SuperX
/
kern
6
0
Fork 0
Code Issues 8 Pull Requests Projects Releases Wiki Activity
Browse Source

UHI Gueltigkeit von Benutzeraccounts

userinfo_gueltigkeit
Meikel Bisping 5 months ago
parent
f19f5d5502
commit
3935ddfd5b
2 changed files with 30 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 31
      src/de/superx/servlet/UserInitializer.java
  2. 4
      superx/WEB-INF/conf/edustore/db/install/conf/kern.xml

31
src/de/superx/servlet/UserInitializer.java
Unescape View File

@ -3,6 +3,7 @@ package de.superx.servlet;
import java.io.IOException; import java.io.IOException;
import java.lang.reflect.InvocationTargetException; import java.lang.reflect.InvocationTargetException;
import java.sql.Connection; import java.sql.Connection;
import java.sql.DatabaseMetaData;
import java.sql.Date; import java.sql.Date;
import java.sql.PreparedStatement; import java.sql.PreparedStatement;
import java.sql.ResultSet; import java.sql.ResultSet;
@ -508,6 +509,7 @@ public class UserInitializer {
String client_ip = request.getRemoteAddr(); String client_ip = request.getRemoteAddr();
String client_dns = request.getRemoteHost(); String client_dns = request.getRemoteHost();
String protend = ""; String protend = "";
userid = null; userid = null;
// System.out.println("c1"); // System.out.println("c1");
if (SxPools.get(mandantenID).getSqlDialect().equals("Postgres")) { if (SxPools.get(mandantenID).getSqlDialect().equals("Postgres")) {
@ -518,10 +520,14 @@ public class UserInitializer {
Connection myConnection = null; Connection myConnection = null;
try { try {
myConnection = SxPools.getConnection(mandantenID); myConnection = SxPools.getConnection(mandantenID);
boolean isUserinfoMitGueltigkeit=checkUserinfoMitGueltigkeit(myConnection);
String select="select tid, passwd_sha, administration, kennwort,akt_versuch,max_versuch from userinfo where benutzer = ? ";
if (isUserinfoMitGueltigkeit) {
select+= "and ( (gueltig_von is null or gueltig_von<=today()) and (gueltig_bis is null or gueltig_bis>=today()) )";
}
Statement stm = myConnection.createStatement(); Statement stm = myConnection.createStatement();
PreparedStatement pst = myConnection PreparedStatement pst = myConnection
.prepareStatement("select tid, passwd_sha, administration, kennwort,akt_versuch,max_versuch" .prepareStatement(select);
+ " from userinfo where benutzer = ?");
pst.setString(1, user); pst.setString(1, user);
ResultSet rs = pst.executeQuery(); ResultSet rs = pst.executeQuery();
while (rs.next()) { while (rs.next()) {
@ -543,7 +549,7 @@ public class UserInitializer {
int akt_versuch = rs.getInt(5); int akt_versuch = rs.getInt(5);
int max_versuch = rs.getInt(6); int max_versuch = rs.getInt(6);
if (akt_versuch > max_versuch) { if (akt_versuch > max_versuch|| max_versuch==0) {
rs.close(); rs.close();
pst.close(); pst.close();
stm.close(); stm.close();
@ -561,7 +567,7 @@ public class UserInitializer {
+ "'" + protend); + "'" + protend);
stm.close(); stm.close();
myConnection.close(); myConnection.close();
throw new NichtAngemeldetException("Kein Benutzer " + user + " in Datenbank vorhanden"); throw new NichtAngemeldetException("Kein gültiger Benutzer " + user + " in Datenbank vorhanden");
} }
if (passwort == null) if (passwort == null)
passwort = "dummy"; // bei LDAP oder so passwort = "dummy"; // bei LDAP oder so
@ -618,7 +624,22 @@ public class UserInitializer {
} }
} }
private boolean checkUserinfoMitGueltigkeit(Connection dbConnection) throws SQLException
{
boolean result=false;
Statement stm = dbConnection.createStatement();
DatabaseMetaData md = dbConnection.getMetaData();
ResultSet rs = md.getColumns(null, null, "userinfo", null);
while (rs.next()) {
if (rs.getString(4).equals("gueltig_von")) {
result=true;
}
}
rs.close();
return result;
}
private void updateLastLogin(Connection myConnection) throws SQLException { private void updateLastLogin(Connection myConnection) throws SQLException {
PreparedStatement pst3 = myConnection.prepareStatement("select count(*) from user_pw where userinfo_id=?"); PreparedStatement pst3 = myConnection.prepareStatement("select count(*) from user_pw where userinfo_id=?");
pst3.setInt(1, userid.intValue()); pst3.setInt(1, userid.intValue());

4
superx/WEB-INF/conf/edustore/db/install/conf/kern.xml
Unescape View File

@ -1728,6 +1728,8 @@
default ="0" notnull ="false" description="Darf der User Projekte sehen" /> default ="0" notnull ="false" description="Darf der User Projekte sehen" />
<column name="extern_role_id" type="INTEGER" size="9" <column name="extern_role_id" type="INTEGER" size="9"
default="" notnull="false" /> default="" notnull="false" />
<column name="gueltig_von" type="date" description="Beginn Gültigkeit"/>
<column name="gueltig_bis" type="date" description="Ende Gültigkeit"/>
</columns> </columns>
<indexes> <indexes>
<index name="i_userinfo" type="unique"> <index name="i_userinfo" type="unique">
@ -10524,6 +10526,8 @@ Außerdem können Sie hier dem Benutzer Berechtigungen über Gruppen, Sachgebiet
<customfield name="name" nullFieldValue=""/> <customfield name="name" nullFieldValue=""/>
<customfield name="email" nullFieldValue=""/> <customfield name="email" nullFieldValue=""/>
<customfield name="admin" type="include" path="/edit/kern/userinfo_edit_admin.inc"/> <customfield name="admin" type="include" path="/edit/kern/userinfo_edit_admin.inc"/>
<customfield name="gueltig_von" nullFieldValue=""/>
<customfield name="gueltig_bis" nullFieldValue=""/>
<customfield name="max_versuch" nullFieldValue=""/> <customfield name="max_versuch" nullFieldValue=""/>
<customfield name="akt_versuch" nullFieldValue=""/> <customfield name="akt_versuch" nullFieldValue=""/>
<customfield name="password" type="include" path="/edit/kern/userinfo_edit_pw.inc"/> <customfield name="password" type="include" path="/edit/kern/userinfo_edit_pw.inc"/>

Write Preview
Loading…
Cancel
Save