fixed topic name in posts so that it came out right; fixed SIG welcome

page so that it generates correct URL; repaired a security hole (well, not
really, but a PERCEIVED security hole) regarding accounts that have been
created but not yet confirmed
This commit is contained in:
Eric J. Bowersox 2001-04-15 04:23:48 +00:00
parent 89429a4b40
commit acc7f06e66
4 changed files with 106 additions and 38 deletions

View File

@ -216,6 +216,65 @@ class UserContextImpl implements UserContext, UserBackend
} // end sendEmailConfirmation
private void autoJoinSIGs(Connection conn) throws SQLException
{
if (logger.isDebugEnabled())
logger.debug("autoJoinSIGs (uid " + uid + ", level " + level + ")");
// See which SIGs we are eligible to autojoin.
Statement stmt = conn.createStatement();
StringBuffer sql =
new StringBuffer("SELECT sigmember.sigid, sigmember.locked FROM users, sigmember, sigs "
+ "WHERE sigmember.uid = users.uid AND sigmember.sigid = sigs.sigid "
+ "AND users.is_anon = 1 AND sigs.join_lvl <= ");
sql.append(level).append(';');
if (logger.isDebugEnabled())
logger.debug("SQL: " + sql.toString());
ResultSet rs = stmt.executeQuery(sql.toString());
// Save the SIGIDs returned into temporary array lists.
ArrayList tmp_sigid = new ArrayList();
ArrayList tmp_locked = new ArrayList();
while (rs.next())
{ // save off the "sigid" and "locked" column pairs
tmp_sigid.add(new Integer(rs.getInt(1)));
tmp_locked.add(new Boolean(rs.getBoolean(2)));
} // end while
// Figure out which of those SIGs we haven't joined yet and set up to autojoin them.
sql.setLength(0);
for (int i=0; i<tmp_sigid.size(); i++)
{ // see if the user is already a member of this SIG
Integer x_sigid = (Integer)(tmp_sigid.get(i));
rs = stmt.executeQuery("SELECT sigid FROM sigmember WHERE sigid = " + x_sigid + " AND uid = " + uid
+ ";");
if (!(rs.next()))
{ // tack this information onto the end of our big "INSERT" command
Boolean x_locked = (Boolean)(tmp_locked.get(i));
if (sql.length()==0)
sql.append("INSERT INTO sigmember (sigid, uid, granted_lvl, locked) VALUES ");
else
sql.append(", ");
sql.append("(").append(x_sigid).append(", ").append(uid).append(", ");
sql.append(DefaultLevels.memberSIG()).append(", ").append(x_locked.booleanValue() ? '1' : '0');
sql.append(")");
} // end if
} // end for
if (sql.length()>0)
{ // execute the big update
sql.append(';');
if (logger.isDebugEnabled())
logger.debug("SQL: " + sql.toString());
stmt.executeUpdate(sql.toString());
} // end if
} // end autoJoinSIGs
/*--------------------------------------------------------------------------------
* Implementations from interface UserContext
*--------------------------------------------------------------------------------
@ -402,6 +461,9 @@ class UserContextImpl implements UserContext, UserBackend
email_verified = true;
level = DefaultLevels.afterEmailVerification();
autoJoinSIGs(conn); // EJB 4/14/2001 - handle autojoin of any SIGs we couldn't autojoin at account
// creation time
// record an audit message indicating that we verified OK
ar = new AuditRecord(AuditRecord.VERIFY_OK,uid,remote_addr);
@ -1415,4 +1477,29 @@ class UserContextImpl implements UserContext, UserBackend
} // end loadNewUser
void autoJoinSIGs() throws DataException
{
Connection conn = null;
try
{ // get a database connection and call the internal function
conn = datapool.getConnection();
autoJoinSIGs(conn);
} // end try
catch (SQLException e)
{ // database error - this is a DataException
logger.error("error autojoining SIGs: " + e.getMessage(),e);
throw new DataException("unable to autojoin SIGs: " + e.getMessage(),e);
} // end catch
finally
{ // make sure the connection is released before we go
if (conn!=null)
datapool.releaseConnection(conn);
} // end finally
} // end autoJoinSIGs
} // end class UserContextImpl

