fixed topic name in posts so that it came out right; fixed SIG welcome
page so that it generates correct URL; repaired a security hole (well, not really, but a PERCEIVED security hole) regarding accounts that have been created but not yet confirmed
This commit is contained in:
parent
89429a4b40
commit
acc7f06e66
|
@ -216,6 +216,65 @@ class UserContextImpl implements UserContext, UserBackend
|
|||
|
||||
} // end sendEmailConfirmation
|
||||
|
||||
private void autoJoinSIGs(Connection conn) throws SQLException
|
||||
{
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("autoJoinSIGs (uid " + uid + ", level " + level + ")");
|
||||
|
||||
// See which SIGs we are eligible to autojoin.
|
||||
Statement stmt = conn.createStatement();
|
||||
StringBuffer sql =
|
||||
new StringBuffer("SELECT sigmember.sigid, sigmember.locked FROM users, sigmember, sigs "
|
||||
+ "WHERE sigmember.uid = users.uid AND sigmember.sigid = sigs.sigid "
|
||||
+ "AND users.is_anon = 1 AND sigs.join_lvl <= ");
|
||||
sql.append(level).append(';');
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("SQL: " + sql.toString());
|
||||
ResultSet rs = stmt.executeQuery(sql.toString());
|
||||
|
||||
// Save the SIGIDs returned into temporary array lists.
|
||||
ArrayList tmp_sigid = new ArrayList();
|
||||
ArrayList tmp_locked = new ArrayList();
|
||||
while (rs.next())
|
||||
{ // save off the "sigid" and "locked" column pairs
|
||||
tmp_sigid.add(new Integer(rs.getInt(1)));
|
||||
tmp_locked.add(new Boolean(rs.getBoolean(2)));
|
||||
|
||||
} // end while
|
||||
|
||||
// Figure out which of those SIGs we haven't joined yet and set up to autojoin them.
|
||||
sql.setLength(0);
|
||||
for (int i=0; i<tmp_sigid.size(); i++)
|
||||
{ // see if the user is already a member of this SIG
|
||||
Integer x_sigid = (Integer)(tmp_sigid.get(i));
|
||||
rs = stmt.executeQuery("SELECT sigid FROM sigmember WHERE sigid = " + x_sigid + " AND uid = " + uid
|
||||
+ ";");
|
||||
if (!(rs.next()))
|
||||
{ // tack this information onto the end of our big "INSERT" command
|
||||
Boolean x_locked = (Boolean)(tmp_locked.get(i));
|
||||
if (sql.length()==0)
|
||||
sql.append("INSERT INTO sigmember (sigid, uid, granted_lvl, locked) VALUES ");
|
||||
else
|
||||
sql.append(", ");
|
||||
sql.append("(").append(x_sigid).append(", ").append(uid).append(", ");
|
||||
sql.append(DefaultLevels.memberSIG()).append(", ").append(x_locked.booleanValue() ? '1' : '0');
|
||||
sql.append(")");
|
||||
|
||||
} // end if
|
||||
|
||||
} // end for
|
||||
|
||||
if (sql.length()>0)
|
||||
{ // execute the big update
|
||||
sql.append(';');
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("SQL: " + sql.toString());
|
||||
stmt.executeUpdate(sql.toString());
|
||||
|
||||
} // end if
|
||||
|
||||
} // end autoJoinSIGs
|
||||
|
||||
/*--------------------------------------------------------------------------------
|
||||
* Implementations from interface UserContext
|
||||
*--------------------------------------------------------------------------------
|
||||
|
@ -402,6 +461,9 @@ class UserContextImpl implements UserContext, UserBackend
|
|||
email_verified = true;
|
||||
level = DefaultLevels.afterEmailVerification();
|
||||
|
||||
autoJoinSIGs(conn); // EJB 4/14/2001 - handle autojoin of any SIGs we couldn't autojoin at account
|
||||
// creation time
|
||||
|
||||
// record an audit message indicating that we verified OK
|
||||
ar = new AuditRecord(AuditRecord.VERIFY_OK,uid,remote_addr);
|
||||
|
||||
|
@ -1415,4 +1477,29 @@ class UserContextImpl implements UserContext, UserBackend
|
|||
|
||||
} // end loadNewUser
|
||||
|
||||
void autoJoinSIGs() throws DataException
|
||||
{
|
||||
Connection conn = null;
|
||||
|
||||
try
|
||||
{ // get a database connection and call the internal function
|
||||
conn = datapool.getConnection();
|
||||
autoJoinSIGs(conn);
|
||||
|
||||
} // end try
|
||||
catch (SQLException e)
|
||||
{ // database error - this is a DataException
|
||||
logger.error("error autojoining SIGs: " + e.getMessage(),e);
|
||||
throw new DataException("unable to autojoin SIGs: " + e.getMessage(),e);
|
||||
|
||||
} // end catch
|
||||
finally
|
||||
{ // make sure the connection is released before we go
|
||||
