fixed topic name in posts so that it came out right; fixed SIG welcome

page so that it generates correct URL; repaired a security hole (well, not
really, but a PERCEIVED security hole) regarding accounts that have been
created but not yet confirmed

src/com/silverwrist/venice/core/impl/UserContextImpl.java

@@ -216,6 +216,65 @@ class UserContextImpl implements UserContext, UserBackend
 
   } // end sendEmailConfirmation
 
+  private void autoJoinSIGs(Connection conn) throws SQLException
+  {
+    if (logger.isDebugEnabled())
+      logger.debug("autoJoinSIGs (uid " + uid + ", level " + level + ")");
+
+    // See which SIGs we are eligible to autojoin.
+    Statement stmt = conn.createStatement();
+    StringBuffer sql =
+        new StringBuffer("SELECT sigmember.sigid, sigmember.locked FROM users, sigmember, sigs "
+			 + "WHERE sigmember.uid = users.uid AND sigmember.sigid = sigs.sigid "
+			 + "AND users.is_anon = 1 AND sigs.join_lvl <= ");
+    sql.append(level).append(';');
+    if (logger.isDebugEnabled())
+      logger.debug("SQL: " + sql.toString());
+    ResultSet rs = stmt.executeQuery(sql.toString());
+
+    // Save the SIGIDs returned into temporary array lists.
+    ArrayList tmp_sigid = new ArrayList();
+    ArrayList tmp_locked = new ArrayList();
+    while (rs.next())
+    { // save off the "sigid" and "locked" column pairs
+      tmp_sigid.add(new Integer(rs.getInt(1)));
+      tmp_locked.add(new Boolean(rs.getBoolean(2)));
+
+    } // end while
+
+    // Figure out which of those SIGs we haven't joined yet and set up to autojoin them.
+    sql.setLength(0);
+    for (int i=0; i<tmp_sigid.size(); i++)
+    { // see if the user is already a member of this SIG
+      Integer x_sigid = (Integer)(tmp_sigid.get(i));
+      rs = stmt.executeQuery("SELECT sigid FROM sigmember WHERE sigid = " + x_sigid + " AND uid = " + uid
+			     + ";");
+      if (!(rs.next()))
+      { // tack this information onto the end of our big "INSERT" command
+	Boolean x_locked = (Boolean)(tmp_locked.get(i));
+	if (sql.length()==0)
+	  sql.append("INSERT INTO sigmember (sigid, uid, granted_lvl, locked) VALUES ");
+	else
+	  sql.append(", ");
+	sql.append("(").append(x_sigid).append(", ").append(uid).append(", ");
+	sql.append(DefaultLevels.memberSIG()).append(", ").append(x_locked.booleanValue() ? '1' : '0');
+	sql.append(")");
+				 
+      } // end if
+
+    } // end for
+
+    if (sql.length()>0)
+    { // execute the big update
+      sql.append(';');
+      if (logger.isDebugEnabled())
+	logger.debug("SQL: " + sql.toString());
+      stmt.executeUpdate(sql.toString());
+
+    } // end if
+
+  } // end autoJoinSIGs
+
   /*--------------------------------------------------------------------------------
    * Implementations from interface UserContext
    *--------------------------------------------------------------------------------
@@ -402,6 +461,9 @@ class UserContextImpl implements UserContext, UserBackend
       email_verified = true;
       level = DefaultLevels.afterEmailVerification();
 
+      autoJoinSIGs(conn);  // EJB 4/14/2001 - handle autojoin of any SIGs we couldn't autojoin at account
+                           // creation time
+
       // record an audit message indicating that we verified OK
       ar = new AuditRecord(AuditRecord.VERIFY_OK,uid,remote_addr);
 
@@ -1415,4 +1477,29 @@ class UserContextImpl implements UserContext, UserBackend
 
   } // end loadNewUser
 
+  void autoJoinSIGs() throws DataException
+  {
+    Connection conn = null;
+
+    try
+    { // get a database connection and call the internal function
+      conn = datapool.getConnection();
+      autoJoinSIGs(conn);
+
+    } // end try
+    catch (SQLException e)
+    { // database error - this is a DataException
+      logger.error("error autojoining SIGs: " + e.getMessage(),e);
+      throw new DataException("unable to autojoin SIGs: " + e.getMessage(),e);
+
+    } // end catch
+    finally
+    { // make sure the connection is released before we go
+      if (conn!=null)
+	datapool.releaseConnection(conn);
+
+    } // end finally
+
+  } // end autoJoinSIGs
+  
 } // end class UserContextImpl

src/com/silverwrist/venice/core/impl/VeniceEngineImpl.java

@@ -1029,31 +1029,6 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
 	if (logger.isDebugEnabled())
 	  logger.debug("...created userprefs");
 
