/** * Add a new user to MedSavant. * * @param sessID the session we're logged in as * @param user the user to add * @param pass the password * @param level the user's level * @throws SQLException */ @Override public synchronized void addUser(String sessID, String user, char[] pass, UserLevel level) throws SQLException, SessionExpiredException { PooledConnection conn = ConnectionController.connectPooled(sessID); try { if (user.startsWith(DATABASE_USER_KEY_PREFIX)) { throw new SQLException("Can't create user " + user + " -- illegal username"); } // TODO: Transactions aren't supported for MyISAM, so this has no effect. conn.setAutoCommit(false); conn.executePreparedUpdate("CREATE USER ?@'%' IDENTIFIED BY ?", user, new String(pass)); grantPrivileges(sessID, user, level); conn.commit(); } catch (SQLException sqlx) { conn.rollback(); throw sqlx; } finally { for (int i = 0; i < pass.length; i++) { pass[i] = 0; } conn.setAutoCommit(true); conn.close(); } }