if (conn!=null)
|
||||
datapool.releaseConnection(conn);
|
||||
|
||||
} // end finally
|
||||
|
||||
} // end autoJoinSIGs
|
||||
|
||||
} // end class UserContextImpl
|
||||
|
|
|
@ -1029,31 +1029,6 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
|
|||
if (logger.isDebugEnabled())
|
||||
logger.debug("...created userprefs");
|
||||
|
||||
// get the list of SIG IDs the anonymous user is a member of
|
||||
rs = stmt.executeQuery("SELECT sigmember.sigid, sigmember.locked FROM users, sigmember "
|
||||
+ "WHERE sigmember.uid = users.uid AND users.is_anon = 1;");
|
||||
sql.setLength(0);
|
||||
while (rs.next())
|
||||
{ // set up to insert into the sigmember table
|
||||
if (sql.length()==0)
|
||||
sql.append("INSERT INTO sigmember (sigid, uid, granted_lvl, locked) VALUES ");
|
||||
else
|
||||
sql.append(", ");
|
||||
sql.append("(").append(rs.getInt(1)).append(", ").append(new_uid).append(", ");
|
||||
sql.append(DefaultLevels.memberSIG()).append(", ").append(rs.getInt(2)).append(")");
|
||||
|
||||
} // end while
|
||||
|
||||
if (sql.length()>0)
|
||||
{ // execute the big update
|
||||
sql.append(';');
|
||||
stmt.executeUpdate(sql.toString());
|
||||
|
||||
} // end if
|
||||
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("...loaded default SIG memberships");
|
||||
|
||||
// get the sidebox configuration for this user
|
||||
rs = stmt.executeQuery("SELECT sideboxes.boxid, sideboxes.sequence, sideboxes.param FROM sideboxes, "
|
||||
+ "users WHERE sideboxes.uid = users.uid AND users.is_anon = 1;");
|
||||
|
@ -1144,6 +1119,7 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
|
|||
// create a new context for the user (they're now effectively logged in)
|
||||
UserContextImpl rc = new UserContextImpl(this,datapool);
|
||||
rc.loadNewUser(remote_addr,new_uid,DefaultLevels.newUser(),username,confirm_num,created,created);
|
||||
rc.autoJoinSIGs(); // EJB 4/14/2001
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("...created new user context");
|
||||
return rc;
|
||||
|
|
|
@ -405,4 +405,13 @@ public class TopicPosts implements JSPRender
|
|||
|
||||
} // end getNumPostsPerPage
|
||||
|
||||
public boolean displayAttachmentInNewWindow(TopicMessageContext msg)
|
||||
{
|
||||
if (!(msg.hasAttachment()))
|
||||
return false;
|
||||
String type = msg.getAttachmentType();
|
||||
return (type.startsWith("text/") || type.startsWith("image/"));
|
||||
|
||||
} // end displayAttachmentInNewWindow
|
||||
|
||||
} // end class TopicPosts
|
||||
|
|
|
@ -26,18 +26,13 @@
|
|||
RenderData rdat = RenderConfig.createRenderData(application,request,response);
|
||||
%>
|
||||
<% if (rdat.useHTMLComments()) { %><!-- <%= data.getIdentifyingData() %> --><% } %>
|
||||
<%
|
||||
String tmp;
|
||||
if (data.isTopicArchived())
|
||||
tmp = "(Archived) ";
|
||||
else if (data.isTopicFrozen())
|
||||
tmp = "(Frozen) ";
|
||||
else
|
||||
tmp = "";
|
||||
rdat.writeContentHeader(out,data.getTopicName(),tmp + data.getTotalMessages() + " Total; "
|
||||
+ data.getNewMessages() + " New; Last: "
|
||||
+ rdat.formatDateForDisplay(data.getLastUpdate()));
|
||||
%>
|
||||
<%= rdat.getStdFontTag("#3333AA",5) %><B><%= data.getTopicName() %></B></FONT>
|
||||
<%= rdat.getStdFontTag("#3333AA",3) %><B>
|
||||
<% if (data.isTopicArchived()) { %>(Archived)<% } else if (data.isTopicFrozen()) { %>(Frozen)<% } %>
|
||||
<%= data.getTotalMessages() %> Total; <%= data.getNewMessages() %> New;
|
||||
Last: <%= rdat.formatDateForDisplay(data.getLastUpdate()) %>
|
||||
</B></FONT>
|
||||
|
||||
<TABLE BORDER=0 WIDTH="100%" CELLPADDING=0 CELLSPACING=0>
|
||||
<TR VALIGN=BOTTOM>
|
||||
<TD NOWRAP ALIGN=LEFT>
|
||||
|
@ -176,7 +171,8 @@
|
|||
</EM>)
|
||||
<% if (msg.hasAttachment()) { %>
|
||||
<A HREF="<%= rdat.getEncodedServletPath("attachment?" + data.getConfLocator() + "&msg="
|
||||
+ msg.getPostID()) %>" TARGET="_blank"><IMG
|
||||
+ msg.getPostID()) %>"
|
||||
<% if (data.displayAttachmentInNewWindow(msg)) { %>TARGET="_blank"<% } %> ><IMG
|
||||
SRC="<%= rdat.getFullImagePath("attachment.gif") %>"
|
||||
ALT="(Attachment <%= msg.getAttachmentFilename() %> - <%= msg.getAttachmentLength() %> bytes)"
|
||||
WIDTH=16 HEIGHT=16 BORDER=0></A>
|
||||
|
|
Loading…
Reference in New Issue
Block a user