-	// get the list of SIG IDs the anonymous user is a member of
-	rs = stmt.executeQuery("SELECT sigmember.sigid, sigmember.locked FROM users, sigmember "
-			       + "WHERE sigmember.uid = users.uid AND users.is_anon = 1;");
-	sql.setLength(0);
-	while (rs.next())
-	{ // set up to insert into the sigmember table
-	  if (sql.length()==0)
-	    sql.append("INSERT INTO sigmember (sigid, uid, granted_lvl, locked) VALUES ");
-	  else
-	    sql.append(", ");
-	  sql.append("(").append(rs.getInt(1)).append(", ").append(new_uid).append(", ");
-	  sql.append(DefaultLevels.memberSIG()).append(", ").append(rs.getInt(2)).append(")");
-				 
-	} // end while
-
-	if (sql.length()>0)
-	{ // execute the big update
-	  sql.append(';');
-	  stmt.executeUpdate(sql.toString());
-
-	} // end if
-
-	if (logger.isDebugEnabled())
-	  logger.debug("...loaded default SIG memberships");
-
 	// get the sidebox configuration for this user
 	rs = stmt.executeQuery("SELECT sideboxes.boxid, sideboxes.sequence, sideboxes.param FROM sideboxes, "
 			       + "users WHERE sideboxes.uid = users.uid AND users.is_anon = 1;");
@@ -1144,6 +1119,7 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
     // create a new context for the user (they're now effectively logged in)
     UserContextImpl rc = new UserContextImpl(this,datapool);
     rc.loadNewUser(remote_addr,new_uid,DefaultLevels.newUser(),username,confirm_num,created,created);
+    rc.autoJoinSIGs();  // EJB 4/14/2001
     if (logger.isDebugEnabled())
       logger.debug("...created new user context");
     return rc;

src/com/silverwrist/venice/servlets/format/TopicPosts.java

@@ -405,4 +405,13 @@ public class TopicPosts implements JSPRender
 
   } // end getNumPostsPerPage
 
+  public boolean displayAttachmentInNewWindow(TopicMessageContext msg)
+  {
+    if (!(msg.hasAttachment()))
+      return false;
+    String type = msg.getAttachmentType();
+    return (type.startsWith("text/") || type.startsWith("image/"));
+
+  } // end displayAttachmentInNewWindow
+
 } // end class TopicPosts

web/format/posts.jsp

@@ -26,18 +26,13 @@
   RenderData rdat = RenderConfig.createRenderData(application,request,response);
 %>
 <% if (rdat.useHTMLComments()) { %><!-- <%= data.getIdentifyingData() %> --><% } %>
-<%
+<%= rdat.getStdFontTag("#3333AA",5) %><B><%= data.getTopicName() %></B></FONT>&nbsp;&nbsp;
-  String tmp;
+<%= rdat.getStdFontTag("#3333AA",3) %><B>
-  if (data.isTopicArchived())
+  <% if (data.isTopicArchived()) { %>(Archived)<% } else if (data.isTopicFrozen()) { %>(Frozen)<% } %>
-    tmp = "(Archived) ";
+  <%= data.getTotalMessages() %> Total; <%= data.getNewMessages() %> New;
-  else if (data.isTopicFrozen())
+  Last: <%= rdat.formatDateForDisplay(data.getLastUpdate()) %>
-    tmp = "(Frozen) ";
+</B></FONT>
-  else
+
-    tmp = "";
-  rdat.writeContentHeader(out,data.getTopicName(),tmp + data.getTotalMessages() + " Total; "
-                          + data.getNewMessages() + " New; Last: "
-                          + rdat.formatDateForDisplay(data.getLastUpdate()));
-%>
 <TABLE BORDER=0 WIDTH="100%" CELLPADDING=0 CELLSPACING=0>
   <TR VALIGN=BOTTOM>
     <TD NOWRAP ALIGN=LEFT>
@@ -176,7 +171,8 @@
     </EM>)
     <% if (msg.hasAttachment()) { %>
       <A HREF="<%= rdat.getEncodedServletPath("attachment?" + data.getConfLocator() + "&msg="
-                                              + msg.getPostID()) %>" TARGET="_blank"><IMG
+                                              + msg.getPostID()) %>"
+       <% if (data.displayAttachmentInNewWindow(msg)) { %>TARGET="_blank"<% } %> ><IMG
        SRC="<%= rdat.getFullImagePath("attachment.gif") %>"
        ALT="(Attachment <%= msg.getAttachmentFilename() %> - <%= msg.getAttachmentLength() %> bytes)"
        WIDTH=16 HEIGHT=16 BORDER=0></A>