View File

@ -1029,31 +1029,6 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
if (logger.isDebugEnabled())
logger.debug("...created userprefs");
// get the list of SIG IDs the anonymous user is a member of
rs = stmt.executeQuery("SELECT sigmember.sigid, sigmember.locked FROM users, sigmember "
+ "WHERE sigmember.uid = users.uid AND users.is_anon = 1;");
sql.setLength(0);
while (rs.next())
{ // set up to insert into the sigmember table
if (sql.length()==0)
sql.append("INSERT INTO sigmember (sigid, uid, granted_lvl, locked) VALUES ");
else
sql.append(", ");
sql.append("(").append(rs.getInt(1)).append(", ").append(new_uid).append(", ");
sql.append(DefaultLevels.memberSIG()).append(", ").append(rs.getInt(2)).append(")");
} // end while
if (sql.length()>0)
{ // execute the big update
sql.append(';');
stmt.executeUpdate(sql.toString());
} // end if
if (logger.isDebugEnabled())
logger.debug("...loaded default SIG memberships");
// get the sidebox configuration for this user
rs = stmt.executeQuery("SELECT sideboxes.boxid, sideboxes.sequence, sideboxes.param FROM sideboxes, "
+ "users WHERE sideboxes.uid = users.uid AND users.is_anon = 1;");
@ -1144,6 +1119,7 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
// create a new context for the user (they're now effectively logged in)
UserContextImpl rc = new UserContextImpl(this,datapool);
rc.loadNewUser(remote_addr,new_uid,DefaultLevels.newUser(),username,confirm_num,created,created);
rc.autoJoinSIGs(); // EJB 4/14/2001
if (logger.isDebugEnabled())
logger.debug("...created new user context");
return rc;

View File

@ -405,4 +405,13 @@ public class TopicPosts implements JSPRender
} // end getNumPostsPerPage
public boolean displayAttachmentInNewWindow(TopicMessageContext msg)
{
if (!(msg.hasAttachment()))
return false;
String type = msg.getAttachmentType();
return (type.startsWith("text/") || type.startsWith("image/"));
} // end displayAttachmentInNewWindow
} // end class TopicPosts

View File

@ -26,18 +26,13 @@
RenderData rdat = RenderConfig.createRenderData(application,request,response);
%>
<% if (rdat.useHTMLComments()) { %><!-- <%= data.getIdentifyingData() %> --><% } %>
<%
String tmp;
if (data.isTopicArchived())
tmp = "(Archived) ";
else if (data.isTopicFrozen())
tmp = "(Frozen) ";
else
tmp = "";
rdat.writeContentHeader(out,data.getTopicName(),tmp + data.getTotalMessages() + " Total; "
+ data.getNewMessages() + " New; Last: "
+ rdat.formatDateForDisplay(data.getLastUpdate()));
%>
<%= rdat.getStdFontTag("#3333AA",5) %><B><%= data.getTopicName() %></B></FONT>&nbsp;&nbsp;
<%= rdat.getStdFontTag("#3333AA",3) %><B>
<% if (data.isTopicArchived()) { %>(Archived)<% } else if (data.isTopicFrozen()) { %>(Frozen)<% } %>
<%= data.getTotalMessages() %> Total; <%= data.getNewMessages() %> New;
Last: <%= rdat.formatDateForDisplay(data.getLastUpdate()) %>
</B></FONT>
<TABLE BORDER=0 WIDTH="100%" CELLPADDING=0 CELLSPACING=0>
<TR VALIGN=BOTTOM>
<TD NOWRAP ALIGN=LEFT>
@ -176,7 +171,8 @@
</EM>)
<% if (msg.hasAttachment()) { %>
<A HREF="<%= rdat.getEncodedServletPath("attachment?" + data.getConfLocator() + "&msg="
+ msg.getPostID()) %>" TARGET="_blank"><IMG
+ msg.getPostID()) %>"
<% if (data.displayAttachmentInNewWindow(msg)) { %>TARGET="_blank"<% } %> ><IMG
SRC="<%= rdat.getFullImagePath("attachment.gif") %>"
ALT="(Attachment <%= msg.getAttachmentFilename() %> - <%= msg.getAttachmentLength() %> bytes)"
WIDTH=16 HEIGHT=16 BORDER=0></A>