/**
* Checks user credentials / automatic login.
*
* @param userSession The UserSession instance associated to the user's session
* @return <code>true</code> if auto login was enabled and the user was sucessfuly logged in.
* @throws DatabaseException
*/
protected boolean checkAutoLogin(UserSession userSession) {
LOG.trace("checkAutoLogin");
String cookieName = SystemGlobals.getValue(ConfigKeys.COOKIE_NAME_DATA);
Cookie cookie = this.getCookieTemplate(cookieName);
Cookie hashCookie = this.getCookieTemplate(SystemGlobals.getValue(ConfigKeys.COOKIE_USER_HASH));
Cookie autoLoginCookie =
this.getCookieTemplate(SystemGlobals.getValue(ConfigKeys.COOKIE_AUTO_LOGIN));
if (hashCookie != null
&& cookie != null
&& !cookie.getValue().equals(SystemGlobals.getValue(ConfigKeys.ANONYMOUS_USER_ID))
&& autoLoginCookie != null
&& "1".equals(autoLoginCookie.getValue())) {
String uid = cookie.getValue();
String uidHash = hashCookie.getValue();
// Load the user-specific security hash from the database
try {
UserDAO userDao = DataAccessDriver.getInstance().newUserDAO();
String userHash = userDao.getUserAuthHash(Integer.parseInt(uid));
if (userHash == null || userHash.trim().length() == 0) {
return false;
}
String securityHash = MD5.crypt(userHash);
if (securityHash.equals(uidHash)) {
int userId = Integer.parseInt(uid);
userSession.setUserId(userId);
User user = userDao.selectById(userId);
if (user == null || user.getId() != userId || user.isDeleted()) {
userSession.makeAnonymous();
return false;
}
this.configureUserSession(userSession, user);
return true;
}
} catch (Exception e) {
throw new DatabaseException(e);
}
userSession.makeAnonymous();
}
return false;
}
/** @param u User */
private static void handleAvatar(User u) {
LOG.trace("handleAvatar");
String fileName = MD5.crypt(Integer.toString(u.getId()));
FileItem item = (FileItem) JForumExecutionContext.getRequest().getObjectParameter("avatar");
UploadUtils uploadUtils = new UploadUtils(item);
// Gets file extension
String extension = uploadUtils.getExtension().toLowerCase();
int type = ImageUtils.IMAGE_UNKNOWN;
if (extension.equals("jpg") || extension.equals("jpeg")) {
type = ImageUtils.IMAGE_JPEG;
} else if (extension.equals("gif") || extension.equals("png")) {
type = ImageUtils.IMAGE_PNG;
}
if (type != ImageUtils.IMAGE_UNKNOWN) {
String avatarTmpFileName =
SystemGlobals.getApplicationPath() + "/images/avatar/" + fileName + "_tmp." + extension;
// We cannot handle gifs
if (extension.toLowerCase().equals("gif")) {
extension = "png";
}
String avatarFinalFileName =
SystemGlobals.getApplicationPath() + "/images/avatar/" + fileName + "." + extension;
uploadUtils.saveUploadedFile(avatarTmpFileName);
// OK, time to check and process the avatar size
int maxWidth = SystemGlobals.getIntValue(ConfigKeys.AVATAR_MAX_WIDTH);
int maxHeight = SystemGlobals.getIntValue(ConfigKeys.AVATAR_MAX_HEIGHT);
BufferedImage image = ImageUtils.resizeImage(avatarTmpFileName, type, maxWidth, maxHeight);
ImageUtils.saveImage(image, avatarFinalFileName, type);
u.setAvatar(fileName + "." + extension);
// Delete the temporary file
new File(avatarTmpFileName).delete();
}
}
/**
* Save image to avatar dir
*
* @param avatar
* @param uploadedFile
* @return
*/
private File saveImage(Avatar avatar, UploadedFile uploadedFile) {
String configKey = getAvatarPathConfigKey(avatar);
if (configKey != null && uploadedFile != null) {
UploadUtils upload = new UploadUtils(uploadedFile);
String imageName =
String.format(
"%s.%s",
MD5.hash(uploadedFile.getFileName() + System.currentTimeMillis()),
upload.getExtension());
String filePath =
String.format(
"%s/%s/%s",
this.config.getApplicationPath(), this.config.getValue(configKey), imageName);
upload.saveUploadedFile(filePath);
return new File(filePath);
}
return null;
}
/**
* Updates the user information
*
* @param userId int The user id we are saving
* @return List
*/
public static List saveUser(int userId) {
LOG.trace("saveUser");
List errors = new ArrayList();
UserDAO um = DataAccessDriver.getInstance().newUserDAO();
