/**
* Setup optios and values for the user's session if authentication was ok.
*
* @param userSession The UserSession instance of the user
* @param user The User instance of the authenticated user
*/
protected void configureUserSession(UserSession userSession, User user) {
LOG.trace("configureUserSession");
userSession.dataToUser(user);
// As an user may come back to the forum before its
// last visit's session expires, we should check for
// existent user information and then, if found, store
// it to the database before getting his information back.
String sessionId = SessionFacade.isUserInSession(user.getId());
UserSession tmpUs;
if (sessionId != null) {
SessionFacade.storeSessionData(sessionId, JForumExecutionContext.getConnection());
tmpUs = SessionFacade.getUserSession(sessionId);
SessionFacade.remove(sessionId);
} else {
UserSessionDAO sm = DataAccessDriver.getInstance().newUserSessionDAO();
tmpUs = sm.selectById(userSession, JForumExecutionContext.getConnection());
}
if (tmpUs == null) {
userSession.setLastVisit(new Date(System.currentTimeMillis()));
} else {
// Update last visit and session start time
userSession.setLastVisit(new Date(tmpUs.getStartTime().getTime() + tmpUs.getSessionTime()));
}
// If the execution point gets here, then the user
// has chosen "autoLogin"
userSession.setAutoLogin(true);
SessionFacade.makeLogged();
I18n.load(user.getLang());
}
/**
* Load user's roles.
*
* @param user The <code>User</code> to load
* @param force If <code>true</code>, forces a reload. If <code>false</code>, the call will be
* ignored if the roles are already loaded.
* @see SecurityRepository#load(int)
* @see SecurityRepository#load(int, boolean)
* @see SecurityRepository#load(User)
* @return PermissionControl
*/
public static PermissionControl load(User user, boolean force) {
String userId = Integer.toString(user.getId());
if (force || cache.get(FQN, userId) == null) {
PermissionControl pc = new PermissionControl();
// load roles
GroupSecurityDAO dao = DataAccessDriver.getInstance().newGroupSecurityDAO();
pc.setRoles(dao.loadRolesByUserGroups(user));
cache.add(FQN, userId, pc);
return pc;
}
return SecurityRepository.get(user.getId());
}
/**
* Checks user credentials / automatic login.
*
* @param userSession The UserSession instance associated to the user's session
* @return <code>true</code> if auto login was enabled and the user was sucessfuly logged in.
* @throws DatabaseException
*/
protected boolean checkAutoLogin(UserSession userSession) {
LOG.trace("checkAutoLogin");
String cookieName = SystemGlobals.getValue(ConfigKeys.COOKIE_NAME_DATA);
Cookie cookie = this.getCookieTemplate(cookieName);
Cookie hashCookie = this.getCookieTemplate(SystemGlobals.getValue(ConfigKeys.COOKIE_USER_HASH));
Cookie autoLoginCookie =
this.getCookieTemplate(SystemGlobals.getValue(ConfigKeys.COOKIE_AUTO_LOGIN));
if (hashCookie != null
&& cookie != null
&& !cookie.getValue().equals(SystemGlobals.getValue(ConfigKeys.ANONYMOUS_USER_ID))
&& autoLoginCookie != null
&& "1".equals(autoLoginCookie.getValue())) {
String uid = cookie.getValue();
String uidHash = hashCookie.getValue();
// Load the user-specific security hash from the database
try {
UserDAO userDao = DataAccessDriver.getInstance().newUserDAO();
String userHash = userDao.getUserAuthHash(Integer.parseInt(uid));
if (userHash == null || userHash.trim().length() == 0) {
return false;
}
String securityHash = MD5.crypt(userHash);
if (securityHash.equals(uidHash)) {
int userId = Integer.parseInt(uid);
userSession.setUserId(userId);
User user = userDao.selectById(userId);
if (user == null || user.getId() != userId || user.isDeleted()) {
userSession.makeAnonymous();
return false;
}
this.configureUserSession(userSession, user);
return true;
}
} catch (Exception e) {
throw new DatabaseException(e);
}
userSession.makeAnonymous();
}
return false;
}
/** @param u User */
private static void handleAvatar(User u) {
LOG.trace("handleAvatar");
String fileName = MD5.crypt(Integer.toString(u.getId()));
FileItem item = (FileItem) JForumExecutionContext.getRequest().getObjectParameter("avatar");
UploadUtils uploadUtils = new UploadUtils(item);
// Gets file extension
String extension = uploadUtils.getExtension().toLowerCase();
int type = ImageUtils.IMAGE_UNKNOWN;
if (extension.equals("jpg") || extension.equals("jpeg")) {
type = ImageUtils.IMAGE_JPEG;
} else if (extension.equals("gif") || extension.equals("png")) {
type = ImageUtils.IMAGE_PNG;
}
if (type != ImageUtils.IMAGE_UNKNOWN) {
String avatarTmpFileName =
SystemGlobals.getApplicationPath() + "/images/avatar/" + fileName + "_tmp." + extension;
// We cannot handle gifs
if (extension.toLowerCase().equals("gif")) {
extension = "png";
}
String avatarFinalFileName =
SystemGlobals.getApplicationPath() + "/images/avatar/" + fileName + "." + extension;
uploadUtils.saveUploadedFile(avatarTmpFileName);
// OK, time to check and process the avatar size
int maxWidth = SystemGlobals.getIntValue(ConfigKeys.AVATAR_MAX_WIDTH);
int maxHeight = SystemGlobals.getIntValue(ConfigKeys.AVATAR_MAX_HEIGHT);
BufferedImage image = ImageUtils.resizeImage(avatarTmpFileName, type, maxWidth, maxHeight);
ImageUtils.saveImage(image, avatarFinalFileName, type);
u.setAvatar(fileName + "." + extension);
// Delete the temporary file
new File(avatarTmpFileName).delete();
}
}