/**
   * Setup optios and values for the user's session if authentication was ok.
   *
   * @param userSession The UserSession instance of the user
   * @param user The User instance of the authenticated user
   */
  protected void configureUserSession(UserSession userSession, User user) {

    LOG.trace("configureUserSession");
    userSession.dataToUser(user);

    // As an user may come back to the forum before its
    // last visit's session expires, we should check for
    // existent user information and then, if found, store
    // it to the database before getting his information back.
    String sessionId = SessionFacade.isUserInSession(user.getId());

    UserSession tmpUs;
    if (sessionId != null) {
      SessionFacade.storeSessionData(sessionId, JForumExecutionContext.getConnection());
      tmpUs = SessionFacade.getUserSession(sessionId);
      SessionFacade.remove(sessionId);
    } else {
      UserSessionDAO sm = DataAccessDriver.getInstance().newUserSessionDAO();
      tmpUs = sm.selectById(userSession, JForumExecutionContext.getConnection());
    }

    if (tmpUs == null) {
      userSession.setLastVisit(new Date(System.currentTimeMillis()));
    } else {
      // Update last visit and session start time
      userSession.setLastVisit(new Date(tmpUs.getStartTime().getTime() + tmpUs.getSessionTime()));
    }

    // If the execution point gets here, then the user
    // has chosen "autoLogin"
    userSession.setAutoLogin(true);
    SessionFacade.makeLogged();

    I18n.load(user.getLang());
  }
示例#2
0
  /**
   * Load user's roles.
   *
   * @param user The <code>User</code> to load
   * @param force If <code>true</code>, forces a reload. If <code>false</code>, the call will be
   *     ignored if the roles are already loaded.
   * @see SecurityRepository#load(int)
   * @see SecurityRepository#load(int, boolean)
   * @see SecurityRepository#load(User)
   * @return PermissionControl
   */
  public static PermissionControl load(User user, boolean force) {
    String userId = Integer.toString(user.getId());

    if (force || cache.get(FQN, userId) == null) {
      PermissionControl pc = new PermissionControl();

      // load roles
      GroupSecurityDAO dao = DataAccessDriver.getInstance().newGroupSecurityDAO();
      pc.setRoles(dao.loadRolesByUserGroups(user));

      cache.add(FQN, userId, pc);

      return pc;
    }

    return SecurityRepository.get(user.getId());
  }
  /**
   * Checks user credentials / automatic login.
   *
   * @param userSession The UserSession instance associated to the user's session
   * @return <code>true</code> if auto login was enabled and the user was sucessfuly logged in.
   * @throws DatabaseException
   */
  protected boolean checkAutoLogin(UserSession userSession) {

    LOG.trace("checkAutoLogin");
    String cookieName = SystemGlobals.getValue(ConfigKeys.COOKIE_NAME_DATA);

    Cookie cookie = this.getCookieTemplate(cookieName);
    Cookie hashCookie = this.getCookieTemplate(SystemGlobals.getValue(ConfigKeys.COOKIE_USER_HASH));
    Cookie autoLoginCookie =
        this.getCookieTemplate(SystemGlobals.getValue(ConfigKeys.COOKIE_AUTO_LOGIN));

    if (hashCookie != null
        && cookie != null
        && !cookie.getValue().equals(SystemGlobals.getValue(ConfigKeys.ANONYMOUS_USER_ID))
        && autoLoginCookie != null
        && "1".equals(autoLoginCookie.getValue())) {
      String uid = cookie.getValue();
      String uidHash = hashCookie.getValue();

      // Load the user-specific security hash from the database
      try {
        UserDAO userDao = DataAccessDriver.getInstance().newUserDAO();
        String userHash = userDao.getUserAuthHash(Integer.parseInt(uid));

        if (userHash == null || userHash.trim().length() == 0) {
          return false;
        }

        String securityHash = MD5.crypt(userHash);

        if (securityHash.equals(uidHash)) {
          int userId = Integer.parseInt(uid);
          userSession.setUserId(userId);

          User user = userDao.selectById(userId);

          if (user == null || user.getId() != userId || user.isDeleted()) {
            userSession.makeAnonymous();
            return false;
          }

          this.configureUserSession(userSession, user);

          return true;
        }
      } catch (Exception e) {
        throw new DatabaseException(e);
      }

      userSession.makeAnonymous();
    }

    return false;
  }
示例#4
0
  /** @param u User */
  private static void handleAvatar(User u) {

    LOG.trace("handleAvatar");
    String fileName = MD5.crypt(Integer.toString(u.getId()));
    FileItem item = (FileItem) JForumExecutionContext.getRequest().getObjectParameter("avatar");
    UploadUtils uploadUtils = new UploadUtils(item);

    // Gets file extension
    String extension = uploadUtils.getExtension().toLowerCase();
    int type = ImageUtils.IMAGE_UNKNOWN;

    if (extension.equals("jpg") || extension.equals("jpeg")) {
      type = ImageUtils.IMAGE_JPEG;
    } else if (extension.equals("gif") || extension.equals("png")) {
      type = ImageUtils.IMAGE_PNG;
    }

    if (type != ImageUtils.IMAGE_UNKNOWN) {
      String avatarTmpFileName =
          SystemGlobals.getApplicationPath() + "/images/avatar/" + fileName + "_tmp." + extension;

      // We cannot handle gifs
      if (extension.toLowerCase().equals("gif")) {
        extension = "png";
      }

      String avatarFinalFileName =
          SystemGlobals.getApplicationPath() + "/images/avatar/" + fileName + "." + extension;

      uploadUtils.saveUploadedFile(avatarTmpFileName);

      // OK, time to check and process the avatar size
      int maxWidth = SystemGlobals.getIntValue(ConfigKeys.AVATAR_MAX_WIDTH);
      int maxHeight = SystemGlobals.getIntValue(ConfigKeys.AVATAR_MAX_HEIGHT);

      BufferedImage image = ImageUtils.resizeImage(avatarTmpFileName, type, maxWidth, maxHeight);
      ImageUtils.saveImage(image, avatarFinalFileName, type);

      u.setAvatar(fileName + "." + extension);

      // Delete the temporary file
      new File(avatarTmpFileName).delete();
    }
  }