diff --git a/src/de/superx/servlet/UserInitializer.java b/src/de/superx/servlet/UserInitializer.java
index 37ed633..5e49448 100644
--- a/src/de/superx/servlet/UserInitializer.java
+++ b/src/de/superx/servlet/UserInitializer.java
@@ -3,6 +3,7 @@ package de.superx.servlet;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.sql.Connection;
+import java.sql.DatabaseMetaData;
import java.sql.Date;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
@@ -508,6 +509,7 @@ public class UserInitializer {
String client_ip = request.getRemoteAddr();
String client_dns = request.getRemoteHost();
String protend = "";
+
userid = null;
// System.out.println("c1");
if (SxPools.get(mandantenID).getSqlDialect().equals("Postgres")) {
@@ -518,10 +520,14 @@ public class UserInitializer {
Connection myConnection = null;
try {
myConnection = SxPools.getConnection(mandantenID);
+ boolean isUserinfoMitGueltigkeit=checkUserinfoMitGueltigkeit(myConnection);
+ String select="select tid, passwd_sha, administration, kennwort,akt_versuch,max_versuch from userinfo where benutzer = ? ";
+ if (isUserinfoMitGueltigkeit) {
+ select+= "and ( (gueltig_von is null or gueltig_von<=today()) and (gueltig_bis is null or gueltig_bis>=today()) )";
+ }
Statement stm = myConnection.createStatement();
PreparedStatement pst = myConnection
- .prepareStatement("select tid, passwd_sha, administration, kennwort,akt_versuch,max_versuch"
- + " from userinfo where benutzer = ?");
+ .prepareStatement(select);
pst.setString(1, user);
ResultSet rs = pst.executeQuery();
while (rs.next()) {
@@ -543,7 +549,7 @@ public class UserInitializer {
int akt_versuch = rs.getInt(5);
int max_versuch = rs.getInt(6);
- if (akt_versuch > max_versuch) {
+ if (akt_versuch > max_versuch|| max_versuch==0) {
rs.close();
pst.close();
stm.close();
@@ -561,7 +567,7 @@ public class UserInitializer {
+ "'" + protend);
stm.close();
myConnection.close();
- throw new NichtAngemeldetException("Kein Benutzer " + user + " in Datenbank vorhanden");
+ throw new NichtAngemeldetException("Kein gültiger Benutzer " + user + " in Datenbank vorhanden");
}
if (passwort == null)
passwort = "dummy"; // bei LDAP oder so
@@ -618,7 +624,22 @@ public class UserInitializer {
}
}
-
+ private boolean checkUserinfoMitGueltigkeit(Connection dbConnection) throws SQLException
+ {
+ boolean result=false;
+ Statement stm = dbConnection.createStatement();
+ DatabaseMetaData md = dbConnection.getMetaData();
+
+ ResultSet rs = md.getColumns(null, null, "userinfo", null);
+ while (rs.next()) {
+ if (rs.getString(4).equals("gueltig_von")) {
+ result=true;
+ }
+ }
+ rs.close();
+ return result;
+
+ }
private void updateLastLogin(Connection myConnection) throws SQLException {
PreparedStatement pst3 = myConnection.prepareStatement("select count(*) from user_pw where userinfo_id=?");
pst3.setInt(1, userid.intValue());
diff --git a/superx/WEB-INF/conf/edustore/db/install/conf/kern.xml b/superx/WEB-INF/conf/edustore/db/install/conf/kern.xml
index afc2732..a35cb22 100644
--- a/superx/WEB-INF/conf/edustore/db/install/conf/kern.xml
+++ b/superx/WEB-INF/conf/edustore/db/install/conf/kern.xml
@@ -1728,6 +1728,8 @@
default ="0" notnull ="false" description="Darf der User Projekte sehen" />
+
+
@@ -10524,6 +10526,8 @@ Außerdem können Sie hier dem Benutzer Berechtigungen über Gruppen, Sachgebiet
+
+