User u = um.selectById(userId);
RequestContext request = JForumExecutionContext.getRequest();
boolean isAdmin = SessionFacade.getUserSession().isAdmin();
if (isAdmin) {
String username = request.getParameter("username");
if (username != null) {
u.setUsername(username.trim());
}
if (request.getParameter("rank_special") != null) {
u.setRankId(request.getIntParameter("rank_special"));
}
}
SafeHtml safeHtml = new SafeHtml();
u.setId(userId);
u.setIcq(safeHtml.makeSafe(request.getParameter("icq")));
u.setAim(safeHtml.makeSafe(request.getParameter("aim")));
u.setMsnm(safeHtml.makeSafe(request.getParameter("msn")));
u.setYim(safeHtml.makeSafe(request.getParameter("yim")));
u.setFrom(safeHtml.makeSafe(request.getParameter("location")));
u.setOccupation(safeHtml.makeSafe(request.getParameter("occupation")));
u.setInterests(safeHtml.makeSafe(request.getParameter("interests")));
u.setBiography(safeHtml.makeSafe(request.getParameter("biography")));
u.setSignature(safeHtml.makeSafe(request.getParameter("signature")));
u.setViewEmailEnabled(request.getParameter("viewemail").equals("1"));
u.setViewOnlineEnabled(request.getParameter("hideonline").equals("0"));
u.setNotifyPrivateMessagesEnabled(request.getParameter("notifypm").equals("1"));
u.setNotifyOnMessagesEnabled(request.getParameter("notifyreply").equals("1"));
u.setAttachSignatureEnabled(request.getParameter("attachsig").equals("1"));
u.setHtmlEnabled(request.getParameter("allowhtml").equals("1"));
u.setLang(request.getParameter("language"));
u.setBbCodeEnabled("1".equals(request.getParameter("allowbbcode")));
u.setSmiliesEnabled("1".equals(request.getParameter("allowsmilies")));
u.setNotifyAlways("1".equals(request.getParameter("notify_always")));
u.setNotifyText("1".equals(request.getParameter("notify_text")));
String website = safeHtml.makeSafe(request.getParameter("website"));
if (!StringUtils.isEmpty(website) && !website.toLowerCase().startsWith("http://")) {
website = "http://" + website;
}
u.setWebSite(website);
String currentPassword = request.getParameter("current_password");
boolean isCurrentPasswordEmpty = currentPassword == null || "".equals(currentPassword.trim());
if (isAdmin || !isCurrentPasswordEmpty) {
if (!isCurrentPasswordEmpty) {
currentPassword = MD5.crypt(currentPassword);
}
if (isAdmin || u.getPassword().equals(currentPassword)) {
u.setEmail(safeHtml.makeSafe(request.getParameter("email")));
String newPassword = request.getParameter("new_password");
if (newPassword != null && newPassword.length() > 0) {
u.setPassword(MD5.crypt(newPassword));
}
} else {
errors.add(I18n.getMessage("User.currentPasswordInvalid"));
}
}
if (request.getParameter("avatardel") != null) {
File avatarFile = new File(u.getAvatar());
File fileToDelete =
new File(SystemGlobals.getApplicationPath() + "/images/avatar/" + avatarFile.getName());
if (fileToDelete.exists()) {
fileToDelete.delete();
}
u.setAvatar(null);
}
if (request.getObjectParameter("avatar") != null) {
try {
UserCommon.handleAvatar(u);
} catch (Exception e) {
UserCommon.LOG.warn("Problems while uploading the avatar: " + e);
errors.add(I18n.getMessage("User.avatarUploadError"));
}
} else if (SystemGlobals.getBoolValue(ConfigKeys.AVATAR_ALLOW_EXTERNAL_URL)) {
String avatarUrl = request.getParameter("avatarUrl");
if (!StringUtils.isEmpty(avatarUrl)) {
if (avatarUrl.toLowerCase().startsWith("http://")) {
try {
Image image = ImageIO.read(new URL(avatarUrl));
if (image != null) {
if (image.getWidth(null) > SystemGlobals.getIntValue(ConfigKeys.AVATAR_MAX_WIDTH)
|| image.getHeight(null)
> SystemGlobals.getIntValue(ConfigKeys.AVATAR_MAX_HEIGHT)) {
errors.add(I18n.getMessage("User.avatarTooBig"));
} else {
u.setAvatar(avatarUrl);
}
}
} catch (Exception e) {
errors.add(I18n.getMessage("User.avatarUploadError"));
}
} else {
errors.add(I18n.getMessage("User.avatarUrlShouldHaveHttp"));
}
}
}
if (errors.size() == 0) {
um.update(u);
if (SessionFacade.getUserSession().getUserId() == userId) {
SessionFacade.getUserSession().setLang(u.getLang());
}
}
return errors;
}
